feat: use shared behavior class for updating email and username

Refactor the current username update flow to use a shared behavior class and base updater view and serializer. This enables supporting email updates separately via a different endpoint.

Author: mariajgrimaldi

eox_core/api/support/v1/serializers.py

@@ -28,24 +28,28 @@ class WrittableEdxappRemoveUserSerializer(serializers.Serializer):
     is_support_user = serializers.BooleanField(default=True)
 
 
-class WrittableEdxappUsernameSerializer(serializers.Serializer):
+class WrittableEdxappUserSerializer(serializers.Serializer):
     """
-    Handles the serialization of the data required to update the username of an edxapp user.
+    Base serializer for updating username or email of an edxapp user.
     """
-    new_username = serializers.CharField(max_length=USERNAME_MAX_LENGTH, write_only=True)
 
-    def validate(self, attrs):
+    def validate_conflicts(self, attrs):
         """
-        When a username update is being made, then it checks that:
-            - The new username is not already taken by other user.
-            - The user is not staff or superuser.
-            - The user has just one signup source.
+        Validates that no conflicts exist for the provided username or email.
         """
         username = attrs.get("new_username")
-        conflicts = check_edxapp_account_conflicts(None, username)
+        email = attrs.get("new_email")
+
+        conflicts = check_edxapp_account_conflicts(email, username)
         if conflicts:
-            raise serializers.ValidationError({"detail": "An account already exists with the provided username."})
+            raise serializers.ValidationError({"detail": "An account already exists with the provided username or email."})
 
+        return attrs
+
+    def validate_role_restrictions(self, attrs):
+        """
+        Validates that the user is not staff or superuser and has just one signup source.
+        """
         if self.instance.is_staff or self.instance.is_superuser:
             raise serializers.ValidationError({"detail": "You can't update users with roles like staff or superuser."})
 
@@ -54,18 +58,81 @@ def validate(self, attrs):
 
         return attrs
 
-    def update(self, instance, validated_data):
+    def validate_required_fields(self, required_fields):
         """
-        Method to update username of edxapp User.
+        Validates that at least one field to update is provided.
         """
-        key = 'username'
-        if validated_data:
-            setattr(instance, key, validated_data['new_username'])
-            instance.save()
+        if not required_fields:
+            raise serializers.ValidationError(
+                {"detail": "At least one field to update must be provided."}
+            )
+        return required_fields
+
+
+class WrittableEdxappUsernameSerializer(WrittableEdxappUserSerializer):
+    """
+    Handles the serialization of the data required to update the username of an edxapp user.
+    """
+
+    new_username = serializers.CharField(
+        max_length=USERNAME_MAX_LENGTH,
+        required=True,
+        allow_blank=False,
+        allow_null=False,
+    )
+
+    def validate(self, attrs):
+        """
+        Validates that the new username is provided and passes all checks.
+        """
+        if not attrs.get("new_username"):
+            raise serializers.ValidationError({"detail": "You must provide a new username."})
+
+        self.validate_conflicts(attrs)
+        self.validate_role_restrictions(attrs)
+
+        return attrs
 
+    def update(self, instance, validated_data):
+        """
+        Updates the username of the edxapp User.
+        """
+        instance.username = validated_data["new_username"]
+        instance.save()
         return instance
 
 
+class WrittableEdxappEmailSerializer(WrittableEdxappUserSerializer):
+    """
+    Handles the serialization of the data required to update the email of an edxapp user.
+    """
+
+    new_email = serializers.EmailField(
+        required=True,
+        allow_blank=False,
+        allow_null=False,
+    )
+
+    def validate(self, attrs):
+        """
+        Validates that the new email is provided and passes all checks.
+        """
+        if not attrs.get("new_email"):
+            raise serializers.ValidationError({"detail": "You must provide a new email."})
+
+        self.validate_conflicts(attrs)
+        self.validate_role_restrictions(attrs)
+
+        return attrs
+
+    def update(self, instance, validated_data):
+        """
+        Updates the email of the edxapp User.
+        """
+        instance.email = validated_data["new_email"]
+        instance.save()
+        return instance
+
 class OauthApplicationUserSerializer(serializers.Serializer):
     """
     Oauth Application owner serializer.

