add: delete and edit accounts page

AbstractRedirectView,
AbstractAuthentificateView
AbstractUnAuthentificateView

accounts/serializers/change_password.py

@@ -1,7 +0,0 @@
-from rest_framework.serializers import Serializer, CharField
-
-class ChangePasswordSerializer(Serializer):
-	
-    current_password = CharField()
-    new_password = CharField()
-    

accounts/tests/__init__.py

@@ -1,4 +1,5 @@
 from .register import *
 from .login import *
-from .change_password import *
+from .logout import *
+from .edit import *
 from .delete import *

accounts/tests/change_password.py

@@ -1,31 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.
-from django.test.client import Client
-from django.http import HttpResponse
-from django.contrib.auth.models import User
-
-import uuid
-
-class ChangePasswordTest(TestCase):
-    def setUp(self):
-        self.client = Client()
-        
-        self.url = "/accounts/change_password"
-        
-        self.username: str = str(uuid.uuid4())
-        self.password: str = str(uuid.uuid4())
-        self.new_password: str = str(uuid.uuid4())
-        
-        User.objects.create_user(username = self.username, password = self.password)
-        
-    def test_normal(self):
-        self.client.login(username = self.username, password = self.password)
-        response: HttpResponse = self.client.post(self.url, {"current_password": self.password, "new_password": self.new_password})
-        response_text: str = response.content.decode('utf-8')
-        self.assertEqual(response_text, '"password changed"')
-    
-    def test_nologged(self):
-        response: HttpResponse = self.client.post(self.url, {"current_password": self.password, "new_password": self.new_password})
-        errors: dict = eval(response.content)
-        self.assertDictEqual(errors, {'detail': 'Authentication credentials were not provided.'})

accounts/tests/delete.py

@@ -11,7 +11,7 @@ class DeleteTest(TestCase):
     def setUp(self):
         self.client = Client()
         
-        self.url = "/accounts/delete"
+        self.url = "/api/accounts/delete"
         
         self.username: str = str(uuid.uuid4())
         self.password: str = str(uuid.uuid4())
@@ -21,12 +21,17 @@ class DeleteTest(TestCase):
         
 
     def test_normal_delete(self):
-        response: HttpResponse = self.client.post(self.url)
+        response: HttpResponse = self.client.delete(self.url, {"password": self.password}, content_type='application/json')
         response_text: str = response.content.decode("utf-8")
         self.assertEqual(response_text, '"user deleted"')
     
+    def test_wrong_pass(self):
+        response: HttpResponse = self.client.delete(self.url, {"password": "cacaman a frapper"}, content_type='application/json')
+        errors: dict = eval(response.content)
+        self.assertDictEqual(errors, {"password": ["Password wrong."]})
+
     def test_no_logged(self):
         self.client.logout()
-        response: HttpResponse = self.client.post(self.url)
+        response: HttpResponse = self.client.delete(self.url, {"password": self.password}, content_type='application/json')
         errors: dict = eval(response.content)
         self.assertDictEqual(errors, {"detail":"Authentication credentials were not provided."})

accounts/tests/edit.py

@@ -0,0 +1,49 @@
+from django.test import TestCase
+
+# Create your tests here.
+from django.test.client import Client
+from django.http import HttpResponse
+from django.contrib.auth.models import User
+
+import uuid
+
+class EditTest(TestCase):
+    def setUp(self):
+        self.client = Client()
+        
+        self.url = "/api/accounts/edit"
+        
+        self.username: str = str(uuid.uuid4())
+        self.password: str = str(uuid.uuid4())
+        self.new_password: str = str(uuid.uuid4())
+        
+        User.objects.create_user(username = self.username, password = self.password)
+        
+    def test_normal(self):
+        self.client.login(username = self.username, password = self.password)
+        response: HttpResponse = self.client.patch(self.url, {"current_password": self.password, "new_password": self.new_password, "username": "bozo"}, content_type='application/json')
+        response_text: str = response.content.decode('utf-8')
+        self.assertEqual(response_text, '"data has been alterate"')
+    
+    def test_invalid_current_password(self):
+        self.client.login(username = self.username, password = self.password)
+        response: HttpResponse = self.client.patch(self.url, {"current_password": "bozo", "new_password": self.new_password, "username": "bozo"}, content_type='application/json')
+        errors: dict = eval(response.content)
+        self.assertDictEqual(errors, {"current_password":["Password is wrong."]})
+
+    def test_invalid_new_username_blank(self):
+        self.client.login(username = self.username, password = self.password)
+        response: HttpResponse = self.client.patch(self.url, {"current_password": self.password, "username": " "}, content_type='application/json')
+        errors: dict = eval(response.content)
+        self.assertDictEqual(errors, {'username': ['This field may not be blank.']})
+
+    def test_invalid_new_username_char(self):
+        self.client.login(username = self.username, password = self.password)
+        response: HttpResponse = self.client.patch(self.url, {"current_password": self.password, "username": "*&"}, content_type='application/json')
+        errors: dict = eval(response.content)
+        self.assertDictEqual(errors, {'username': ['Enter a valid username. This value may contain only letters, numbers, and @/./+/-/_ characters.']})
+
+    def test_nologged(self):
+        response: HttpResponse = self.client.patch(self.url, {"current_password": self.password, "new_password": self.new_password}, content_type='application/json')
+        errors: dict = eval(response.content)
+        self.assertDictEqual(errors, {'detail': 'Authentication credentials were not provided.'})

