Skip to content

draft: add endpoints to create and modify users#38894

Open
viadanna wants to merge 4 commits into
openedx:masterfrom
open-craft:viadanna/create-user-endpoint
Open

draft: add endpoints to create and modify users#38894
viadanna wants to merge 4 commits into
openedx:masterfrom
open-craft:viadanna/create-user-endpoint

Conversation

@viadanna

Copy link
Copy Markdown
Contributor

Description

This PR adds endpoints to create and modify users.

Supporting information

Private Refs:

Testing instructions

  1. Make a POST request to /api/user/v1/modify to create a user, e.g.
$ http POST http://local.openedx.io:8000/api/user/v1/modify --auth-type bearer --auth TOKEN username=test email=test@example.com password=12345678 name=Test
HTTP/1.1 201 Created
Allow: POST, PATCH, OPTIONS
Content-Language: en
Content-Length: 31
Content-Type: application/json
Date: Wed, 15 Jul 2026 14:49:26 GMT
Server: WSGIServer/0.2 CPython/3.11.8
Set-Cookie: openedx-language-preference=en; Domain=local.openedx.io; expires=Wed, 29 Jul 2026 14:49:26 GMT; Max-Age=1209600; Path=/; SameSite=Lax
Set-Cookie: csrftoken=uVKV5sKqW6wkR7bzxV6Avju4QLpYIMuw; expires=Wed, 14 Jul 2027 14:49:26 GMT; Max-Age=31449600; Path=/; SameSite=Lax
Set-Cookie: lms_sessionid=1|2dh9womlw77dgrx1pivuj0sg9i9u5ybq|WWtn1GLVCf45|IjRjOTNkMjg0ZjVlOGY2NGUzMDQ4NjY1YzYxNzY2YjBmNTI2MmI5NWI4ZjY5ZWMzZTk4YWVjNTYwZjZlOWVkZWYi:1wk0vO:YUj--lO47gIYgyE3ECpwA9H3ats72cPfhsaAMISRph4; Domain=local.openedx.io; HttpOnly; Path=/; SameSite=Lax
Vary: Accept, Accept-Language, Cookie, origin
X-Frame-Options: SAMEORIGIN

{
    "user_id": 6,
    "username": "test"
}
  1. Make a PATCH request to modify an existing user, e.g.
$ http PATCH http://local.openedx.io:8000/api/user/v1/modify --auth-type bearer --auth TOKEN username=test first_name=Test last_name=User
HTTP/1.1 200 OK
Allow: POST, PATCH, OPTIONS
Content-Language: en
Content-Length: 31
Content-Type: application/json
Date: Wed, 15 Jul 2026 15:14:34 GMT
Server: WSGIServer/0.2 CPython/3.11.8
Set-Cookie: openedx-language-preference=en; Domain=local.openedx.io; expires=Wed, 29 Jul 2026 15:14:34 GMT; Max-Age=1209600; Path=/; SameSite=Lax
Set-Cookie: lms_sessionid=1|w489j3st009e06ej1fuqk52mbtjviq2r|ZXnG9qPRsD9K|ImI5ZTJlMjBkMDE3NmJkM2Q0YzM1YmU3Nzg3OGMyMjUwODQ1NWM4Zjc2NWRjNDZhMTc5Y2Q1YjAzMjhiMGRiNzIi:1wk1Ji:E-vJBuc200cn9TzEhbD3k3fTpUkuESZ6M7A8TzVq0HM; Domain=local.openedx.io; expires=Wed, 29 Jul 2026 15:14:34 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
Vary: Accept, Accept-Language, origin, Cookie
X-Frame-Options: SAMEORIGIN

{
    "user_id": 6,
    "username": "test"
}

Deadline

None, still a draft

Copilot AI review requested due to automatic review settings July 15, 2026 19:47
@viadanna viadanna requested a review from a team as a code owner July 15, 2026 19:47
@openedx-webhooks

Copy link
Copy Markdown

Thanks for the pull request, @viadanna!

