feat: add public profiles list endpoint with search and pagination

- Add new /profiles/ endpoint for listing user profiles - Support search by username/display name with ordering options - Include pagination with configurable page size (max 100) - Add comprehensive OpenAPI schema documentation - Refactor passkey authentication state management in MFA flow - Update URL routing and imports for new list_profiles view This enables user discovery, leaderboards, and friend-finding features with a publicly accessible, well-documented API endpoint.
2026-02-05 18:15:18 -05:00 · 2026-01-10 13:00:02 -05:00
parent 22ff0d1c49
commit 692c0bbbbf
9 changed files with 424 additions and 45 deletions
--- a/backend/apps/api/v1/auth/views.py
+++ b/backend/apps/api/v1/auth/views.py
@@ -417,23 +417,23 @@ class MFALoginVerifyAPIView(APIView):
                return {"success": False, "error": "No passkey registered for this user"}
            
            try:
-                # Parse the authentication response
-                credential_data = webauthn_auth.parse_authentication_response(credential)
-                
-                # Get or create authentication state
-                # For login flow, we need to set up the state first
-                state = webauthn_auth.get_state(request)
+                # For MFA login flow, we need to set up state first if not present
+                # Note: allauth's begin_authentication stores state internally
+                state = webauthn_auth.get_state()
                
                if not state:
-                    # If no state, generate one for this user
-                    _, state = webauthn_auth.begin_authentication(request)
-                    webauthn_auth.set_state(request, state)
+                    # Need to temporarily set request.user for allauth context
+                    original_user = getattr(request, "user", None)
+                    request.user = user
+                    try:
+                        webauthn_auth.begin_authentication(user)
+                    finally:
+                        if original_user is not None:
+                            request.user = original_user
                
-                # Complete authentication
-                webauthn_auth.complete_authentication(request, credential_data, state)
-                
-                # Clear the state
-                webauthn_auth.clear_state(request)
+                # Complete authentication - takes user and credential dict
+                # State is managed internally by allauth
+                webauthn_auth.complete_authentication(user, credential)
                
                return {"success": True}