def user(request, user_id): requested_user = get_user(user_id) if request.method == "GET": user_data = { "username": requested_user.username, "id": requested_user.profile.profile_id, "displayName": requested_user.profile.display_name, "bio": requested_user.profile.bio, "programs": list( Program.objects.filter(user=requested_user).values_list( "program_id", flat=True)), "joined": requested_user.date_joined.replace(microsecond=0).isoformat() + "Z" } return api.succeed(user_data) elif request.method == "PATCH": data = json.loads(request.body) if request.user != requested_user: return api.error("Not authorized.", status=401) if "displayName" in data: if len(data["displayName"]) > 45: return api.error( "displayName length exceeds maximum characters.") requested_user.profile.display_name = data["displayName"] if "bio" in data: if len(data["bio"]) > 500: return api.error("bio length exceeds maximum characters.") requested_user.profile.bio = data["bio"] if "username" in data: if not check_username(data["username"], requested_user.username): return api.error("Invalid username.") requested_user.username = data["username"] requested_user.save() return api.succeed() elif request.method == "DELETE": if request.user != requested_user: return api.error("Not authorized.", status=401) requested_user.delete() return api.succeed()
def edit(request, username): if request.method == 'POST': username = request.POST.get('username', '') display_name = request.POST.get('display_name', '') bio = re.sub(r'\r', '', request.POST.get('bio', '')) if not check_username(username, request.user.username): return HttpResponse('null', content_type="application/json", status=400) if len(display_name) > 45: return HttpResponse('null', content_type="application/json", status=400) if len(bio) > 500: return HttpResponse('null', content_type="application/json", status=400) if display_name == '': display_name = username request.user.username = username request.user.profile.display_name = display_name request.user.profile.bio = bio request.user.save() return redirect("/user/" + username) else: try: user = User.objects.select_related('profile').get( username=username) if user.username == request.user.username: return render(request, 'user_profile/user-profile.html', {'editing': True}) return render(request, 'user_profile/access-denied.html', {'username': username}, status=403) except User.DoesNotExist: return render(request, 'user_profile/does-not-exist.html', {'username': username}, status=404)
def new_user(request): data = json.loads(request.body) username = data['username'] if "email" in data: email = data['email'] else: email = '' password = data['password'] display_name = data['displayName'] if (not check_username(username, "")): return api.error("Invalid username") if (password == ""): return api.error("Password cannot be blank") if (display_name == "" or len(display_name) > 45): return api.error("Invalid display name") if (not re.match(r"^([\w.+-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)+)?$", email)): return api.error("Invalid email") user = User.objects.create_user( username, email, password, ) user.profile.display_name = display_name user.save() auth.login(request, user) return api.succeed( { "id": user.profile.profile_id, "username": user.username }, status=200)
def username_valid(request, username): return api.succeed({"usernameValid": check_username(username, "")})