accounts/tests/login.py

@@ -10,7 +10,7 @@ class LoginTest(TestCase):
     def setUp(self):
         self.client = Client()
         
-        self.url = "/accounts/login"
+        self.url = "/api/accounts/login"
         
         self.username: str = str(uuid.uuid4())
         self.password: str = str(uuid.uuid4())

accounts/tests/logout.py

@@ -8,7 +8,7 @@ class LoginTest(TestCase):
     def setUp(self):
         self.client = Client()
         
-        self.url = "/accounts/logout"
+        self.url = "/api/accounts/logout"
         
         self.client.login()
 

accounts/tests/register.py

@@ -11,7 +11,7 @@ class RegisterTest(TestCase):
     def setUp(self):
         self.client = Client()
 
-        self.url: str = "/accounts/register"
+        self.url: str = "/api/accounts/register"
 
         self.username: str = str(uuid.uuid4())
         self.password: str = str(uuid.uuid4())

accounts/urls.py

@@ -1,6 +1,6 @@
 from django.urls import path
 
-from .views import register, login, logout, delete, change_password, logged
+from .views import register, login, logout, delete, edit, logged
 
 urlpatterns = [
     path("register", register.RegisterView.as_view(), name="register"),
@@ -8,6 +8,6 @@ urlpatterns = [
     path("logout", logout.LogoutView.as_view(), name="logout"),
     path("logged", logged.LoggedView.as_view(), name="logged"),
     path("delete", delete.DeleteView.as_view(), name="delete"),
-    path("change_password", change_password.ChangePasswordView.as_view(), name="change_password")
+    path("edit", edit.EditView.as_view(), name="change_password")
     
 ]

accounts/views/change_password.py

@@ -1,25 +0,0 @@
-from rest_framework.views import APIView
-from rest_framework.response import Response
-from rest_framework import permissions, status
-from django.http import HttpRequest
-from django.contrib.auth import login
-from rest_framework.authentication import SessionAuthentication
-from django.contrib.auth.models import User
-
-from ..serializers.change_password import ChangePasswordSerializer
-
-class ChangePasswordView(APIView):
-
-    permission_classes = (permissions.IsAuthenticated,)
-    authentication_classes = (SessionAuthentication,)
-
-    def post(self, request: HttpRequest):
-        data = request.data
-
-        serializer = ChangePasswordSerializer(data=data)
-        if serializer.is_valid(raise_exception=True):
-            user: User = request.user
-            if (user.check_password(data['current_password']) == 0):
-                return Response({'current_password': "The password is not right."}, status=status.HTTP_200_OK)
-            user.set_password(data["new_password"])
-            return Response('password changed', status=status.HTTP_200_OK)

accounts/views/delete.py

@@ -7,6 +7,13 @@ from rest_framework.authentication import SessionAuthentication
 class DeleteView(APIView):
 	permission_classes = (permissions.IsAuthenticated,)
 	authentication_classes = (SessionAuthentication,)
-	def post(self, request: HttpRequest):
+	def delete(self, request: HttpRequest):
+		data: dict = request.data
+
+		password: str = data["password"]
+		if (password is None):
+			return Response({"password": ["This field may not be blank."]})
+		if (request.user.check_password(password) == False):
+			return Response({"password": ["Password wrong."]})
 		request.user.delete()
 		return Response("user deleted", status=status.HTTP_200_OK)

accounts/views/edit.py

@@ -0,0 +1,45 @@
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework import permissions, status
+from django.http import HttpRequest
+from django.contrib.auth import login
+from rest_framework.authentication import SessionAuthentication
+from django.contrib.auth.models import User
+import re
+
+class EditView(APIView):
+
+    permission_classes = (permissions.IsAuthenticated,)
+    authentication_classes = (SessionAuthentication,)
+
+    def get(self, request: HttpRequest):
+        return Response({"username": request.user.username})
+
+    def patch(self, request: HttpRequest):
+        data: dict = request.data
+
+        current_password: str = data.get("current_password")
+        if (current_password is None):
+            return Response({"current_password": ["This field may not be blank."]})
+
+        user_object = request.user
+
+        if (user_object.check_password(current_password) == False):
+            return Response({"current_password": ["Password is wrong."]})
+
+        new_username = data.get("username", user_object.username)
+        if (new_username != user_object.username):
+            if (User.objects.filter(username=new_username).exists()):
+                return Response({"username": ["A user with that username already exists."]})
+            if (set(new_username) == {' '}):
+                return Response({"username": ["This field may not be blank."]})
+            if (re.search('^([a-z]||\@||\+||\-||\_)+$', new_username) is None):
+                return Response({"username":["Enter a valid username. This value may contain only letters, numbers, and @/./+/-/_ characters."]})
+
+        new_password: str = data.get("password")
+        if (new_password is not None):
+           user_object.set_password(new_password)
+        
+        user_object.save()
+
+        return Response("data has been alterate")

frontend/static/js/api/account.js

@@ -0,0 +1,59 @@
+class Account
+{
+	constructor (client)
+	{
+		this.client = client;
+	}
+	
+	async create(username, password)
+	{
+		let response = await this.client._post("/api/accounts/register", {username: username, password: password});
+		let response_data = await response.json()
+
+		if (response_data == "user created")
+		{
+			this._logged = true;
+			return null;
+		}
+		return response_data
+	}
+
+	async delete(password)
+	{
+		let response = await this.client._delete("/api/accounts/delete", {password: password});
+		let response_data = await response.json();
+
+		if (response_data === "user deleted")
+			this.client._logged = false;
+		return response_data;
+	}
+
+	async get()
+	{
+		let response = await this.client._get("/api/accounts/edit");
+		let response_data = await response.json();
+
+		if (JSON.stringify(response_data) == JSON.stringify({'detail': 'Authentication credentials were not provided.'}))
+		{
+			console.log("error, client is not logged");
+			return null;			
+		}
+		return response_data;
+	}
+
+	async update(data, password)
+	{
+		data.password = password;
+		let response = await this.client._patch_json("/api/accounts/edit", data);
+		let response_data = await response.json();
+
+		if (JSON.stringify(response_data) == JSON.stringify({'detail': 'Authentication credentials were not provided.'}))
+		{
+			console.log("error, client is not logged");
+			return null;
+		}
+		return response_data;
+	}
+}
+
+export { Account }

frontend/static/js/api/accounts.js

@@ -1,15 +0,0 @@
-class Accounts
-{
-	constructor (client)
-	{
-		this.client = client;
-	}
-	
-	async create(username, password)
-	{
-		let response = await this.client._post("/api/accounts/register", {username: username, password: password});
-		return response
-	}
-}
-
-export { Accounts }

frontend/static/js/api/client.js

@@ -1,11 +1,21 @@
-import { Accounts } from "./accounts.js";
+import { Account } from "./account.js";
+
+function getCookie(name)
+{
+	let cookie = {};
+	document.cookie.split(';').forEach(function(el) {
+	  let split = el.split('=');
+	  cookie[split[0].trim()] = split.slice(1).join("=");
+	})
+	return cookie[name];
+}
 
 class Client
 {
 	constructor(url)
 	{
 		this._url = url;
-		this.accounts = new Accounts(this);
+		this.account = new Account(this);
 		this._logged = undefined;
 	}
 
@@ -30,6 +40,33 @@ class Client
 			method: "POST",
 			headers: {
 				"Content-Type": "application/json",
+				"X-CSRFToken": getCookie("csrftoken"),
+			},		  
+			body: JSON.stringify(data),
+		});
+        return response;
+    }
+
+	async _delete(uri, data)
+    {
+        let response = await fetch(this._url + uri, {
+			method: "DELETE",
+			headers: {
+				"Content-Type": "application/json",
+				"X-CSRFToken": getCookie("csrftoken"),
+			},		  
+			body: JSON.stringify(data),
+		});
+        return response;
+    }
+
+	async _patch_json(uri, data)
+    {
+        let response = await fetch(this._url + uri, {
+			method: "PATCH",
+			headers: {
+				"X-CSRFToken": getCookie("csrftoken"),
+				"Content-Type": "application/json",
 			},		  
 			body: JSON.stringify(data),
 		});

frontend/static/js/index.js

@@ -9,6 +9,8 @@ import RegisterView from "./views/accounts/RegisterView.js";
 import LogoutView from "./views/accounts/LogoutView.js";
 
 import { Client } from "./api/client.js";
+import AbstractRedirectView from "./views/AbstractRedirectView.js";
+import MeView from "./views/MeView.js";
 
 let client = new Client(location.protocol + "//" + location.host)
 
@@ -41,6 +43,7 @@ const router = async (uri = "") => {
         { path: "/register", view: RegisterView },
         { path: "/chat", view: Chat },
         { path: "/home", view: HomeView },
+        { path: "/me", view: MeView },
     ];
 
     // Test each route for potential match
@@ -64,12 +67,17 @@ const router = async (uri = "") => {
 		await lastView.leavePage();
 
     const view = new match.route.view(getParams(match));
+
+    if (view instanceof AbstractRedirectView && await view.redirect())
+        return 1;
+
 	lastView = view;
 
     let content = await view.getHtml();
     if (content == null)
         return 1;
 
+    view.setTitle();
     document.querySelector("#app").innerHTML = content
 
 	await view.postInit();

frontend/static/js/views/AbstractAuthentifiedView.js

@@ -0,0 +1,18 @@
+import { client, navigateTo } from "../index.js";
+import AbstractRedirectView from "./AbstractRedirectView.js";
+
+export default class extends AbstractRedirectView{
+    constructor(params, title) {
+		super(params, title, "/login");
+    }
+
+    async redirect()
+    {
+		if (await client.isAuthentificate() === false)
+		{
+			navigateTo(this.redirect_url);
+			return 1;
+		}
+		return 0;
+    }
+}

frontend/static/js/views/AbstractNonAuthentified.js

@@ -0,0 +1,16 @@
+import { client, navigateTo } from "../index.js";
+import AbstractRedirectView from "./AbstractRedirectView.js";
+
+export default class extends AbstractRedirectView{
+    constructor(params, title, url) {
+		super(params, title, url);
+    }
+
+    async redirect()
+    {
+		if (await client.isAuthentificate() === false)
+			return 0;
+		navigateTo(this.redirect_url);
+		return 1;
+    }
+}

frontend/static/js/views/AbstractRedirectView.js

@@ -0,0 +1,15 @@
+import { navigateTo } from "../index.js";
+import AbstractView from "./AbstractView.js";
+
+export default class extends AbstractView{
+    constructor(params, title, url)
+    {
+        super(params, title);
+        this.redirect_url = url;
+    }
+
+    async redirect()
+    {
+        navigateTo(url);
+    }
+}

frontend/static/js/views/AbstractView.js

@@ -1,6 +1,7 @@
 export default class {
-    constructor(params) {
+    constructor(params, title) {
         this.params = params;
+        this.title = title;
     }
 
 	async postInit() {
@@ -9,8 +10,8 @@ export default class {
 	async leavePage() {
 	}
 
-    setTitle(title) {
+    setTitle() {
-        document.title = title;
+        document.title = this.title;
     }
 
     async getHtml() {

frontend/static/js/views/Chat.js

@@ -1,11 +1,10 @@
-import AbstractView from "./AbstractView.js";
+import AbstractAuthentifiedView from "./AbstractAuthentifiedView.js";
 
-export default class extends AbstractView {
+export default class extends AbstractAuthentifiedView {
     constructor(params) {
-        super(params);
+        super(params, "Chat");
-        this.setTitle("Chat");
 
