Merge pull request #87 from jitendra-ky/43-2-unactive-user

now user is not created until verified.
fix #43

Author: jitendra-ky

zserver/admin.py

@@ -1,10 +1,19 @@
 from django.contrib import admin
 
-from zserver.models import Message, Session, SignUpOTP, UserProfile
+from zserver.models import (
+    Message,
+    Session,
+    SignUpOTP,
+    UnverifiedUserProfile,
+    UserProfile,
+    VerifyUserOTP,
+)
 
 # Register your models here.
 admin.site.register(UserProfile)
 admin.site.register(SignUpOTP)
 admin.site.register(Session)
+admin.site.register(VerifyUserOTP)
+admin.site.register(UnverifiedUserProfile)
 
 admin.site.register(Message)

zserver/migrations/0005_unverifieduserprofile_verifyuserotp.py

@@ -0,0 +1,51 @@
+# Generated by Django 5.1.5 on 2025-05-19 19:51
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("zserver", "0004_message"),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="UnverifiedUserProfile",
+            fields=[
+                ("id", models.AutoField(primary_key=True, serialize=False)),
+                ("fullname", models.CharField(max_length=100)),
+                ("password", models.CharField(max_length=100)),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                ("updated_at", models.DateTimeField(auto_now=True)),
+                ("email", models.EmailField(max_length=100)),
+            ],
+            options={
+                "abstract": False,
+            },
+        ),
+        migrations.CreateModel(
+            name="VerifyUserOTP",
+            fields=[
+                (
+                    "id",
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name="ID",
+                    ),
+                ),
+                ("otp", models.CharField(max_length=6)),
+                ("created_at", models.DateTimeField(auto_now_add=True)),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        to="zserver.unverifieduserprofile",
+                    ),
+                ),
+            ],
+        ),
+    ]

zserver/models/user_profile.py

@@ -4,30 +4,51 @@
 from django.db import models
 
 
-# the UserProfile is the model that will be used to store the user's profile information
-class UserProfile(models.Model):
+# Base model for user profiles
+class BaseUserProfile(models.Model):
     id = models.AutoField(primary_key=True)
     fullname = models.CharField(max_length=100, blank=False, null=False)
     email = models.EmailField(max_length=100, blank=False, null=False, unique=True)
     password = models.CharField(max_length=100, blank=False, null=False)
     created_at = models.DateTimeField(auto_now_add=True, blank=False, null=False)
     updated_at = models.DateTimeField(auto_now=True, blank=False, null=False)
-    is_active = models.BooleanField(default=False, blank=False, null=False)
+
+    class Meta:
+        """make this model abstract so that it doesn't create a table."""
+
+        abstract = True # don't create a table for this model
 
     def __str__(self) -> str:
         """Return the email of the user."""
         return self.email
 
+    def is_password_valid(self, password: str) -> bool:
+        """Check if the provided password is valid."""
+        return self.password == password
+
+
+# Model for verified user profiles
+class UserProfile(BaseUserProfile):
+    is_active = models.BooleanField(default=False, blank=False, null=False)
+
     def generate_otp(self) -> str:
         """Generate a 6-digit OTP for the user."""
         generated_opt = "".join(random.choices(string.digits, k=6))
         otp = SignUpOTP(user=self, otp=generated_opt)
         otp.save()
         return generated_opt
 
-    def is_password_valid(self, password: str) -> bool:
-        """Check if the provided password is valid."""
-        return self.password == password
+
+# Model for unverified user profiles
+class UnverifiedUserProfile(BaseUserProfile):
+    email = models.EmailField(max_length=100, blank=False, null=False, unique=False)
+
+    def generate_otp(self) -> str:
+        """Generate a 6-digit OTP for the user."""
+        generated_opt = "".join(random.choices(string.digits, k=6))
+        otp = VerifyUserOTP(user=self, otp=generated_opt)
+        otp.save()
+        return generated_opt
 
 
 # let's create a signup otp model
@@ -41,6 +62,17 @@ def __str__(self) -> str:
         return self.user.email
 
 
+# let's create a VerifyUserOTP model
+class VerifyUserOTP(models.Model):
+    user = models.ForeignKey(UnverifiedUserProfile, on_delete=models.CASCADE)
+    otp = models.CharField(max_length=6, blank=False, null=False)
+    created_at = models.DateTimeField(auto_now_add=True, blank=False, null=False)
+
+    def __str__(self) -> str:
+        """Return the email of the user associated with the OTP."""
+        return self.user.email + " " + self.otp
+
+
 # let's create a modle for login sessions
 class Session(models.Model):
     user = models.ForeignKey(UserProfile, on_delete=models.CASCADE)

zserver/serializers/user_profile.py

@@ -1,6 +1,6 @@
 from rest_framework import serializers
 
-from zserver.models import Session, SignUpOTP, UserProfile
+from zserver.models import Session, SignUpOTP, UnverifiedUserProfile, UserProfile, VerifyUserOTP
 
