Newer
Older
Eliot Berriot
committed
from allauth.account.adapter import get_adapter
Eliot Berriot
committed
from rest_auth import views as rest_auth_views
from rest_auth.registration import views as registration_views
from rest_framework.decorators import action
Eliot Berriot
committed
from funkwhale_api.common import authentication
Eliot Berriot
committed
from funkwhale_api.common import preferences
Eliot Berriot
committed
from . import models, serializers, tasks
Eliot Berriot
committed
Eliot Berriot
committed
class RegisterView(registration_views.RegisterView):
serializer_class = serializers.RegisterSerializer
permission_classes = []
Eliot Berriot
committed
action = "signup"
throttling_scopes = {"signup": {"authenticated": "signup", "anonymous": "signup"}}
Eliot Berriot
committed
def create(self, request, *args, **kwargs):
invitation_code = request.data.get("invitation")
if not invitation_code and not self.is_open_for_signup(request):
Eliot Berriot
committed
return Response(r, status=403)
return super().create(request, *args, **kwargs)
def is_open_for_signup(self, request):
return get_adapter().is_open_for_signup(request)
def perform_create(self, serializer):
user = super().perform_create(serializer)
if not user.is_active:
# manual approval, we need to send the confirmation email by hand
authentication.send_email_confirmation(self.request, user)
return user
Eliot Berriot
committed
Eliot Berriot
committed
class VerifyEmailView(registration_views.VerifyEmailView):
action = "verify-email"
class PasswordChangeView(rest_auth_views.PasswordChangeView):
action = "password-change"
class PasswordResetView(rest_auth_views.PasswordResetView):
action = "password-reset"
class PasswordResetConfirmView(rest_auth_views.PasswordResetConfirmView):
action = "password-reset-confirm"
class UserViewSet(mixins.UpdateModelMixin, viewsets.GenericViewSet):
queryset = models.User.objects.all().select_related("actor__attachment_icon")
serializer_class = serializers.UserWriteSerializer
Eliot Berriot
committed
lookup_value_regex = r"[a-zA-Z0-9-_.]+"
required_scope = "profile"
Eliot Berriot
committed
Eliot Berriot
committed
@action(methods=["get", "delete"], detail=False)
Eliot Berriot
committed
def me(self, request, *args, **kwargs):
Eliot Berriot
committed
"""Return information about the current user or delete it"""
if request.method.lower() == "delete":
serializer = serializers.UserDeleteSerializer(
request.user, data=request.data
)
serializer.is_valid(raise_exception=True)
tasks.delete_account.delay(user_id=request.user.pk)
# at this point, password is valid, we launch deletion
return Response(status=204)
serializer = serializers.MeSerializer(request.user)
Eliot Berriot
committed
return Response(serializer.data)
@action(
methods=["get", "post", "delete"],
required_scope="security",
url_path="subsonic-token",
detail=True,
)
Eliot Berriot
committed
def subsonic_token(self, request, *args, **kwargs):
if not self.request.user.username == kwargs.get("username"):
Eliot Berriot
committed
return Response(status=403)
Eliot Berriot
committed
return Response(status=405)
if request.method.lower() == "get":
return Response(
{"subsonic_api_token": self.request.user.subsonic_api_token}
)
if request.method.lower() == "delete":
Eliot Berriot
committed
self.request.user.subsonic_api_token = None
self.request.user.save(update_fields=["subsonic_api_token"])
Eliot Berriot
committed
return Response(status=204)
self.request.user.update_subsonic_api_token()
self.request.user.save(update_fields=["subsonic_api_token"])
data = {"subsonic_api_token": self.request.user.subsonic_api_token}
Eliot Berriot
committed
return Response(data)
def update(self, request, *args, **kwargs):
if not self.request.user.username == kwargs.get("username"):
return Response(status=403)
return super().update(request, *args, **kwargs)
def partial_update(self, request, *args, **kwargs):
if not self.request.user.username == kwargs.get("username"):
return Response(status=403)
return super().partial_update(request, *args, **kwargs)