funkwhale/api/funkwhale_api/users/serializers.py

import re

from django.core import validators
from django.utils.deconstruct import deconstructible
from django.utils.translation import gettext_lazy as _

from rest_auth.serializers import PasswordResetSerializer as PRS
from rest_auth.registration.serializers import RegisterSerializer as RS, get_adapter
from rest_framework import serializers

from funkwhale_api.activity import serializers as activity_serializers
from funkwhale_api.common import models as common_models
from funkwhale_api.common import preferences
from funkwhale_api.common import serializers as common_serializers
from funkwhale_api.common import utils as common_utils
from funkwhale_api.federation import models as federation_models
from funkwhale_api.moderation import models as moderation_models
from funkwhale_api.moderation import tasks as moderation_tasks
from funkwhale_api.moderation import utils as moderation_utils

from . import adapters
from . import models


@deconstructible
class ASCIIUsernameValidator(validators.RegexValidator):
    regex = r"^[\w]+$"
    message = _(
        "Enter a valid username. This value may contain only English letters, "
        "numbers, and _ characters."
    )
    flags = re.ASCII


username_validators = [ASCIIUsernameValidator()]
NOOP = object()


class RegisterSerializer(RS):
    invitation = serializers.CharField(
        required=False, allow_null=True, allow_blank=True
    )

    def __init__(self, *args, **kwargs):
        self.approval_enabled = preferences.get("moderation__signup_approval_enabled")
        super().__init__(*args, **kwargs)
        if self.approval_enabled:
            customization = preferences.get("moderation__signup_form_customization")
            self.fields[
                "request_fields"
            ] = moderation_utils.get_signup_form_additional_fields_serializer(
                customization
            )

    def validate_invitation(self, value):
        if not value:
            return

        try:
            return models.Invitation.objects.open().get(code__iexact=value)
        except models.Invitation.DoesNotExist:
            raise serializers.ValidationError("Invalid invitation code")

    def validate(self, validated_data):
        data = super().validate(validated_data)
        # we create a fake user obj with validated data so we can validate
        # password properly (we have a password validator that requires
        # a user object)
        user = models.User(username=data["username"], email=data["email"])
        get_adapter().clean_password(data["password1"], user)
        return data

    def validate_username(self, value):
        username = super().validate_username(value)
        duplicates = federation_models.Actor.objects.local().filter(
            preferred_username__iexact=username
        )
        if duplicates.exists():
            raise serializers.ValidationError(
                "A user with that username already exists."
            )
        return username

    def save(self, request):
        user = super().save(request)
        update_fields = ["actor"]
        user.actor = models.create_actor(user)
        user_request = None
        if self.approval_enabled:
            # manually approve users
            user.is_active = False
            user_request = moderation_models.UserRequest.objects.create(
                submitter=user.actor,
                type="signup",
                metadata=self.validated_data.get("request_fields", None) or None,
            )
            update_fields.append("is_active")
        if self.validated_data.get("invitation"):
            user.invitation = self.validated_data.get("invitation")
            update_fields.append("invitation")
        user.save(update_fields=update_fields)
        if user_request:
            common_utils.on_commit(
                moderation_tasks.user_request_handle.delay,
                user_request_id=user_request.pk,
                new_status=user_request.status,
            )

        return user


class UserActivitySerializer(activity_serializers.ModelSerializer):
    type = serializers.SerializerMethodField()
    name = serializers.CharField(source="username")
    local_id = serializers.CharField(source="username")

    class Meta:
        model = models.User
        fields = ["id", "local_id", "name", "type"]

    def get_type(self, obj):
        return "Person"


class UserBasicSerializer(serializers.ModelSerializer):
    avatar = common_serializers.AttachmentSerializer(source="get_avatar")

    class Meta:
        model = models.User
        fields = ["id", "username", "name", "date_joined", "avatar"]


