refactor(user auth): improve DRF serializers and validation

RandomProgramm3r · RandomProgramm3r · commit a8859af4604a · 2025-04-30T14:39:38.000+03:00
- Extract “magic” numbers and messages into top-level constants for clarity
- Replace custom JSONField validator with nested `OtherFieldSerializer`
  that handles `age` and ISO 3166 country code validation
- Refactor `SignInSerializer`:
  - Use `F()` expressions and `update_fields` to atomically bump `token_version`
  - Extract token blacklisting into `blacklist_other_tokens` with bulk_create
  - Convert `get_token` to `@classmethod`, adding `token_version` claim
- Clean up `SignUpSerializer`:
  - Use nested `OtherFieldSerializer` for `other` JSON
  - Simplify `create()` logic and handle Django `ValidationError` correctly
- Removed redundant imports
diff --git a/promo_code/user/constants.py b/promo_code/user/constants.py
@@ -0,0 +1,18 @@
+AGE_MIN = 0
+AGE_MAX = 100
+
+COUNTRY_CODE_LENGTH = 2
+
+PASSWORD_MIN_LENGTH = 8
+PASSWORD_MAX_LENGTH = 60
+
+NAME_MIN_LENGTH = 1
+NAME_MAX_LENGTH = 100
+
+SURNAME_MIN_LENGTH = 1
+SURNAME_MAX_LENGTH = 120
+
+EMAIL_MIN_LENGTH = 8
+EMAIL_MAX_LENGTH = 120
+
+AVATAR_URL_MAX_LENGTH = 350
diff --git a/promo_code/user/models.py b/promo_code/user/models.py
@@ -2,6 +2,8 @@
 import django.db.models
 import django.utils.timezone
 
+import user.constants
+
 
 class UserManager(django.contrib.auth.models.BaseUserManager):
     def create_user(self, email, name, surname, password=None, **extra_fields):
@@ -36,13 +38,20 @@ class User(
     django.contrib.auth.models.AbstractBaseUser,
     django.contrib.auth.models.PermissionsMixin,
 ):
-    email = django.db.models.EmailField(unique=True, max_length=120)
-    name = django.db.models.CharField(max_length=100)
-    surname = django.db.models.CharField(max_length=120)
+    email = django.db.models.EmailField(
+        unique=True,
+        max_length=user.constants.EMAIL_MAX_LENGTH,
+    )
+    name = django.db.models.CharField(
+        max_length=user.constants.NAME_MAX_LENGTH,
+    )
+    surname = django.db.models.CharField(
+        max_length=user.constants.SURNAME_MAX_LENGTH,
+    )
     avatar_url = django.db.models.URLField(
         blank=True,
         null=True,
-        max_length=350,
+        max_length=user.constants.AVATAR_URL_MAX_LENGTH,
     )
     other = django.db.models.JSONField(default=dict)
 
diff --git a/promo_code/user/serializers.py b/promo_code/user/serializers.py
@@ -1,40 +1,67 @@
 import django.contrib.auth.password_validation
 import django.core.exceptions
 import django.core.validators
+import django.db.models
+import pycountry
 import rest_framework.exceptions
 import rest_framework.serializers
-import rest_framework.status
 import rest_framework_simplejwt.serializers
 import rest_framework_simplejwt.token_blacklist.models as tb_models
 import rest_framework_simplejwt.tokens
 
+import user.constants
 import user.models as user_models
 import user.validators
 
 
+class OtherFieldSerializer(rest_framework.serializers.Serializer):
+    age = rest_framework.serializers.IntegerField(
+        required=True,
+        min_value=user.constants.AGE_MIN,
+        max_value=user.constants.AGE_MAX,
+    )
+    country = rest_framework.serializers.CharField(
+        required=True,
+        max_length=user.constants.COUNTRY_CODE_LENGTH,
+        min_length=user.constants.COUNTRY_CODE_LENGTH,
+    )
+
+    def validate(self, value):
+        country = value['country'].upper()
+
+        try:
+            pycountry.countries.lookup(country)
+        except LookupError:
+            raise rest_framework.serializers.ValidationError(
+                'Invalid ISO 3166-1 alpha-2 country code.',
+            )
+
+        return value
+
+
 class SignUpSerializer(rest_framework.serializers.ModelSerializer):
     password = rest_framework.serializers.CharField(
         write_only=True,
         required=True,
         validators=[django.contrib.auth.password_validation.validate_password],
-        max_length=60,
-        min_length=8,
+        max_length=user.constants.PASSWORD_MAX_LENGTH,
+        min_length=user.constants.PASSWORD_MIN_LENGTH,
         style={'input_type': 'password'},
     )
     name = rest_framework.serializers.CharField(
         required=True,
-        min_length=1,
-        max_length=100,
+        min_length=user.constants.NAME_MIN_LENGTH,
+        max_length=user.constants.NAME_MAX_LENGTH,
     )
     surname = rest_framework.serializers.CharField(
         required=True,
-        min_length=1,
-        max_length=120,
+        min_length=user.constants.SURNAME_MIN_LENGTH,
+        max_length=user.constants.SURNAME_MAX_LENGTH,
     )
     email = rest_framework.serializers.EmailField(
         required=True,
-        min_length=8,
-        max_length=120,
+        min_length=user.constants.EMAIL_MIN_LENGTH,
+        max_length=user.constants.EMAIL_MAX_LENGTH,
         validators=[
             user.validators.UniqueEmailValidator(
                 'This email address is already registered.',
@@ -44,15 +71,12 @@ class SignUpSerializer(rest_framework.serializers.ModelSerializer):
     )
     avatar_url = rest_framework.serializers.CharField(
         required=False,
-        max_length=350,
+        max_length=user.constants.AVATAR_URL_MAX_LENGTH,
         validators=[
             django.core.validators.URLValidator(schemes=['http', 'https']),
         ],
     )
-    other = rest_framework.serializers.JSONField(
-        required=True,
-        validators=[user.validators.OtherFieldValidator()],
-    )
+    other = OtherFieldSerializer(required=True)
 
