Merge pull request #211 from bounswe/improved-profiles-users

Improved user registration, update and view profile APIs (resolves #204)
bounswe · Dec 2, 2021 · 8357a10 · 8357a10
2 parents eda5bcb + ffba1f7
commit 8357a10
Show file tree

Hide file tree

Showing 10 changed files with 51 additions and 30 deletions.
diff --git a/backend/app/settings.py b/backend/app/settings.py
@@ -91,7 +91,7 @@
 
         'PASSWORD': os.environ.get('POSTGRES_PASSWORD', None),
 
-        'HOST': 'database', #'localhost' if DEBUG else 'database',
+        'HOST': 'localhost' if DEBUG else 'database',
 
         'PORT': '5432',
 
@@ -145,9 +145,10 @@
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': (
         'rest_framework.permissions.IsAuthenticated',
+        'rest_framework.permissions.AllowAny',
     ),
     'DEFAULT_AUTHENTICATION_CLASSES': (
-'rest_framework_simplejwt.authentication.JWTAuthentication',
+        'rest_framework_simplejwt.authentication.JWTAuthentication',
     ),  #
 }
 SIMPLE_JWT = {
@@ -156,11 +157,12 @@
     'ROTATE_REFRESH_TOKENS': True,
     'BLACKLIST_AFTER_ROTATION': False,
     'ALGORITHM': 'HS256',
+    'UPDATE_LAST_LOGIN': True,
     'SIGNING_KEY': SECRET_KEY,
     'VERIFYING_KEY': None,
-    'AUTH_HEADER_TYPES': ('JWT',),
-    'USER_ID_FIELD': 'id',
-    'USER_ID_CLAIM': 'user_id',
+    'AUTH_HEADER_TYPES': ('JWT','Bearer', ),
+    'USER_ID_FIELD': 'username',
+    'USER_ID_CLAIM': 'username',
     'AUTH_TOKEN_CLASSES': ('rest_framework_simplejwt.tokens.AccessToken',),
     'TOKEN_TYPE_CLAIM': 'token_type',
 }

diff --git a/backend/authentication/migrations/__init__.py b/backend/authentication/migrations/__init__.py
diff --git a/backend/authentication/models.py b/backend/authentication/models.py
@@ -1,3 +1,4 @@
+from datetime import datetime
 from django.contrib.auth.models import AbstractUser
 from django.dispatch import receiver
 from django.db import models
@@ -24,7 +25,7 @@ def password_reset_token_created(sender, instance, reset_password_token, *args,
 class User(AbstractUser):
     bio = models.TextField(default="")
 
-    birthday = models.DateTimeField(auto_now_add=True, blank=True)
+    birthday = models.DateField(default=datetime.now, blank=True)
 
     avatar = models.TextField(default="")
     location = models.TextField(default="")

diff --git a/backend/authentication/serializers.py b/backend/authentication/serializers.py
@@ -6,7 +6,8 @@
 class UserSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
-        fields = '__all__'
+        fields = ['username', 'email', 'password', 'first_name', 'last_name',
+                'email', 'location', 'birthday']
         extra_kwargs = {'password': {'write_only': True}}
 
     def create(self, validated_data):

diff --git a/backend/authentication/views.py b/backend/authentication/views.py
@@ -1,18 +1,10 @@
-from django.shortcuts import render
 from rest_framework import status, permissions
-from rest_framework.response import Response
-from rest_framework.views import APIView
+from rest_framework import generics
+from .models import User
 
 from .serializers import UserSerializer
 
-class UserCreate(APIView):
+class UserCreate(generics.CreateAPIView):
     permission_classes = (permissions.AllowAny,)
-
-    def post(self, request, format='json'):
-        serializer = UserSerializer(data=request.data)
-        if serializer.is_valid():
-            user = serializer.save()
-            if user:
-                json = serializer.data
-                return Response(json, status=status.HTTP_201_CREATED)
-        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+    queryset = User.objects.all()
+    serializer_class = UserSerializer
diff --git a/backend/eventposts/migrations/__init__.py b/backend/eventposts/migrations/__init__.py
diff --git a/backend/profiles/migrations/__init__.py b/backend/profiles/migrations/__init__.py
diff --git a/backend/profiles/serializers.py b/backend/profiles/serializers.py
@@ -6,4 +6,11 @@ class Meta:
         model = User
         fields = ('first_name', 'last_name',
                   'bio', 'fav_sport_1', 'fav_sport_2', 'fav_sport_3',
-                  'location')
+                  'location')
+
+class ProfileUpdateSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = User
+        fields = ('first_name', 'last_name',
+                  'bio', 'fav_sport_1', 'fav_sport_2', 'fav_sport_3',
+                  'location', 'avatar', 'privacy')
diff --git a/backend/profiles/urls.py b/backend/profiles/urls.py
@@ -3,4 +3,5 @@
 
 urlpatterns = [
     path('<str:username>/', views.ProfileView.as_view(), name="ProfileGet"),
+    path('<str:username>/update', views.ProfileUpdateView.as_view(), name="ProfileUpdate")
 ]
diff --git a/backend/profiles/views.py b/backend/profiles/views.py
@@ -2,17 +2,34 @@
 
 # Create your views here.
 from rest_framework import status
+from rest_framework import generics
 from rest_framework.response import Response
-from rest_framework.views import APIView
 from authentication.models import User
-from .serializers import ProfileSerializer
+from .serializers import ProfileSerializer, ProfileUpdateSerializer
+from rest_framework import status, permissions
+from rest_framework_simplejwt.authentication import JWTAuthentication
+from django.http import HttpResponse
 
 
-class ProfileView(APIView):
 
-    def get(self, request, username):
-        try:
-            profile = User.objects.get(username=username)
-        except:
-            return Response(status=status.HTTP_204_NO_CONTENT)
-        return Response(ProfileSerializer(profile).data)
+
+class ProfileView(generics.RetrieveAPIView):
+    queryset = User.objects.all()
+    serializer_class = ProfileSerializer
+    lookup_field = 'username'
+
+class ProfileUpdateView(generics.RetrieveUpdateAPIView):
+    queryset = User.objects.all()
+    serializer_class = ProfileUpdateSerializer
+    lookup_field = 'username'
+    JWTauth = JWTAuthentication()
+
+    def authenticate(self):
+        user, _ = self.JWTauth.authenticate(self.request)
+        return user.username == self.kwargs['username']
+
+    def put(self, request, *args, **kwargs):
+        if self.authenticate():
+            return self.update(request, *args, **kwargs)
+        else:
+            return HttpResponse('Unauthorized', status=401)