Skip to content

Friend requests backend functionality#10

Open
KLaw47 wants to merge 7 commits intomainfrom
friend-requests
Open

Friend requests backend functionality#10
KLaw47 wants to merge 7 commits intomainfrom
friend-requests

Conversation

@KLaw47
Copy link
Collaborator

@KLaw47 KLaw47 commented Mar 3, 2025
edited
Loading

This is backend for the friend requests.

Create Friendship
automatically creates friendship with related status "PENDING"
POST
http://127.0.0.1:8000/api/friendships

Body:
{
"requested": {Id}
}

Accept Friendship
changes friendship status to "ACCEPTED" friendship status must be pending, must be logged in as the user that is being requested.
POST
http://127.0.0.1:8000/api/friendships/{id}/accept

Reject Friendship
changes friendship status to "REJECTED" friendship status must be pending,
must be logged in as the user that is being requested.
POST
http://127.0.0.1:8000/api/friendships/{id}/reject

Terminate Friendship
changes friendship status to "TERMINATED" friendship status must be accepted, either user may terminate.
POST
http://127.0.0.1:8000/api/friendships/{id}/terminate

No way to re-request friendship at this time.

X-CSRFToken must be in headers for all requests, matching the one generated on login.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 3, 2025
View reviewed changes
api/views/friendship.py
)
except ValidationError as e:
return Response(
{"detail": str(e)},

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that detailed exception messages are not exposed to the end user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling blocks to log the exception details and return a generic error message.

Specifically, we will:

  1. Import the logging module to log the exception details.
  2. Replace the detailed error message in the response with a generic message.
Suggested changeset 1
api/views/friendship.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api/views/friendship.py b/api/views/friendship.py
--- a/api/views/friendship.py
+++ b/api/views/friendship.py
@@ -9,3 +9,3 @@
 from rest_framework import serializers, permissions
-
+import logging
 class FriendshipSerializer(serializers.ModelSerializer):
@@ -77,4 +77,5 @@
         except ValidationError as e:
+            logging.error(f"Validation error: {str(e)}")
             return Response(
-                {"detail": str(e)},
+                {"detail": "Invalid input data"},
                 status=status.HTTP_400_BAD_REQUEST
@@ -87,4 +88,5 @@
         except Exception as e:
+            logging.error(f"Unexpected error: {str(e)}")
             return Response(
-                {"detail": f"Failed to create friendship request: {str(e)}"},
+                {"detail": "Failed to create friendship request"},
                 status=status.HTTP_500_INTERNAL_SERVER_ERROR
EOF
@@ -9,3 +9,3 @@
from rest_framework import serializers, permissions

import logging
class FriendshipSerializer(serializers.ModelSerializer):
@@ -77,4 +77,5 @@
except ValidationError as e:
logging.error(f"Validation error: {str(e)}")
return Response(
{"detail": str(e)},
{"detail": "Invalid input data"},
status=status.HTTP_400_BAD_REQUEST
@@ -87,4 +88,5 @@
except Exception as e:
logging.error(f"Unexpected error: {str(e)}")
return Response(
{"detail": f"Failed to create friendship request: {str(e)}"},
{"detail": "Failed to create friendship request"},
status=status.HTTP_500_INTERNAL_SERVER_ERROR
Copilot is powered by AI and may make mistakes. Always verify output.
api/views/friendship.py
)
except Exception as e:
return Response(
{"detail": f"Failed to create friendship request: {str(e)}"},

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that detailed exception messages are not exposed to the end user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling block to log the exception and return a generic error message.

  1. Import the logging module to enable logging of exceptions.
  2. Replace the detailed error message in the response with a generic error message.
  3. Log the detailed exception message on the server.
Suggested changeset 1
api/views/friendship.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api/views/friendship.py b/api/views/friendship.py
--- a/api/views/friendship.py
+++ b/api/views/friendship.py
@@ -9,2 +9,5 @@
 from rest_framework import serializers, permissions
+import logging
+
+logger = logging.getLogger(__name__)
 
@@ -87,4 +90,5 @@
         except Exception as e:
+            logger.error("Failed to create friendship request", exc_info=True)
             return Response(
-                {"detail": f"Failed to create friendship request: {str(e)}"},
+                {"detail": "An internal error has occurred."},
                 status=status.HTTP_500_INTERNAL_SERVER_ERROR
EOF
@@ -9,2 +9,5 @@
from rest_framework import serializers, permissions
import logging

logger = logging.getLogger(__name__)

@@ -87,4 +90,5 @@
except Exception as e:
logger.error("Failed to create friendship request", exc_info=True)
return Response(
{"detail": f"Failed to create friendship request: {str(e)}"},
{"detail": "An internal error has occurred."},
status=status.HTTP_500_INTERNAL_SERVER_ERROR
Copilot is powered by AI and may make mistakes. Always verify output.
api/views/friendship.py
serializer = self.get_serializer(friendship)
return Response(serializer.data)
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that detailed exception messages are not exposed to the user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling in the accept, reject, and terminate methods.

