def post(self, request): ip = utils.get_client_ip(request) utils.start_method_log('DeleteBoard: post', username=request.user.username, ip=ip) data = request.data errors = {} try: DeleteBoard._validate_data(request, data) except ValidationError as e: errors['details'] = list(e.messages) return Response(errors, status=status.HTTP_400_BAD_REQUEST) board_id = request.data.get('board_id') Board.objects.filter(id=board_id).delete() logger.info('DeleteBoard: delete!' 'board: {board},' 'username: {username},' 'ip:{ip}'.format(board=board_id, username=request.user.username, ip=ip)) r_data = {'details': 'Board deleted'} return Response(r_data, status.HTTP_200_OK)
def post(self, request): ip = utils.get_client_ip(request) utils.start_method_log("CreateNewBoardApiView: post", username=request.user.username, ip=ip) data = request.data.copy() data['owner'] = request.user.id serializer = CreateNeqBoardSerializer(data=data) if serializer.is_valid(): try: board = Board.objects.create( owner=request.user, name=serializer.data.get('name') ) except IntegrityError: return Response( data={"details": "This object already exist."}, status=status.HTTP_400_BAD_REQUEST ) logger.info('CreateNewBoardApiView: post ' '(created successfully) username:{}, ip: {}'.format( request.user.username, ip)) return Response( data={ "id": board.id }, status=status.HTTP_201_CREATED ) else: logger.info('CreateNewBoardApiView: post ' '(Request is not good.) username:{}, ip: {}'.format( request.user.username, ip)) return Response(status=status.HTTP_400_BAD_REQUEST)
def post(self, request): ip = utils.get_client_ip(request) utils.start_method_log('CheckEmailApiView: post', ip=ip) serializer = EmailSerializer(data=request.data) if serializer.is_valid(): email = request.data['email'] try: User.objects.get(email=email) except ObjectDoesNotExist: logger.info( 'CheckEmailApiView: post (Email does not exist. ip: {})'. format(ip)) return Response({"message": "Email does not exist."}, status=status.HTTP_200_OK) logger.info( 'CheckEmailApiView: post (Email exists. ip: {})'.format(ip)) return Response({"message": "Email exists"}, status=status.HTTP_400_BAD_REQUEST) else: logger.info( 'CheckEmailApiView: post (Email address is not valid. ip: {})'. format(ip)) return Response({"message": "Email address is not valid"}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request, format=None): ip = utils.get_client_ip(request) utils.start_method_log('likeAPI: get', username=request.user.username, ip=ip) data = request.data errors = {} try: CommentAPIView._validate_data(request, data) except ValidationError as e: errors['details'] = list(e.messages) return Response(errors, status=status.HTTP_400_BAD_REQUEST) post_id = data.get('post_id') content = data.get('content') post = Posts.objects.get(id=post_id) try: comment = Comment.objects.create(user=request.user, post=post, content=content) except: return Response({"details": 'comment already exists.'}, status=status.HTTP_400_BAD_REQUEST) if request.user != post.owner: comment_notification(request.user.id, post.owner.id, post.id, content) return Response({'details': 'created'}, status=status.HTTP_201_CREATED)
def post(self, request): ip = utils.get_client_ip(request) utils.start_method_log('AddNewPostToBoard: post', username=request.user.username, ip=ip) data = request.data errors = {} try: AddNewPostToBoard._validate_data(request, data) except ValidationError as e: errors['details'] = list(e.messages) return Response(errors, status=status.HTTP_400_BAD_REQUEST) board_id = data.get('board_id') post_id = data.get('post_id') post = Posts.objects.get(id=post_id) board = Board.objects.get(id=board_id) BoardContains.objects.create(post=post, board=board) logger.info('AddNewPostToBoard: post!' 'post: {post} added to' 'board: {board},' 'username: {username},' 'ip:{ip}'.format(post=post_id, board=board_id, username=request.user.username, ip=ip)) r_data = {'details': 'Post added to board'} return Response(r_data, status.HTTP_200_OK)
