feat(api): do not record registration IP

api/desecapi/management/commands/privacy-chores.py

@@ -1,15 +1,7 @@
-from datetime import timedelta
-
-from django.conf import settings
 from django.core.management import BaseCommand
-from django.utils import timezone
-
-from desecapi.models import User
 
 
 class Command(BaseCommand):
 
     def handle(self, *args, **kwargs):
-
-        users = User.objects.filter(created__lt=timezone.now()-timedelta(hours=settings.ABUSE_BY_REMOTE_IP_PERIOD_HRS))
-        users.update(registration_remote_ip='')
+        pass

api/desecapi/migrations/0007_remove_user_registration_remote_ip.py

@@ -0,0 +1,17 @@
+# Generated by Django 2.2.1 on 2019-09-22 10:19
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('desecapi', '0006_authenticated_actions'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='user',
+            name='registration_remote_ip',
+        ),
+    ]

api/desecapi/models.py

@@ -52,7 +52,6 @@ class MyUserManager(BaseUserManager):
             raise ValueError('Users must have an email address')
 
         email = self.normalize_email(email)
-        extra_fields.setdefault('registration_remote_ip')
         user = self.model(email=email, **extra_fields)
         user.set_password(password)
         user.save(using=self._db)
@@ -77,7 +76,6 @@ class User(AbstractBaseUser):
     )
     is_active = models.BooleanField(default=True)
     is_admin = models.BooleanField(default=False)
-    registration_remote_ip = models.CharField(max_length=1024, blank=True)
     created = models.DateTimeField(auto_now_add=True)
     limit_domains = models.IntegerField(default=settings.LIMIT_USER_DOMAIN_COUNT_DEFAULT, null=True, blank=True)
 

api/desecapi/tests/test_privacy_chores.py

@@ -1,35 +1,5 @@
-from datetime import timedelta
-
-from django.conf import settings
-from django.core.management import call_command
-from django.utils import timezone
-
-from desecapi.models import User
 from desecapi.tests.base import DesecTestCase
 
 
 class PrivacyChoresCommandTest(DesecTestCase):
-
-    def test_delete_registration_ip(self):
-        name1 = self.random_username()
-        name2 = self.random_username()
-
-        User(
-            email=name1,
-            registration_remote_ip='1.3.3.7',
-        ).save()
-        User(
-            email=name2,
-            registration_remote_ip='1.3.3.8',
-        ).save()
-        user2 = User.objects.get(email=name2)
-        user2.created = timezone.now()-timedelta(hours=settings.ABUSE_BY_REMOTE_IP_PERIOD_HRS+1)
-        user2.save()
-
-        user_count = User.objects.all().count()
-
-        call_command('privacy-chores')
-
-        self.assertEqual(User.objects.all().count(), user_count)
-        self.assertEqual(User.objects.get(email=name1).registration_remote_ip, '1.3.3.7')
-        self.assertEqual(User.objects.get(email=name2).registration_remote_ip, '')
+    pass

api/desecapi/tests/test_registration.py

@@ -1,29 +0,0 @@
-from rest_framework.reverse import reverse
-
-from desecapi import models
-from desecapi.tests.base import DesecTestCase
-
-
-class RegistrationTestCase(DesecTestCase):
-
-    def setUp(self):
-        super().setUp()
-        email = self.random_username()
-        self.assertRegistration(
-            email=email,
-            password=self.random_password(),
-            remote_addr="1.3.3.7",
-        )
-        self.user = models.User.objects.get(email=email)
-
-    def assertRegistration(self, remote_addr='', status=202, **kwargs):
-        url = reverse('v1:register')
-        post_kwargs = {}
-        if remote_addr:
-            post_kwargs['REMOTE_ADDR'] = remote_addr
-        response = self.client.post(url, kwargs, **post_kwargs)
-        self.assertStatus(response, status)
-        return response
-
-    def test_registration_successful(self):
-        self.assertEqual(self.user.registration_remote_ip, "1.3.3.7")

api/desecapi/views.py

@@ -413,8 +413,7 @@ class AccountCreateView(generics.CreateAPIView):
             if e.detail:
                 raise e
         else:
-            ip = self.request.META.get('REMOTE_ADDR')
-            user = serializer.save(is_active=(not activation_required), registration_remote_ip=ip)
+            user = serializer.save(is_active=(not activation_required))
 
             domain = serializer.validated_data.get('domain')
             if domain or activation_required: