Introduce ExchangeTokenAPIView at /api/account/exchange-token/ to
exchange temporary tokens for a DRF auth token and minimal user
profile (id, fullname, email, avatar). Tokens are one-time use and
validated via OnlineClassTokenManager. Added serializer, view, URL,
and Swagger examples.
Update CourseOnlineClassTokenAPIView to return a fixed join URL:
https://imamjavad.newhorizonco.uk/join-class?token={TOKEN}&slug={SLUG}.
Store course_slug in token payload and remove redirect_path and the
_base_components helper. Examples and docs updated.
Docs: add CHANGELOG_EXCHANGE_TOKEN.md and exchange_token_api.md;
update online_class_entry_flow.md.
BREAKING CHANGE: exchange-token endpoint moved from
/api/courses/auth/exchange-token/ to /api/account/exchange-token/.
Response shape changed: adds token, user.id is numeric, user.name
renamed to user.fullname, user.role and user.is_admin removed.
Online token response now returns a fixed URL and includes course
slug. redirect_path support removed; clients must use the returned
token for subsequent requests.
- Introduced a new endpoint for web user registration at 'web/register/'.
- Created WebUserRegisterSerializer to handle user registration with email and password validation.
- Enhanced UserVerifyView to support password handling during user creation and verification.
- Enhanced UserVerifyView to set user passwords securely during account creation and takeover.
- Removed the use of unusable passwords, ensuring all users have functional passwords upon verification.
- Updated UserProfileSerializer to handle password updates securely by hashing new passwords.
- Modified UserVerifyView to improve user creation and account takeover logic, ensuring unusable passwords are set for new and converted guest accounts.
- Changed device_id field in UserRegisterSerializer to be optional.
- Updated UserVerifyView to handle device_id more gracefully, allowing for None values and adjusting user creation logic accordingly.
mortezaei
nwhco
alireza