def post(self, request, format=None): ip = utils.get_client_ip(request) utils.start_method_log('SetProfilePicViewSet: post', username=request.user.username, ip=ip) if request.FILES.get('profile_picture'): try: utils.validate_image(request.FILES.get('profile_picture')) except ValidationError as e: data = {"error": e} logger.info( "SetProfilePicViewSet: post " "(Profile picture is not valid) username:{}, ip: {}". format(request.user.username, ip)) return Response(data=data, status=status.HTTP_400_BAD_REQUEST) user = request.user user.profile_picture = request.FILES.get('profile_picture') user.save() logger.info( "SetProfilePicViewSet: post " "(Profile picture successfully changed.) username:{}, ip: {}". format(request.user.username, ip)) return Response(data={}, status=status.HTTP_200_OK) else: data = {"error": ["Profile picture is required."]} logger.info( "SetProfilePicViewSet: post " "(Profile picture is required.) username:{}, ip: {}".format( request.user.username, ip)) return Response(data=data, status=status.HTTP_400_BAD_REQUEST)
def _validate_data(request, data): ip = utils.get_client_ip(request) utils.start_method_log('LikeApi: _validate_data', username=request.user.username, ip=ip) post_id = data.get('post_id') user_id = request.user.id if post_id is None: raise ValidationError('post_id must be set.') try: post = Posts.objects.get(id=post_id) except: raise ValidationError('post is not exists') if not post.owner.is_private: return True if post.owner == request.user: return True flw = Followers.objects.filter(user=user_id, following=post.owner).all() if len(flw) != 0: return True raise ValidationError('Permission denied')
def post(self, request, format=None): ip = utils.get_client_ip(request) utils.start_method_log('likeAPI: get', username=request.user.username, ip=ip) data = request.data errors = {} try: LikeAPI._validate_data(request, data) except ValidationError as e: errors['details'] = list(e.messages) return Response(errors, status=status.HTTP_400_BAD_REQUEST) post_id = data.get('post_id') post = Posts.objects.get(id=post_id) like, created = Like.objects.get_or_create(user=request.user, post=post) if not created: like.delete() if request.user != post.owner: unlike_notification(request.user.id, post.owner.id, post.id) else: if request.user != post.owner: like_notification(request.user.id, post.owner.id, post.id) return Response({'liked': created}, status=status.HTTP_200_OK)
def _validate_data(request, data): ip = utils.get_client_ip(request) utils.start_method_log('DeletePostFromBoard: _validate_data', username=request.user.username, ip=ip) post_id = data.get('post_id') board_id = data.get('board_id') if post_id is None: raise ValidationError('post_id must be set.') if board_id is None: raise ValidationError('board_id must be set.') try: board = Board.objects.get(id=board_id) except: raise ValidationError('board does not exist') try: post = Posts.objects.get(id=post_id) except: raise ValidationError('post does not exist') if board.owner != request.user: raise ValidationError("it's not your board!") is_existed = BoardContains.objects.filter(board=board_id, post=post_id) if len(is_existed) == 0: raise ValidationError("This board doesnt have this post") return True
def get(self, request, format=None): ip = utils.get_client_ip(request) utils.start_method_log('FeedAPI: get', username=request.user.username, ip=ip) user = request.user page = request.GET.get('page') url = str(request.scheme) + '://' + request.get_host() + MEDIA_URL posts_of_followers = Posts.objects.filter(owner__following__user=user) posts_of_user = Posts.objects.filter(owner=user) posts = (posts_of_followers | posts_of_user).distinct().order_by("-time") serializer = GetPostsSerializer(user, context={ 'page': page, 'url': url, 'posts': posts, 'user': user }) return Response(serializer.data)
def validate(self, data): log_data = data.copy() log_data.pop('password', None) utils.start_method_log('UserSerializer: validate', **log_data) # here data has all the fields which have validated values # so we can create a User instance out of it user = User(**data) # get the password from the data password = data.get('password') username = data.get("username") errors = {} try: # validate the password and catch the exception validate_password(password=password, user=user) # the exception raised here is different than serializers.ValidationError except ValidationError as e: logger.info('UserSerializer: validate (username: {}: password not validated!)'.format(username)) errors['password'] = list(e.messages) try: User.objects.check_username(username=username) except ValidationError as e: logger.info('UserSerializer: validate (username {} not validated!)'.format(username)) errors['username'] = e.message if errors: raise serializers.ValidationError(errors) return super(UserSerializer, self).validate(data)
