Fix Bug 4010 - API method to register does not return authentification token (#4092)

* Return auth token key on register without email verification

When email verification is turned off using all-auth settings, then on registration, return the auth token key.

* Add tests for user registration without email verification

* Add test case for user registration when email confirmation is manadatory

* Refactor register api tests and add its docstring

* updated the license header for iam tests

* Add pull request link to changelog

* Add comment to explain overriding of ROOT_URLConf

* Refactor tests for user registration

Split the test case for user registration without email verification into two test cases by overriding ACCOUNT_EMAIL_VERIFICATION
as 'none' and 'optional'

* Fix doc string

* updated changelog

Co-authored-by: karthik <gkraja@mindkosh.com>
Co-authored-by: Andrey Zhavoronkov <andrey.zhavoronkov@intel.com>

CHANGELOG.md

@@ -7,7 +7,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## \[2.0.0] - Unreleased
 ### Added
-
 - Add additional environment variables for Nuclio configuration (<https://github.com/openvinotoolkit/cvat/pull/3894>)
 - Add KITTI segmentation and detection format (<https://github.com/openvinotoolkit/cvat/pull/3757>)
 - Add LFW format (<https://github.com/openvinotoolkit/cvat/pull/3770>)
@@ -58,6 +57,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Uncaught TypeError: this.el.node.getScreenCTM() is null in Firefox (<https://github.com/openvinotoolkit/cvat/pull/4175>)
 - Bug: canvas is busy when start playing, start resizing a shape and do not release the mouse cursor (<https://github.com/openvinotoolkit/cvat/pull/4151>)
 - Fixed tus upload error over https (<https://github.com/openvinotoolkit/cvat/pull/4154>)
+- Auth token key is not returned when registering without email verification (<https://github.com/openvinotoolkit/cvat/pull/4092>)
 
 
 ### Security

cvat/apps/iam/tests/test_rest_api.py

@@ -0,0 +1,72 @@
+# Copyright (C) 2021 Intel Corporation
+#
+# SPDX-License-Identifier: MIT
+
+from django.urls import reverse
+from rest_framework import status
+from rest_framework.test import APITestCase
+from rest_framework.authtoken.models import Token
+from django.test import override_settings
+from cvat.apps.iam.urls import urlpatterns as iam_url_patterns
+from django.urls import path, re_path
+from allauth.account.views import ConfirmEmailView, EmailVerificationSentView
+
+
+urlpatterns = iam_url_patterns + [
+    re_path(r'^account-confirm-email/(?P<key>[-:\w]+)/$', ConfirmEmailView.as_view(),
+            name='account_confirm_email'),
+    path('register/account-email-verification-sent', EmailVerificationSentView.as_view(),
+         name='account_email_verification_sent'),
+]
+
+
+class UserRegisterAPITestCase(APITestCase):
+
+    user_data = {'first_name': 'test_first', 'last_name': 'test_last', 'username': 'test_username',
+                 'email': 'test_email@test.com', 'password1': '$Test357Test%', 'password2': '$Test357Test%',
+                 'confirmations': []}
+
+    def _run_api_v1_user_register(self, data):
+        url = reverse('rest_register')
+        response = self.client.post(url, data, format='json')
+        return response
+
+    def _check_response(self, response, data):
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        self.assertEqual(response.data, data)
+
+    @override_settings(ACCOUNT_EMAIL_VERIFICATION='none')
+    def test_api_v1_user_register_with_email_verification_none(self):
+        """
+        Ensure we can register a user and get auth token key when email verification is none
+        """
+        response = self._run_api_v1_user_register(self.user_data)
+        user_token = Token.objects.get(user__username=response.data['username'])
+        self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last',
+                                        'username': 'test_username', 'email': 'test_email@test.com',
+                                        'email_verification_required': False, 'key': user_token.key})
+
+    # Since URLConf is executed before running the tests, so we have to manually configure the url patterns for
+    # the tests and pass it using ROOT_URLCONF in the override settings decorator
+
+    @override_settings(ACCOUNT_EMAIL_VERIFICATION='optional', ROOT_URLCONF=__name__)
+    def test_api_v1_user_register_with_email_verification_optional(self):
+        """
+        Ensure we can register a user and get auth token key when email verification is optional
+        """
+        response = self._run_api_v1_user_register(self.user_data)
+        user_token = Token.objects.get(user__username=response.data['username'])
+        self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last',
+                                        'username': 'test_username', 'email': 'test_email@test.com',
+                                        'email_verification_required': False, 'key': user_token.key})
+
+    @override_settings(ACCOUNT_EMAIL_REQUIRED=True, ACCOUNT_EMAIL_VERIFICATION='mandatory',
+                       EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend', ROOT_URLCONF=__name__)
+    def test_register_account_with_email_verification_mandatory(self):
+        """
+        Ensure we can register a user and it does not return auth token key when email verification is mandatory
+        """
+        response = self._run_api_v1_user_register(self.user_data)
+        self._check_response(response, {'first_name': 'test_first', 'last_name': 'test_last',
+                                        'username': 'test_username', 'email': 'test_email@test.com',
+                                        'email_verification_required': True, 'key': None})

cvat/apps/iam/views.py

@@ -108,7 +108,10 @@ class SigningView(views.APIView):
 class RegisterViewEx(RegisterView):
     def get_response_data(self, user):
         data = self.get_serializer(user).data
-        data['email_verification_required'] = allauth_settings.EMAIL_VERIFICATION == \
+        data['email_verification_required'] = True
-            allauth_settings.EmailVerificationMethod.MANDATORY
+        data['key'] = None
-
+        if allauth_settings.EMAIL_VERIFICATION != \
+            allauth_settings.EmailVerificationMethod.MANDATORY:
+            data['email_verification_required'] = False
+            data['key'] = user.auth_token.key
         return data