class UserWriteSerializer(serializers.ModelSerializer):
    summary = common_serializers.ContentSerializer(required=False, allow_null=True)
    avatar = common_serializers.RelatedField(
        "uuid",
        queryset=common_models.Attachment.objects.all().local().attached(False),
        serializer=None,
        queryset_filter=lambda qs, context: qs.filter(
            actor=context["request"].user.actor
        ),
        write_only=True,
    )

    class Meta:
        model = models.User
        fields = [
            "name",
            "privacy_level",
            "avatar",
            "instance_support_message_display_date",
            "funkwhale_support_message_display_date",
            "summary",
        ]

    def update(self, obj, validated_data):
        if not obj.actor:
            obj.create_actor()
        summary = validated_data.pop("summary", NOOP)
        avatar = validated_data.pop("avatar", NOOP)

        obj = super().update(obj, validated_data)

        if summary != NOOP:
            common_utils.attach_content(obj.actor, "summary_obj", summary)
        if avatar != NOOP:
            obj.actor.attachment_icon = avatar
            obj.actor.save(update_fields=["attachment_icon"])
        return obj


class UserReadSerializer(serializers.ModelSerializer):

    permissions = serializers.SerializerMethodField()
    full_username = serializers.SerializerMethodField()
    avatar = common_serializers.AttachmentSerializer(source="get_avatar")

    class Meta:
        model = models.User
        fields = [
            "id",
            "username",
            "full_username",
            "name",
            "email",
            "is_staff",
            "is_superuser",
            "permissions",
            "date_joined",
            "privacy_level",
            "avatar",
        ]

    def get_permissions(self, o):
        return o.get_permissions()

    def get_full_username(self, o):
        if o.actor:
            return o.actor.full_username


class MeSerializer(UserReadSerializer):
    quota_status = serializers.SerializerMethodField()
    summary = serializers.SerializerMethodField()

    class Meta(UserReadSerializer.Meta):
        fields = UserReadSerializer.Meta.fields + [
            "quota_status",
            "instance_support_message_display_date",
            "funkwhale_support_message_display_date",
            "summary",
        ]

    def get_quota_status(self, o):
        return o.get_quota_status() if o.actor else 0

    def get_summary(self, o):
        if not o.actor or not o.actor.summary_obj:
            return
        return common_serializers.ContentSerializer(o.actor.summary_obj).data


class PasswordResetSerializer(PRS):
    def get_email_options(self):
        return {"extra_email_context": adapters.get_email_context()}


class UserDeleteSerializer(serializers.Serializer):
    password = serializers.CharField()
    confirm = serializers.BooleanField()

    def validate_password(self, value):
        if not self.instance.check_password(value):
            raise serializers.ValidationError("Invalid password")

    def validate_confirm(self, value):
        if not value:
            raise serializers.ValidationError("Please confirm deletion")
        return value
Apply restrictions to username characters during signup 2018-07-22 11:05:43 +00:00			`import re`

			`from django.core import validators`
			`from django.utils.deconstruct import deconstructible`
			`from django.utils.translation import gettext_lazy as _`

See #187: API logic for password reset 2018-05-06 09:30:41 +00:00			`from rest_auth.serializers import PasswordResetSerializer as PRS`
Fix #883: Prevent usage of too weak passwords 2019-09-21 14:11:08 +00:00			`from rest_auth.registration.serializers import RegisterSerializer as RS, get_adapter`
See #297: sorted imports 2018-06-10 08:55:16 +00:00			`from rest_framework import serializers`
Resolve "An avatar for users" 2018-07-13 12:10:39 +00:00
Activity stream representations for user and favorites 2018-02-25 13:44:00 +00:00			`from funkwhale_api.activity import serializers as activity_serializers`
Federation of avatars 2020-01-23 15:38:04 +00:00			`from funkwhale_api.common import models as common_models`
Resolve "Screening for signups" 2020-03-18 10:57:33 +00:00			`from funkwhale_api.common import preferences`
Fix #374: Strip EXIF metadata from uploaded avatars to avoid leaking private data 2019-01-02 11:39:00 +00:00			`from funkwhale_api.common import serializers as common_serializers`
Actor description/summary 2020-01-23 10:09:52 +00:00			`from funkwhale_api.common import utils as common_utils`
See #852: improved routing logic for federation messages (support multiple objects types for one route) 2019-09-21 14:20:49 +00:00			`from funkwhale_api.federation import models as federation_models`
Resolve "Screening for signups" 2020-03-18 10:57:33 +00:00			`from funkwhale_api.moderation import models as moderation_models`
			`from funkwhale_api.moderation import tasks as moderation_tasks`
			`from funkwhale_api.moderation import utils as moderation_utils`

