class UpdateEmailOptInPreference(APIView): """View for updating the email opt in preference. """ authentication_classes = (SessionAuthenticationAllowInactiveUser,) permission_classes = (IsAuthenticated,) @method_decorator(require_post_params(["course_id", "email_opt_in"])) @method_decorator(ensure_csrf_cookie) def post(self, request): """ Post function for updating the email opt in preference. Allows the modification or creation of the email opt in preference at an organizational level. Args: request (Request): The request should contain the following POST parameters: * course_id: The slash separated course ID. Used to determine the organization for this preference setting. * email_opt_in: "True" or "False" to determine if the user is opting in for emails from this organization. If the string does not match "True" (case insensitive) it will assume False. """ course_id = request.data['course_id'] try: org = locator.CourseLocator.from_string(course_id).org except InvalidKeyError: return HttpResponse( status=400, content=u"No course '{course_id}' found".format(course_id=course_id), content_type="text/plain" ) # Only check for true. All other values are False. email_opt_in = request.data['email_opt_in'].lower() == 'true' update_email_opt_in(request.user, org, email_opt_in) return HttpResponse(status=status.HTTP_200_OK)
class LoginSessionView(APIView): """HTTP end-points for logging in users. """ # This end-point is available to anonymous users, # so do not require authentication. authentication_classes = [] @method_decorator(ensure_csrf_cookie) def get(self, request): return HttpResponse(get_login_session_form(request).to_json(), content_type="application/json") @method_decorator(require_post_params(["email", "password"])) @method_decorator(csrf_protect) def post(self, request): """Log in a user. See `login_user` for details. Example Usage: POST /user_api/v1/login_session with POST params `email`, `password`. 200 {'success': true} """ return login_user(request) @method_decorator(sensitive_post_parameters("password")) def dispatch(self, request, *args, **kwargs): return super(LoginSessionView, self).dispatch(request, *args, **kwargs)
class LoginSessionView(APIView): """HTTP end-points for logging in users. """ # This end-point is available to anonymous users, # so do not require authentication. authentication_classes = [] @method_decorator(ensure_csrf_cookie) def get(self, request): return HttpResponse(get_login_session_form(request).to_json(), content_type="application/json") @method_decorator(require_post_params(["email", "password"])) @method_decorator(csrf_protect) def post(self, request): """Log in a user. You must send all required form fields with the request. You can optionally send an `analytics` param with a JSON-encoded object with additional info to include in the login analytics event. Currently, the only supported field is "enroll_course_id" to indicate that the user logged in while enrolling in a particular course. Arguments: request (HttpRequest) Returns: HttpResponse: 200 on success HttpResponse: 400 if the request is not valid. HttpResponse: 403 if authentication failed. 403 with content "third-party-auth" if the user has successfully authenticated with a third party provider but does not have a linked account. HttpResponse: 302 if redirecting to another page. Example Usage: POST /user_api/v1/login_session with POST params `email`, `password`, and `remember`. 200 OK """ return shim_student_view(login_user, check_logged_in=True)(request) @method_decorator(sensitive_post_parameters("password")) def dispatch(self, request, *args, **kwargs): return super(LoginSessionView, self).dispatch(request, *args, **kwargs)