feat(user): add user profile picture update functionality

.env.example

@@ -35,4 +35,8 @@ POSTGRES_DB=todo_postgres
 POSTGRES_HOST=postgres
 POSTGRES_PASSWORD=todo_password
 POSTGRES_PORT=5432
-POSTGRES_USER=todo_user
+POSTGRES_USER=todo_user
+
+CLOUDINARY_CLOUD_NAME="your_cloud_name"
+CLOUDINARY_API_KEY="123456789012345"
+CLOUDINARY_API_SECRET="your_api_secret"

requirements.txt

@@ -29,3 +29,4 @@ testcontainers[mongodb]==4.10.0
 drf-spectacular==0.28.0
 debugpy==1.8.14
 psycopg2-binary==2.9.9
+cloudinary==1.44.1

todo/repositories/user_repository.py

@@ -97,6 +97,38 @@ def create_or_update(cls, user_data: dict) -> UserModel:
                 raise
             raise APIException(RepositoryErrors.USER_CREATE_UPDATE_FAILED.format(str(e)))
 
+    @classmethod
+    def update_picture_by_id(cls, user_id: str, picture_url: str) -> UserModel:
+        collection = cls._get_collection()
+        now = datetime.now(timezone.utc)
+        object_id = PyObjectId(user_id)
+
+        result = collection.find_one_and_update(
+            {"_id": object_id},
+            {"$set": {"picture": picture_url, "updated_at": now}},
+            return_document=ReturnDocument.AFTER,
+        )
+
+        if not result:
+            raise UserNotFoundException()
+
+        user_model = UserModel(**result)
+
+        dual_write_service = EnhancedDualWriteService()
+        dual_write_success = dual_write_service.update_document(
+            collection_name="users",
+            mongo_id=user_id,
+            data={"picture": picture_url, "updated_at": now},
+        )
+
+        if not dual_write_success:
+            import logging
+
+            logger = logging.getLogger(__name__)
+            logger.warning(f"Failed to sync picture update for user {user_id} to Postgres")
+
+        return user_model
+
     @classmethod
     def search_users(cls, query: str, page: int = 1, limit: int = 10) -> tuple[List[UserModel], int]:
         """

todo/serializers/update_profile_serializer.py

@@ -0,0 +1,18 @@
+from rest_framework import serializers
+
+
+ALLOWED_IMAGE_TYPES = ["image/jpeg", "image/png", "image/webp"]
+MAX_FILE_SIZE = 5 * 1024 * 1024
+
+
+class UpdateProfileSerializer(serializers.Serializer):
+    picture = serializers.FileField(required=True)
+
+    def validate_picture(self, value):
+        if value.content_type not in ALLOWED_IMAGE_TYPES:
+            raise serializers.ValidationError(f"Invalid file type. Allowed: {', '.join(ALLOWED_IMAGE_TYPES)}")
+
+        if value.size > MAX_FILE_SIZE:
+            raise serializers.ValidationError("File size must be under 5MB")
+
+        return value

todo/services/cloudinary_service.py

@@ -0,0 +1,60 @@
+import io
+import os
+
+from cloudinary import uploader
+import cloudinary
+
+from todo.exceptions.auth_exceptions import APIException
+
+
+class CloudinaryService:
+    @staticmethod
+    def _require_config() -> tuple[str, str, str]:
+        cloud_name = os.getenv("CLOUDINARY_CLOUD_NAME")
+        api_key = os.getenv("CLOUDINARY_API_KEY")
+        api_secret = os.getenv("CLOUDINARY_API_SECRET")
+
+        if not cloud_name or not api_key or not api_secret:
+            raise APIException(
+                "Cloudinary is not configured. Set CLOUDINARY_CLOUD_NAME, CLOUDINARY_API_KEY, and CLOUDINARY_API_SECRET."
+            )
+
+        return str(cloud_name), str(api_key), str(api_secret)
+
+    @staticmethod
+    def _configure() -> None:
+        cloud_name, api_key, api_secret = CloudinaryService._require_config()
+        cloudinary.config(
+            cloud_name=cloud_name,
+            api_key=api_key,
+            api_secret=api_secret,
+            secure=True,
+        )
+
+    @classmethod
+    def upload_image(
+        cls,
+        *,
+        file_data: bytes,
+        user_id: str,
+        image_name: str,
+    ) -> str:
+        cls._configure()
+
+        if not image_name.strip():
+            raise APIException("imageName must be a non-empty string")
+
+        upload_folder = f"todo/users/{user_id}"
+        public_id = image_name.strip()
+
+        file_obj = io.BytesIO(file_data)
+
+        result = uploader.upload(
+            file_obj,
+            public_id=public_id,
+            folder=upload_folder,
+            overwrite=True,
+            resource_type="image",
+        )
+
+        return result["secure_url"]

todo/tests/integration/test_user_profile_api.py

@@ -1,12 +1,15 @@
 from http import HTTPStatus
+from django.core.files.uploadedfile import SimpleUploadedFile
 from django.urls import reverse
 from todo.tests.integration.base_mongo_test import AuthenticatedMongoTestCase
+from unittest.mock import patch
 
 
 class UserProfileAPIIntegrationTest(AuthenticatedMongoTestCase):
     def setUp(self):
         super().setUp()
         self.url = reverse("users")
+        self.profile_url = reverse("user_profile")
 