def get(self, request, username=None, format=None): ip = utils.get_client_ip(request) utils.start_method_log('ProfileViewSet: get', username=request.user.username, ip=ip) if username is None: user = request.user serializer = ProfileSerializer( user, context={'request_user': request.user}) data = serializer.data return self._response(data, request) else: user = User.objects.filter(username=username).first() if user is None: response_content = {"detail": "User not Found"} return Response(response_content, status.HTTP_404_NOT_FOUND) serializer = ProfileSerializer( user, context={'request_user': request.user}) data = serializer.data data.pop('email', None) return self._response(data, request)
def put(self, request, *args, **kwargs): ip = utils.get_client_ip(request) utils.start_method_log('ChangePassword: put', username=request.user.username, ip=ip) object = self.get_object() serializer = UserChangePasswordSerializer(data=request.data) if serializer.is_valid(): old_password = serializer.data.get("old_password") new_password = serializer.data.get("new_password") if not object.check_password(old_password): logger.info( 'ChangePassword: put (username: {} old password is wrong ip: {})' .format(request.user.username, ip)) return Response({"details": ["The old password was wrong!"]}, status=status.HTTP_400_BAD_REQUEST) object.set_password(new_password) object.save() logger.info( 'ChangePassword: put (username: {} password changed! ip: {})'. format(request.user.username, ip)) res = {'details': 'The password changed.'} return Response(res, status=status.HTTP_200_OK) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def create(self, validated_data): log_data = validated_data.copy() log_data.pop('password', None) utils.start_method_log('UserSerializer: create', **log_data) username = validated_data.get("username") password = validated_data.get("password") email = validated_data.get("email") user = User.objects.create_user(username=username, password=password, email=email) user.fullname = validated_data.get("fullname") user.bio = validated_data.get("bio") user.phone_number = validated_data.get("phone_number") user.save() tokens = get_simplejwt_tokens(user) data = { 'refresh': tokens['refresh'], 'access': tokens['access'] } return data
def post(self, request): ip = utils.get_client_ip(request) utils.start_method_log('ForgotPasswordVerfication: post', ip=ip) token = request.data.get('token') if token is None: logger.info('ForgotPasswordVerfication: ' 'post (Token is required. ip: {})'.format(ip)) return Response(data={"details": "Token is required."}, status=status.HTTP_400_BAD_REQUEST) try: token_query_set = Token.objects.get(key=token) except ObjectDoesNotExist: logger.info('ForgotPasswordVerfication: ' 'post (Token not found. ip: {})'.format(ip)) return Response(data={"details": "Token not found."}, status=status.HTTP_404_NOT_FOUND) token_time = int(token_query_set.created_time.strftime("%Y%m%d%H%M")) now_time = int(datetime.datetime.now().strftime("%Y%m%d%H%M")) ok_time = now_time - token_time # One day = 10,000 if ok_time <= 10000: logger.info('ForgotPasswordVerfication: ' 'post (Token is valid. ip: {})'.format(ip)) return Response(data={"details": "Token is valid"}, status=status.HTTP_200_OK) else: token_query_set.delete() logger.info('ForgotPasswordVerfication: post ' '(Token is invalid. ip: {})'.format(ip)) return Response(data={"details": "Token is invalid"}, status=status.HTTP_401_UNAUTHORIZED)
def get(self, request, username=None, format=None): ip = utils.get_client_ip(request) utils.start_method_log('BoardApiView: get', username=request.user.username, ip=ip) user = request.user if username is not None: user = User.objects.filter(username=username).first() if user is None: response_content = {"detail": "User not found."} return Response(response_content, status.HTTP_400_BAD_REQUEST) if user != request.user and user.is_private == True: Flw = Followers.objects.filter(user=request.user, following=user) if len(Flw) == 0: return Response({'details': 'you cant see him/her boards'}, status=status.HTTP_400_BAD_REQUEST) page = request.GET.get('page') if page is None: page = 1 url = str(request.scheme) + '://' + request.get_host() + MEDIA_URL data = Board.objects.filter(owner=user).order_by('-id') serializer = UserBoardsSerializer(user, context={ 'page': page, 'url': url, 'data': data }) return Response(serializer.data)
