From 584ced87dba936ab6233cbe298fc04d128619aa8 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Fri, 9 Nov 2018 11:16:41 +0100
Subject: [PATCH] Add /me API endpoint

---
 doc/api/oauth.rst            | 36 ++++++++++++++++++++++++++++++++++++
 src/pretix/api/urls.py       |  3 ++-
 src/pretix/api/views/user.py | 16 ++++++++++++++++
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 src/pretix/api/views/user.py

diff --git a/doc/api/oauth.rst b/doc/api/oauth.rst
index 770227e6c2..9fc43e02e8 100644
--- a/doc/api/oauth.rst
+++ b/doc/api/oauth.rst
@@ -166,6 +166,42 @@ endpoint to revoke it.
 If you want to revoke your client secret, you can generate a new one in the list of your managed applications in the
 pretix user interface.
 
+Fetching the user profile
+-------------------------
+
+If you need the user's meta data, you can fetch it here:
+
+.. http:get:: /api/v1/me
+
+   Returns the profile of the authenticated user
+
+   **Example request**:
+
+   .. sourcecode:: http
+
+      GET /api/v1/me HTTP/1.1
+      Host: pretix.eu
+      Accept: application/json, text/javascript
+      Authorization: Bearer i3ytqTSRWsKp16fqjekHXa4tdM4qNC
+
+   **Example response**:
+
+   .. sourcecode:: http
+
+      HTTP/1.1 200 OK
+      Vary: Accept
+      Content-Type: application/json
+
+      {
+        email: "admin@localhost",
+        fullname: "John Doe",
+        locale: "de",
+        timezone: "Europe/Berlin"
+      }
+
+   :statuscode 200: no error
+   :statuscode 401: Authentication failure
+
 .. _OAuth2: https://en.wikipedia.org/wiki/OAuth
 .. _OAuth2 Simplified: https://aaronparecki.com/oauth-2-simplified/
 .. _HTTP Basic authentication: https://en.wikipedia.org/wiki/Basic_access_authentication
diff --git a/src/pretix/api/urls.py b/src/pretix/api/urls.py
index 40c10817e2..18f022f336 100644
--- a/src/pretix/api/urls.py
+++ b/src/pretix/api/urls.py
@@ -7,7 +7,7 @@ from rest_framework import routers
 from pretix.api.views import cart
 
 from .views import (
-    checkin, device, event, item, oauth, order, organizer, voucher,
+    checkin, device, event, item, oauth, order, organizer, user, voucher,
     waitinglist, webhooks,
 )
 
@@ -72,4 +72,5 @@ urlpatterns = [
     url(r"^device/update$", device.UpdateView.as_view(), name="device.update"),
     url(r"^device/roll$", device.RollKeyView.as_view(), name="device.roll"),
     url(r"^device/revoke$", device.RevokeKeyView.as_view(), name="device.revoke"),
+    url(r"^me$", user.MeView.as_view(), name="user.me"),
 ]
diff --git a/src/pretix/api/views/user.py b/src/pretix/api/views/user.py
new file mode 100644
index 0000000000..b0e276e53d
--- /dev/null
+++ b/src/pretix/api/views/user.py
@@ -0,0 +1,16 @@
+from oauth2_provider.contrib.rest_framework import OAuth2Authentication
+from rest_framework.authentication import SessionAuthentication
+from rest_framework.response import Response
+from rest_framework.views import APIView
+
+
+class MeView(APIView):
+    authentication_classes = (SessionAuthentication, OAuth2Authentication)
+
+    def get(self, request, format=None):
+        return Response({
+            'email': request.user.email,
+            'fullname': request.user.fullname,
+            'locale': request.user.locale,
+            'timezone': request.user.timezone
+        })