cvat-ai · Marishka17 · Apr 4, 2024 · Mar 18, 2024 · Mar 19, 2024 · Mar 19, 2024
@@ -8,13 +8,18 @@
 from django.core.exceptions import ValidationError as DjangoValidationError
 from rest_framework.exceptions import ValidationError
 from rest_framework import serializers
-from allauth.account import app_settings
+from allauth.account import app_settings as allauth_settings
 from allauth.account.utils import filter_users_by_email
 from allauth.account.adapter import get_adapter
-from allauth.utils import email_address_exists
 from allauth.account.utils import setup_user_email
+from allauth.account.models import EmailAddress
 
 from django.conf import settings
+from django.contrib.auth import get_user_model
+from django.contrib.auth.models import User
+
+from drf_spectacular.utils import extend_schema_field
+from typing import Optional, Union, Dict
 
 from cvat.apps.iam.forms import ResetPasswordFormEx
 from cvat.apps.iam.utils import get_dummy_user
@@ -23,6 +28,20 @@
 class RegisterSerializerEx(RegisterSerializer):
     first_name = serializers.CharField(required=False)
     last_name = serializers.CharField(required=False)
+    email_verification_required = serializers.SerializerMethodField()
+    key = serializers.SerializerMethodField()
+
+    @extend_schema_field(serializers.BooleanField)
+    def get_email_verification_required(self, obj: Union[Dict, User]) -> bool:
+        return allauth_settings.EMAIL_VERIFICATION == allauth_settings.EmailVerificationMethod.MANDATORY
+
+    @extend_schema_field(serializers.CharField(allow_null=True))
+    def get_key(self, obj: Union[Dict, User]) -> Optional[str]:
+        key = None
+        if isinstance(obj, User) and allauth_settings.EMAIL_VERIFICATION != \
+            allauth_settings.EmailVerificationMethod.MANDATORY:
+            key = obj.auth_token.key
+        return key
 
     def get_cleaned_data(self):
         data = super().get_cleaned_data()
@@ -34,8 +53,17 @@ def get_cleaned_data(self):
         return data
 
     def validate_email(self, email):
+        def email_address_exists(email) -> bool:
+            if EmailAddress.objects.filter(email__iexact=email).exists():
+                return True
+
+            if (email_field := allauth_settings.USER_MODEL_EMAIL_FIELD):
+                users = get_user_model().objects
+                return users.filter(**{email_field + "__iexact": email}).exists()
+            return False
+
         email = get_adapter().clean_email(email)
-        if app_settings.UNIQUE_EMAIL:
+        if allauth_settings.UNIQUE_EMAIL:
             if email and email_address_exists(email):
                 user = get_dummy_user(email)
                 if not user:
@@ -88,10 +116,10 @@ class LoginSerializerEx(LoginSerializer):
     def get_auth_user_using_allauth(self, username, email, password):
 
         def is_email_authentication():
-            return settings.ACCOUNT_AUTHENTICATION_METHOD == app_settings.AuthenticationMethod.EMAIL
+            return settings.ACCOUNT_AUTHENTICATION_METHOD == allauth_settings.AuthenticationMethod.EMAIL
 
         def is_username_authentication():
-            return settings.ACCOUNT_AUTHENTICATION_METHOD == app_settings.AuthenticationMethod.USERNAME
+            return settings.ACCOUNT_AUTHENTICATION_METHOD == allauth_settings.AuthenticationMethod.USERNAME
 
         # check that the server settings match the request
         if is_username_authentication() and not username and email:
@@ -107,11 +135,11 @@ def is_username_authentication():
                 'Please check your server configuration ACCOUNT_AUTHENTICATION_METHOD.')
 