Fix #806: Use proper site name/domain in emails 2019-04-23 09:14:58 +00:00			`from . import adapters`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00			`from . import models`


Apply restrictions to username characters during signup 2018-07-22 11:05:43 +00:00			`@deconstructible`
			`class ASCIIUsernameValidator(validators.RegexValidator):`
			`regex = r"^[\w]+$"`
			`message = _(`
			`"Enter a valid username. This value may contain only English letters, "`
			`"numbers, and _ characters."`
			`)`
			`flags = re.ASCII`


			`username_validators = [ASCIIUsernameValidator()]`
Actor description/summary 2020-01-23 10:09:52 +00:00			`NOOP = object()`
Apply restrictions to username characters during signup 2018-07-22 11:05:43 +00:00

See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00			`class RegisterSerializer(RS):`
			`invitation = serializers.CharField(`
			`required=False, allow_null=True, allow_blank=True`
			`)`

Resolve "Screening for signups" 2020-03-18 10:57:33 +00:00			`def __init__(self, args, *kwargs):`
			`self.approval_enabled = preferences.get("moderation__signup_approval_enabled")`
			`super().__init__(args, *kwargs)`
			`if self.approval_enabled:`
			`customization = preferences.get("moderation__signup_form_customization")`
			`self.fields[`
			`"request_fields"`
			`] = moderation_utils.get_signup_form_additional_fields_serializer(`
			`customization`
			`)`

See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00			`def validate_invitation(self, value):`
			`if not value:`
			`return`

			`try:`
See #248: ensure invitation codes are case insensitive 2018-06-21 17:41:40 +00:00			`return models.Invitation.objects.open().get(code__iexact=value)`
See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00			`except models.Invitation.DoesNotExist:`
			`raise serializers.ValidationError("Invalid invitation code")`

Fix #883: Prevent usage of too weak passwords 2019-09-21 14:11:08 +00:00			`def validate(self, validated_data):`
			`data = super().validate(validated_data)`
			`# we create a fake user obj with validated data so we can validate`
			`# password properly (we have a password validator that requires`
			`# a user object)`
			`user = models.User(username=data["username"], email=data["email"])`
			`get_adapter().clean_password(data["password1"], user)`
			`return data`

See #852: improved routing logic for federation messages (support multiple objects types for one route) 2019-09-21 14:20:49 +00:00			`def validate_username(self, value):`
			`username = super().validate_username(value)`
			`duplicates = federation_models.Actor.objects.local().filter(`
			`preferred_username__iexact=username`
			`)`
			`if duplicates.exists():`
			`raise serializers.ValidationError(`
			`"A user with that username already exists."`
			`)`
			`return username`

See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00			`def save(self, request):`
			`user = super().save(request)`
Resolve "Screening for signups" 2020-03-18 10:57:33 +00:00			`update_fields = ["actor"]`
			`user.actor = models.create_actor(user)`
			`user_request = None`
			`if self.approval_enabled:`
			`# manually approve users`
			`user.is_active = False`
			`user_request = moderation_models.UserRequest.objects.create(`
			`submitter=user.actor,`
			`type="signup",`
			`metadata=self.validated_data.get("request_fields", None) or None,`
			`)`
			`update_fields.append("is_active")`
See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00			`if self.validated_data.get("invitation"):`
			`user.invitation = self.validated_data.get("invitation")`
Resolve "Screening for signups" 2020-03-18 10:57:33 +00:00			`update_fields.append("invitation")`
			`user.save(update_fields=update_fields)`
			`if user_request:`
			`common_utils.on_commit(`
			`moderation_tasks.user_request_handle.delay,`
			`user_request_id=user_request.pk,`
			`new_status=user_request.status,`
			`)`
Resolve "Have an actor for our users" 2018-07-22 10:20:16 +00:00
See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00			`return user`