eox_core/api/support/v1/urls.py

@@ -9,5 +9,6 @@
 urlpatterns = [  # pylint: disable=invalid-name
     re_path(r'^user/$', views.EdxappUser.as_view(), name='edxapp-user'),
     re_path(r'^user/replace-username/$', views.EdxappReplaceUsername.as_view(), name='edxapp-replace-username'),
+    re_path(r'^user/replace-email/$', views.EdxappReplaceEmail.as_view(), name='edxapp-replace-email'),
     re_path(r'^oauth-application/$', views.OauthApplicationAPIView.as_view(), name='edxapp-oauth-application'),
 ]

eox_core/api/support/v1/views.py

@@ -26,6 +26,7 @@
     OauthApplicationSerializer,
     WrittableEdxappRemoveUserSerializer,
     WrittableEdxappUsernameSerializer,
+    WrittableEdxappEmailSerializer,
 )
 from eox_core.api.v1.serializers import EdxappUserReadOnlySerializer
 from eox_core.api.v1.views import UserQueryMixin
@@ -95,42 +96,35 @@ def delete(self, request, *args, **kwargs):  # pylint: disable=too-many-locals
         return Response(message, status=status)
 
 
-class EdxappReplaceUsername(UserQueryMixin, APIView):
+class EdxappUserUpdateBase(UserQueryMixin, APIView):
     """
-    Handles the replacement of the username.
+    Base view for updating edxapp user attributes (username, email, etc.).
+    Provides common functionality for user updates with forum synchronization.
     """
 
     authentication_classes = (BearerAuthentication, SessionAuthentication, JwtAuthentication)
     permission_classes = (EoxCoreSupportAPIPermission,)
     renderer_classes = (JSONRenderer, BrowsableAPIRenderer)
 
-    @audit_drf_api(action="Update an Edxapp user's Username.", method_name='eox_core_api_method')
-    def patch(self, request, *args, **kwargs):
+    def get_serializer_class(self):
         """
-        Allows to safely update an Edxapp user's Username along with the
-        forum associated User.
-
-        For now users that have different signup sources cannot be updated.
-
-        For example:
-
-        **Requests**:
-            PATCH <domain>/eox-core/support-api/v1/replace-username/
+        Returns the serializer class to use.
+        Must be overridden by subclasses.
+        """
+        raise NotImplementedError("Subclasses must implement get_serializer_class()")
 
-        **Request body**
-            {
-                "new_username": "new username"
-            }
+    def patch(self, request, *args, **kwargs):
+        """
+        Updates an edxapp user's attribute and synchronizes with the forum.
 
-        **Response values**
-            User serialized.
+        For users with different signup sources, updates are not allowed.
         """
         query = self.get_user_query(request)
         user = get_edxapp_user(**query)
         data = request.data
 
         with transaction.atomic():
-            serializer = WrittableEdxappUsernameSerializer(user, data=data)
+            serializer = self.get_serializer_class()(user, data=data)
             serializer.is_valid(raise_exception=True)
             serializer.save()
 
@@ -149,6 +143,74 @@ def patch(self, request, *args, **kwargs):
         return Response(serialized_user.data)
 
 
+class EdxappReplaceUsername(EdxappUserUpdateBase):
+    """
+    Handles the replacement of the username.
+    """
+
+    def get_serializer_class(self):
+        """
+        Returns the serializer class to use.
+        """
+        return WrittableEdxappUsernameSerializer
+
+    @audit_drf_api(action="Update an Edxapp user's Username.", method_name='eox_core_api_method')
+    def patch(self, request, *args, **kwargs):
+        """
+        Allows to safely update an Edxapp user's Username along with the
+        forum associated User.
+
+        For now users that have different signup sources cannot be updated.
+
+        For example:
+
+        **Requests**:
+            PATCH <domain>/eox-core/support-api/v1/replace-username/?username=old_username
+
+        **Request body**
+            {
+                "new_username": "new username"
+            }
+
+        **Response values**
+            User serialized.
+        """
+        return super().patch(request, *args, **kwargs)
+
+
+class EdxappReplaceEmail(EdxappUserUpdateBase):
+    """
+    Handles the replacement of the email.
+    """
+
+    def get_serializer_class(self):
+        """Returns the serializer class to use."""
+        return WrittableEdxappEmailSerializer
+
+    @audit_drf_api(action="Update an Edxapp user's Email.", method_name='eox_core_api_method')
+    def patch(self, request, *args, **kwargs):
+        """
+        Allows to safely update an Edxapp user's Email along with the
+        forum associated User.
+
+        For now users that have different signup sources cannot be updated.
+
+        For example:
+
+        **Requests**:
+            PATCH <domain>/eox-core/support-api/v1/replace-email/?email=old_email
+
+        **Request body**
+            {
+                "new_email": "new email"
+            }
+
+        **Response values**
+            User serialized.
+        """
+        return super().patch(request, *args, **kwargs)
+
+
 class OauthApplicationAPIView(UserQueryMixin, APIView):
     """
     Handles requests related to the