refactor(api): add AuthenticatedBasicUserAction with simple state

api/desecapi/authentication.py

@@ -10,7 +10,7 @@ from rest_framework.authentication import (
     BasicAuthentication)
 
 from desecapi.models import Token
-from desecapi.serializers import AuthenticatedUserActionSerializer, EmailPasswordSerializer
+from desecapi.serializers import AuthenticatedBasicUserActionSerializer, EmailPasswordSerializer
 
 
 class TokenAuthentication(RestFrameworkTokenAuthentication):
@@ -120,7 +120,7 @@ class EmailPasswordPayloadAuthentication(BaseAuthentication):
         return self.authenticate_credentials(serializer.data['email'], serializer.data['password'], request)
 
 
-class AuthenticatedActionAuthentication(BaseAuthentication):
+class AuthenticatedBasicUserActionAuthentication(BaseAuthentication):
     """
     Authenticates a request based on whether the serializer determines the validity of the given verification code
     and additional data (using `serializer.is_valid()`). The serializer's input data will be determined by (a) the
@@ -130,7 +130,7 @@ class AuthenticatedActionAuthentication(BaseAuthentication):
     """
     def authenticate(self, request):
         view = request.parser_context['view']
-        serializer = AuthenticatedUserActionSerializer(data=request.data, context=view.get_serializer_context())
+        serializer = AuthenticatedBasicUserActionSerializer(data=request.data, context=view.get_serializer_context())
         serializer.is_valid(raise_exception=True)
         return serializer.validated_data['user'], None
 

api/desecapi/models.py

@@ -577,13 +577,26 @@ class AuthenticatedAction(ExportModelOperationsMixin('AuthenticatedAction'), mod
         return self._act()
 
 
-class AuthenticatedUserAction(ExportModelOperationsMixin('AuthenticatedUserAction'), AuthenticatedAction):
+class AuthenticatedBasicUserAction(ExportModelOperationsMixin('AuthenticatedBasicUserAction'), AuthenticatedAction):
     """
-    Abstract AuthenticatedAction involving an user instance, incorporating the user's id, email, password, and
-    is_active flag into the Message Authentication Code state.
+    Abstract AuthenticatedAction involving a user instance.
     """
     user = models.ForeignKey(User, on_delete=models.DO_NOTHING)
 
+    class Meta:
+        managed = False
+
+    @property
+    def _state_fields(self):
+        return super()._state_fields + [str(self.user.id)]
+
+
+class AuthenticatedUserAction(ExportModelOperationsMixin('AuthenticatedUserAction'), AuthenticatedBasicUserAction):
+    """
+    Abstract AuthenticatedBasicUserAction, incorporating the user's id, email, password, and is_active flag into the
+    Message Authentication Code state.
+    """
+
     class Meta:
         managed = False
 
@@ -591,7 +604,7 @@ class AuthenticatedUserAction(ExportModelOperationsMixin('AuthenticatedUserActio
     def _state_fields(self):
         # TODO consider adding a "last change" attribute of the user to the state to avoid code
         #  re-use after the the state has been changed and changed back.
-        return super()._state_fields + [str(self.user.id), self.user.email, self.user.password, self.user.is_active]
+        return super()._state_fields + [self.user.email, self.user.password, self.user.is_active]
 
 
 class AuthenticatedActivateUserAction(ExportModelOperationsMixin('AuthenticatedActivateUserAction'), AuthenticatedUserAction):

api/desecapi/serializers.py

@@ -707,7 +707,7 @@ class AuthenticatedActionSerializer(serializers.ModelSerializer):
         raise ValueError
 
 
-class AuthenticatedUserActionSerializer(AuthenticatedActionSerializer):
+class AuthenticatedBasicUserActionSerializer(AuthenticatedActionSerializer):
     user = serializers.PrimaryKeyRelatedField(
         queryset=models.User.objects.all(),
         error_messages={'does_not_exist': 'This user does not exist.'},
@@ -715,21 +715,21 @@ class AuthenticatedUserActionSerializer(AuthenticatedActionSerializer):
     )
 
     class Meta:
-        model = models.AuthenticatedUserAction
+        model = models.AuthenticatedBasicUserAction
         fields = AuthenticatedActionSerializer.Meta.fields + ('user',)
 
 
-class AuthenticatedActivateUserActionSerializer(AuthenticatedUserActionSerializer):
+class AuthenticatedActivateUserActionSerializer(AuthenticatedBasicUserActionSerializer):
 
-    class Meta(AuthenticatedUserActionSerializer.Meta):
+    class Meta(AuthenticatedBasicUserActionSerializer.Meta):
         model = models.AuthenticatedActivateUserAction
-        fields = AuthenticatedUserActionSerializer.Meta.fields + ('domain',)
+        fields = AuthenticatedBasicUserActionSerializer.Meta.fields + ('domain',)
         extra_kwargs = {
             'domain': {'default': None, 'allow_null': True}
         }
 
 
-class AuthenticatedChangeEmailUserActionSerializer(AuthenticatedUserActionSerializer):
+class AuthenticatedChangeEmailUserActionSerializer(AuthenticatedBasicUserActionSerializer):
     new_email = serializers.EmailField(
         validators=[
             CustomFieldNameUniqueValidator(
@@ -741,20 +741,20 @@ class AuthenticatedChangeEmailUserActionSerializer(AuthenticatedUserActionSerial
         required=True,
     )
 
-    class Meta(AuthenticatedUserActionSerializer.Meta):
+    class Meta(AuthenticatedBasicUserActionSerializer.Meta):
         model = models.AuthenticatedChangeEmailUserAction
-        fields = AuthenticatedUserActionSerializer.Meta.fields + ('new_email',)
+        fields = AuthenticatedBasicUserActionSerializer.Meta.fields + ('new_email',)
 
 
-class AuthenticatedResetPasswordUserActionSerializer(AuthenticatedUserActionSerializer):
+class AuthenticatedResetPasswordUserActionSerializer(AuthenticatedBasicUserActionSerializer):
     new_password = serializers.CharField(write_only=True)
 
-    class Meta(AuthenticatedUserActionSerializer.Meta):
+    class Meta(AuthenticatedBasicUserActionSerializer.Meta):
         model = models.AuthenticatedResetPasswordUserAction
-        fields = AuthenticatedUserActionSerializer.Meta.fields + ('new_password',)
+        fields = AuthenticatedBasicUserActionSerializer.Meta.fields + ('new_password',)
 
 
-class AuthenticatedDeleteUserActionSerializer(AuthenticatedUserActionSerializer):
+class AuthenticatedDeleteUserActionSerializer(AuthenticatedBasicUserActionSerializer):
 
-    class Meta(AuthenticatedUserActionSerializer.Meta):
+    class Meta(AuthenticatedBasicUserActionSerializer.Meta):
         model = models.AuthenticatedDeleteUserAction

api/desecapi/views.py

@@ -578,7 +578,7 @@ class AuthenticatedActionView(generics.GenericAPIView):
     this class. If the `serializer.is_valid`, `act` is called on the action object.
     """
     action = None
-    authentication_classes = (auth.AuthenticatedActionAuthentication,)
+    authentication_classes = (auth.AuthenticatedBasicUserActionAuthentication,)
     html_url = None
     http_method_names = ['get', 'post']  # GET is for redirect only
     renderer_classes = [JSONRenderer, StaticHTMLRenderer]