def _create_user(self, email, username, password, **extra_fields): """ Creates and saves a User with the given email, username and password. """ utils.start_method_log('UserManager: _create_user', email=email, username=username, **extra_fields) if not email: logger.info('UserManager: _create_user (The given email must be set)') raise ValueError('The given email must be set') if not username: logger.info('UserManager: _create_user (The given username must be set)') raise ValueError('The given username must be set') if not re.match("^[a-zA-Z0-9_]{4,20}$", username): logger.info('UserManager: _create_user (Your username is not valid)') raise ValidationError('Your username is not valid') email = self.normalize_email(email) user = self.model(email=email, username=username, **extra_fields) user.set_password(password) user.save(using=self._db) logger.info('UserManager: _create_user (user created email: {}, username: {})'.format(email, username)) return user
def create_user(self, email, username, password, **extra_fields): utils.start_method_log('UserManager: create_user', email=email, username=username, **extra_fields) extra_fields.setdefault('is_superuser', False) extra_fields.setdefault('is_staff', False) return self._create_user(email, username, password, **extra_fields)
def get(self, request, username=None, *args, **kwargs): ip = utils.get_client_ip(request) utils.start_method_log('PaginationApiView: get', authorized_user=request.user.username, request_user=username) if username is None: username = request.user.username try: profile = User.objects.get(username=username) except ObjectDoesNotExist: data = {"error": "Username not found"} logger.info('PaginationApiView: get ' '(Username not found) username:{}, ip: {}'.format( request.user.username, ip)) return Response(data=data, status=status.HTTP_404_NOT_FOUND) profile_private = profile.is_private target_profile = profile user_profile = request.user if target_profile != user_profile and profile_private: try: follow_status = Followers.objects.get(user=user_profile, following=target_profile) except ObjectDoesNotExist: return Response(status=status.HTTP_403_FORBIDDEN) queryset = Posts.objects.filter(owner=profile).order_by('-time') page = request.GET.get('page') pages = utils.paginator(queryset, page=page) results = pages.get('result') count = pages.get('count') total_page = pages.get('total_page') results_list = [] for post in results: item = { "id": post.id, "post_picture": str(request.scheme) + "://" + request.get_host() + MEDIA_URL + str(post.picture) } results_list.append(item) data = { "count": count, "total_pages": total_page, "results": results_list } logger.info('PaginationApiView: get ' '(get posts of {}) username:{}, ip: {}'.format( username, request.user.username, ip)) return Response(data=data, status=status.HTTP_200_OK)
def validate_new_password(self, value): utils.start_method_log( 'UserChangePasswordSerializer: validate_new_password') validate_password(value) logger.info( 'UserChangePasswordSerializer: validate_new_password (password validated!)' ) return value
def create_superuser(self, email, username, password, **extra_fields): utils.start_method_log('UserManager: create_superuser', email=email, username=username, **extra_fields) extra_fields.setdefault('is_superuser', True) extra_fields.setdefault('is_staff', True) if extra_fields.get('is_superuser') is not True: logger.info('UserManager: create_superuser: Superuser must have is_superuser=True.') raise ValueError('Superuser must have is_superuser=True.') return self._create_user(email, username, password, **extra_fields)
def get(self, request, username=None, format=None): ip = utils.get_client_ip(request) if username is None: username = request.user.username utils.start_method_log('FollowerSearchApiView: get', username=request.user.username, ip=ip) page = request.GET.get('page') search_value = request.GET.get('search') user = User.objects.filter(username=username).first() if user is None: response_content = {"detail": "User not found."} return Response(response_content, status.HTTP_400_BAD_REQUEST) if search_value is None: search_value = '' if user != request.user and user.is_private == True: if Followers.objects.filter(user=request.user, following=user).count() == 0: return Response( {'details': 'You cannot see him/her followers.'}, status=status.HTTP_400_BAD_REQUEST) search_array = search_value.split(' ') followers_query_set = Followers.objects.filter( following=user).order_by('-id') followers = [' '] for f in followers_query_set: followers.append(f.user.username) Users = User.objects.filter( reduce(or_, [Q(username=q) for q in followers])).order_by('-id') data = Users.filter( Q(username__icontains=search_value) | Q(reduce(or_, [Q(fullname__icontains=q) for q in search_array]))).order_by('-id') url = str(request.scheme) + '://' + request.get_host() + MEDIA_URL serializer = UserSearchSerializer(self.request.user, context={ 'page': page, 'url': url, 'data': data, 'request_user': self.request.user }) return Response(serializer.data)