         # Authentication through email
-        if settings.ACCOUNT_AUTHENTICATION_METHOD == app_settings.AuthenticationMethod.EMAIL:
+        if settings.ACCOUNT_AUTHENTICATION_METHOD == allauth_settings.AuthenticationMethod.EMAIL:
             return self._validate_email(email, password)
 
         # Authentication through username
-        if settings.ACCOUNT_AUTHENTICATION_METHOD == app_settings.AuthenticationMethod.USERNAME:
+        if settings.ACCOUNT_AUTHENTICATION_METHOD == allauth_settings.AuthenticationMethod.USERNAME:
             return self._validate_username(username, password)
 
         # Authentication through either username or email

@@ -14,11 +14,13 @@
 from django.http import HttpResponse
 from django.views.decorators.http import etag as django_etag
 from rest_framework.response import Response
+from dj_rest_auth.app_settings import api_settings as dj_rest_auth_settings
 from dj_rest_auth.registration.views import RegisterView
+from dj_rest_auth.utils import jwt_encode
 from dj_rest_auth.views import LoginView
 from allauth.account import app_settings as allauth_settings
 from allauth.account.views import ConfirmEmailView
-from allauth.account.utils import has_verified_email, send_email_confirmation
+from allauth.account.utils import complete_signup, has_verified_email, send_email_confirmation
 
 from furl import furl
 
@@ -97,14 +99,37 @@ def post(self, request, *args, **kwargs):
 
 class RegisterViewEx(RegisterView):
     def get_response_data(self, user):
-        data = self.get_serializer(user).data
-        data['email_verification_required'] = True
-        data['key'] = None
+        serializer = self.get_serializer(user)
+        return serializer.data
+
+    # NOTE: we should reimplement this method to fix the following issue:
+    # In the previous used version of dj-rest-auth 2.2.7, if the REST_SESSION_LOGIN setting was not defined in the settings file,
+    # the default value specified in the documentation (https://dj-rest-auth.readthedocs.io/en/2.2.7/configuration.html)
+    # was not applied for some unknown reason, and an authentication token was added to a user.
+    # With the dj-rest-auth version 5.0.2, there have been changes to how settings are handled,
+    # and now the default value is properly taken into account.
+    # However, even with the updated code, it still does not handle the scenario
+    # of handling two authentication flows simultaneously during registration process.
+    # Since there is no mention in the dj-rest-auth documentation that session authentication
+    # cannot be used alongside token authentication (https://dj-rest-auth.readthedocs.io/en/latest/configuration.html),
+    # and given the login implementation (https://github.com/iMerica/dj-rest-auth/blob/c6b6530eb0bfa5b10fd7b9e955a39301156e49d2/dj_rest_auth/views.py#L69-L75),
+    # this situation appears to be a bug.
+    # Link to the issue: https://github.com/iMerica/dj-rest-auth/issues/604
+    def perform_create(self, serializer):
+        user = serializer.save(self.request)
         if allauth_settings.EMAIL_VERIFICATION != \
-            allauth_settings.EmailVerificationMethod.MANDATORY:
-            data['email_verification_required'] = False
-            data['key'] = user.auth_token.key
-        return data
+                allauth_settings.EmailVerificationMethod.MANDATORY:
+            if dj_rest_auth_settings.USE_JWT:
+                self.access_token, self.refresh_token = jwt_encode(user)
+            elif self.token_model:
+                dj_rest_auth_settings.TOKEN_CREATOR(self.token_model, user, serializer)
+
+        complete_signup(
+            self.request._request, user,
+            allauth_settings.EMAIL_VERIFICATION,
+            None,
+        )
+        return user
 
 def _etag(etag_func):
     """