  1. Import the logging module to enable logging of detailed error messages.
  2. Replace the current exception handling code to log the detailed error message and return a generic error message to the user.
Suggested changeset 1
api/views/friendship.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api/views/friendship.py b/api/views/friendship.py
--- a/api/views/friendship.py
+++ b/api/views/friendship.py
@@ -9,3 +9,3 @@
 from rest_framework import serializers, permissions
-
+import logging
 class FriendshipSerializer(serializers.ModelSerializer):
@@ -130,3 +130,4 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            logging.error("Error accepting friendship request: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
     
@@ -149,3 +150,4 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            logging.error("Error rejecting friendship request: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
     
@@ -168,2 +170,3 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
\ No newline at end of file
+            logging.error("Error terminating friendship: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
\ No newline at end of file
EOF
@@ -9,3 +9,3 @@
from rest_framework import serializers, permissions

import logging
class FriendshipSerializer(serializers.ModelSerializer):
@@ -130,3 +130,4 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error accepting friendship request: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)

@@ -149,3 +150,4 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error rejecting friendship request: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)

@@ -168,2 +170,3 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error terminating friendship: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
Copilot is powered by AI and may make mistakes. Always verify output.
api/views/friendship.py
serializer = self.get_serializer(friendship)
return Response(serializer.data)
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that detailed exception messages are not exposed to the user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling blocks to log the exception and return a generic error message.

  1. Import the logging module to enable logging of exceptions.
  2. Replace the lines that return the exception message with lines that log the exception and return a generic error message.
Suggested changeset 1
api/views/friendship.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api/views/friendship.py b/api/views/friendship.py
--- a/api/views/friendship.py
+++ b/api/views/friendship.py
@@ -9,2 +9,3 @@
 from rest_framework import serializers, permissions
+import logging
 
@@ -130,3 +131,4 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            logging.error("Error accepting friendship request: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
     
@@ -149,3 +151,4 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            logging.error("Error rejecting friendship request: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
     
@@ -168,2 +171,3 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
\ No newline at end of file
+            logging.error("Error terminating friendship: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
\ No newline at end of file
EOF
@@ -9,2 +9,3 @@
from rest_framework import serializers, permissions
import logging

@@ -130,3 +131,4 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error accepting friendship request: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)

@@ -149,3 +151,4 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error rejecting friendship request: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)

@@ -168,2 +171,3 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error terminating friendship: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
Copilot is powered by AI and may make mistakes. Always verify output.
api/views/friendship.py
serializer = self.get_serializer(friendship)
return Response(serializer.data)
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST) No newline at end of file

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to ensure that detailed exception messages are not exposed to the end user. Instead, we should log the detailed error message on the server and return a generic error message to the user. This can be achieved by modifying the exception handling code to log the exception and return a generic error message.

  1. Import the logging module to enable logging of exceptions.
  2. Replace the lines that return the exception message with code that logs the exception and returns a generic error message.
Suggested changeset 1
api/views/friendship.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/api/views/friendship.py b/api/views/friendship.py
--- a/api/views/friendship.py
+++ b/api/views/friendship.py
@@ -9,2 +9,3 @@
 from rest_framework import serializers, permissions
+import logging
 
@@ -130,3 +131,4 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            logging.error("Error accepting friendship request: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
     
@@ -149,3 +151,4 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
+            logging.error("Error rejecting friendship request: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
     
@@ -168,2 +171,3 @@
         except Exception as e:
-            return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
\ No newline at end of file
+            logging.error("Error terminating friendship: %s", str(e))
+            return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
\ No newline at end of file
EOF
@@ -9,2 +9,3 @@
from rest_framework import serializers, permissions
import logging

@@ -130,3 +131,4 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error accepting friendship request: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)

@@ -149,3 +151,4 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error rejecting friendship request: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)

@@ -168,2 +171,3 @@
except Exception as e:
return Response({"detail": str(e)}, status=status.HTTP_400_BAD_REQUEST)
logging.error("Error terminating friendship: %s", str(e))
return Response({"detail": "An internal error has occurred."}, status=status.HTTP_400_BAD_REQUEST)
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@KLaw47 @willyummaclean