     class Meta:
         model = user_models.User
@@ -94,13 +118,14 @@ class SignInSerializer(
     def validate(self, attrs):
         user = self.authenticate_user(attrs)
 
-        self.update_token_version(user)
+        user.token_version = django.db.models.F('token_version') + 1
+        user.save(update_fields=['token_version'])
 
         data = super().validate(attrs)
 
         refresh = rest_framework_simplejwt.tokens.RefreshToken(data['refresh'])
 
-        self.invalidate_previous_tokens(user, refresh['jti'])
+        self.blacklist_other_tokens(user, refresh['jti'])
 
         return data
 
@@ -128,19 +153,18 @@ def authenticate_user(self, attrs):
 
         return user
 
-    def invalidate_previous_tokens(self, user, current_jti):
-        outstanding_tokens = tb_models.OutstandingToken.objects.filter(
-            user=user,
-        ).exclude(jti=current_jti)
-
-        for token in outstanding_tokens:
-            tb_models.BlacklistedToken.objects.get_or_create(token=token)
-
-    def update_token_version(self, user):
-        user.token_version += 1
-        user.save()
+    def blacklist_other_tokens(self, user, current_jti):
+        qs = tb_models.OutstandingToken.objects.filter(user=user).exclude(
+            jti=current_jti,
+        )
+        blacklisted = [tb_models.BlacklistedToken(token=tok) for tok in qs]
+        tb_models.BlacklistedToken.objects.bulk_create(
+            blacklisted,
+            ignore_conflicts=True,
+        )
 
-    def get_token(self, user):
+    @classmethod
+    def get_token(cls, user):
         token = super().get_token(user)
         token['token_version'] = user.token_version
         return token
diff --git a/promo_code/user/validators.py b/promo_code/user/validators.py
@@ -1,6 +1,4 @@
-import pycountry
 import rest_framework.exceptions
-import rest_framework.serializers
 
 import user.models
 
@@ -24,69 +22,3 @@ def __call__(self, value):
             )
             exc.status_code = self.status_code
             raise exc
-
-
-class OtherFieldValidator(rest_framework.serializers.Serializer):
-    """
-    Validates JSON fields:
-    - age (required, 0-100)
-    - country (required, valid ISO 3166-1 alpha-2)
-    """
-
-    country_codes = {c.alpha_2 for c in pycountry.countries}
-
-    age = rest_framework.serializers.IntegerField(
-        required=True,
-        min_value=0,
-        max_value=100,
-        error_messages={
-            'required': 'This field is required.',
-            'invalid': 'Must be an integer.',
-            'min_value': 'Must be between 0 and 100.',
-            'max_value': 'Must be between 0 and 100.',
-        },
-    )
-
-    country = rest_framework.serializers.CharField(
-        required=True,
-        max_length=2,
-        min_length=2,
-        error_messages={
-            'required': 'This field is required.',
-            'blank': 'Must be a 2-letter ISO code.',
-            'max_length': 'Must be a 2-letter ISO code.',
-            'min_length': 'Must be a 2-letter ISO code.',
-        },
-    )
-
-    def validate_country(self, value):
-        country = value.upper()
-        if country not in self.country_codes:
-            raise rest_framework.serializers.ValidationError(
-                'Invalid ISO 3166-1 alpha-2 country code.',
-            )
-
-        return country
-
-    def __call__(self, value):
-        if not isinstance(value, dict):
-            raise rest_framework.serializers.ValidationError(
-                {'non_field_errors': ['Must be a JSON object']},
-            )
-
-        missing_fields = [
-            field
-            for field in self.fields
-            if field not in value or value.get(field) in (None, '')
-        ]
-
-        if missing_fields:
-            raise rest_framework.serializers.ValidationError(
-                dict.fromkeys(missing_fields, 'This field is required.'),
-            )
-
-        serializer = self.__class__(data=value)
-        if not serializer.is_valid():
-            raise rest_framework.serializers.ValidationError(serializer.errors)
-
-        return value