@@ -8,14 +8,12 @@ clickhouse-connect==0.6.8
 coreapi==2.3.3
 datumaro @ git+https://github.com/cvat-ai/datumaro.git@8a14a99fe17f19d98595a2a4a74ab459051cc23b
 dj-pagination==2.5.0
-dj-rest-auth[with_social]==2.2.7
-
-# dj-rest-auth[with_social] includes django-allauth but with version range: >=0.40.0,<0.53.0
-# This does not suit us in the case when one of the previous allauth version was installed.
 # Despite direct indication allauth in requirements we should keep 'with_social' for dj-rest-auth
 # to avoid possible further versions conflicts (we use registration functionality)
 # https://dj-rest-auth.readthedocs.io/en/latest/installation.html#registration-optional
-django-allauth>=0.52.0
+dj-rest-auth[with_social]>=5.0.2,<6
+# The same django-allauth version range as dj-rest-auth requirements
+django-allauth>=0.56.0,<0.58.0
 
 django-auth-ldap==2.2.0
 django-compressor==4.3.1

@@ -1,12 +1,12 @@
-# SHA1:92683dac1b858a87e89ba736358e779ac8be666d
+# SHA1:6ea58f466019839a02f9fb2b6cebd287a8d3eee9
 #
 # This file is autogenerated by pip-compile-multi
 # To update, run:
 #
 #    pip-compile-multi
 #
 -r ../../utils/dataset_manifest/requirements.txt
-asgiref==3.7.2
+asgiref==3.8.1
     # via django
 async-timeout==4.0.3
     # via redis
@@ -66,10 +66,8 @@ deprecated==1.2.14
     # via limits
 dj-pagination==2.5.0
     # via -r cvat/requirements/base.in
-dj-rest-auth[with-social]==2.2.7
-    # via
-    #   -r cvat/requirements/base.in
-    #   dj-rest-auth
+dj-rest-auth[with-social]==5.0.2
+    # via -r cvat/requirements/base.in
 django==4.2.11
     # via
     #   -r cvat/requirements/base.in
@@ -85,7 +83,7 @@ django==4.2.11
     #   django-sendfile2
     #   djangorestframework
     #   drf-spectacular
-django-allauth==0.52.0
+django-allauth==0.57.2
     # via
     #   -r cvat/requirements/base.in
     #   dj-rest-auth
@@ -118,17 +116,17 @@ easyprocess==1.1
     # via pyunpack
 entrypoint2==1.1
     # via pyunpack
-fonttools==4.49.0
+fonttools==4.50.0
     # via matplotlib
 freezegun==1.4.0
     # via rq-scheduler
 furl==2.1.0
     # via -r cvat/requirements/base.in
-google-api-core==2.17.1
+google-api-core==2.18.0
     # via
     #   google-cloud-core
     #   google-cloud-storage
-google-auth==2.28.1
+google-auth==2.29.0
     # via
     #   google-api-core
     #   google-cloud-core
@@ -141,15 +139,15 @@ google-crc32c==1.5.0
     # via google-resumable-media
 google-resumable-media==2.7.0
     # via google-cloud-storage
-googleapis-common-protos==1.62.0
+googleapis-common-protos==1.63.0
     # via google-api-core
 h5py==3.10.0
     # via datumaro
 idna==3.6
     # via requests
-importlib-metadata==7.0.1
+importlib-metadata==7.1.0
     # via clickhouse-connect
-importlib-resources==6.1.2
+importlib-resources==6.4.0
     # via limits
 inflection==0.5.1
     # via drf-spectacular
@@ -167,7 +165,7 @@ jsonschema==4.17.3
     # via drf-spectacular
 kiwisolver==1.4.5
     # via matplotlib
-limits==3.9.0
+limits==3.10.1
     # via python-logstash-async
 lxml==5.1.0
     # via datumaro
@@ -191,7 +189,7 @@ orderedmultidict==1.0.1
     # via furl
 orjson==3.9.15
     # via datumaro
-packaging==23.2
+packaging==24.0
     # via
     #   limits
     #   matplotlib
@@ -203,10 +201,13 @@ patool==1.12
     # via -r cvat/requirements/base.in
 pdf2image==1.14.0
     # via -r cvat/requirements/base.in
+proto-plus==1.23.0
+    # via google-api-core
 protobuf==4.25.3
     # via
     #   google-api-core
     #   googleapis-common-protos
+    #   proto-plus
     #   tensorboardx
 psutil==5.9.4
     # via -r cvat/requirements/base.in
@@ -226,12 +227,10 @@ pycocotools==2.0.7
 pycparser==2.21
     # via cffi
 pyjwt[crypto]==2.8.0
-    # via
-    #   django-allauth
-    #   pyjwt
+    # via django-allauth
 pylogbeat==2.0.1
     # via python-logstash-async
-pyparsing==3.1.1
+pyparsing==3.1.2
     # via matplotlib
 pyrsistent==0.20.0
     # via jsonschema
@@ -280,7 +279,7 @@ requests==2.31.0
     #   msrest
     #   python-logstash-async
     #   requests-oauthlib
-requests-oauthlib==1.3.1
+requests-oauthlib==2.0.0
     # via
     #   django-allauth
     #   msrest
@@ -337,7 +336,7 @@ urllib3==1.26.18
     #   requests
 wrapt==1.16.0
     # via deprecated
-zipp==3.17.0
+zipp==3.18.1
     # via importlib-metadata
 zstandard==0.22.0
     # via clickhouse-connect
diff --git a/cvat/requirements/development.txt b/cvat/requirements/development.txt
@@ -8,9 +8,9 @@
 -r base.txt
 astroid==2.11.7
     # via pylint
-autopep8==2.0.4
+autopep8==2.1.0
     # via django-silk
-black==24.2.0
+black==24.3.0
     # via -r cvat/requirements/development.in
 dill==0.3.8
     # via pylint
@@ -62,5 +62,5 @@ tornado==6.4
     # via snakeviz
 
