onaio · moshthepitt · Aug 21, 2018 · Aug 20, 2018 · Aug 20, 2018 · Aug 21, 2018
diff --git a/onadata/apps/api/tests/viewsets/test_user_profile_viewset.py b/onadata/apps/api/tests/viewsets/test_user_profile_viewset.py
@@ -244,6 +244,8 @@ def test_profile_create(self):
         data['url'] = 'http://testserver/api/v1/profiles/deno'
         data['user'] = 'http://testserver/api/v1/users/deno'
         data['metadata'] = {}
+        data['metadata']['last_password_edit'] = \
+            profile.metadata['last_password_edit']
         data['joined_on'] = profile.user.date_joined
         data['name'] = "%s %s" % ('Dennis', 'erama')
         self.assertEqual(response.data, data)
@@ -316,6 +318,8 @@ def test_profile_create_with_malfunctioned_email(self):
         data['url'] = 'http://testserver/api/v1/profiles/nguyenquynh'
         data['user'] = 'http://testserver/api/v1/users/nguyenquynh'
         data['metadata'] = {}
+        data['metadata']['last_password_edit'] = \
+            profile.metadata['last_password_edit']
         data['joined_on'] = profile.user.date_joined
         data['name'] = "%s %s" % (
             u'Nguy\u1ec5n Th\u1ecb', u'Di\u1ec5m Qu\u1ef3nh')
@@ -356,6 +360,8 @@ def test_profile_create_anon(self):
         data['url'] = 'http://testserver/api/v1/profiles/deno'
         data['user'] = 'http://testserver/api/v1/users/deno'
         data['metadata'] = {}
+        data['metadata']['last_password_edit'] = \
+            profile.metadata['last_password_edit']
         data['joined_on'] = profile.user.date_joined
         self.assertEqual(response.data, data)
         self.assertNotIn('email', response.data)
@@ -545,6 +551,8 @@ def test_profile_create_mixed_case(self):
         data['user'] = 'http://testserver/api/v1/users/deno'
         data['username'] = u'deno'
         data['metadata'] = {}
+        data['metadata']['last_password_edit'] = \
+            profile.metadata['last_password_edit']
         data['joined_on'] = profile.user.date_joined
         self.assertEqual(response.data, data)
 
@@ -615,6 +623,8 @@ def test_profile_create_with_name(self):
         data['url'] = 'http://testserver/api/v1/profiles/deno'
         data['user'] = 'http://testserver/api/v1/users/deno'
         data['metadata'] = {}
+        data['metadata']['last_password_edit'] = \
+            profile.metadata['last_password_edit']
         data['joined_on'] = profile.user.date_joined
 
         self.assertEqual(response.data, data)

diff --git a/onadata/apps/api/viewsets/user_profile_viewset.py b/onadata/apps/api/viewsets/user_profile_viewset.py
@@ -11,6 +11,7 @@
 from django.conf import settings
 from django.core.validators import ValidationError
 from django.db.models import Count
+from django.utils import timezone
 
 from rest_framework import serializers, status
 from rest_framework.decorators import action
@@ -130,6 +131,16 @@ def get_object(self, queryset=None):
 
         return obj
 
+    def create(self, request, *args, **kwargs):
+        data = request.data
+        data['metadata'] = {'last_password_edit':
+                            timezone.now().isoformat()}
+        serializer = self.serializer_class(
+            data=data, context={'request': request})
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response(serializer.data, status=status.HTTP_201_CREATED)
+
     @action(methods=['POST'], detail=True)
     def change_password(self, request, user):  # pylint: disable=W0613
         """
@@ -142,6 +153,9 @@ def change_password(self, request, user):  # pylint: disable=W0613
         if new_password:
             if user_profile.user.check_password(current_password):
                 user_profile.user.set_password(new_password)
+                user_profile.metadata['last_password_edit'] = \
+                    timezone.now().isoformat()
+                user_profile.save()
                 user_profile.user.save()
 
                 return Response(status=status.HTTP_204_NO_CONTENT)

diff --git a/onadata/libs/serializers/user_profile_serializer.py b/onadata/libs/serializers/user_profile_serializer.py
@@ -195,6 +195,8 @@ def update(self, instance, validated_data):
 
         instance.user.username = params.get('username', instance.user.username)
 
+        instance.metadata = params.get('metadata', instance.metadata)
+
         instance.user.save()
 
         if password:
@@ -227,7 +229,8 @@ def create(self, validated_data):
             country=params.get('country', u''),
             organization=params.get('organization', u''),
             home_page=params.get('home_page', u''),
-            twitter=params.get('twitter', u'')
+            twitter=params.get('twitter', u''),
+            metadata=params.get('metadata', dict)
         )
         profile.save()
 

diff --git a/onadata/libs/tests/serializers/test_user_profile_serializer.py b/onadata/libs/tests/serializers/test_user_profile_serializer.py
@@ -3,9 +3,12 @@
 from django.test import TransactionTestCase
 from datetime import timedelta
 from django.utils.timezone import now
+from rest_framework.test import APIRequestFactory
+from onadata.apps.api.tests.viewsets.test_abstract_viewset import \
+    TestAbstractViewSet
 
 from onadata.libs.serializers.user_profile_serializer import\
-    UserProfileWithTokenSerializer
+    UserProfileWithTokenSerializer, UserProfileSerializer
 from onadata.apps.main.models import UserProfile
 from onadata.apps.api.models.temp_token import TempToken
 from onadata.libs.authentication import expired
@@ -45,7 +48,7 @@ def create_user_profile(profile_data):
     return new_profile
 
 
-class TestUserProfileSerializer(TransactionTestCase):
+class TestUserProfileWithTokenSerializer(TransactionTestCase):
 
     def setUp(self):
         self.serializer = UserProfileWithTokenSerializer()
@@ -75,3 +78,25 @@ def test_get_temp_token_recreates_if_expired(self):
         is_expired = expired(temp_token.created)
 
         self.assertFalse(is_expired)
+
+
+class TestUserProfileSerializer(TestAbstractViewSet):
+
+    def test_metadata_view_for_owner_only(self):
+        request = APIRequestFactory().get('/')
+        alice_data = {'username': 'alice', 'email': '[email protected]'}
+        bob_profile = self._create_user_profile()
+        alice_profile = self._create_user_profile(extra_post_data=alice_data)
+        request.user = bob_profile.user
+        bob_serializer = UserProfileSerializer(
+            instance=bob_profile,
+            context={'request': request})
+        self.assertIn('metadata', bob_serializer.data.keys())
+        alice_serializer = UserProfileSerializer(
+            instance=alice_profile,
+            context={'request': request})
+        self.assertNotIn('metadata', alice_serializer.data.keys())
+        self.assertEqual(bob_profile.user.username,
+                         bob_serializer.data['username'])
+        self.assertEqual(alice_profile.user.username,
+                         alice_serializer.data['username'])