This repository is currently maintained by @openedx/wg-maintenance-openedx-platform.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

  • If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
    • This process (including the steps you'll need to take) is documented here.
  • If it doesn't, simply proceed with the next step.
🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

  • Dependencies

    This PR must be merged before / after / at the same time as ...

  • Blockers

    This PR is waiting for OEP-1234 to be accepted.

  • Timeline information

    This PR must be merged by XX date because ...

  • Partner information

    This is for a course on edx.org.

  • Supporting documentation
  • Relevant Open edX discussion forum threads
🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details
Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

  • The size and impact of the changes that it introduces
  • The need for product review
  • Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

@openedx-webhooks openedx-webhooks added the open-source-contribution PR author is not from Axim or 2U label Jul 15, 2026
@github-project-automation github-project-automation Bot moved this to Needs Triage in Contributions Jul 15, 2026
@viadanna viadanna requested a review from xitij2000 July 15, 2026 19:50
@viadanna viadanna self-assigned this Jul 15, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a new admin-only “modify user” API endpoint in user_api to support creating users (POST) and updating user attributes (PATCH) via /api/user/v1/modify.

Changes:

  • Added UserModifyView with JWT/Bearer/Session authentication and IsAdminUser permission, implementing POST (create) and PATCH (update).
  • Wired the new endpoint into user_api URL routing.
  • Added initial HTTP-level tests covering user creation success and common validation failures.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.

File Description
openedx/core/djangoapps/user_api/views.py Adds UserModifyView implementing POST/PATCH behavior for user creation and updates.
openedx/core/djangoapps/user_api/urls.py Registers the new v1/modify route.
openedx/core/djangoapps/user_api/tests/test_views.py Adds tests for the new create-user endpoint behavior.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +16 to +18
from rest_framework.exceptions import ParseError, ValidationError
from rest_framework.permissions import IsAdminUser, IsAuthenticated
from rest_framework.views import APIView, Response
Comment on lines +242 to +248
user = self._get_user_by_email_or_username(request)
if not user:
return Response(
data={"error_message": "User not found."},
status=status.HTTP_404_NOT_FOUND,
)
user = UserSerializer().update(user, request.data)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@viadanna I don't like the suggested code here. However, it may be a valid point that we should limit which fields may be updated here - at least blocking password changes. Not sure if the UserSerializer already does that.

Comment on lines +276 to +283
email = request.data.get("email")
username = request.data.get("username")
query = {}
if email:
query["email"] = email
if username:
query["username"] = username
return User.objects.filter(**query).first()

@samuelallan72 samuelallan72 Jul 16, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@viadanna Agreed that this logic needs updating. I don't like the suggestion here though, as this still allows the weird case where both an email and username are provided. Maybe something like:

if email:
  return User.objects.filter(email=email).first()
elif username:
  return User.objects.filter(username=username).first()

And document which field takes precedence if both are provided.

Comment on lines +179 to +188
**Example Requests**

POST /api/user/v1/modify/

PATCH /api/user/v1/modify/

**Example GET Response**

If the request is successful, an HTTP 200 "OK" response is returned
along with the user id and username, e.g.:
Comment on lines 3 to 8
import pytest
import json

import ddt
from django.contrib.auth import get_user_model
from django.test.utils import override_settings
USER_LIST_URI = "/api/user/v1/users/"
USER_PREFERENCE_LIST_URI = "/api/user/v1/user_prefs/"
ROLE_LIST_URI = "/api/user/v1/forum_roles/Moderator/users/"
User = get_user_model()
Comment on lines +237 to +240
def patch(self, request):
"""
Update user information by email or username.
"""
@viadanna viadanna changed the title Viadanna/create user endpoint draft: add endpoints to create and modify users Jul 15, 2026
@samuelallan72

Copy link
Copy Markdown
Contributor

@viadanna could you rebase this on latest master please, and resolve the conflicts? :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

open-source-contribution PR author is not from Axim or 2U

Projects

Status: Needs Triage

Development

Successfully merging this pull request may close these issues.

4 participants