 # The following packages are considered to be unsafe in a requirements file:
-setuptools==69.1.1
+setuptools==69.2.0
     # via astroid
diff --git a/cvat/requirements/production.txt b/cvat/requirements/production.txt
@@ -21,9 +21,7 @@ python-dotenv==1.0.1
 sniffio==1.3.1
     # via anyio
 uvicorn[standard]==0.22.0
-    # via
-    #   -r cvat/requirements/production.in
-    #   uvicorn
+    # via -r cvat/requirements/production.in
 uvloop==0.19.0
     # via uvicorn
 watchfiles==0.21.0

@@ -9245,6 +9245,13 @@ components:
           type: string
         last_name:
           type: string
+        email_verification_required:
+          type: boolean
+          readOnly: true
+        key:
+          type: string
+          nullable: true
+          readOnly: true
       required:
       - username
     RegisterSerializerExRequest:

@@ -170,13 +170,11 @@ def generate_secret_key():
 }
 
 
-REST_AUTH_REGISTER_SERIALIZERS = {
+REST_AUTH = {
     'REGISTER_SERIALIZER': 'cvat.apps.iam.serializers.RegisterSerializerEx',
-}
-
-REST_AUTH_SERIALIZERS = {
     'LOGIN_SERIALIZER': 'cvat.apps.iam.serializers.LoginSerializerEx',
     'PASSWORD_RESET_SERIALIZER': 'cvat.apps.iam.serializers.PasswordResetSerializerEx',
+    'OLD_PASSWORD_FIELD_ENABLED': True,
 }
 
 if to_bool(os.getenv('CVAT_ANALYTICS', False)):
@@ -198,6 +196,7 @@ def generate_secret_key():
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'dj_pagination.middleware.PaginationMiddleware',
     'cvat.apps.iam.middleware.ContextMiddleware',
+    'allauth.account.middleware.AccountMiddleware',
 ]
 
 UI_URL = ''
@@ -263,8 +262,6 @@ def generate_secret_key():
 ACCOUNT_EMAIL_VERIFICATION_SENT_REDIRECT_URL = '/auth/email-verification-sent'
 INCORRECT_EMAIL_CONFIRMATION_URL = '/auth/incorrect-email-confirmation'
 
-OLD_PASSWORD_FIELD_ENABLED = True
-
 # Django-RQ
 # https://github.com/rq/django-rq