Activity stream representations for user and favorites 2018-02-25 13:44:00 +00:00			`class UserActivitySerializer(activity_serializers.ModelSerializer):`
			`type = serializers.SerializerMethodField()`
Blacked the code 2018-06-09 13:36:16 +00:00			`name = serializers.CharField(source="username")`
			`local_id = serializers.CharField(source="username")`
Activity stream representations for user and favorites 2018-02-25 13:44:00 +00:00
			`class Meta:`
			`model = models.User`
Blacked the code 2018-06-09 13:36:16 +00:00			`fields = ["id", "local_id", "name", "type"]`
Activity stream representations for user and favorites 2018-02-25 13:44:00 +00:00
			`def get_type(self, obj):`
Blacked the code 2018-06-09 13:36:16 +00:00			`return "Person"`
Activity stream representations for user and favorites 2018-02-25 13:44:00 +00:00

Resolve "UX, UI : Browse Library" 2018-07-17 11:09:13 +00:00			`class UserBasicSerializer(serializers.ModelSerializer):`
See #170: channels ui (listeners) 2020-02-05 14:06:07 +00:00			`avatar = common_serializers.AttachmentSerializer(source="get_avatar")`
Resolve "UX, UI : Browse Library" 2018-07-17 11:09:13 +00:00
			`class Meta:`
			`model = models.User`
			`fields = ["id", "username", "name", "date_joined", "avatar"]`


API endpoint for updating privacy 2018-03-03 10:20:21 +00:00			`class UserWriteSerializer(serializers.ModelSerializer):`
Actor description/summary 2020-01-23 10:09:52 +00:00			`summary = common_serializers.ContentSerializer(required=False, allow_null=True)`
Federation of avatars 2020-01-23 15:38:04 +00:00			`avatar = common_serializers.RelatedField(`
			`"uuid",`
			`queryset=common_models.Attachment.objects.all().local().attached(False),`
			`serializer=None,`
			`queryset_filter=lambda qs, context: qs.filter(`
			`actor=context["request"].user.actor`
			`),`
			`write_only=True,`
			`)`
Resolve "An avatar for users" 2018-07-13 12:10:39 +00:00
API endpoint for updating privacy 2018-03-03 10:20:21 +00:00			`class Meta:`
			`model = models.User`
Resolve "Add optional donation/contribution link in-app" 2019-09-23 09:30:25 +00:00			`fields = [`
			`"name",`
			`"privacy_level",`
			`"avatar",`
			`"instance_support_message_display_date",`
			`"funkwhale_support_message_display_date",`
Actor description/summary 2020-01-23 10:09:52 +00:00			`"summary",`
Resolve "Add optional donation/contribution link in-app" 2019-09-23 09:30:25 +00:00			`]`
API endpoint for updating privacy 2018-03-03 10:20:21 +00:00
Actor description/summary 2020-01-23 10:09:52 +00:00			`def update(self, obj, validated_data):`
			`if not obj.actor:`
			`obj.create_actor()`
			`summary = validated_data.pop("summary", NOOP)`
Federation of avatars 2020-01-23 15:38:04 +00:00			`avatar = validated_data.pop("avatar", NOOP)`

Actor description/summary 2020-01-23 10:09:52 +00:00			`obj = super().update(obj, validated_data)`

			`if summary != NOOP:`
			`common_utils.attach_content(obj.actor, "summary_obj", summary)`
Federation of avatars 2020-01-23 15:38:04 +00:00			`if avatar != NOOP:`
			`obj.actor.attachment_icon = avatar`
			`obj.actor.save(update_fields=["attachment_icon"])`
Actor description/summary 2020-01-23 10:09:52 +00:00			`return obj`