def check_username(self, username): """ Checks can create a User with given info """ utils.start_method_log('UserManager: check_username', username=username) if not username: logger.info('UserManager: check_username (The given username must be set)') raise ValidationError('The given username must be set') if not re.match("^[a-zA-Z0-9_]{4,20}$", username): logger.info('UserManager: check_username (Your username is not valid)') raise ValidationError('Your username is not valid')
def post(self, request): ip = utils.get_client_ip(request) utils.start_method_log('ForgotPasswordApiView: post', ip=ip) email = request.data.get('email') if email is None: logger.info('ForgotPasswordApiView: ' 'post (Email is required. ip: {})'.format(ip)) return Response(data={"details": "email is required."}, status=status.HTTP_400_BAD_REQUEST) try: user_query_set = User.objects.get(email=email) except ObjectDoesNotExist: logger.info('ForgotPasswordApiView: ' 'post (User not found. ip: {})'.format(ip)) return Response(data={"details": "User not found"}, status=status.HTTP_404_NOT_FOUND) try: token = Token.objects.get(user=user_query_set) token_time = token.created_time now_time = datetime.datetime.now(datetime.timezone.utc) ok_time = now_time - token_time if ok_time.seconds > 300: token.delete() token = Token.objects.create(user=user_query_set) else: logger.info( 'ForgotPasswordApiView: ' 'post (Try again later for create token. ip: {})'.format( ip)) return Response( data={"details": "Please try again a few minutes later"}, status=status.HTTP_403_FORBIDDEN) except ObjectDoesNotExist: token = Token.objects.create(user=user_query_set) email = utils.send_email(to=email, subject="Token for forgot password", body="Your Token: {}".format(token.key)) if email.status_code == 200: logger.info('ForgotPasswordApiView: post (Ok , Token send to this ' 'email:{email} ip: {ip})'.format(ip=ip, email=email)) return Response(data={}, status=status.HTTP_201_CREATED) else: logger.info('ForgotPasswordApiView: post ' '(Email API fail. ip: {})'.format(ip)) return Response(data={"details": "email api fail"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def _validate_data(request, data): ip = utils.get_client_ip(request) utils.start_method_log('DeleteBoard: _validate_data', username=request.user.username, ip=ip) board_id = data.get('board_id') if board_id is None: raise ValidationError('board_id must be set.') try: board = Board.objects.get(id=board_id) except: raise ValidationError('board is not exists') if board.owner != request.user: raise ValidationError("it's not your board!")
def get(self, request, tag_id, format=None): ip = utils.get_client_ip(request) utils.start_method_log('GetPostOfTagAPI: get', username=request.user.username, ip=ip) user = request.user page = request.GET.get('page') url = str(request.scheme) + '://' + request.get_host() + MEDIA_URL posts_following = Posts.objects.filter(tagcontains__tag_id=tag_id, owner__following__user=user) posts_public = Posts.objects.filter(tagcontains__tag_id=tag_id, owner__is_private=False) posts = (posts_following | posts_public).distinct().order_by('-time') serializer = GetPostsSerializer(user, context={'page': page, 'url': url, 'posts': posts, 'tag_search': True}) return Response(serializer.data)
def get(self, request, format=None): ip = utils.get_client_ip(request) utils.start_method_log('GetNotificationAPI: get', username=request.user.username, ip=ip) user = request.user page = request.GET.get('page') url = str(request.scheme) + '://' + request.get_host() + MEDIA_URL notifs = Notification.objects.filter(target_user_id=user.id).order_by('-time') serializer = GetNotifSerializer(user, context={'page': page, 'url': url, 'notifs': notifs}) return Response(serializer.data)
