-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: API response for activating users returns 403 Forbidden #81
Comments
@isabelcosta This issue needs to be solved so that activating users will work from the frontend. |
Hey , Can I do this? |
@decon-harsh Please wait, The issue is to be verified by admin @isabelcosta first. |
@codesankalp the reproduce steps, could you be a little more clear on that. The request URL you show there is supposed to mean anything specific, or is it just a random URL? Will that be the same URL for another contributor running the project locally? |
@isabelcosta I have updated how to reproduce this issue. You can check |
@isabelcosta I think this is a one time url . Accessing it first time should give a message "Email confirmed" . Accessing again should give Invalid Link . This url is for confirmation of email. |
@codesankalp Since the labels got added , should I start the work? |
@codesankalp @isabelcosta I would like to work on this issue. |
@decon-harsh Since you are assigned to #78 I am assigning this to @Amulya-coder. |
Yeah sure , @Amulya-coder happy coding! |
@codesankalp can you please confirm me I have tried to reproduce the behaviour and it shows like this |
Yes, @Amulya-coder this is the issue as activation does not require any pre credentials for activating user, you have to make the activation method available without any auth credentials. |
Describe the bug
The backend is not able to handle the activate request and responds with:
To Reproduce
Steps to reproduce the behavior:
settings.py
change the email backend to console.EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
http://127.0.0.1:8000/api/token_auth/register/
by posting the below-mentioned data.http://localhost:3000/< uidb64 >/< token >
. (example: http://localhost:3000/Nw/5o6-b655d39d1a9b37aa56e2)http://127.0.0.1:8000/api/token_auth/activate/< uidb64 >/< token >/
(For example, it will resemble like this: http://127.0.0.1:8000/api/token_auth/activate/Nw/5o6-b655d39d1a9b37aa56e2), it must returnInvalid Link
oremail-confirmed
as a response but it returns the above-mentioned error.Expected behavior
Invalid Link or Email confirmed must be returned as a response.
This is due to the permission_classes in
token_auth/views/register.py
which is not able to patch permission class with custom methods like activate() which uses@api_view
.Screenshots
Desktop (please complete the following information):
How to solve?
Instead of adding the
permission_classes
variable use decorators separately.Reason:
permission_classes
doesn't patch with activate method. I also tried withpermission_classes_by_action
but it is also not working.The tested and working method is mentioned below:
The text was updated successfully, but these errors were encountered: