Fix endpoint for confirm email

ubclaunchpad · Mar 18, 2024 · 3845da9 · 3845da9
1 parent 6f17426
commit 3845da9
Show file tree

Hide file tree

Showing 9 changed files with 47 additions and 22 deletions.
diff --git a/backend/core/settings.py b/backend/core/settings.py
@@ -83,7 +83,9 @@
 CORS_ALLOWED_ORIGINS = [
     "http://localhost:3000",
     "http://auctions.microvaninc.com",
+    "http://www.auctions.microvaninc.com",
     "https://auctions.microvaninc.com",
+    "https://www.auctions.microvaninc.com",
 ]
 
 CORS_ALLOW_CREDENTIALS = True
@@ -177,6 +179,7 @@
     "DEFAULT_AUTHENTICATION_CLASSES": (
         "util.authentication.AWSCognitoIDTokenAuthentication",
     ),
+    "DEFAULT_PERMISSION_CLASSES": ("rest_framework.permissions.AllowAny",),
 }
 
 SIMPLE_JWT = {

diff --git a/backend/user/views.py b/backend/user/views.py
@@ -1,5 +1,6 @@
-from django.shortcuts import get_object_or_404
+from django.shortcuts import get_object_or_404, redirect
 from rest_framework import status
+from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
@@ -13,7 +14,9 @@ class BidderListApiView(APIView):
 
     def get_permissions(self):
         if self.request.method == "GET":
-            self.permission_classes = [IsAdminUser]
+            self.permission_classes = [IsAuthenticated]
+        else:
+            self.permission_classes = [AllowAny]
         return super().get_permissions()
 
     def get(self, request):
@@ -303,6 +306,8 @@ def get(self, request):
 
 
 class LoginAPIView(APIView):
+    permission_classes = [AllowAny]
+
     cognitoService = AWSCognitoService()
 
     def post(self, request, *args, **kwargs):
@@ -347,6 +352,8 @@ def post(self, request, *args, **kwargs):
 
 
 class PasswordResetAPIView(APIView):
+    permission_classes = [AllowAny]
+
     cognitoService = AWSCognitoService()
 
     def post(self, request, *args, **kwargs):
@@ -361,6 +368,8 @@ def post(self, request, *args, **kwargs):
 
 
 class PasswordResetConfirmAPIView(APIView):
+    permission_classes = [AllowAny]
+
     cognitoService = AWSCognitoService()
 
     def post(self, request, *args, **kwargs):
@@ -378,17 +387,17 @@ def post(self, request, *args, **kwargs):
 
 
 class VerifyEmailAPIView(APIView):
+    permission_classes = [AllowAny]
+
     cognitoService = AWSCognitoService()
 
-    def post(self, request, *args, **kwargs):
-        email = request.data.get("email")
-        verification_code = request.data.get("verification_code")
+    def get(self, request, *args, **kwargs):
+        email = request.query_params.get("email")
+        verification_code = request.query_params.get("code")
 
         result = self.cognitoService.verify_email(email, verification_code)
         if result:
-            return Response(
-                {"success": "Email verified successfully."}, status=status.HTTP_200_OK
-            )
+            return redirect("https://www.auction.microvaninc.com/register/verified")
         else:
             return Response(
                 {"error": "Failed to verify email"}, status=status.HTTP_400_BAD_REQUEST
@@ -452,7 +461,7 @@ def post(self, request, *args, **kwargs):
 
 
 class RefreshTokenAPIView(APIView):
-    permission_classes = [IsAuthenticated]
+    permission_classes = [AllowAny]
 
     cognitoService = AWSCognitoService()
 

diff --git a/backend/util/authentication.py b/backend/util/authentication.py
@@ -30,8 +30,12 @@ def has_group(self, group_name):
 class AWSCognitoIDTokenAuthentication(authentication.BaseAuthentication):
     def authenticate(self, request):
         token = request.COOKIES.get("idToken")
+        unauthenticated_user = GenericAuthenticatedUser()
         if not token:
-            return None
+            return (unauthenticated_user, None)
+
+        if request.path.startswith("/api/v1/auth"):
+            return (unauthenticated_user, None)
 