def post(self, request): ip = utils.get_client_ip(request) utils.start_method_log('ForgotPasswordComplete: post', ip=ip) token = request.data.get('token') password = request.data.get('password') if token is None or password is None: logger.info('ForgotPasswordComplete: post ' '(Token/Password is required. ip: {})'.format(ip)) return Response(data={"details": "Token/Password is required."}, status=status.HTTP_400_BAD_REQUEST) try: token_query_set = Token.objects.get(key=token) except ObjectDoesNotExist: logger.info('ForgotPasswordComplete: post ' '(Token not found. ip: {})'.format(ip)) return Response(data={"details": "Token not found."}, status=status.HTTP_404_NOT_FOUND) token_time = int(token_query_set.created_time.strftime("%Y%m%d%H%M")) now_time = int(datetime.datetime.now().strftime("%Y%m%d%H%M")) ok_time = now_time - token_time # One day = 10,000 if ok_time <= 10000: try: validate_password(password) except ValidationError: logger.info('ForgotPasswordComplete: post ' '(Password is not valid. ip: {})'.format(ip)) return Response(data={"details": "Password is not valid."}, status=status.HTTP_400_BAD_REQUEST) user_query_set = User.objects.get(email=token_query_set.user.email) user_query_set.set_password(password) user_query_set.save() token_query_set.delete() logger.info('ForgotPasswordComplete: post ' '(Password successfully changed. ' 'email: {email} ip: {ip})'.format( ip=ip, email=user_query_set.email)) return Response(data={"details": "Password Changed."}, status=status.HTTP_200_OK) else: logger.info('ForgotPasswordComplete: post ' '(Token is invalid. ip: {})'.format(ip)) return Response(data={"details": "Token is invalid"}, status=status.HTTP_401_UNAUTHORIZED)
def post(self, request): target_user_name = request.data.get('username') request_username = request.user.username request_id = request.user.id ip = utils.get_client_ip(request) utils.start_method_log('DeleteFollowRequest: post', authorized_user=request.user.username, request_user=target_user_name) if target_user_name is None: logger.info('DeleteFollowRequest: post ' '(username is required) username:{}, ip: {}'.format( request.user.username, ip)) return Response(data={"error": "Username required."}, status=status.HTTP_400_BAD_REQUEST) try: target_user = User.objects.get(username=target_user_name) except ObjectDoesNotExist: logger.info('DeleteFollowRequest: post ' '(Username not found) username:{}, ip: {}'.format( request.user.username, ip)) return Response(data={"error": "User not found."}, status=status.HTTP_404_NOT_FOUND) try: request = Request.objects.get(requester=request.user, requestee=target_user) except ObjectDoesNotExist: logger.info( 'DeleteFollowRequest: post ' '(You didnt request this user.) username:{}, ip: {}'.format( request.user.username, ip)) return Response(data={"error": "You didnt request this user."}, status=status.HTTP_404_NOT_FOUND) request.delete() logger.info( 'DeleteFollowRequest: post ' '(Follow request deleted succesfully) username:{}, ip: {}'.format( request_username, ip)) unfollow_request_notification(request_id, target_user.id) return Response(data={'details': 'Follow request deleted succesfully'}, status=status.HTTP_200_OK)
def post(self, request): ip = utils.get_client_ip(request) username = request.data.get('username') utils.start_method_log('UnfollowApiView: post', authorized_user=request.user.username, request_user=username) if username is None: logger.info('UnfollowApiView: post ' '(Username is required) username:{}, ip: {}'.format( request.user.username, ip)) return Response(data={"detail": "Username is required."}, status=status.HTTP_400_BAD_REQUEST) source_user = request.user try: target_user = User.objects.get(username=username) except ObjectDoesNotExist: logger.info('UnfollowApiView: post ' '(User not found) username:{}, ip: {}'.format( request.user.username, ip)) return Response(data={"detail": "User not found"}, status=status.HTTP_404_NOT_FOUND) try: followers_query_set = Followers.objects.get(user=source_user, following=target_user) except ObjectDoesNotExist: logger.info( 'UnfollowApiView: post ' '(You are not follow this user) username:{}, ip: {}'.format( request.user.username, ip)) return Response(data={"detail": "You are not follow this user"}, status=status.HTTP_400_BAD_REQUEST) followers_query_set.delete() logger.info( 'UnfollowApiView: post ' '(You are successfully unfollow this user) username:{}, ip: {}'. format(request.user.username, ip)) unfollow_notification(source_user.id, target_user.id) return Response( data={"detail": "You are successfully unfollow this user."}, status=status.HTTP_200_OK)