feat: add public URL endpoint and update user type to include password status

2025-07-24 23:39:37 +02:00 · 2025-01-06 18:53:08 -05:00 · 2025-01-06 18:53:08 -05:00 · e19781d7ac
commit e19781d7ac
parent 59b41c01df
15 changed files with 248 additions and 51 deletions
--- a/backend/server/main/urls.py
+++ b/backend/server/main/urls.py
@ -4,7 +4,7 @@ from django.views.generic import RedirectView, TemplateView
 from django.conf import settings
 from django.conf.urls.static import static
 from users.views import IsRegistrationDisabled, PublicUserListView, PublicUserDetailView, UserMetadataView, UpdateUserMetadataView, EnabledSocialProvidersView
-from .views import get_csrf_token
+from .views import get_csrf_token, get_public_url
 from drf_yasg.views import get_schema_view

 from drf_yasg import openapi
@ -30,6 +30,7 @@ urlpatterns = [
    path('auth/social-providers/', EnabledSocialProvidersView.as_view(), name='enabled-social-providers'),

    path('csrf/', get_csrf_token, name='get_csrf_token'),
+    path('public-url/', get_public_url, name='get_public_url'),
    
    path('', TemplateView.as_view(template_name='home.html')),
    
--- a/backend/server/main/views.py
+++ b/backend/server/main/views.py
@ -1,6 +1,10 @@
 from django.http import JsonResponse
 from django.middleware.csrf import get_token
+from os import getenv

 def get_csrf_token(request):
    csrf_token = get_token(request)
    return JsonResponse({'csrfToken': csrf_token})
+
+def get_public_url(request):
+    return JsonResponse({'PUBLIC_URL': getenv('PUBLIC_URL')})
--- a/backend/server/users/serializers.py
+++ b/backend/server/users/serializers.py
@ -36,7 +36,7 @@ import os

 class UserDetailsSerializer(serializers.ModelSerializer):
    """
-    User model w/o password
+    User model without exposing the password.
    """

    @staticmethod
@ -49,8 +49,8 @@ class UserDetailsSerializer(serializers.ModelSerializer):
        return username

    class Meta:
+        model = CustomUser
        extra_fields = ['profile_pic', 'uuid', 'public_profile']
-        profile_pic = serializers.ImageField(required=False)

        if hasattr(UserModel, 'USERNAME_FIELD'):
            extra_fields.append(UserModel.USERNAME_FIELD)
@ -64,19 +64,14 @@ class UserDetailsSerializer(serializers.ModelSerializer):
            extra_fields.append('date_joined')
        if hasattr(UserModel, 'is_staff'):
            extra_fields.append('is_staff')
-        if hasattr(UserModel, 'public_profile'):
-            extra_fields.append('public_profile')

-        class Meta:
-            model = CustomUser
-            fields = ('profile_pic', 'uuid', 'public_profile', 'email', 'date_joined', 'is_staff', 'is_superuser', 'is_active', 'pk')
-
-        model = UserModel
-        fields = ('pk', *extra_fields)
+        fields = ['pk', *extra_fields]
        read_only_fields = ('email', 'date_joined', 'is_staff', 'is_superuser', 'is_active', 'pk')

    def handle_public_profile_change(self, instance, validated_data):
-        """Remove user from `shared_with` if public profile is set to False."""
+        """
+        Remove user from `shared_with` if public profile is set to False.
+        """
        if 'public_profile' in validated_data and not validated_data['public_profile']:
            for collection in Collection.objects.filter(shared_with=instance):
                collection.shared_with.remove(instance)
@ -91,20 +86,37 @@ class UserDetailsSerializer(serializers.ModelSerializer):


 class CustomUserDetailsSerializer(UserDetailsSerializer):
+    """
+    Custom serializer to add additional fields and logic for the user details.
+    """

+    has_password = serializers.SerializerMethodField()

    class Meta(UserDetailsSerializer.Meta):
        model = CustomUser
-        fields = UserDetailsSerializer.Meta.fields + ('profile_pic', 'uuid', 'public_profile')
-        read_only_fields = UserDetailsSerializer.Meta.read_only_fields + ('uuid',)
+        fields = UserDetailsSerializer.Meta.fields + ['profile_pic', 'uuid', 'public_profile', 'has_password']
+        read_only_fields = UserDetailsSerializer.Meta.read_only_fields + ('uuid', 'has_password')
+
+    @staticmethod
+    def get_has_password(instance):
+        """
+        Computes whether the user has a usable password set.
+        """
+        return instance.has_usable_password()

    def to_representation(self, instance):
+        """
+        Customizes the serialized output to modify `profile_pic` URL and add computed fields.
+        """
        representation = super().to_representation(instance)
+
+        # Construct profile picture URL if it exists
        if instance.profile_pic:
            public_url = os.environ.get('PUBLIC_URL', 'http://127.0.0.1:8000').rstrip('/')
-            #print(public_url)
-            # remove any  ' from the url
-            public_url = public_url.replace("'", "")
+            public_url = public_url.replace("'", "")  # Sanitize URL
            representation['profile_pic'] = f"{public_url}/media/{instance.profile_pic.name}"
-        del representation['pk'] # remove the pk field from the response
+
+        # Remove `pk` field from the response
+        representation.pop('pk', None)
+
        return representation