     def test_user_profile_true_requires_auth(self):
         client = self.client.__class__()
@@ -19,3 +22,42 @@ def test_user_profile_true_returns_user_info(self):
         data = response.json()["data"]
         self.assertEqual(data["id"], str(self.user_id))
         self.assertEqual(data["email"], self.user_data["email"])
+
+    def test_update_profile_picture_requires_auth(self):
+        client = self.client.__class__()
+        response = client.patch(
+            self.profile_url,
+            data={"picture": SimpleUploadedFile("test.jpg", b"fake", "image/jpeg")},
+            format="multipart",
+        )
+        self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED)
+
+    def test_update_profile_picture_persists_picture_url(self):
+        new_picture = "https://res.cloudinary.com/test_cloud/image/upload/v1/todo/users/abc/profile/picture.png"
+
+        with patch("todo.services.cloudinary_service.CloudinaryService.upload_image", return_value=new_picture):
+            response = self.client.patch(
+                self.profile_url,
+                data={"picture": SimpleUploadedFile("test.jpg", b"fake_image_data", "image/jpeg")},
+                format="multipart",
+            )
+
+        self.assertEqual(response.status_code, HTTPStatus.OK)
+
+        profile_response = self.client.get(self.url + "?profile=true")
+        self.assertEqual(profile_response.status_code, HTTPStatus.OK)
+        profile_data = profile_response.json()["data"]
+        self.assertEqual(profile_data["picture"], new_picture)
+
+    def test_update_profile_picture_invalid_file_type(self):
+        response = self.client.patch(
+            self.profile_url,
+            data={"picture": SimpleUploadedFile("test.txt", b"fake", "text/plain")},
+            format="multipart",
+        )
+        self.assertEqual(response.status_code, HTTPStatus.BAD_REQUEST)
+        self.assertIn("Invalid file type", response.json().get("message", ""))
+
+    def test_update_profile_picture_missing_file(self):
+        response = self.client.patch(self.profile_url, data={}, format="multipart")
+        self.assertEqual(response.status_code, HTTPStatus.BAD_REQUEST)

todo/urls.py

@@ -1,7 +1,7 @@
 from django.urls import path
 from todo.views.task import TaskListView, TaskDetailView, TaskUpdateView
 from todo.views.health import HealthView
-from todo.views.user import UsersView
+from todo.views.user import UsersView, UserDetailView
 from todo.views.auth import GoogleLoginView, GoogleCallbackView, LogoutView
 from todo.views.role import RoleListView, RoleDetailView
 from todo.views.user_role import UserRoleListView, TeamUserRoleListView, TeamUserRoleDetailView, TeamUserRoleDeleteView
@@ -57,6 +57,7 @@
     path("auth/google/callback", GoogleCallbackView.as_view(), name="google_callback"),
     path("auth/logout", LogoutView.as_view(), name="google_logout"),
     path("users", UsersView.as_view(), name="users"),
+    path("users/profile", UserDetailView.as_view(), name="user_profile"),
     path("users/<str:user_id>/roles", UserRoleListView.as_view(), name="user_roles"),
     path("team-invite-codes/generate", GenerateTeamCreationInviteCodeView.as_view(), name="generate_team_invite_code"),
     path("team-invite-codes/verify", VerifyTeamCreationInviteCodeView.as_view(), name="verify_team_invite_code"),

todo/views/user.py

@@ -3,11 +3,18 @@
 from rest_framework.request import Request
 from todo.constants.messages import ApiErrors
 from todo.services.user_service import UserService
+from todo.repositories.user_repository import UserRepository
+from todo.services.cloudinary_service import CloudinaryService
+from todo.exceptions.auth_exceptions import APIException
 from rest_framework import status
 from drf_spectacular.utils import extend_schema, OpenApiParameter, OpenApiResponse
 from drf_spectacular.types import OpenApiTypes
 from todo.dto.user_dto import UserSearchResponseDTO, UsersDTO
 from todo.dto.responses.error_response import ApiErrorResponse
+from drf_spectacular.utils import OpenApiExample, inline_serializer
+from rest_framework import serializers
+from todo.serializers.update_profile_serializer import UpdateProfileSerializer
+import logging
 
 
 class UsersView(APIView):
@@ -117,3 +124,65 @@ def get(self, request: Request):
             },
             status=status.HTTP_200_OK,
         )
+
+
+class UserDetailView(APIView):
+    @extend_schema(
+        operation_id="update_user_profile",
+        summary="Update current user profile picture",
+        description="Updates the profile picture of the currently authenticated user.",
+        tags=["users"],
+        request=inline_serializer(
+            name="UserProfilePictureRequest",
+            fields={
+                "picture": serializers.FileField(),
+            },
+        ),
+        responses={
+            200: OpenApiResponse(description="Profile picture updated"),
+            400: OpenApiResponse(description="Bad request"),
+            401: OpenApiResponse(description="Unauthorized"),
+            500: OpenApiResponse(description="Internal server error"),
+        },
+        examples=[
+            OpenApiExample(
+                name="Update profile image",
+                value={"picture": "<binary file>"},
+                request_only=True,
+            )
+        ],
+    )
+    def patch(self, request: Request):
+        serializer = UpdateProfileSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+
+        picture_file = serializer.validated_data["picture"]
+
+        try:
+            profile_url = CloudinaryService.upload_image(
+                file_data=picture_file.read(),
+                user_id=request.user_id,
+                image_name="profile-picture",
+            )
+        except APIException:
+            return Response(
+                {"message": "Image upload configuration error"},
+                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            )
+        except Exception as e:
+            logger = logging.getLogger(__name__)
+            logger.error(f"Failed to upload image for user {request.user_id}: {str(e)}")
+            return Response(
+                {"message": "Failed to upload image"},
+                status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            )
+
+        user = UserRepository.update_picture_by_id(request.user_id, profile_url)
+        userData = user.model_dump(mode="json", exclude_none=True)
+        userResponse = {
+            "id": userData["id"],
+            "email": userData["email_id"],
+            "name": userData.get("name"),
+            "picture": userData.get("picture"),
+        }
+        return Response({"message": "User updated successfully", "data": userResponse}, status=200)