Add an 'email' parameter to the 'user' API call (bug 639696)

It's available to the 'Partners' group, for use by partner apps like Add-ons Builder to look up existing accounts.
2012-01-27 23:47:51 -06:00 · 2012-01-27 23:47:51 -06:00 · d3c8cd49d0
--- a/apps/amo/fixtures/base/users.json
+++ b/apps/amo/fixtures/base/users.json
@ -174,6 +174,61 @@
            "user": 5497308
        }
    },
+    {
+        "pk": 20,
+        "model": "auth.user",
+        "fields": {
+            "username": "partner@mozilla.com",
+            "first_name": "",
+            "last_name": "",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2011-12-06 11:26:48",
+            "groups": [],
+            "user_permissions": [],
+            "password": "sha512$7b5436061f8c0902088c292c057be69fdb17312e2f71607c9c51641f5d876522$08d1d370d89e2ae92755fd03464a7276ca607c431d04a52d659f7a184f3f9918073637d82fc88981c7099c7c46a1137b9fdeb675304eb98801038905a9ee0600",
+            "email": "partner@mozilla.com",
+            "date_joined": "2011-12-01 16:20:55"
+        }
+    },
+    {
+        "pk": 20,
+        "model": "users.userprofile",
+        "fields": {
+            "sandboxshown": false,
+            "display_collections_fav": false,
+            "display_collections": false,
+            "occupation": "",
+            "display_name": "",
+            "confirmationcode": "",
+            "location": "",
+            "picture_type": "",
+            "averagerating": null,
+            "homepage": "",
+            "email": "partner@mozilla.com",
+            "notifycompat": true,
+            "username": "partner",
+            "bio": null,
+            "failed_login_attempts": 0,
+            "firstname": "",
+            "deleted": false,
+            "lastname": "",
+            "emailhidden": true,
+            "last_login_attempt_ip": "",
+            "last_login_attempt": null,
+            "password": "",
+            "nickname": "partner",
+            "resetcode_expires": null,
+            "resetcode": "",
+            "created": "2011-12-01 16:20:55",
+            "notes": null,
+            "modified": "2011-12-01 16:20:56",
+            "last_login_ip": "",
+            "notifyevents": true,
+            "user": 20
+        }
+    },
    {
        "pk": 1,
        "model": "access.group",
@ -192,6 +247,16 @@
            "created": "2007-03-05 16:06:55"
        }
    },
+    {
+        "pk": 3,
+        "model": "access.group",
+        "fields": {
+            "rules": "*:*",
+            "modified": "2012-01-27 13:32:08",
+            "name": "Partners",
+            "created": "2012-01-27 12:41:00"
+        }
+    },
    {
        "pk": 10,
        "model": "access.groupuser",
@ -200,6 +265,14 @@
            "user": 4043307
        }
    },
+    {
+        "pk": 11,
+        "model": "access.groupuser",
+        "fields": {
+            "group": 3,
+            "user": 20
+        }
+    },
    {
        "pk": 258,
        "model": "access.groupuser",
--- a/apps/api/handlers.py
+++ b/apps/api/handlers.py
@ -79,6 +79,16 @@ class UserHandler(BaseHandler):
    fields = ('email',)

    def read(self, request):
+        email = request.GET.get('email')
+        if email:
+            if acl.action_allowed(request, 'Partners', 'UserLookup'):
+                try:
+                    return UserProfile.objects.get(email=email)
+                except UserProfile.DoesNotExist:
+                    return rc.NOT_FOUND
+            else:
+                return rc.FORBIDDEN
+
        return request.amo_user


--- a/apps/api/tests/test_oauth.py
+++ b/apps/api/tests/test_oauth.py
@ -227,6 +227,36 @@ class TestBaseOAuth(BaseOAuth):
        r = client.get('oauth.request_token', c, callback=True)
        eq_(r.content, 'Invalid Consumer.')

+    def test_user(self):
+        r = client.get('api.user', self.accepted_consumer, self.token)
+        eq_(json.loads(r.content), {'email': 'editor@mozilla.com'})
+
+    def test_user_lookup(self):
+        partner = User.objects.get(email='partner@mozilla.com')
+        c = Consumer(name='p', status='accepted',
+                     user=partner)
+        c.generate_random_codes()
+        c.save()
+        r = client.get('api.user', c, None,
+                       params={'email': 'admin@mozilla.com'})
+        eq_(r.status_code, 200)
+        eq_(json.loads(r.content), {'email': 'admin@mozilla.com'})
+
+    def test_failed_user_lookup(self):
+        partner = User.objects.get(email='partner@mozilla.com')
+        c = Consumer(name='p', status='accepted',
+                     user=partner)
+        c.generate_random_codes()
+        c.save()
+        r = client.get('api.user', c, None,
+                       params={'email': 'not_a_user@mozilla.com'})
+        eq_(r.status_code, 404)
+
+    def test_forbidden_user_lookup(self):
+        r = client.get('api.user', self.accepted_consumer, self.token,
+                       params={'email': 'admin@mozilla.com'})
+        eq_(r.status_code, 401)
+
    @patch('piston.authentication.oauth.OAuthAuthentication.is_authenticated')
    def _test_auth(self, pk, is_authenticated, two_legged=True):
        request = RequestFactory().get('/en-US/firefox/2/api/2/user/',