Merge pull request #57 from RandomProgramm3r/develop

feat: Refactor core logic and enhance security
 
This commit introduces a major refactoring of core application logic to improve modularity, performance, and security.

Key changes include:
 
- **Centralized Core Utilities:**
  - A new `core` application has been updated to house shared utilities.
  - `CustomLimitOffsetPagination` is now centralized in `core.pagination`.
  - A generic `bump_token_version` utility in `core.utils.auth` now handles token versioning for both User and Company models and includes cache invalidation.

 - **Performance and Security Enhancements:**
  - Implemented a caching layer for the authentication process. Authenticated user and company instances are now cached to reduce database queries.   
  - Strengthened password security by setting Argon2 as the default password hasher.
- **Code Simplification:**
  - Removed custom email validators in favor of relying on database integrity constraints (`try...except IntegrityError`), making the validation logic more robust and reducing boilerplate code.

- **Other changes:**
  - Remove unused imports from tests

Author: RandomProgramm3r

promo_code/business/serializers.py

@@ -12,9 +12,9 @@
 
 import business.constants
 import business.models
-import business.utils.auth
 import business.utils.tokens
 import business.validators
+import core.utils.auth
 
 
 class CompanySignUpSerializer(rest_framework.serializers.ModelSerializer):
@@ -36,12 +36,6 @@ class CompanySignUpSerializer(rest_framework.serializers.ModelSerializer):
         required=True,
         min_length=business.constants.COMPANY_EMAIL_MIN_LENGTH,
         max_length=business.constants.COMPANY_EMAIL_MAX_LENGTH,
-        validators=[
-            business.validators.UniqueEmailValidator(
-                'This email address is already registered.',
-                'email_conflict',
-            ),
-        ],
     )
 
     class Meta:
@@ -50,11 +44,20 @@ class Meta:
 
     @django.db.transaction.atomic
     def create(self, validated_data):
-        company = business.models.Company.objects.create_company(
-            **validated_data,
-        )
+        try:
+            company = business.models.Company.objects.create_company(
+                **validated_data,
+            )
+        except django.db.IntegrityError:
+            exc = rest_framework.exceptions.APIException(
+                detail={
+                    'email': 'This email address is already registered.',
+                },
+            )
+            exc.status_code = 409
+            raise exc
 
-        return business.utils.auth.bump_company_token_version(company)
+        return core.utils.auth.bump_token_version(company)
 
 
 class CompanySignInSerializer(rest_framework.serializers.Serializer):

promo_code/business/tests/auth/base.py

@@ -1,6 +1,5 @@
 import django.urls
 import rest_framework
-import rest_framework.status
 import rest_framework.test
 
 import business.models

promo_code/business/tests/auth/test_authentication.py

@@ -1,5 +1,4 @@
 import rest_framework.status
-import rest_framework.test
 
 import business.models
 import business.tests.auth.base

promo_code/business/tests/auth/test_registration.py

@@ -1,5 +1,4 @@
 import rest_framework.status
-import rest_framework.test
 
 import business.models
 import business.tests.auth.base

promo_code/business/tests/auth/test_tokens.py

@@ -1,5 +1,4 @@
 import rest_framework.status
-import rest_framework.test
 import rest_framework_simplejwt.tokens
 
 import business.models

promo_code/business/tests/auth/test_validation.py

@@ -1,6 +1,5 @@
 import parameterized
 import rest_framework.status
-import rest_framework.test
 
 import business.models
 import business.tests.auth.base

promo_code/business/utils/auth.py

@@ -1,28 +1,6 @@
 import rest_framework.exceptions
 
 import business.constants
-import business.models
-
-
-class UniqueEmailValidator:
-    def __init__(self, default_detail=None, default_code=None):
-        self.status_code = 409
-        self.default_detail = (
-            default_detail or 'This email address is already registered.'
-        )
-        self.default_code = default_code or 'email_conflict'
-
-    def __call__(self, value):
-        if business.models.Company.objects.filter(email=value).exists():
-            exc = rest_framework.exceptions.APIException(
-                detail={
-                    'status': 'error',
-                    'message': self.default_detail,
-                    'code': self.default_code,
-                },
-            )
-            exc.status_code = self.status_code
-            raise exc
 
 
 class PromoValidator:

promo_code/business/validators.py

@@ -10,11 +10,11 @@
 import rest_framework_simplejwt.views
 
 import business.models
-import business.pagination
 import business.permissions
 import business.serializers
-import business.utils.auth
 import business.utils.tokens
+import core.pagination
+import core.utils.auth
 import user.models
 
 
@@ -49,7 +49,7 @@ def post(self, request, *args, **kwargs):
         serializer.is_valid(raise_exception=True)
 
         company = serializer.validated_data['company']
-        company = business.utils.auth.bump_company_token_version(company)
+        company = core.utils.auth.bump_token_version(company)
 
         return rest_framework.response.Response(
             business.utils.tokens.generate_company_tokens(company),
@@ -75,7 +75,7 @@ class CompanyPromoListCreateView(rest_framework.generics.ListCreateAPIView):
         business.permissions.IsCompanyUser,
     ]
     # Pagination is only needed for GET (listing)
-    pagination_class = business.pagination.CustomLimitOffsetPagination
+    pagination_class = core.pagination.CustomLimitOffsetPagination
 
     _validated_query_params = {}