pymasterspl
diff --git a/‎README.md‎
Lines changed: 8 additions & 0 deletions b/‎README.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎conftest.py‎
Lines changed: 6 additions & 0 deletions b/‎conftest.py‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎poetry.lock‎
Lines changed: 25 additions & 1 deletion b/‎poetry.lock‎
Lines changed: 25 additions & 1 deletion
diff --git a/‎pyproject.toml‎
Lines changed: 1 addition & 0 deletions b/‎pyproject.toml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎reddit/api_documentation.py‎
Lines changed: 1 addition & 1 deletion b/‎reddit/api_documentation.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎reddit/settings.py‎
Lines changed: 13 additions & 1 deletion b/‎reddit/settings.py‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎reddit/tests/test_api_documentation.py‎
Lines changed: 0 additions & 16 deletions b/‎reddit/tests/test_api_documentation.py‎
Lines changed: 0 additions & 16 deletions
diff --git a/‎users/api_urls.py‎
Lines changed: 7 additions & 1 deletion b/‎users/api_urls.py‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎users/api_views.py‎
Lines changed: 34 additions & 0 deletions b/‎users/api_views.py‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎users/serializers.py‎
Lines changed: 2 additions & 29 deletions b/‎users/serializers.py‎
Lines changed: 2 additions & 29 deletions
@@ -277,6 +277,14 @@ More at:
 https://docs.astral.sh/ruff/linter/
 https://docs.astral.sh/ruff/formatter/
 
+### Removing Expired Tokens in Django
+
+To remove old, expired tokens that have been blacklisted, use the following management command:
+
+```bash
+python manage.py flushexpiredtokens
+```
+
 ### Usage with Docker 🐳
 For setup and running with Docker, refer to the [Docker configuration instructions](DOCKER.md).
 
 
@@ -4,6 +4,7 @@
 
 import pytest
 from django.contrib.auth import get_user_model
+from django.urls import reverse
 
 from core.models import Community, CommunityMember, Post
 
@@ -168,6 +169,11 @@ def _create_communties(count: int, posts_per_community: int, privacy: str = Comm
     return _create_communties
 
 
+@pytest.fixture()
+def api_register_url() -> str:
+    return reverse("api-user-registration")
+
+
 @pytest.fixture()
 def post(user: User, community: Community) -> Generator[Post, None, None]:
     return Post.objects.create(
 
@@ -23,6 +23,7 @@ djangorestframework = "^3.15.2"
 freezegun = "^1.5.1"
 pytest-xdist = "^3.6.1"
 social-auth-app-django = "5.4.1"
+djangorestframework-simplejwt = "^5.3.1"
 drf-yasg = "^1.21.8"
 
 [tool.poetry.group.dev.dependencies]
 
@@ -16,7 +16,7 @@
         license=openapi.License(name="BSD License"),
     ),
     public=True,
-    permission_classes=(permissions.IsAuthenticated,),
+    permission_classes=(permissions.AllowAny,),
 )
 
 
 
@@ -10,6 +10,7 @@
 """
 
 import json
+from datetime import timedelta
 from pathlib import Path
 
 from decouple import config
@@ -44,6 +45,8 @@
     "django.contrib.messages",
     "django.contrib.staticfiles",
     "rest_framework",
+    "rest_framework_simplejwt",
+    "rest_framework_simplejwt.token_blacklist",
     "crispy_forms",
     "crispy_bootstrap5",
     "django_timesince",
@@ -119,6 +122,9 @@
 ]
 REST_FRAMEWORK = {
     "DEFAULT_SCHEMA_CLASS": "drf_yasg.openapi.AutoSchema",
+    "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination",
+    "PAGE_SIZE": 10,
+    "DEFAULT_AUTHENTICATION_CLASSES": ("rest_framework_simplejwt.authentication.JWTStatelessUserAuthentication",),
 }
 
 
@@ -164,6 +170,13 @@
 
 LAST_ACTIVITY_ONLINE_LIMIT_MINUTES = 15
 
+
+SIMPLE_JWT = {
+    "ACCESS_TOKEN_LIFETIME": timedelta(minutes=15),
+    "BLACKLIST_AFTER_ROTATION": True,
+    "ROTATE_REFRESH_TOKENS": True,
+}
+
 EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend"
 EMAIL_HOST = config("EMAIL_HOST", default="smtp.gmail.com")
 EMAIL_PORT = config("EMAIL_PORT", default=587)
@@ -182,7 +195,6 @@
 LIMIT_WARNINGS = 5
 LOGIN_URL = reverse_lazy("login")
 LOGIN_REDIRECT_URL = "/"
-REST_FRAMEWORK = {"DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination", "PAGE_SIZE": 10}
 DEFAULT_AVATAR_URL = "/media/users_avatars/default.png"
 DEFAULT_BANNER_URL = "/media/users_banners/default_banner.jpg"
 
 
@@ -17,14 +17,6 @@ def test_swagger_view_user_authenticated(client: Client, user: User) -> None:
     assert response.status_code == 405
 