API endpoint for updating privacy 2018-03-03 10:20:21 +00:00
			`class UserReadSerializer(serializers.ModelSerializer):`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00
			`permissions = serializers.SerializerMethodField()`
[EPIC] Audio metadata update - UI / API 2019-02-28 08:31:04 +00:00			`full_username = serializers.SerializerMethodField()`
See #170: channels ui (listeners) 2020-02-05 14:06:07 +00:00			`avatar = common_serializers.AttachmentSerializer(source="get_avatar")`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00
			`class Meta:`
			`model = models.User`
			`fields = [`
Blacked the code 2018-06-09 13:36:16 +00:00			`"id",`
			`"username",`
[EPIC] Audio metadata update - UI / API 2019-02-28 08:31:04 +00:00			`"full_username",`
Blacked the code 2018-06-09 13:36:16 +00:00			`"name",`
			`"email",`
			`"is_staff",`
			`"is_superuser",`
			`"permissions",`
			`"date_joined",`
			`"privacy_level",`
Resolve "An avatar for users" 2018-07-13 12:10:39 +00:00			`"avatar",`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00			`]`

			`def get_permissions(self, o):`
See #152: use new user permissions on relevant viewsets 2018-05-18 16:48:46 +00:00			`return o.get_permissions()`
See #187: API logic for password reset 2018-05-06 09:30:41 +00:00
[EPIC] Audio metadata update - UI / API 2019-02-28 08:31:04 +00:00			`def get_full_username(self, o):`
			`if o.actor:`
			`return o.actor.full_username`

See #187: API logic for password reset 2018-05-06 09:30:41 +00:00
Resolve "Per-user libraries" (use !368 instead) 2018-09-06 18:35:02 +00:00			`class MeSerializer(UserReadSerializer):`
			`quota_status = serializers.SerializerMethodField()`
Actor description/summary 2020-01-23 10:09:52 +00:00			`summary = serializers.SerializerMethodField()`
Resolve "Per-user libraries" (use !368 instead) 2018-09-06 18:35:02 +00:00
			`class Meta(UserReadSerializer.Meta):`
Resolve "Add optional donation/contribution link in-app" 2019-09-23 09:30:25 +00:00			`fields = UserReadSerializer.Meta.fields + [`
			`"quota_status",`
			`"instance_support_message_display_date",`
			`"funkwhale_support_message_display_date",`
Actor description/summary 2020-01-23 10:09:52 +00:00			`"summary",`
Resolve "Add optional donation/contribution link in-app" 2019-09-23 09:30:25 +00:00			`]`
Resolve "Per-user libraries" (use !368 instead) 2018-09-06 18:35:02 +00:00
			`def get_quota_status(self, o):`
			`return o.get_quota_status() if o.actor else 0`

Actor description/summary 2020-01-23 10:09:52 +00:00			`def get_summary(self, o):`
			`if not o.actor or not o.actor.summary_obj:`
			`return`
			`return common_serializers.ContentSerializer(o.actor.summary_obj).data`

Resolve "Per-user libraries" (use !368 instead) 2018-09-06 18:35:02 +00:00
See #187: API logic for password reset 2018-05-06 09:30:41 +00:00			`class PasswordResetSerializer(PRS):`
			`def get_email_options(self):`
Fix #806: Use proper site name/domain in emails 2019-04-23 09:14:58 +00:00			`return {"extra_email_context": adapters.get_email_context()}`
See #852: improved routing logic for federation messages (support multiple objects types for one route) 2019-09-21 14:20:49 +00:00

			`class UserDeleteSerializer(serializers.Serializer):`
			`password = serializers.CharField()`
			`confirm = serializers.BooleanField()`

			`def validate_password(self, value):`
			`if not self.instance.check_password(value):`
			`raise serializers.ValidationError("Invalid password")`

			`def validate_confirm(self, value):`
			`if not value:`
			`raise serializers.ValidationError("Please confirm deletion")`
			`return value`