funkwhale/api/funkwhale_api/users/views.py

from allauth.account.adapter import get_adapter
from rest_auth import views as rest_auth_views
from rest_auth.registration import views as registration_views
from rest_framework import mixins, viewsets
from rest_framework.decorators import action
from rest_framework.response import Response

from funkwhale_api.common import preferences

from . import models, serializers, tasks


class RegisterView(registration_views.RegisterView):
    serializer_class = serializers.RegisterSerializer
    permission_classes = []
    action = "signup"
    throttling_scopes = {"signup": {"authenticated": "signup", "anonymous": "signup"}}

    def create(self, request, *args, **kwargs):
        invitation_code = request.data.get("invitation")
        if not invitation_code and not self.is_open_for_signup(request):
            r = {"detail": "Registration has been disabled"}
            return Response(r, status=403)
        return super().create(request, *args, **kwargs)

    def is_open_for_signup(self, request):
        return get_adapter().is_open_for_signup(request)


class VerifyEmailView(registration_views.VerifyEmailView):
    action = "verify-email"


class PasswordChangeView(rest_auth_views.PasswordChangeView):
    action = "password-change"


class PasswordResetView(rest_auth_views.PasswordResetView):
    action = "password-reset"


class PasswordResetConfirmView(rest_auth_views.PasswordResetConfirmView):
    action = "password-reset-confirm"


class UserViewSet(mixins.UpdateModelMixin, viewsets.GenericViewSet):
    queryset = models.User.objects.all()
    serializer_class = serializers.UserWriteSerializer
    lookup_field = "username"
    lookup_value_regex = r"[a-zA-Z0-9-_.]+"
    required_scope = "profile"

    @action(methods=["get", "delete"], detail=False)
    def me(self, request, *args, **kwargs):
        """Return information about the current user or delete it"""
        if request.method.lower() == "delete":
            serializer = serializers.UserDeleteSerializer(
                request.user, data=request.data
            )
            serializer.is_valid(raise_exception=True)
            tasks.delete_account.delay(user_id=request.user.pk)
            # at this point, password is valid, we launch deletion
            return Response(status=204)
        serializer = serializers.MeSerializer(request.user)
        return Response(serializer.data)

    @action(
        methods=["get", "post", "delete"],
        required_scope="security",
        url_path="subsonic-token",
        detail=True,
    )
    def subsonic_token(self, request, *args, **kwargs):
        if not self.request.user.username == kwargs.get("username"):
            return Response(status=403)
        if not preferences.get("subsonic__enabled"):
            return Response(status=405)
        if request.method.lower() == "get":
            return Response(
                {"subsonic_api_token": self.request.user.subsonic_api_token}
            )
        if request.method.lower() == "delete":
            self.request.user.subsonic_api_token = None
            self.request.user.save(update_fields=["subsonic_api_token"])
            return Response(status=204)
        self.request.user.update_subsonic_api_token()
        self.request.user.save(update_fields=["subsonic_api_token"])
        data = {"subsonic_api_token": self.request.user.subsonic_api_token}
        return Response(data)

    def update(self, request, *args, **kwargs):
        if not self.request.user.username == kwargs.get("username"):
            return Response(status=403)
        return super().update(request, *args, **kwargs)

    def partial_update(self, request, *args, **kwargs):
        if not self.request.user.username == kwargs.get("username"):
            return Response(status=403)
        return super().partial_update(request, *args, **kwargs)
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00			`from allauth.account.adapter import get_adapter`
See #261: Added a rate-limiting (throttling system) to limit the number of requests handled per user/IP 2019-09-17 09:23:59 +00:00			`from rest_auth import views as rest_auth_views`
			`from rest_auth.registration import views as registration_views`
See #297: sorted imports 2018-06-10 08:55:16 +00:00			`from rest_framework import mixins, viewsets`
Updated rest framework to 3.9 2019-01-11 12:33:35 +00:00			`from rest_framework.decorators import action`
See #297: sorted imports 2018-06-10 08:55:16 +00:00			`from rest_framework.response import Response`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00
See #75: user can now manage the Subsonic API token from their settings page 2018-05-09 20:18:33 +00:00			`from funkwhale_api.common import preferences`

See #852: improved routing logic for federation messages (support multiple objects types for one route) 2019-09-21 14:20:49 +00:00			`from . import models, serializers, tasks`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00

See #261: Added a rate-limiting (throttling system) to limit the number of requests handled per user/IP 2019-09-17 09:23:59 +00:00			`class RegisterView(registration_views.RegisterView):`
See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00			`serializer_class = serializers.RegisterSerializer`
Resolve "Implement a Oauth provider in Funkwhale" 2019-03-25 16:02:51 +00:00			`permission_classes = []`
See #261: Added a rate-limiting (throttling system) to limit the number of requests handled per user/IP 2019-09-17 09:23:59 +00:00			`action = "signup"`
			`throttling_scopes = {"signup": {"authenticated": "signup", "anonymous": "signup"}}`
See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00			`def create(self, request, args, *kwargs):`
See #248: can now sign up using invitation code 2018-06-19 20:23:22 +00:00			`invitation_code = request.data.get("invitation")`
			`if not invitation_code and not self.is_open_for_signup(request):`
Blacked the code 2018-06-09 13:36:16 +00:00			`r = {"detail": "Registration has been disabled"}`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00			`return Response(r, status=403)`
			`return super().create(request, args, *kwargs)`

