Add /me API endpoint

2018-11-09 11:16:41 +01:00
parent 901953d988
commit 584ced87db
3 changed files with 54 additions and 1 deletions
--- a/doc/api/oauth.rst
+++ b/doc/api/oauth.rst
@@ -166,6 +166,42 @@ endpoint to revoke it.
 If you want to revoke your client secret, you can generate a new one in the list of your managed applications in the
 pretix user interface.

+Fetching the user profile
+-------------------------
+
+If you need the user's meta data, you can fetch it here:
+
+.. http:get:: /api/v1/me
+
+   Returns the profile of the authenticated user
+
+   **Example request**:
+
+   .. sourcecode:: http
+
+      GET /api/v1/me HTTP/1.1
+      Host: pretix.eu
+      Accept: application/json, text/javascript
+      Authorization: Bearer i3ytqTSRWsKp16fqjekHXa4tdM4qNC
+
+   **Example response**:
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Vary: Accept
+      Content-Type: application/json
+
+      {
+        email: "admin@localhost",
+        fullname: "John Doe",
+        locale: "de",
+        timezone: "Europe/Berlin"
+      }
+
+   :statuscode 200: no error
+   :statuscode 401: Authentication failure
+
 .. _OAuth2: https://en.wikipedia.org/wiki/OAuth
 .. _OAuth2 Simplified: https://aaronparecki.com/oauth-2-simplified/
 .. _HTTP Basic authentication: https://en.wikipedia.org/wiki/Basic_access_authentication
--- a/src/pretix/api/urls.py
+++ b/src/pretix/api/urls.py
@@ -7,7 +7,7 @@ from rest_framework import routers
 from pretix.api.views import cart

 from .views import (
-    checkin, device, event, item, oauth, order, organizer, voucher,
+    checkin, device, event, item, oauth, order, organizer, user, voucher,
    waitinglist, webhooks,
 )

@@ -72,4 +72,5 @@ urlpatterns = [
    url(r"^device/update$", device.UpdateView.as_view(), name="device.update"),
    url(r"^device/roll$", device.RollKeyView.as_view(), name="device.roll"),
    url(r"^device/revoke$", device.RevokeKeyView.as_view(), name="device.revoke"),
+    url(r"^me$", user.MeView.as_view(), name="user.me"),
 ]
--- a/src/pretix/api/views/user.py
+++ b/src/pretix/api/views/user.py
@@ -0,0 +1,16 @@
+from oauth2_provider.contrib.rest_framework import OAuth2Authentication
+from rest_framework.authentication import SessionAuthentication
+from rest_framework.response import Response
+from rest_framework.views import APIView
+
+
+class MeView(APIView):
+    authentication_classes = (SessionAuthentication, OAuth2Authentication)
+
+    def get(self, request, format=None):
+        return Response({
+            'email': request.user.email,
+            'fullname': request.user.fullname,
+            'locale': request.user.locale,
+            'timezone': request.user.timezone
+        })