 
-@pytest.mark.django_db()
-def test_swagger_view_user_non_authenticated(client: Client, user: User) -> None:
-    response = client.get(reverse_lazy("schema-swagger-ui"))
-    assert response.status_code == 403
-    response = client.post(reverse_lazy("schema-swagger-ui"))
-    assert response.status_code == 405
-
-
 @pytest.mark.django_db()
 def test_redoc_view_user_authenticated(client: Client, user: User) -> None:
     data = {"username": user.email, "password": user.plain_password}
@@ -34,11 +26,3 @@ def test_redoc_view_user_authenticated(client: Client, user: User) -> None:
     assert response.status_code == 200
     response = client.post(reverse_lazy("schema-redoc"))
     assert response.status_code == 405
-
-
-@pytest.mark.django_db()
-def test_redoc_view_user_non_authenticated(client: Client, user: User) -> None:
-    response = client.get(reverse_lazy("schema-redoc"))
-    assert response.status_code == 403
-    response = client.post(reverse_lazy("schema-redoc"))
-    assert response.status_code == 405
@@ -1,7 +1,13 @@
 from rest_framework.urls import path
+from rest_framework_simplejwt.views import (
+    TokenRefreshView,
+)
 
-from .api_views import UserAPIRegistration
+from .api_views import UserAPILogin, UserAPILogout, UserAPIRegistration
 
 urlpatterns = [
     path("register/", UserAPIRegistration.as_view(), name="api-user-registration"),
+    path("login/", UserAPILogin.as_view(), name="api-user-login"),
+    path("logout/", UserAPILogout.as_view(), name="api-user-logout"),
+    path("token-refresh/", TokenRefreshView.as_view(), name="api-token-refresh"),
 ]
@@ -1,4 +1,15 @@
+from typing import Any, ClassVar
+
+from django.contrib.auth import authenticate, login, logout
+from requests import Request
+from rest_framework import status
 from rest_framework.generics import CreateAPIView
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework_simplejwt.authentication import JWTStatelessUserAuthentication
+from rest_framework_simplejwt.exceptions import TokenError
+from rest_framework_simplejwt.tokens import RefreshToken
+from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
 
 from .models import User
 from .serializers import UserSerializer
@@ -7,3 +18,26 @@
 class UserAPIRegistration(CreateAPIView):
     queryset = User.objects.all()
     serializer_class = UserSerializer
+
+
+class UserAPILogin(TokenObtainPairView):
+    def post(self: "UserAPILogin", request: Request, *args: tuple, **kwargs: dict[str, Any]) -> Response:
+        response = super().post(request, *args, **kwargs)
+        user = authenticate(username=self.request.data["email"], password=self.request.data["password"])
+        login(request, user)
+        return response
+
+
+class UserAPILogout(TokenRefreshView):
+    permission_classes: ClassVar[list] = [IsAuthenticated]
+    authentication_classes: ClassVar[list] = [JWTStatelessUserAuthentication]
+
+    def post(self: "UserAPILogout", request: Request, **kwargs: dict[str, Any]) -> Response:  # noqa: ARG002
+        try:
+            refresh_token = request.data["refresh"]
+            token = RefreshToken(refresh_token)
+            token.blacklist()
+            logout(request)
+            return Response(data={"message": "Logged out successfully"}, status=status.HTTP_202_ACCEPTED)
+        except TokenError as e:
+            return Response(data={"message": str(e)}, status=status.HTTP_400_BAD_REQUEST)
@@ -1,18 +1,10 @@
 import typing
 
-from django.contrib.sites.shortcuts import get_current_site
-from django.core.mail import send_mail
 from django.db.models import Model
-from django.template.loader import render_to_string
-from django.urls import reverse
-from django.utils.encoding import force_bytes
-from django.utils.http import urlsafe_base64_encode
 from rest_framework import serializers
 
-from reddit import settings
-
 from .models import User
-from .tokens import account_activation_token
+from .utils import user_creation
 
 
 class UserSerializer(serializers.ModelSerializer):
@@ -34,27 +26,8 @@ def create(self: "UserSerializer", validated_data: dict) -> User:
         user = User.objects.create(nickname=validated_data["nickname"], email=validated_data["email"], is_active=False)
         user.set_password(validated_data["password"])
         user.save()
-        uid = urlsafe_base64_encode(force_bytes(user.pk))
-        token = account_activation_token.make_token(user)
         request = self.context.get("request")
-        protocol = "https" if request.is_secure() else "http"
-        current_site = get_current_site(request)
-        activation_link = reverse("activate-account", kwargs={"uidb64": uid, "token": token})
-        full_activation_link = f"{protocol}://{current_site.domain}{activation_link}"
-        send_mail(
-            "Confirm your registration",
-            f"Please click on the following link to confirm your registration " f"{activation_link}",
-            settings.EMAIL_HOST_USER,
-            [user.email],
-            fail_silently=False,
-            html_message=render_to_string(
-                "users/account_activation_email.html",
-                {
-                    "user": user,
-                    "activation_link": full_activation_link,
-                },
-            ),
-        )
+        user_creation(user, request)
         return user
 
     def get_message(self: "UserSerializer", obj: User) -> str:
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@`
`16`	`16`	`license=openapi.License(name="BSD License"),`
`17`	`17`	`),`
`18`	`18`	`public=True,`
`19`		`- permission_classes=(permissions.IsAuthenticated,),`
	`19`	`+ permission_classes=(permissions.AllowAny,),`
`20`	`20`	`)`
`21`	`21`
`22`	`22`