 
 # Serializer class for the UserProfile model
@@ -19,12 +19,6 @@ class Meta:
             "password": {"write_only": True},  # Make the password field write-only
         }
 
-    def create(self, validated_data: dict) -> UserProfile:
-        """Create a new user profile and generate OTP."""
-        user = UserProfile.objects.create(**validated_data)
-        user.generate_otp()
-        return user
-
     def update(self, instance: UserProfile, validated_data: dict) -> UserProfile:
         """Update an existing user profile."""
         instance.fullname = validated_data.get("fullname", instance.fullname)
@@ -34,14 +28,46 @@ def update(self, instance: UserProfile, validated_data: dict) -> UserProfile:
         return instance
 
 
-# Serializer class for the SignUpOTP model
-class SignUpOTPSerializer(serializers.ModelSerializer):
+# Serializer class for the UnverifiedUserProfile model
+class UnverifiedUserProfileSerializer(serializers.ModelSerializer):
+    class Meta:
+        """Meta class to specify the model and fields to be serialized."""
+
+        model = UnverifiedUserProfile
+        fields = [
+            "fullname",
+            "email",
+            "password",
+        ]  # Fields to be included in the serialization
+        extra_kwargs = {
+            "password": {"write_only": True},  # Make the password field write-only
+        }
+
+    def validate_email(self, value: str) -> str:
+        """Validate that the email is not already in use."""
+        if UserProfile.objects.filter(email=value).exists():
+            raise serializers.ValidationError("Email is already in use.")
+        return value
+
+    def create(self, validated_data: dict) -> UnverifiedUserProfile:
+        """Create a new unverified user profile."""
+        if UnverifiedUserProfile.objects.filter(email=validated_data["email"]).exists():
+            UnverifiedUserProfile.objects.filter(email=validated_data["email"]).delete()
+        # Create a new unverified user profile
+        # and generate an OTP for verification
+        user = UnverifiedUserProfile.objects.create(**validated_data)
+        user.generate_otp()
+        return user
+
+
+# serializer for VerifyUserOTP model
+class VerifyUserOTPSerializer(serializers.ModelSerializer):
     email = serializers.EmailField(max_length=100)
 
     class Meta:
         """Meta class to specify the model and fields to be serialized."""
 
-        model = SignUpOTP
+        model = VerifyUserOTP
         fields = ["otp", "email"]
 
     def validate(self, data: dict) -> dict:
@@ -50,13 +76,13 @@ def validate(self, data: dict) -> dict:
         otp = data.get("otp")
 
         try:
-            user = UserProfile.objects.get(email=email)
-        except UserProfile.DoesNotExist as err:
+            user = UnverifiedUserProfile.objects.get(email=email)
+        except UnverifiedUserProfile.DoesNotExist as err:
             raise serializers.ValidationError({"email": "User does not exist."}) from err
 
         try:
-            user_otp = SignUpOTP.objects.get(user=user)
-        except SignUpOTP.DoesNotExist as err:
+            user_otp = VerifyUserOTP.objects.get(user=user)
+        except VerifyUserOTP.DoesNotExist as err:
             raise serializers.ValidationError({"otp": "OTP does not exist."}) from err
 
         if user_otp.otp != otp:
@@ -66,16 +92,18 @@ def validate(self, data: dict) -> dict:
         data["user_otp"] = user_otp
         return data
 
-    def make_user_active(self) -> None:
-        """Activate the user."""
+    def signup_user(self) -> None:
+        """Add user to UserProfile table and delete the OTP."""
         user = self.validated_data["user"]
-        user.is_active = True
-        user.save()
-
-    def delete_otp(self) -> None:
-        """Delete the OTP."""
-        user_otp = self.validated_data["user_otp"]
-        user_otp.delete()
+        user_profile = UserProfile(
+            fullname=user.fullname,
+            email=user.email,
+            password=user.password,
+        )
+        user_profile.is_active = True
+        user_profile.save()
+        user.delete()
+        self.validated_data["user_otp"].delete()
 
 
 class SessionSerializer(serializers.Serializer):

zserver/tests/user_profile.py

@@ -3,7 +3,7 @@
 from rest_framework import status
 from rest_framework.test import APIClient
 
