Feature: update user profile (#4678)

2025-07-30 18:27:45 -05:00 · 2023-12-02 08:26:42 -08:00
parent 6e371ac5ac
commit aff56077a8
23 changed files with 1048 additions and 75 deletions
--- a/src/paperless/serialisers.py
+++ b/src/paperless/serialisers.py
@@ -97,3 +97,19 @@ class GroupSerializer(serializers.ModelSerializer):
            "name",
            "permissions",
        )
+
+
+class ProfileSerializer(serializers.ModelSerializer):
+    email = serializers.EmailField(allow_null=False)
+    password = ObfuscatedUserPasswordField(required=False, allow_null=False)
+    auth_token = serializers.SlugRelatedField(read_only=True, slug_field="key")
+
+    class Meta:
+        model = User
+        fields = (
+            "email",
+            "password",
+            "first_name",
+            "last_name",
+            "auth_token",
+        )
--- a/src/paperless/urls.py
+++ b/src/paperless/urls.py
@@ -35,7 +35,9 @@ from documents.views import UiSettingsView
 from documents.views import UnifiedSearchViewSet
 from paperless.consumers import StatusConsumer
 from paperless.views import FaviconView
+from paperless.views import GenerateAuthTokenView
 from paperless.views import GroupViewSet
+from paperless.views import ProfileView
 from paperless.views import UserViewSet
 from paperless_mail.views import MailAccountTestView
 from paperless_mail.views import MailAccountViewSet
@@ -119,6 +121,12 @@ urlpatterns = [
                    BulkEditObjectPermissionsView.as_view(),
                    name="bulk_edit_object_permissions",
                ),
+                path("profile/generate_auth_token/", GenerateAuthTokenView.as_view()),
+                re_path(
+                    "^profile/",
+                    ProfileView.as_view(),
+                    name="profile_view",
+                ),
                *api_router.urls,
            ],
        ),
--- a/src/paperless/views.py
+++ b/src/paperless/views.py
@@ -7,7 +7,9 @@ from django.db.models.functions import Lower
 from django.http import HttpResponse
 from django.views.generic import View
 from django_filters.rest_framework import DjangoFilterBackend
+from rest_framework.authtoken.models import Token
 from rest_framework.filters import OrderingFilter
+from rest_framework.generics import GenericAPIView
 from rest_framework.pagination import PageNumberPagination
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
@@ -17,6 +19,7 @@ from documents.permissions import PaperlessObjectPermissions
 from paperless.filters import GroupFilterSet
 from paperless.filters import UserFilterSet
 from paperless.serialisers import GroupSerializer
+from paperless.serialisers import ProfileSerializer
 from paperless.serialisers import UserSerializer


@@ -106,3 +109,54 @@ class GroupViewSet(ModelViewSet):
    filter_backends = (DjangoFilterBackend, OrderingFilter)
    filterset_class = GroupFilterSet
    ordering_fields = ("name",)
+
+
+class ProfileView(GenericAPIView):
+    """
+    User profile view, only available when logged in
+    """
+
+    permission_classes = [IsAuthenticated]
+    serializer_class = ProfileSerializer
+
+    def get(self, request, *args, **kwargs):
+        user = self.request.user
+
+        serializer = self.get_serializer(data=request.data)
+        return Response(serializer.to_representation(user))
+
+    def patch(self, request, *args, **kwargs):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        user = self.request.user if hasattr(self.request, "user") else None
+
+        if len(serializer.validated_data.get("password").replace("*", "")) > 0:
+            user.set_password(serializer.validated_data.get("password"))
+            user.save()
+        serializer.validated_data.pop("password")
+
+        for key, value in serializer.validated_data.items():
+            setattr(user, key, value)
+        user.save()
+
+        return Response(serializer.to_representation(user))
+
+
+class GenerateAuthTokenView(GenericAPIView):
+    """
+    Generates (or re-generates) an auth token, requires a logged in user
+    unlike the default DRF endpoint
+    """
+
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request, *args, **kwargs):
+        user = self.request.user
+
+        existing_token = Token.objects.filter(user=user).first()
+        if existing_token is not None:
+            existing_token.delete()
+        token = Token.objects.create(user=user)
+        return Response(
+            token.key,
+        )