User V2 API endpoint

[paolodamico]

Changes

This PR introduces a brand-new /api/users/@me/ endpoint. Instead of a full refactor, we introduce the new endpoint while keeping support for the old one for a little while. While we've known for a while this refactor is needed, this is motivated because now it has become a blocker for some teams that have a ton of events and/or event properties (see Slack thread).

This PR is already on the larger end of things, as such, I've decided to split this whole refactor, and this particular PR only includes backend changes.

Please don't be scared by the number of file changes or lines. Most lines are tests and the large number of file changes is mostly due to a simple name refactoring of the UserSerializer (see below).

Detailed changes

• The new /api/users/@me/ endpoint is now built with DRF serializers and views. Among other things we pay special attention to the nested properties included (to reduce them to the minimum). A random sample in production shows a 50x+ reduction in payload size (while this data is still loaded in the frontend, it is no longer blocking to render the app).
  • Particularly worth noting, we no longer include heavy properties in the payload [particular related to the Team object] (e.g. team.event_names, team.event_properties, team.event_properties_numerical, team.event_names_with_usage).
  • The endpoint fully supports the relevant parts of the user object, including changing the current organization, current team & password (with special logic handling, i.e. password changing requires sending the current_password).
  • Related to the above, we make sure users cannot set current organization or teams that don't make sense (e.g. setting a team that doesn't belong to the organization being set).
  • Nested updates are no longer supported (deliberate decision). To update the Team or Organization the respective endpoints need to be used.
• Instance-based properties that were previously being sent in the legacy endpoint are now sent in the preflight check response (e.g. is_debug, email_service_available, is_event_property_usage_enabled, posthog_version).
• All event reporting and instrumentation is kept as is (i.e. we send an async $identify to update the user on every API hit). We also introduce a user updated backend event.
• We add a uuid property (UUIDT) to the User model to start using as key in API requests.
• The previously existing UserSerializer is refactored to UserBasicSerializer to properly reflect the goal and composition of this serializer. This serializer is now used for any nested properties (e.g. used for created_by in multiple endpoints).
• Removed the unused last_name attribute from User model (part of Django's base AbstractUser).

New API response (GET /api/users/@me/)

{
  "id": "01788ed8-6d2d-0000-ccdb-d8e17589b1ea",
  "distinct_id": "kOyAmTq2McfCD5XvqwjKf8m6GVecm9uN0L0ypEoRN50",
  "first_name": "Jane",
  "email": "test@posthog.com",
  "email_opt_in": true,
  "anonymize_data": false,
  "toolbar_mode": "toolbar",
  "has_password": true,
  "is_staff": false,
  "is_impersonated": false,
  "team": {
    "id": 1,
    "uuid": "01787e47-55d7-0000-6976-b893a03aaba8",
    "organization": "01787e47-5558-0000-bae1-6bc513b42abe",
    "api_token": "dtrwW0uEC7LwVx64RmZmqog_XjU0nXWuEK1d1ZpjteQ",
    "name": "HogFlix Demo App",
    "completed_snippet_onboarding": true,
    "ingested_event": true,
    "is_demo": true,
    "timezone": "UTC"
  },
  "organization": {
    "id": "01787e47-5558-0000-bae1-6bc513b42abe",
    "name": "Hogflix Movies",
    "created_at": "2021-03-29T13:58:27.416616Z",
    "updated_at": "2021-03-29T13:58:57.067131Z",
    "membership_level": 15,
    "personalization": {
      "role": "engineer",
      "products": ["web", "website"],
      "technical": "technical"
    },
    "setup": {
      "is_active": true,
      "current_section": 1,
      "any_project_ingested_events": false,
      "any_project_completed_snippet_onboarding": false,
      "non_demo_team_id": null,
      "has_invited_team_members": true
    },
    "plugins_access_level": 9,
    "teams": [
      {
        "id": 1,
        "uuid": "01787e47-55d7-0000-6976-b893a03aaba8",
        "organization": "01787e47-5558-0000-bae1-6bc513b42abe",
        "api_token": "dtrwW0uEC7LwVx64RmZmqog_XjU0nXWuEK1d1ZpjteQ",
        "name": "HogFlix Demo App",
        "completed_snippet_onboarding": true,
        "ingested_event": true,
        "is_demo": true,
        "timezone": "UTC"
      }
    ],
    "available_features": []
  },
  "organizations": [
    { "id": "01787e47-5558-0000-bae1-6bc513b42abe", "name": "Hogflix Movies" }
  ]
}

Additional context

• What this will permit on the front-end is that we'll only require the /api/user/ & /_preflight endpoints to be loaded to be able to display the app, instead of requiring this plus, /api/projects/@current/, /api/organizations/@current/ plus the billing information. These two required endpoints are significantly lighter and faster than they were before. The rest of the info will be loaded without blocking the entire page render. Relevant local components will display a local loading state.

Checklist

• All querysets/queries filter by Organization, by Team, and by User
• Django backend tests
• Jest frontend tests. Not applicable.
• Cypress end-to-end tests. Not applicable.

[sentry-io]

Sentry issue: POSTHOG-2KR

[EDsCODE]

small comments but lgtm!

[EDsCODE]

Could move this in separate file to keep files smaller

[paolodamico]

Well I actually think this is the class that makes sense keeping here. The other one is just a legacy class to be kept around until we remove the old endpoint.

[paolodamico]

Thanks for the review @EDsCODE! Would you mind taking another quick look? I've fixed merged conflicts, address your feedback, and some minor tweaks that came up while updating the frontend.

[Twixes]

This is great, just got some questions regarding routing

[paolodamico]

Ready for one final look @Twixes

[Twixes]

Some picking of nits

[Twixes]

👍