Account creation accepts verified users and blocks existing user

apps/accounts/serializers.py

@@ -46,6 +46,8 @@ class AccountRegisterSerializer(serializers.ModelSerializer):
             "phone_number",
             "area",
             "is_admin",
+            "is_verified",
+            "is_active",
         ]
 
     def validate_password(self, value):

apps/accounts/tests/test_units/test_accounts.py

@@ -113,6 +113,8 @@ class AccountViewTest(APITestCase):
             "phone_number": self.faker.phone_number(),
             "area": self.faker.city(),
             "is_admin": False,
+            "is_verified": True,
+            "is_active": True,
         }
 
         response = self.client.post(path=url, data=data, format="json",)
@@ -121,8 +123,13 @@ class AccountViewTest(APITestCase):
         self.assertEqual(response.status_code, status.HTTP_201_CREATED)
         self.assertEqual(officer_current_count, officer_prev_count + 1)
 
+        new_officer = Account.objects.filter(email=_account_id)[0]
+        self.assertTrue(new_officer.is_verified)
+        self.assertTrue(new_officer.is_active)
+
         # Have account creation log for the new officer
-        new_officer_id = Account.objects.filter(email=_account_id)[0].id
+        new_officer_id = new_officer.id
+
         response = self.client.get(self.LOGS_URL)
         response_string = response.rendered_content.decode("utf-8")
 
@@ -131,6 +138,22 @@ class AccountViewTest(APITestCase):
             f'"action_type":"{ACTIVITY_TYPE_CREATE}"', response_string
         )
 
+    def test_create_existing_user_fails(self):
+        url = self.BASE_URL
+        data = {
+            "name": self.faker.name(),
+            "username": "user_1",
+            "password": "justpass",
+            "email": self.faker.email(),
+            "phone_number": self.faker.phone_number(),
+            "area": self.faker.city(),
+            "is_admin": False,
+            "is_verified": True,
+            "is_active": True,
+        }
+        response = self.client.post(path=url, data=data, format="json",)
+        self.assertEqual(response.status_code, status.HTTP_409_CONFLICT)
+
     def test_create_new_account_fails_with_poor_password(self):
         url = self.BASE_URL
         _account_id = self.faker.email()

apps/accounts/views.py

@@ -55,13 +55,27 @@ class AccountViewSet(viewsets.ModelViewSet):
             return AccountRegisterSerializer
         return AccountSerializer
 
-    def perform_create(self, serializer):
+    def create(self, request):
+        serializer_class = self.get_serializer_class()
+        serializer = serializer_class(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
         username = serializer.validated_data.pop("username").lower()
         password = serializer.validated_data.pop("password")
 
+        if User.objects.filter(username=username).exists():
+            return Response(
+                {"username" : ["User with that username already exists."]},
+                status=status.HTTP_409_CONFLICT
+            )
+
         user = User.objects.create_user(username=username, password=password)
         Account.objects.create(user=user, **serializer.validated_data)
 
+        return Response(
+            serializer.data, status=status.HTTP_201_CREATED,
+        )
+
     def perform_update(self, serializer):
         serializer.save()
         if serializer.data["is_verified"] and serializer.data["is_active"]: