refactor(authentication): enhance header usage and verification checks

- Allowed the use of the auth header from settings in `authentication.py`.
- Improved handling of email and phone verification checks.

Author: khashashin

django_appwrite/authentication.py

@@ -1,49 +1,19 @@
-from django.conf import settings
 from rest_framework.authentication import BaseAuthentication
-from rest_framework.exceptions import AuthenticationFailed
-from django.contrib.auth import get_user_model, authenticate
-from appwrite.services.account import Account
 
-from django_appwrite.utilities import initialize_appwrite_client, get_appwrite_settings, log_error
-
-User = get_user_model()
+from django_appwrite.utilities import get_appwrite_settings, extract_token, \
+    get_appwrite_user_info, check_verification, get_or_create_django_user
 
 
 class AppwriteAuthentication(BaseAuthentication):
     def authenticate(self, request):
-        # Extract the Appwrite token from the request headers
-        auth_header = request.headers.get('Authorization')
-        if not auth_header or not auth_header.startswith('Bearer '):
-            return None  # No authentication attempt
-
-        token = auth_header.split('Bearer ')[1]
-
-        # Verify the token with Appwrite
-        client = initialize_appwrite_client()
-        client.set_jwt(token)
-
-        try:
-            user_info = Account(client).get()
-        except Exception as e:
-            if settings.DEBUG:
-                log_error(e)
-            raise AuthenticationFailed('Invalid Appwrite token or other Appwrite authentication issue.')
-
         appwrite_settings = get_appwrite_settings()
+        token = extract_token(request, appwrite_settings)
 
-        email = appwrite_settings['prefix_email'] + user_info['email']
-        password = settings.SECRET_KEY + user_info['$id']
-
-        username_field = getattr(User, 'USERNAME_FIELD', 'username')
-
-        # Get or create a corresponding Django user
-        django_user = User.objects.filter(**{username_field: email}).first()
-        if not django_user:
-            User.objects.create_user(**{username_field: email, 'password': password})
+        # Verify the token with Appwrite
+        user_info = get_appwrite_user_info(token)
 
-        # Ensure the user can be authenticated with Django's system
-        auth_user = authenticate(request, **{username_field: email, 'password': password})
-        if not auth_user:
-            raise AuthenticationFailed('The user could not be authenticated with Django.')
+        # Check email and phone verification
+        check_verification(user_info, appwrite_settings)
 
-        return auth_user, token
+        # Authenticate or create Django user
+        return get_or_create_django_user(request, user_info, appwrite_settings), token

django_appwrite/utilities.py

@@ -1,5 +1,10 @@
 from django.conf import settings
+from django.contrib.auth import get_user_model, authenticate
 from appwrite.client import Client
+from appwrite.services.account import Account
+from rest_framework.exceptions import AuthenticationFailed
+
+User = get_user_model()
 
 
 def get_appwrite_settings():
@@ -44,3 +49,55 @@ def log_error(e):
     import logging
     logger = logging.getLogger('django')
     logger.error('Error: ', e)
+
+
+def check_verification(user_info, appwrite_settings):
+    if appwrite_settings['verify_email'] and not user_info['emailVerification']:
+        raise AuthenticationFailed('Email not verified.')
+    if appwrite_settings['verify_phone'] and not user_info['phoneVerification']:
+        raise AuthenticationFailed('Phone not verified.')
+
+
+def get_or_create_django_user(request, user_info, appwrite_settings):
+    email = appwrite_settings['prefix_email'] + user_info['email']
+    password = settings.SECRET_KEY + user_info['$id']
+    username_field = getattr(User, 'USERNAME_FIELD', 'username')
+
+    # Get or create a corresponding Django user
+    django_user = User.objects.filter(**{username_field: email}).first()
+    if not django_user:
+        User.objects.create_user(**{username_field: email, 'password': password})
+
+    auth_user = authenticate(request, **{username_field: email, 'password': password})
+    if not auth_user:
+        raise AuthenticationFailed('The user could not be authenticated with Django.')
+
+    return auth_user
+
+
+def _log_error(message, exception=None):
+    if settings.DEBUG:
+        log_error(message)
+        if exception:
+            log_error(str(exception))
+
+
+def get_appwrite_user_info(token):
+    client = initialize_appwrite_client()
+    client.set_jwt(token)
+    try:
+        return Account(client).get()
+    except Exception as e:
+        _log_error(e)
+        raise AuthenticationFailed('Invalid Appwrite token or other Appwrite authentication issue.')
+
+
+def extract_token(request, appwrite_settings):
+    try:
+        auth_header = request.headers.get(appwrite_settings['auth_header'])
+        if not auth_header or 'Bearer ' not in auth_header:
+            raise ValueError("Bearer token missing, make sure you're using the correct auth header.")
+        return auth_header.split('Bearer ')[1]
+    except (ValueError, IndexError) as e:
+        _log_error('AppwriteAuthentication: cannot extract token from request headers.', e)
+        return None