add email verify API

Author: szdytom

account/serializers.py

@@ -20,7 +20,8 @@ class Meta:
             "is_superuser",
             "date_joined",
             "is_active",
-            "last_login"
+            "last_login",
+            "email_verified"
         ]
-        read_only_fields = ["id", "solved", "submit_time", "date_joined", "last_login"]
+        read_only_fields = ["id", "solved", "submit_time", "date_joined", "last_login", "email", "email_verified"]
 

account/views.py

@@ -8,6 +8,9 @@
 from django.conf import settings
 from django.utils import timezone
 
+from datetime import timedelta
+from django.core.signing import TimestampSigner, BadSignature, SignatureExpired
+
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework import status
@@ -20,6 +23,7 @@
 from .decorator import password_verify_required
 
 import os.path
+import secrets
 
 # Create your views here.
 class AccountSessionView(APIView):
@@ -213,3 +217,64 @@ def delete(self, request, uid):
 
         os.remove(avatar_path)
         return Response(status=status.HTTP_200_OK)
+
+class AccountEmailView(APIView):
+
+    @method_decorator(login_required())
+    def get(self, request):
+        return Response({
+            "res": request.user.email
+        })
+
+    # @method_decorator(login_required())
+    def post(self, request, vid=None):
+        signer = TimestampSigner()
+        user = request.user
+        if vid == None:
+            # send mail
+            signature = signer.sign(user.username)
+            user.email_user(settings.VERIFY_EMAIL_TEMPLATE_TITLE, 
+                            settings.VERIFY_EMAIL_TEMPLATE_CONTENT.format(username=user.username, signature=signature),
+                            html_message=settings.VERIFY_EMAIL_TEMPLATE_CONTENT.format(username=user.username, signature=signature),)
+            return Response({
+                "detail": "Email sent"
+            }, status=status.HTTP_202_ACCEPTED)
+
+        try:
+            value = signer.unsign(vid, max_age=timedelta(minutes=settings.VERIFY_EMAIL_MAX_AGE))
+        except SignatureExpired:
+            return Response({
+                "detail": "Signature Expired"
+            }, status=status.HTTP_403_FORBIDDEN)
+        except BadSignature:
+            return Response({
+                "detail": "Bad Signature"
+            }, status=status.HTTP_403_FORBIDDEN)
+        
+        if value != user.username:
+            return Response({
+                "detail": "Mismatch Signature"
+            }, status=status.HTTP_403_FORBIDDEN)
+        
+        user.email_verified = True
+        user.save()
+        request.session["email_verified"] = True
+        return Response({
+            "detail": "Susccess"
+        }, status=status.HTTP_204_NO_CONTENT)
+
+    @method_decorator(syllable_required("email", str))
+    @method_decorator(password_verify_required())
+    def patch(self, request):
+        # change email
+
+        data = request.data
+        user = request.user
+        
+        user.email = data.get("email")
+        user.email_verified = False
+        user.save()
+
+        return Response({
+            "detail": "Success"
+        }, status.HTTP_204_NO_CONTENT)

segmentoj/settings.py

@@ -160,4 +160,12 @@
 EMAIL_PORT = int(os.environ.get("BACKEND_EMAIL_PORT")) if os.environ.get("BACKEND_EMAIL_PORT") else 25
 EMAIL_HOST_USER = os.environ.get("BACKEND_EMAIL_USERNAME")
 EMAIL_HOST_PASSWORD = os.environ.get("BACKEND_EMAIL_PASSWORD")
-DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
+DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
+
+VERIFY_EMAIL_TEMPLATE_TITLE = "[SegmentOJ] Email Verify"
+VERIFY_EMAIL_TEMPLATE_CONTENT = """Hi, {username}<br/>
+It seems that you have just requested an email verify!<br/>
+<strong>You code is:</strong> <code>{signature}</code><br/>
+Please use it in 0 minutes.<br/>
+"""
+VERIFY_EMAIL_MAX_AGE = 0

segmentoj/urls.py

@@ -21,7 +21,14 @@
 from django.conf import settings
 
 import problem.views
-from account.views import AccountView, AccountSessionView, AccountUsernameAccessibilityView, AccountAvatarView, AccountPasswordView
+from account.views import (
+    AccountView, 
+    AccountSessionView, 
+    AccountUsernameAccessibilityView,
+    AccountAvatarView, 
+    AccountPasswordView,
+    AccountEmailView
+)
 from status.views import StatusView, StatusListCountView, StatusListView
 from judger.views import JudgerStatusView, JudgerStatusDetailView
 from captcha.views import getcaptcha
@@ -36,6 +43,8 @@
     path("api/account/session", AccountSessionView.as_view()),
     path("api/account/username/accessibility/<str:username>", AccountUsernameAccessibilityView.as_view()),
     path("api/account/password", AccountPasswordView.as_view()),
+    path("api/account/email", AccountEmailView.as_view()),
+    path("api/account/email/<str:vid>", AccountEmailView.as_view()),
     # Avatar
     path("api/account/avatar/<int:uid>", AccountAvatarView.as_view()),
     # Problem