-from zserver.models import Session, SignUpOTP, UserProfile
+from zserver.models import Session, SignUpOTP, UnverifiedUserProfile, UserProfile, VerifyUserOTP
 
 
 class UserProfileViewTest(TestCase):
@@ -83,24 +83,29 @@ def test_create_user_profile(self):
         self.assertEqual(response.data["email"], new_user["email"])
         # now check the user is created and opt is generated
         try:
-            user = UserProfile.objects.get(email=new_user["email"])
+            user = UnverifiedUserProfile.objects.get(email=new_user["email"])
             print("User created successfully")
-        except UserProfile.DoesNotExist:
+        except UnverifiedUserProfile.DoesNotExist:
             self.fail("User not created")
         try:
-            SignUpOTP.objects.get(user=user)
+            VerifyUserOTP.objects.get(user=user)
             print("OTP generated successfully")
-        except SignUpOTP.DoesNotExist:
+        except VerifyUserOTP.DoesNotExist:
             self.fail("OTP not generated")
 
         # this will send a post request to create a user that already exits
-        response = self.client.post(self.user_url, new_user)
+        existed_user = {
+            "fullname": self.active_user_without_session.fullname,
+            "email": self.active_user_without_session.email,
+            "password": self.active_user_without_session.password,
+        }
+        response = self.client.post(self.user_url, existed_user)
         print(f"POST response status: {response.status_code}")
         print(f"POST response data: {response.data}")
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
         self.assertEqual(
             response.data["email"][0],
-            "user profile with this email already exists.",
+            "Email is already in use.",
         )
 
     def test_update_user_profile(self):
@@ -280,7 +285,7 @@ def test_get(self):
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
 
 
-class SignUpOTPTest(TestCase):
+class VerifyUserOTPTest(TestCase):
 
     def setUp(self):
         """Set up test data for SignUpOTPTest."""
@@ -302,7 +307,7 @@ def setUp(self):
     def test_post(self):
         """Test verifying OTP and activating the user."""
         # first send the post request to create a user on 'user-profile' endpoint
-        # then read teh otp from the 'SignUpOTP' model
+        # then read teh otp from the 'VerifyUserOTP' model
         # then test the current endpoint by sending post request with the otp
 
         # create a user
@@ -314,8 +319,8 @@ def test_post(self):
         response = self.client.post(reverse("user-profile"), new_user)
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
         # get the otp
-        user = UserProfile.objects.get(email=new_user["email"])
-        otp = SignUpOTP.objects.get(user=user)
+        user = UnverifiedUserProfile.objects.get(email=new_user["email"])
+        otp = VerifyUserOTP.objects.get(user=user)
         # test the otp
         data = {"email": new_user["email"], "otp": otp.otp}
         response = self.client.post(self.endpoint, data)

zserver/urls.py

@@ -13,12 +13,12 @@
 
     path("api/user-profile/", views.UserProfileView.as_view(), name="user-profile"),
     path("api/sign-in/", views.SignInView.as_view(), name="sign-in"),
-    path("api/sign-up-otp/", views.SignUpOTPView.as_view(), name="sign-up-otp"),
     path("api/forgot-password/", views.ForgotPasswordView.as_view(), name="forgot-password"),
     path("api/reset-password/", views.ResetPasswordView.as_view(), name="reset-password"),
     path("api/messages/", views.MessageView.as_view(), name="messages"),
     path("api/contacts/", views.ContactView.as_view(), name="contacts"),
     path("api/all-users/", views.AllUsersView.as_view(), name="all-users"),
+    path("api/sign-up-otp/", views.VerifyUserOTPView.as_view(), name="sign-up-otp"),
 
     path("google-login/", views.GoogleLoginView.as_view(), name="google_login"),
 ]

zserver/views/user_profile.py

@@ -15,8 +15,9 @@
     ForgotPasswordSerializer,
     ResetPasswordSerializer,
     SessionSerializer,
-    SignUpOTPSerializer,
+    UnverifiedUserProfileSerializer,
     UserProfileSerializer,
+    VerifyUserOTPSerializer,
 )
 from zserver.utils import get_env_var
 
@@ -39,7 +40,7 @@ def get(self, request: Request) -> Response:
 
     def post(self, request: Request) -> Response:
         """Create a new user profile."""
-        serializer = UserProfileSerializer(data=request.data)
+        serializer = UnverifiedUserProfileSerializer(data=request.data)
         if serializer.is_valid():
             serializer.save()
             return Response(serializer.data, status=status.HTTP_201_CREATED)
@@ -100,14 +101,13 @@ def post(self, request: Request) -> Response:
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
 
-class SignUpOTPView(APIView):
+class VerifyUserOTPView(APIView):
 
     def post(self, request: Request) -> Response:
-        """Verify OTP and activate the user."""
-        serializer = SignUpOTPSerializer(data=request.data)
+        """Verify OTP and signup user."""
+        serializer = VerifyUserOTPSerializer(data=request.data)
         if serializer.is_valid():
-            serializer.make_user_active()
-            serializer.delete_otp()
+            serializer.signup_user()
             return Response(status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)