-		let url = `ws://${window.location.host}/ws/socket-server/`
+		let url = `wss://${window.location.host}/ws/socket-server/`
 
 		this.chatSocket = new WebSocket(url)
 		this.chatSocket.onmessage = function(e){

frontend/static/js/views/Dashboard.js

@@ -2,8 +2,7 @@ import AbstractView from "./AbstractView.js";
 
 export default class extends AbstractView {
     constructor(params) {
-        super(params);
+        super(params, "Dashboard");
-        this.setTitle("Dashboard");
     }
 
     async getHtml() {

frontend/static/js/views/HomeView.js

@@ -1,20 +1,15 @@
-import AbstractView from "./AbstractView.js";
+import AbstractAuthentificateView from "./AbstractAuthentifiedView.js";
-import { client, navigateTo } from "../index.js";
 
-export default class extends AbstractView {
+export default class extends AbstractAuthentificateView {
     constructor(params) {
-        super(params);
+        super(params, "Home");
-        this.setTitle("Home");
+        this.redirect_url = "/login"
 	}
 
     async getHtml() {
-        if (await client.isAuthentificate() === false)
-        {
-			navigateTo("/login");
-            return;
-        }
         return `
 			<h1>HOME</h1>
+            <a href="/me" class="nav__link" data-link>Me</a>
             <a href="/logout" class="nav__link" data-link>Logout</a>
         `;
     }

frontend/static/js/views/MeView.js

@@ -0,0 +1,103 @@
+import { client, navigateTo } from "../index.js";
+import AbstractAuthentificateView from "./AbstractAuthentifiedView.js";
+
+export default class extends AbstractAuthentificateView
+{    
+    constructor(params)
+    {
+        super(params, "Me");
+	}
+
+    async postInit()
+    {
+        if (this.fill() === null)
+            return;
+        document.getElementById("save-button").onclick = this.save;
+        document.getElementById("delete-button").onclick = this.delete_accounts;
+    }
+
+    async fill()
+    {
+        let data = await client.account.get();
+    
+        document.getElementById("username").value = data.username;
+    }
+
+    async delete_accounts()
+    {
+        let current_password = document.getElementById("current_password").value;
+        
+        let response_data = await client.account.delete(current_password);
+
+        if (response_data === null)
+        {
+            navigateTo("/login");
+            return;
+        }
+
+        ["delete", "current_password"].forEach(error_field => {
+            let error_display = document.getElementById(`error_${error_field}`);
+            if (error_display != null)
+                error_display.innerHTML = "";
+        });
+
+        if (response_data === "user deleted")
+        {
+            document.getElementById(`error_delete`).innerHTML = "OK";
+            navigateTo("/login")
+            return;
+        }
+
+        document.getElementById("error_current_password").innerHTML = response_data["password"]
+    }
+
+    async save()
+    {
+        let username = document.getElementById("username").value;
+        let new_password = document.getElementById("new_password").value;
+        let current_password = document.getElementById("current_password").value;
+    
+        let data = {};
+    
+        data.username = username;
+        if (new_password.length != 0)
+            data.new_password = new_password;
+        let response_data = await client.account.update(data, current_password);
+    
+        if (response_data === null)
+        {
+            navigateTo(super.redirect_url);
+            return;
+        }
+    
+        ["username", "new_password", "current_password"].forEach(error_field => {
+            let error_display = document.getElementById(`error_${error_field}`);
+            if (error_display != null)
+                error_display.innerHTML = "";
+        });
+    
+        Object.keys(response_data).forEach(error_field => {
+            let error_display = document.getElementById(`error_${error_field}`);
+            if (error_display != null)
+                error_display.innerHTML = response_data[error_field];
+        });
+    }
+    
+    async getHtml()
+    {
+        return `
+			<h1>ME</h1>
+            <input type=text placeholder="username" id="username">
+            <span id="error_username"></span>
+            <input type=password placeholder="new password" id="new_password">
+            <span id="error_new_password"></span>
+            <input type=password placeholder="current password" id="current_password">
+            <span id="error_current_password"></span>
+            <input type="button" value="Save" id="save-button">
+            <span id="error_save"></span>
+            <input type="button" value="Delete" id="delete-button">
+            <span id="error_delete"></span>
+            <a href="/logout" class="nav__link" data-link>Logout</a>
+        `;
+    }
+}

frontend/static/js/views/PostView.js

@@ -2,9 +2,8 @@ import AbstractView from "./AbstractView.js";
 
 export default class extends AbstractView {
     constructor(params) {
-        super(params);
+        super(params, "Viewing Post");
         this.postId = params.id;
-        this.setTitle("Viewing Post");
     }
 
