class UpdateEmailOptInPreference(APIView): """View for updating the email opt in preference. """ authentication_classes = (SessionAuthenticationAllowInactiveUser, ) permission_classes = (IsAuthenticated, ) @method_decorator(require_post_params(["course_id", "email_opt_in"])) @method_decorator(ensure_csrf_cookie) def post(self, request): """ Post function for updating the email opt in preference. Allows the modification or creation of the email opt in preference at an organizational level. Args: request (Request): The request should contain the following POST parameters: * course_id: The slash separated course ID. Used to determine the organization for this preference setting. * email_opt_in: "True" or "False" to determine if the user is opting in for emails from this organization. If the string does not match "True" (case insensitive) it will assume False. """ course_id = request.data['course_id'] try: org = locator.CourseLocator.from_string(course_id).org except InvalidKeyError: return HttpResponse(status=400, content="No course '{course_id}' found".format( course_id=course_id), content_type="text/plain") # Only check for true. All other values are False. email_opt_in = request.data['email_opt_in'].lower() == 'true' update_email_opt_in(request.user, org, email_opt_in) return HttpResponse(status=status.HTTP_200_OK)
class LoginSessionViewCustom(LoginSessionView): @method_decorator(require_post_params(["email", "password"])) @method_decorator(csrf_protect) def post(self, request): # For the initial implementation, shim the existing login view # from the student Django app. from philu_overrides.views import login_user_custom return shim_student_view(login_user_custom, check_logged_in=True)(request)
class LoginSessionView(APIView): """HTTP end-points for logging in users. """ # This end-point is available to anonymous users, # so do not require authentication. authentication_classes = [] @method_decorator(ensure_csrf_cookie) def get(self, request): return HttpResponse(get_login_session_form(request).to_json(), content_type="application/json") @method_decorator(require_post_params(["email", "password"])) @method_decorator(csrf_protect) def post(self, request): """Log in a user. You must send all required form fields with the request. You can optionally send an `analytics` param with a JSON-encoded object with additional info to include in the login analytics event. Currently, the only supported field is "enroll_course_id" to indicate that the user logged in while enrolling in a particular course. Arguments: request (HttpRequest) Returns: HttpResponse: 200 on success HttpResponse: 400 if the request is not valid. HttpResponse: 403 if authentication failed. 403 with content "third-party-auth" if the user has successfully authenticated with a third party provider but does not have a linked account. HttpResponse: 302 if redirecting to another page. Example Usage: POST /user_api/v1/login_session with POST params `email`, `password`, and `remember`. 200 OK """ # For the initial implementation, shim the existing login view # from the student Django app. from student.views import login_user return shim_student_view(login_user, check_logged_in=True)(request) @method_decorator(sensitive_post_parameters("password")) def dispatch(self, request, *args, **kwargs): return super(LoginSessionView, self).dispatch(request, *args, **kwargs)
class LoginSessionView(APIView): """HTTP end-points for logging in users. """ # This end-point is available to anonymous users, # so do not require authentication. authentication_classes = [] @method_decorator(ensure_csrf_cookie) def get(self, request): """Return a description of the login form. This decouples clients from the API definition: if the API decides to modify the form, clients won't need to be updated. See `user_api.helpers.FormDescription` for examples of the JSON-encoded form description. Returns: HttpResponse """ form_desc = FormDescription("post", reverse("user_api_login_session")) # Translators: This label appears above a field on the login form # meant to hold the user's email address. email_label = "%s %s %s" % (_(u"Username"), _(u"or"), _(u"email")) # Translators: This example email address is used as a placeholder in # a field on the login form meant to hold the user's email address. email_placeholder = "%s %s %s" % (_(u"username"), _(u"or"), _(u"*****@*****.**")) # Translators: These instructions appear on the login form, immediately # below a field meant to hold the user's email address. email_instructions = _( "The email address you used to register with {platform_name}" ).format(platform_name=configuration_helpers.get_value( 'PLATFORM_NAME', settings.PLATFORM_NAME)) form_desc.add_field("email", field_type="email", label=email_label, placeholder=email_placeholder, instructions=email_instructions, restrictions={ "min_length": EMAIL_MIN_LENGTH, "max_length": EMAIL_MAX_LENGTH, }) # Translators: This label appears above a field on the login form # meant to hold the user's password. password_label = _(u"Password") form_desc.add_field("password", label=password_label, field_type="password", restrictions={ "min_length": PASSWORD_MIN_LENGTH, "max_length": PASSWORD_MAX_LENGTH, }) form_desc.add_field( "remember", field_type="checkbox", label=_("Remember me"), default=False, required=False, ) return HttpResponse(form_desc.to_json(), content_type="application/json") @method_decorator(require_post_params(["email", "password"])) @method_decorator(csrf_protect) def post(self, request): """Log in a user. You must send all required form fields with the request. You can optionally send an `analytics` param with a JSON-encoded object with additional info to include in the login analytics event. Currently, the only supported field is "enroll_course_id" to indicate that the user logged in while enrolling in a particular course. Arguments: request (HttpRequest) Returns: HttpResponse: 200 on success HttpResponse: 400 if the request is not valid. HttpResponse: 403 if authentication failed. 403 with content "third-party-auth" if the user has successfully authenticated with a third party provider but does not have a linked account. HttpResponse: 302 if redirecting to another page. Example Usage: POST /user_api/v1/login_session with POST params `email`, `password`, and `remember`. 200 OK """ # For the initial implementation, shim the existing login view # from the student Django app. from student.views import login_user return shim_student_view(login_user, check_logged_in=True)(request) @method_decorator(sensitive_post_parameters("password")) def dispatch(self, request, *args, **kwargs): return super(LoginSessionView, self).dispatch(request, *args, **kwargs)