def new_user(request):
data = json.loads(request.body)
username = data['username']
if "email" in data:
email = data['email']
else:
email = ''
password = data['password']
display_name = data['displayName']
if (not check_username(username, "")):
return api.error("Invalid username")
if (password == ""):
return api.error("Password cannot be blank")
if (display_name == "" or len(display_name) > 45):
return api.error("Invalid display name")
if (not re.match(r"^([\w.+-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)+)?$", email)):
return api.error("Invalid email")
user = User.objects.create_user(
username,
email,
password,
)
user.profile.display_name = display_name
user.save()
auth.login(request, user)
return api.succeed({
"id": user.profile.profile_id,
"username": user.username
}, status=200)
def user(request, user_id):
requested_user = get_user(user_id)
if request.method == "GET":
user_data = {
"username":
requested_user.username,
"id":
requested_user.profile.profile_id,
"displayName":
requested_user.profile.display_name,
"bio":
requested_user.profile.bio,
"programs":
list(
Program.objects.filter(user=requested_user).values_list(
"program_id", flat=True)),
"joined":
requested_user.date_joined.replace(microsecond=0).isoformat() + "Z"
}
return api.succeed(user_data)
elif request.method == "PATCH":
data = json.loads(request.body)
if request.user != requested_user:
return api.error("Not authorized.", status=401)
if "displayName" in data:
if len(data["displayName"]) > 45:
return api.error(
"displayName length exceeds maximum characters.")
else:
requested_user.profile.display_name = data["displayName"]
if "bio" in data:
if len(data["bio"]) > 500:
return api.error("bio length exceeds maximum characters.")
else:
requested_user.profile.bio = data["bio"]
if "username" in data:
if (not check_username(data["username"], requested_user.username)):
return api.error("Invalid username.")
else:
requested_user.username = data["username"]
requested_user.save()
return api.succeed()
elif (request.method == "DELETE"):
if request.user != requested_user:
return api.error("Not authorized.", status=401)
requested_user.delete()
return api.succeed()
def user(request, id):
try:
requested_user = Profile.objects.select_related('user').get(profile_id=id).user
except Profile.DoesNotExist:
#If id doesn't match, we try username. If username doesn't, we throw an error caught by standardAPIErrors
requested_user = User.objects.select_related('profile').get(username=id)
if request.method == "GET":
user_data = {
"username": requested_user.username,
"id": requested_user.profile.profile_id,
"displayName": requested_user.profile.display_name,
"bio": requested_user.profile.bio,
"programs": list(Program.objects.filter(user=requested_user).values_list("program_id", flat=True)),
"joined": requested_user.date_joined.replace(microsecond=0).isoformat() + "Z"
}
return api.succeed(user_data)
elif request.method == "PATCH":
data = json.loads(request.body)
if request.user != requested_user:
return api.error("Not authorized.", status=401)
if "displayName" in data:
if len(data["displayName"]) > 45:
return api.error("displayName length exceeds maximum characters.")
else:
requested_user.profile.display_name = data["displayName"]
if "bio" in data:
if len(data["bio"]) > 500:
return api.error("bio length exceeds maximum characters.")
else:
requested_user.profile.bio = data["bio"]
if "username" in data:
if (not check_username(data["username"], requested_user.username)):
return api.error("Invalid username.")
else:
requested_user.username = data["username"]
requested_user.save()
return api.succeed()
elif (request.method == "DELETE"):
if request.user != requested_user:
return api.error("Not authorized.", status=401)
requested_user.delete()
return api.succeed()
def edit(request, username):
if (request.method == 'POST'):
username = request.POST.get('username', '')
display_name = request.POST.get('display_name', '')
bio = re.sub(r'\r', '', request.POST.get('bio', ''))
if (not check_username(username, request.user.username)):
return HttpResponse('null',
content_type="application/json",
status=400)
if (len(display_name) > 45):
return HttpResponse('null',
content_type="application/json",
status=400)
if (len(bio) > 500):
return HttpResponse('null',
content_type="application/json",
status=400)
if (display_name == ''):
display_name = username
request.user.username = username
request.user.profile.display_name = display_name
request.user.profile.bio = bio
request.user.save()
return redirect("/user/" + username)
else:
try:
user = User.objects.select_related('profile').get(
username=username)
if (user.username == request.user.username):
return render(request, 'user_profile/user_profile.html',
{'editing': True})
else:
return render(request,
'user_profile/accessDenied.html',
{'username': username},
status=403)
except User.DoesNotExist:
return render(request,
'user_profile/doesNotExist.html',
{'username': username},
status=404)
def username_valid(request, username):
return api.succeed({ "usernameValid": check_username(username, "") })