         try:
             decoded_token = self.verify_jwt_token(token)

diff --git a/backend/util/middleware.py b/backend/util/middleware.py
@@ -1,11 +1,15 @@
 import jwt
 from django.utils.deprecation import MiddlewareMixin
-from util.jwt import decode_token
+
 from services import AWSCognitoService
+from util.jwt import decode_token
 
 
 class RefreshTokenMiddleware(MiddlewareMixin):
     def process_request(self, request):
+        if request.path.startswith("/api/v1/auth"):
+            return
+
         refresh_token = request.COOKIES.get("refreshToken")
         if not refresh_token:
             return

diff --git a/backend/vehicle/helpers.py b/backend/vehicle/helpers.py
@@ -1,7 +1,8 @@
-from .models import Brand, Equipment, Supplier, Trailer, Type, UnitImage, Vehicle
-from django.shortcuts import get_object_or_404
 import pandas as pd
 import requests
+from django.shortcuts import get_object_or_404
+
+from .models import Brand, Equipment, Supplier, Trailer, Type, UnitImage, Vehicle
 from .serializers import VehicleSerializer
 
 

diff --git a/backend/vehicle/urls.py b/backend/vehicle/urls.py
@@ -2,11 +2,11 @@
 from django.urls import include, path
 
 from .views import (
+    UploadFileView,
     VehicleDetailApiView,
     VehicleFilterList,
     VehicleListApiView,
     VehiclePriceApiView,
-    UploadFileView,
 )
 
 urlpatterns = [

diff --git a/backend/vehicle/views.py b/backend/vehicle/views.py
@@ -1,10 +1,9 @@
-from rest_framework import status
+import pandas as pd
+from rest_framework import permissions, status
 from rest_framework.generics import get_object_or_404
+from rest_framework.parsers import FileUploadParser
 from rest_framework.response import Response
 from rest_framework.views import APIView
-import pandas as pd
-from rest_framework.parsers import FileUploadParser
-from rest_framework import permissions
 
 from core.permissions import IsAdminUser, IsAuthenticated
 

diff --git a/emailService/.aws-sam/build.toml b/emailService/.aws-sam/build.toml
@@ -7,6 +7,6 @@ architecture = "x86_64"
 handler = "src/handlers/cognitoCustomMessage.cognitoCustomMessageHandler"
 manifest_hash = "70a557897a9d2205fadda31828179700"
 packagetype = "Zip"
-functions = ["helloFromLambdaFunction"]
+functions = ["cognitoCustomMessage"]
 
 [layer_build_definitions]
diff --git a/emailService/src/handlers/cognitoCustomMessage.mjs b/emailService/src/handlers/cognitoCustomMessage.mjs
@@ -4,6 +4,10 @@
 export const cognitoCustomMessageHandler = async (event) => {
     if (event.triggerSource === "CustomMessage_SignUp") {
         const firstName = event.request.userAttributes["given_name"];
+        const email = encodeURIComponent(event.request.userAttributes["email"]);
+        const verificationCode = event.request.codeParameter;
+
+        const verificationLink = `http://localhost:8000/api/v1/auth/email-verify/?email=${email}&code=${verificationCode}`;
 
         const emailContent = `
           <html>
@@ -73,6 +77,7 @@ export const cognitoCustomMessageHandler = async (event) => {
                           color: #ffffff;
                           text-align: center;
                           text-decoration: none;
+                          text-decoration-color: #ffffff;
                           font-size: 18px;
                           font-weight: 600;
                       }
@@ -120,13 +125,13 @@ export const cognitoCustomMessageHandler = async (event) => {
                           and Conditions.
                       </p>
                       <div class="button-container">
-                          <a href="{####}" class="button-link">Click here to verify</a>
+                          <a href="${verificationLink}" class="button-link">Click here to verify</a>
                       </div>
                       <p>
                           If the button does not work, use this link or copy this link into your browser: <br /><a
-                              href="{####}"
+                              href="${verificationLink}"
                               class="link"
-                              >{####}</a
+                              >${verificationLink}</a
                           >
                       </p>