Agregado metodo para cambiar las redes sociales

musiclist/settings/__init__.py

@@ -41,10 +41,10 @@ MIDDLEWARE = [
     'django.contrib.sessions.middleware.SessionMiddleware',
     'oauth2_provider.middleware.OAuth2TokenMiddleware',
     'django.middleware.common.CommonMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'utils.middleware.PUTParsingMiddleware',
 ]
 
 """Root import path to urlconf"""

users/api_views.py

@@ -2,6 +2,7 @@ from django.http import JsonResponse
 from django.views.decorators.http import require_GET
 from oauth2_provider.decorators import protected_resource
 
+from users.forms import SocialNetworksForm
 from users.models import User, SocialNetworks
 
 
@@ -32,14 +33,16 @@ def _get_user(request, user_id=None):
 
 @protected_resource()
 def social_networks(request, user_id=None):
-    if request.method == 'GET':
-        return _get_social_networks(request, user_id)
-
-
-def _get_social_networks(request, user_id=None):
     if user_id is None:
         user_id = request.user.id
 
+    if request.method == 'GET':
+        return _get_social_networks(request, user_id)
+    if request.method == 'PUT':
+        return _update_social_networks(request, user_id)
+
+
+def _get_social_networks(request, user_id):
     social_networks = SocialNetworks.objects.filter(user_id=user_id)
     if social_networks.count() != 1:
         return JsonResponse({'status': 404, 'error': f'No existe redes sociales de un usuario con id {user_id}'})
@@ -54,3 +57,25 @@ def _get_social_networks(request, user_id=None):
         'twitch': social_networks.twitch
     }
     return JsonResponse(encoded_social_networks)
+
+
+def _update_social_networks(request, user_id=None):
+    social_networks = SocialNetworks.objects.filter(user_id=user_id)
+    if social_networks.count() != 1:
+        return JsonResponse({'status': 404, 'error': f'No existe redes sociales de un usuario '
+                                                     f'con id {user_id}'}, status=404)
+
+    social_networks = social_networks[0]
+
+    form = SocialNetworksForm(request.PUT or None)
+    if not form.is_valid():
+        return JsonResponse({'status': 400, 'errors': form.errors}, status=400)
+
+    social_networks.twitter = form.cleaned_data['twitter']
+    social_networks.facebook = form.cleaned_data['facebook']
+    social_networks.instagram = form.cleaned_data['instagram']
+    social_networks.youtube = form.cleaned_data['youtube']
+    social_networks.twitch = form.cleaned_data['twitch']
+    social_networks.save()
+
+    return JsonResponse({'status': 200}, status=200)

users/forms.py

@@ -0,0 +1,9 @@
+from django import forms
+
+
+class SocialNetworksForm(forms.Form):
+    twitter = forms.CharField(max_length=255, strip=True, required=False, empty_value='')
+    facebook = forms.CharField(max_length=255, strip=True, required=False, empty_value='')
+    instagram = forms.CharField(max_length=255, strip=True, required=False, empty_value='')
+    youtube = forms.CharField(max_length=255, strip=True, required=False, empty_value='')
+    twitch = forms.CharField(max_length=255, strip=True, required=False, empty_value='')

users/views.py

@@ -4,6 +4,7 @@ from django.shortcuts import render
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.contrib.auth import login as auth_login, logout as auth_logout
 from django.contrib.auth import authenticate, get_user_model
+from django.views.decorators.csrf import csrf_protect
 
 
 def get_next_url(request):
@@ -24,6 +25,7 @@ def get_next_url(request):
     return next_url if url_is_safe else '/'
 
 
+@csrf_protect
 def login(request):
     """Entrada de la ruta de login
 
@@ -72,6 +74,7 @@ def logout(request):
     return HttpResponseRedirect(get_next_url(request))
 
 
+@csrf_protect
 def register(request):
     """Entrada de la ruta de register, solo acepta GET y POST"""
     if request.method == 'GET':

utils/middleware.py

@@ -0,0 +1,33 @@
+class PUTParsingMiddleware:
+    """ Fuerza a django a parsear el body de una request con método PUT
+
+    Django no parsea este tipo de request, dejando todo en el body, esto es por varias razones
+    aparentemente validas explicadas aquí
+    "https://groups.google.com/forum/#!msg/django-developers/dxI4qVzrBY4/m_9IiNk_p7UJ"
+    asi que no hay nada que hacerle, sin embargo, para el caso de uso de esta
+    aplicación, se puede asumir que sera seguro y funcionara correctamente.
+
+    Este código lo saque el blog post "https://thihara.github.io/Django-Req-Parsing/"
+    """
+
+    def __init__(self, func):
+        self.func = func
+
+    def __call__(self, request, *args, **kwargs):
+        if request.method == 'PUT' and request.content_type == 'application/x-www-form-urlencoded':
+            if hasattr(request, '_post'):
+                del request._post
+                del request._files
+
+            try:
+                request.method = "POST"
+                request._load_post_and_files()
+                request.method = "PUT"
+            except AttributeError:
+                request.META['REQUEST_METHOD'] = 'POST'
+                request._load_post_and_files()
+                request.META['REQUEST_METHOD'] = 'PUT'
+
+            request.PUT = request.POST
+
+        return self.func(request, *args, **kwargs)