			`def is_open_for_signup(self, request):`
			`return get_adapter().is_open_for_signup(request)`


See #261: Added a rate-limiting (throttling system) to limit the number of requests handled per user/IP 2019-09-17 09:23:59 +00:00			`class VerifyEmailView(registration_views.VerifyEmailView):`
			`action = "verify-email"`


			`class PasswordChangeView(rest_auth_views.PasswordChangeView):`
			`action = "password-change"`


			`class PasswordResetView(rest_auth_views.PasswordResetView):`
			`action = "password-reset"`


			`class PasswordResetConfirmView(rest_auth_views.PasswordResetConfirmView):`
			`action = "password-reset-confirm"`


Blacked the code 2018-06-09 13:36:16 +00:00			`class UserViewSet(mixins.UpdateModelMixin, viewsets.GenericViewSet):`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00			`queryset = models.User.objects.all()`
API endpoint for updating privacy 2018-03-03 10:20:21 +00:00			`serializer_class = serializers.UserWriteSerializer`
Blacked the code 2018-06-09 13:36:16 +00:00			`lookup_field = "username"`
Fix #798: Allow users with dots in their usernames to request a subsonic password 2019-04-23 09:35:59 +00:00			`lookup_value_regex = r"[a-zA-Z0-9-_.]+"`
Resolve "Implement a Oauth provider in Funkwhale" 2019-03-25 16:02:51 +00:00			`required_scope = "profile"`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00
See #852: improved routing logic for federation messages (support multiple objects types for one route) 2019-09-21 14:20:49 +00:00			`@action(methods=["get", "delete"], detail=False)`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00			`def me(self, request, args, *kwargs):`
See #852: improved routing logic for federation messages (support multiple objects types for one route) 2019-09-21 14:20:49 +00:00			`"""Return information about the current user or delete it"""`
			`if request.method.lower() == "delete":`
			`serializer = serializers.UserDeleteSerializer(`
			`request.user, data=request.data`
			`)`
			`serializer.is_valid(raise_exception=True)`
			`tasks.delete_account.delay(user_id=request.user.pk)`
			`# at this point, password is valid, we launch deletion`
			`return Response(status=204)`
Resolve "Per-user libraries" (use !368 instead) 2018-09-06 18:35:02 +00:00			`serializer = serializers.MeSerializer(request.user)`
Initial commit that merge both the front end and the API in the same repository 2017-06-23 21:00:42 +00:00			`return Response(serializer.data)`
API endpoint for updating privacy 2018-03-03 10:20:21 +00:00
Resolve "Implement a Oauth provider in Funkwhale" 2019-03-25 16:02:51 +00:00			`@action(`
			`methods=["get", "post", "delete"],`
			`required_scope="security",`
			`url_path="subsonic-token",`
			`detail=True,`
			`)`
See #75: user can now manage the Subsonic API token from their settings page 2018-05-09 20:18:33 +00:00			`def subsonic_token(self, request, args, *kwargs):`
Blacked the code 2018-06-09 13:36:16 +00:00			`if not self.request.user.username == kwargs.get("username"):`
See #75: user can now manage the Subsonic API token from their settings page 2018-05-09 20:18:33 +00:00			`return Response(status=403)`
Blacked the code 2018-06-09 13:36:16 +00:00			`if not preferences.get("subsonic__enabled"):`
See #75: user can now manage the Subsonic API token from their settings page 2018-05-09 20:18:33 +00:00			`return Response(status=405)`
Blacked the code 2018-06-09 13:36:16 +00:00			`if request.method.lower() == "get":`
			`return Response(`
			`{"subsonic_api_token": self.request.user.subsonic_api_token}`
			`)`
			`if request.method.lower() == "delete":`
See #75: user can now manage the Subsonic API token from their settings page 2018-05-09 20:18:33 +00:00			`self.request.user.subsonic_api_token = None`
Blacked the code 2018-06-09 13:36:16 +00:00			`self.request.user.save(update_fields=["subsonic_api_token"])`
See #75: user can now manage the Subsonic API token from their settings page 2018-05-09 20:18:33 +00:00			`return Response(status=204)`
			`self.request.user.update_subsonic_api_token()`
Blacked the code 2018-06-09 13:36:16 +00:00			`self.request.user.save(update_fields=["subsonic_api_token"])`
			`data = {"subsonic_api_token": self.request.user.subsonic_api_token}`
See #75: user can now manage the Subsonic API token from their settings page 2018-05-09 20:18:33 +00:00			`return Response(data)`

API endpoint for updating privacy 2018-03-03 10:20:21 +00:00			`def update(self, request, args, *kwargs):`
Blacked the code 2018-06-09 13:36:16 +00:00			`if not self.request.user.username == kwargs.get("username"):`
API endpoint for updating privacy 2018-03-03 10:20:21 +00:00			`return Response(status=403)`
			`return super().update(request, args, *kwargs)`

			`def partial_update(self, request, args, *kwargs):`
Blacked the code 2018-06-09 13:36:16 +00:00			`if not self.request.user.username == kwargs.get("username"):`
API endpoint for updating privacy 2018-03-03 10:20:21 +00:00			`return Response(status=403)`
			`return super().partial_update(request, args, *kwargs)`