Merge dev

.devcontainer.json

@@ -19,7 +19,9 @@
         "qwtel.sqlite-viewer",
         "njpwerner.autodocstring",
         "tamasfe.even-better-toml",
-        "github.vscode-github-actions"
+        "github.vscode-github-actions",
+        "codecov.codecov",
+        "ritwickdey.liveserver"
       ]
     }
   },

.github/workflows/main.yml

@@ -1,11 +1,8 @@
 name: Main
 
 on:
-  pull_request:
   push:
-    paths-ignore:
-      - "**/*.md"
-      - "**/.*"
+  pull_request:
   workflow_dispatch:
 
 env:
@@ -18,6 +15,7 @@ env:
 jobs:
   test-backend:
     uses: ocadotechnology/codeforlife-workspace/.github/workflows/test-python-code.yaml@main
+    secrets: inherit
     with:
       working-directory: backend
 

.vscode/launch.json

@@ -9,6 +9,9 @@
       "type": "debugpy"
     },
     {
+      "env": {
+        "PYTEST_ADDOPTS": "--no-cov"
+      },
       "justMyCode": false,
       "name": "Pytest",
       "presentation": {

.vscode/settings.json

@@ -70,6 +70,8 @@
   "python.testing.cwd": "${workspaceFolder}/backend",
   "python.testing.pytestArgs": [
     "-n=auto",
+    "--cov=.",
+    "--cov-report=html",
     "-c=pyproject.toml",
     "."
   ],

backend/Pipfile

@@ -2,6 +2,7 @@
 url = "https://pypi.org/simple"
 verify_ssl = true
 name = "pypi"
+
 ## ℹ️ HOW-TO: Make the python-package editable.
 #
 # 1. Comment out the git-codeforlife package under [packages].
@@ -22,7 +23,7 @@ name = "pypi"
 # 5. Run `pipenv install --dev` in your terminal.
 
 [packages]
-codeforlife = {ref = "v0.16.6", git = "https://github.com/ocadotechnology/codeforlife-package-python.git"}
+codeforlife = {ref = "v0.16.8", git = "https://github.com/ocadotechnology/codeforlife-package-python.git"}
 # 🚫 Don't add [packages] below that are inhertited from the CFL package.
 # TODO: check if we need the below packages
 whitenoise = "==6.5.0"
@@ -45,9 +46,10 @@ google-cloud-logging = "==1.*"
 google-auth = "==2.*"
 google-cloud-container = "==2.3.0"
 # "django-anymail[amazon_ses]" = "==7.0.*"
+pyjwt = "==2.6.0" # TODO: upgrade to latest version
 
 [dev-packages]
-codeforlife = {ref = "v0.16.6", git = "https://github.com/ocadotechnology/codeforlife-package-python.git", extras = ["dev"]}
+codeforlife = {ref = "v0.16.8", git = "https://github.com/ocadotechnology/codeforlife-package-python.git", extras = ["dev"]}
 # codeforlife = {file = "../../codeforlife-package-python", editable = true, extras = ["dev"]}
 # 🚫 Don't add [dev-packages] below that are inhertited from the CFL package.
 # TODO: check if we need the below packages

backend/api/auth/__init__.py

@@ -0,0 +1,9 @@
+"""
+© Ocado Group
+Created on 10/05/2024 at 14:37:11(+01:00).
+"""
+
+from .token_generators import (
+    email_verification_token_generator,
+    password_reset_token_generator,
+)

backend/api/auth/token_generators.py

@@ -0,0 +1,82 @@
+"""
+© Ocado Group
+Created on 10/05/2024 at 14:37:36(+01:00).
+"""
+
+import typing as t
+from datetime import timedelta
+
+import jwt
+from codeforlife.user.models import User
+from django.conf import settings
+from django.contrib.auth.tokens import (
+    PasswordResetTokenGenerator,
+    default_token_generator,
+)
+from django.utils import timezone
+
+# NOTE: type hint to help Intellisense.
+password_reset_token_generator: PasswordResetTokenGenerator = (
+    default_token_generator
+)
+
+
+class EmailVerificationTokenGenerator:
+    """Custom token generator used to verify a user's email address."""
+
+    def _get_audience(self, user_or_pk: t.Union[User, t.Any]):
+        pk = user_or_pk.pk if isinstance(user_or_pk, User) else user_or_pk
+        return f"user:{pk}"
+
+    def make_token(self, user_or_pk: t.Union[User, t.Any]):
+        """Generate a token used to verify user's email address.
+
+        https://pyjwt.readthedocs.io/en/stable/usage.html
+
+        Args:
+            user: The user to generate a token for.
+
+        Returns:
+            A token used to verify user's email address.
+        """
+        return jwt.encode(
+            payload={
+                "exp": (
+                    timezone.now()
+                    + timedelta(seconds=settings.EMAIL_VERIFICATION_TIMEOUT)
+                ),
+                "aud": [self._get_audience(user_or_pk)],
+            },
+            key=settings.SECRET_KEY,
+            algorithm="HS256",
+        )
+
+    def check_token(self, user_or_pk: t.Union[User, t.Any], token: str):
+        """Check the token belongs to the user and has not expired.
+
+        Args:
+            user: The user to check.
+            token: The token to check.
+
+        Returns:
+            A flag designating whether the token belongs to the user and has not
+            expired.
+        """
+        try:
+            jwt.decode(
+                jwt=token,
+                key=settings.SECRET_KEY,
+                audience=self._get_audience(user_or_pk),
+                algorithms=["HS256"],
+            )
+        except (
+            jwt.DecodeError,
+            jwt.ExpiredSignatureError,
+            jwt.InvalidAudienceError,
+        ):
+            return False
+
+        return True
+
+
+email_verification_token_generator = EmailVerificationTokenGenerator()

backend/api/fixtures/school_1_teacher_invitations.json

@@ -36,8 +36,22 @@
       "from_teacher": 7,
       "invited_teacher_first_name": "Invited",
       "invited_teacher_last_name": "Teacher",
-      "invited_teacher_email": "[email protected]",
-      "invited_teacher_is_admin": false,
+      "invited_teacher_email": "[email protected]",
+      "invited_teacher_is_admin": true,
+      "expiry": "9999-02-09 20:26:08.298402+00:00"
+    }
+  },
+  {
+    "model": "common.schoolteacherinvitation",
+    "pk": 4,
+    "fields": {
+      "token": "pbkdf2_sha256$260000$hbsAadmrRo744BTM6NofUb$ePs/7vi6sSzOPpiWxNhXMZnNnE7aXOpzIhxrAa/rdiU=",
+      "school": 2,
+      "from_teacher": 7,
+      "invited_teacher_first_name": "Invited",
+      "invited_teacher_last_name": "Independent",
+      "invited_teacher_email": "[email protected]",
+      "invited_teacher_is_admin": true,
       "expiry": "9999-02-09 20:26:08.298402+00:00"
     }
   }