- Added checks in get_saved_location method to ensure user is authenticated and has location_history attribute before attempting to access it.
- Improved robustness of location retrieval logic to prevent errors for unauthenticated users.
- Introduced a new SerializerMethodField `saved_location` to retrieve the user's last known location from their location history.
- Updated the fields and read_only_fields in UserProfileSerializer to include `saved_location` for enhanced user profile data.
- Adjusted permission classes in CalendarList and AdjustmentConfigView to AllowAny for broader access.
Introduce ExchangeTokenAPIView at /api/account/exchange-token/ to
exchange temporary tokens for a DRF auth token and minimal user
profile (id, fullname, email, avatar). Tokens are one-time use and
validated via OnlineClassTokenManager. Added serializer, view, URL,
and Swagger examples.
Update CourseOnlineClassTokenAPIView to return a fixed join URL:
https://imamjavad.newhorizonco.uk/join-class?token={TOKEN}&slug={SLUG}.
Store course_slug in token payload and remove redirect_path and the
_base_components helper. Examples and docs updated.
Docs: add CHANGELOG_EXCHANGE_TOKEN.md and exchange_token_api.md;
update online_class_entry_flow.md.
BREAKING CHANGE: exchange-token endpoint moved from
/api/courses/auth/exchange-token/ to /api/account/exchange-token/.
Response shape changed: adds token, user.id is numeric, user.name
renamed to user.fullname, user.role and user.is_admin removed.
Online token response now returns a fixed URL and includes course
slug. redirect_path support removed; clients must use the returned
token for subsequent requests.
- Introduced a new endpoint for web user registration at 'web/register/'.
- Created WebUserRegisterSerializer to handle user registration with email and password validation.
- Enhanced UserVerifyView to support password handling during user creation and verification.
- Updated UserProfileSerializer to handle password updates securely by hashing new passwords.
- Modified UserVerifyView to improve user creation and account takeover logic, ensuring unusable passwords are set for new and converted guest accounts.
- Updated UserRegisterSerializer to make device_id write-only and handle its assignment during user creation.
- Implemented email normalization in UserRegisterSerializer, UserVerifySerializer, and UserLoginSerializer to ensure case-insensitive uniqueness.
- Refactored UserRecoverPasswordSerializer to validate email format without checking for database uniqueness.
- Changed device_id field in UserRegisterSerializer to be optional.
- Updated UserVerifyView to handle device_id more gracefully, allowing for None values and adjusting user creation logic accordingly.
- Removed the API documentation README file as it is no longer needed.
- Added a new script to optimize Hadis transmitter chains, ensuring a maximum of 5 transmitters and exactly one gap.
- Enhanced the Hadis data seeding script for better performance with batch operations and duplicate checks.
- Updated utility functions to streamline thumbnail generation and improve code readability.
Mohsen Taba
mortezaei
alireza