     async getHtml() {

frontend/static/js/views/Posts.js

@@ -2,8 +2,7 @@ import AbstractView from "./AbstractView.js";
 
 export default class extends AbstractView {
     constructor(params) {
-        super(params);
+        super(params, "Posts");
-        this.setTitle("Posts");
     }
 
     async getHtml() {

frontend/static/js/views/Settings.js

@@ -2,8 +2,7 @@ import AbstractView from "./AbstractView.js";
 
 export default class extends AbstractView {
     constructor(params) {
-        super(params);
+        super(params, "Settings");
-        this.setTitle("Settings");
     }
 
     async getHtml() {

frontend/static/js/views/accounts/LoginView.js

@@ -1,5 +1,5 @@
-import AbstractView from "../AbstractView.js";
 import { client, navigateTo } from "../../index.js";
+import AbstractNonAuthentifiedView from "../AbstractNonAuthentified.js";
 
 async function login()
 {
@@ -27,23 +27,17 @@ async function login()
 	});
 }
 
-export default class extends AbstractView {
+export default class extends AbstractNonAuthentifiedView {
     constructor(params) {
-        super(params);
+        super(params, "Login", "/home");
 	}
 
 	async postInit()
 	{
-        this.setTitle("Login");
 		document.getElementById("button").onclick = login;
 	}
 
     async getHtml() {
-		if (await client.isAuthentificate())
-		{
-			navigateTo("/home")
-			return;
-		}
         return `
 			<div class=form>
 				<label>Login</label>

frontend/static/js/views/accounts/LogoutView.js

@@ -1,12 +1,10 @@
 import { client, navigateTo } from "../../index.js";
-import AbstractView from "../AbstractView.js";
+import AbstractAuthentifiedView from "../AbstractAuthentifiedView.js";
 
-export default class extends AbstractView
+export default class extends AbstractAuthentifiedView
 {
 	constructor(params) {
-		super(params);
+		super(params, "Logout");
-		this.setTitle("Logout");
-		if (client.logged)
 		client.logout();
 		navigateTo("/login")
 	}

frontend/static/js/views/accounts/RegisterView.js

@@ -1,13 +1,19 @@
-import AbstractView from "../AbstractView.js";
 import { client, navigateTo } from "../../index.js";
+import AbstractAuthentifiedView from "../AbstractNonAuthentified.js";
 
 async function register()
 {
 	let username = document.getElementById("username").value;
 	let password = document.getElementById("password").value;
 	
-	let response = await client.accounts.create(username, password);
+	let response_data = await client.account.create(username, password);
-	let response_data = await response.json();
+
+	if (response_data == null)
+	{
+		navigateTo("/home");
+		return;
+	}
+
 	
 	["username", "user", "password"].forEach(error_field => {
 		let error_display = document.getElementById(`error_${error_field}`);
@@ -22,23 +28,17 @@ async function register()
 	});
 }
 
-export default class extends AbstractView {
+export default class extends AbstractAuthentifiedView {
     constructor(params) {
-        super(params);
+        super(params, "Register", "/home");
 	}
 
 	async postInit()
 	{
-		this.setTitle("register");
 		document.getElementById("button").onclick = register;
 	}
 
     async getHtml() {
-		if (await client.isAuthentificate())
-		{
-			navigateTo("/home")
-			return;
-		}
         return `
 			<div class=form>
 				<label>Register</label>

profiles/tests.py

@@ -9,7 +9,7 @@ class ProfileTest(TestCase):
         self.user.save()
         self.expected_response = {"name": "bozo",
                                   "title": ""}
-        self.url = "/profiles/"
+        self.url = "/api/profiles/"
     
     def test_profile_create_on_user_created(self):
         response: HttpResponse = self.client.get(self.url + str(self.user.pk))

trancendence/settings.py

@@ -25,12 +25,12 @@ SECRET_KEY = 'django-insecure-18!@88-wm-!skec9^n-85n(f$my^#mh3!#@f=_e@=*arh_yyjj
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
 
-CSRF_TRUSTED_ORIGINS = ['https://code.chauvet.pro', 'https://django.chauvet.pro']
-
 ALLOWED_HOSTS = ["*"]
 
 CORS_ORIGIN_ALLOW_ALL = False
 
+CSRF_TRUSTED_ORIGINS = ["https://django.chauvet.pro"]
+
 CORS_ORIGIN_WHITELIST = (
     'http://localhost:8000',
 )