return only username from /me endpoint, with associated test changes

openedx/core/djangoapps/user_api/accounts/tests/test_views.py

@@ -141,14 +141,8 @@ class UserAPITestCase(APITestCase):
 
 @ddt.ddt
 @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Account APIs are only supported in LMS')
-@patch('openedx.core.djangoapps.user_api.accounts.image_helpers._PROFILE_IMAGE_SIZES', [50, 10])
-@patch.dict(
-    'openedx.core.djangoapps.user_api.accounts.image_helpers.PROFILE_IMAGE_SIZES_MAP',
-    {'full': 50, 'small': 10},
-    clear=True
-)
 @attr(shard=2)
-class TestAccountAPI(CacheIsolationTestCase, UserAPITestCase):
+class TestOwnUsernameAPI(CacheIsolationTestCase, UserAPITestCase):
     """
     Unit tests for the Accounts API.
     """
@@ -156,47 +150,46 @@ class TestAccountAPI(CacheIsolationTestCase, UserAPITestCase):
     ENABLED_CACHES = ['default']
 
     def setUp(self):
-        super(TestAccountAPI, self).setUp()
+        super(TestOwnUsernameAPI, self).setUp()
 
-        self.url = reverse("account_api")
+        self.url = reverse("own_username_api")
 
-    def test_get_account_default(self):
+    def _verify_get_own_username(self, queries, expected_status=200):
         """
-        Test that a client (logged in) can get her own account information (using default legacy profile information,
-        as created by the test UserFactory).
+        Internal helper to perform the actual assertion
         """
-        def verify_get_own_information(queries):
-            """
-            Internal helper to perform the actual assertions
-            """
-            with self.assertNumQueries(queries):
-                response = self.send_get(self.client)
+        with self.assertNumQueries(queries):
+            response = self.send_get(self.client, expected_status=expected_status)
+        if expected_status == 200:
             data = response.data
-            self.assertEqual(17, len(data))
+            self.assertEqual(1, len(data))
             self.assertEqual(self.user.username, data["username"])
-            self.assertEqual(self.user.first_name + " " + self.user.last_name, data["name"])
-            for empty_field in ("year_of_birth", "level_of_education", "mailing_address", "bio"):
-                self.assertIsNone(data[empty_field])
-            self.assertIsNone(data["country"])
-            self.assertEqual("m", data["gender"])
-            self.assertEqual("Learn a lot", data["goals"])
-            self.assertEqual(self.user.email, data["email"])
-            self.assertIsNotNone(data["date_joined"])
-            self.assertEqual(self.user.is_active, data["is_active"])
-            self._verify_profile_image_data(data, False)
-            self.assertTrue(data["requires_parental_consent"])
-            self.assertEqual([], data["language_proficiencies"])
-            self.assertEqual(PRIVATE_VISIBILITY, data["account_privacy"])
-            # Badges aren't on by default, so should not be present.
-            self.assertEqual(False, data["accomplishments_shared"])
 
+    def test_get_username(self):
+        """
+        Test that a client (logged in) can get her own username.
+        """
         self.client.login(username=self.user.username, password=self.test_password)
-        verify_get_own_information(17)
+        self._verify_get_own_username(15)
 
-        # Now make sure that the user can get the same information, even if not active
+    def test_get_username_inactive(self):
+        """
+        Test that a logged-in client can get their
+        username, even if inactive.
+        """
+        self.client.login(username=self.user.username, password=self.test_password)
         self.user.is_active = False
         self.user.save()
-        verify_get_own_information(11)
+        self._verify_get_own_username(15)
+
+    def test_get_username_not_logged_in(self):
+        """
+        Test that a client (not logged in) gets a 401
+        when trying to retrieve their username.
+        """
+
+        # verify that the endpoint is inaccessible when not logged in
+        self._verify_get_own_username(12, expected_status=401)
 
 
 @ddt.ddt
@@ -366,6 +359,45 @@ class TestAccountsAPI(CacheIsolationTestCase, UserAPITestCase):
         response = self.send_get(client, query_parameters='view=shared')
         verify_fields_visible_to_all_users(response)
 
+    def test_get_account_default(self):
+        """
+        Test that a client (logged in) can get her own account information (using default legacy profile information,
+        as created by the test UserFactory).
+        """
+
+        def verify_get_own_information(queries):
+            """
+            Internal helper to perform the actual assertions
+            """
+            with self.assertNumQueries(queries):
+                response = self.send_get(self.client)
+            data = response.data
+            self.assertEqual(17, len(data))
+            self.assertEqual(self.user.username, data["username"])
+            self.assertEqual(self.user.first_name + " " + self.user.last_name, data["name"])
+            for empty_field in ("year_of_birth", "level_of_education", "mailing_address", "bio"):
+                self.assertIsNone(data[empty_field])
+            self.assertIsNone(data["country"])
+            self.assertEqual("m", data["gender"])
+            self.assertEqual("Learn a lot", data["goals"])
+            self.assertEqual(self.user.email, data["email"])
+            self.assertIsNotNone(data["date_joined"])
+            self.assertEqual(self.user.is_active, data["is_active"])
+            self._verify_profile_image_data(data, False)
+            self.assertTrue(data["requires_parental_consent"])
+            self.assertEqual([], data["language_proficiencies"])
+            self.assertEqual(PRIVATE_VISIBILITY, data["account_privacy"])
+            # Badges aren't on by default, so should not be present.
+            self.assertEqual(False, data["accomplishments_shared"])
+
+        self.client.login(username=self.user.username, password=self.test_password)
+        verify_get_own_information(17)
+
+        # Now make sure that the user can get the same information, even if not active
+        self.user.is_active = False
+        self.user.save()
+        verify_get_own_information(11)
+
     def test_get_account_empty_string(self):
         """
         Test the conversion of empty strings to None for certain fields.

openedx/core/djangoapps/user_api/accounts/views.py

@@ -35,7 +35,16 @@ class AccountViewSet(ViewSet):
 
             PATCH /api/user/v1/accounts/{username}/{"key":"value"} "application/merge-patch+json"
 
-        **Response Values for GET**
+        **Response Values for GET requests to the /me endpoint**
+            If the user is not logged in, an HTTP 401 "Not Authorized" response
+            is returned.
+
+            Otherwise, an HTTP 200 "OK" response is returned. The response
+            contains the following value:
+
+            * username: The username associated with the account.
+
+        **Response Values for GET requests to /accounts endpoints**
 
             If no user exists with the specified username, an HTTP 404 "Not
             Found" response is returned.
@@ -152,13 +161,7 @@ class AccountViewSet(ViewSet):
         """
         GET /api/user/v1/me
         """
-        try:
-            account_settings = get_account_settings(
-                request, [request.user.username], view=request.query_params.get('view'))
-        except UserNotFound:
-            return Response(status=status.HTTP_403_FORBIDDEN if request.user.is_staff else status.HTTP_404_NOT_FOUND)
-
-        return Response(account_settings[0])
+        return Response({'username': request.user.username})
 
     def list(self, request):
         """

openedx/core/djangoapps/user_api/urls.py

@@ -25,7 +25,7 @@ ACCOUNT_DETAIL = AccountViewSet.as_view({
 
 urlpatterns = patterns(
     '',
-    url(r'^v1/me$', ME, name='account_api'),
+    url(r'^v1/me$', ME, name='own_username_api'),
     url(r'^v1/accounts/{}$'.format(settings.USERNAME_PATTERN), ACCOUNT_DETAIL, name='accounts_api'),
     url(r'^v1/accounts$', ACCOUNT_LIST, name='accounts_detail_api'),
     url(