Add user profile pictures (#140)

* Add profile pic to User model * Add profile pic upload endpoint * Add pillow * Add documentation about pipfile problems * Switch to aws s3 * Prevent uploading non-images * Add tests and move s3 to prod * Add more tests * Simplify image uploader code * Clarify image filepath generator * Add input checking * Add env variables to readme * More tests :/ * ¯\_(ツ)_/¯ * Specify http status code in tests * Add file size check Co-authored-by: Christopher Liu <christopherliu@sorcero.com>

Author: Clue88

.gitignore

@@ -25,3 +25,6 @@ db.sqlite3
 
 # Docker
 docker-compose.yml
+
+# Uploaded media files
+backend/accounts/mediafiles

README.md

@@ -18,6 +18,9 @@ DATABASE_URL=mysql://USER:PASSWORD@HOST:PORT/NAME
 SECRET_KEY=secret
 DJANGO_SETTINGS_MODULE=Platform.settings.production
 SENTRY_URL=https://pub@sentry.example.com/product
+AWS_ACCESS_KEY_ID
+AWS_ACCESS_SECRET_ID
+AWS_STORAGE_BUCKET_NAME
 ```
 
 1. Run using docker: `docker run -d pennlabs/platform`

backend/Pipfile

@@ -36,6 +36,9 @@ django-email-tools = "*"
 twilio = "*"
 lxml = "*"
 requests = "*"
+pillow = "*"
+boto3 = "*"
+django-storages = "*"
 
 [requires]
 python_version = "3"

backend/Pipfile.lock

@@ -73,6 +73,7 @@
  "options.apps.OptionsConfig",
  "accounts.apps.AccountsConfig",
  "identity.apps.IdentityConfig",
+ "storages",
 ]
 
 
@@ -203,3 +204,7 @@
  "FROM_EMAIL": "Penn Labs <accounts@pennlabs.org>",
  "TEMPLATE_DIRECTORY": os.path.join(BASE_DIR, "Platform", "templates", "emails"),
 }
+
+# Media Upload Settings
+MEDIA_ROOT = os.path.join(BASE_DIR, "accounts", "mediafiles")
+MEDIA_URL = "/media/"

backend/Platform/settings/base.py

@@ -43,3 +43,10 @@
 EMAIL_USE_TLS = True
 
 IS_DEV_LOGIN = os.environ.get("DEV_LOGIN", "False") in ["True", "TRUE", "true"]
+
+# AWS S3
+DEFAULT_FILE_STORAGE = "storages.backends.s3boto3.S3Boto3Storage"
+AWS_ACCESS_KEY_ID = os.getenv("AWS_ACCESS_KEY_ID")
+AWS_ACCESS_SECRET_ID = os.getenv("AWS_SECRET_ACCESS_KEY")
+AWS_STORAGE_BUCKET_NAME = os.getenv("AWS_STORAGE_BUCKET_NAME")
+AWS_QUERYSTRING_AUTH = False

backend/Platform/settings/production.py

@@ -0,0 +1,9 @@
+## Runbook
+This section is to collect thoughts/learnings from the codebase that have been hard-won, so we don't lose a record of it if and when the information proves useful again
+
+### Dependency Installation on MacOS Ventura
+There's a couple of issues at play here. The first is that the current `Pipfile` and `Pipfile.lock` are out of sync, most significantly with regard to Django--the `Pipfile` would generate a lockfile with Django 4, however, we are using Django 3 in the current lockfile and our tests. For now, use the current lockfile and use `--keep-outdated` when adding a new package with `pipenv`.
+
+However, there seems to be an issue with the way that lockfiles are interacting with MacOS Ventura. In that case, we have to ignore the lockfile entirely, using `pipenv install --dev --python 3.8 --skip-lock` to install dependenices. From what I can tell, this is the only way to actually install the dependencies without it failing, but it means that some tests might fail due to issues with Django 4.
+
+The long term solution is to make sure that the `Pipfile` and lockfile are in sync, either by forcing Django 3 or by updating our code to support Django 4.

backend/README.md

@@ -0,0 +1,21 @@
+# Generated by Django 4.1.3 on 2022-11-10 02:05
+
+import accounts.models
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+ dependencies = [
+ ("accounts", "0003_auto_20210918_2041"),
+ ]
+
+ operations = [
+ migrations.AddField(
+ model_name="user",
+ name="profile_pic",
+ field=models.ImageField(
+ blank=True, null=True, upload_to=accounts.models.get_user_image_filepath
+ ),
+ ),
+ ]

backend/accounts/migrations/0004_user_profile_pic.py

@@ -1,3 +1,4 @@
+import os
 import uuid
 
 from django.contrib.auth import get_user_model
@@ -9,6 +10,15 @@
 from phonenumber_field.modelfields import PhoneNumberField
 
 
+def get_user_image_filepath(instance, fname):
+ """
+ Returns the provided User's profile picture image path. Maintains the
+ file extension of the provided image file if it exists.
+ """
+ suffix = "." + fname.rsplit(".", 1)[-1] if "." in fname else ""
+ return os.path.join("images", f"{instance.username}{suffix}")
+
+
 class School(models.Model):
  """
  Represents a school at the University of Pennsylvania.
@@ -53,6 +63,9 @@ class User(AbstractUser):
  pennid = models.IntegerField(primary_key=True)
  uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
  preferred_name = models.CharField(max_length=225, blank=True)
+ profile_pic = models.ImageField(
+ upload_to=get_user_image_filepath, blank=True, null=True
+ )
 
  VERIFICATION_EXPIRATION_MINUTES = 10
 

backend/accounts/models.py

@@ -174,6 +174,7 @@ class UserSerializer(serializers.ModelSerializer):
  student = StudentSerializer()
  emails = EmailSerializer(many=True)
  phone_numbers = PhoneNumberSerializer(many=True)
+ profile_pic = serializers.ImageField(required=False, allow_empty_file=True)
 
  class Meta:
  model = User
@@ -189,6 +190,7 @@ class Meta:
  "student",
  "phone_numbers",
  "emails",
+ "profile_pic",
  )
 
  read_only_fields = (