def forgot_password_verify_code(request, code, new_password):
"""
Updates password after verification of code and new password
:param request:
:param code: 4 digit code received over mail
:param new_password:
:return: 400 if code generation fails
:return: 200 successful
"""
try:
pass_ver = PasswordVerification.objects.get(user=request.user)
if code == pass_ver.code:
if validate_password(new_password):
request.user.set_password(new_password)
request.user.save()
pass_ver.delete()
else:
return Response("Invalid new password",
status=status.HTTP_400_BAD_REQUEST)
else:
return Response("Code mismatch",
status=status.HTTP_400_BAD_REQUEST)
except PasswordVerification.DoesNotExist:
return Response("Forgot password code not yet generated",
status=status.HTTP_400_BAD_REQUEST)
except Exception as e:
return Response(str(e), status=status.HTTP_400_BAD_REQUEST)
return Response("Password updated succesfully", status=status.HTTP_200_OK)
def update_password(request):
"""
update password
:param request:
:return: 400 if incorrect parameters are sent
:return: 200 successful
"""
old_password = request.POST.get('old_password', None)
new_password = request.POST.get('new_password', None)
if not old_password or not new_password:
error_message = "Missing parameters in request. Send old_password, new_password"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
try:
if request.user.check_password(old_password):
if validate_password(new_password):
request.user.set_password(new_password)
request.user.save()
else:
return Response("Invalid new password",
status=status.HTTP_400_BAD_REQUEST)
else:
return Response("Incorrect old password",
status=status.HTTP_400_BAD_REQUEST)
except Exception as e:
return Response(str(e), status=status.HTTP_400_BAD_REQUEST)
return Response("Password updated successfully", status=status.HTTP_200_OK)
def sign_up(request):
"""
Adds a new user to database
Note: client's email is stored as username in database (NO explicit difference in email and username)
:param request: contains first name, last name, email Id (username) and password
:return: 400 if incorrect parameters are sent or email ID already exists
:return: 201 successful
"""
firstname = request.POST.get('firstname', None)
lastname = request.POST.get('lastname', None)
username = parseaddr(request.POST.get('email', None))[1].lower()
password = request.POST.get('password', None)
if not firstname or not lastname or not username or not password:
# incorrect request received
error_message = "Missing parameters in request. Send firstname, lastname, email, password"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
if not validate_email(username):
error_message = "Invalid email Id"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
if not validate_password(password):
error_message = "Invalid Password"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
try:
User.objects.get(username=username)
error_message = "Email Id already exists"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
except User.DoesNotExist:
user = User.objects.create_user(username, password=password)
user.first_name = firstname
user.last_name = lastname
user.is_superuser = False
user.is_staff = False
user.save()
try:
to_list = [user.username]
fullname = "{} {}".format(firstname, lastname)
mail_subject = WELCOME_MAIL_SUBJECT.format(firstname)
mail_content = WELCOME_MAIL_CONTENT.format(fullname)
send_mail(mail_subject,
mail_content,
DEFAULT_EMAIL_SENDER,
to_list,
fail_silently=False)
except SMTPException as e:
error_message = "Registration successful. Unable to send a welcome email to user"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
except Exception as e:
error_message = str(e)
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
success_message = "Successfully registered"
return Response(success_message, status=status.HTTP_201_CREATED)
def test_validate_password(self):
data_provider = [
{"password": "******", "result": False},
{"password": "******", "result": False},
{"password": "******", "result": True},
{"password": '******', "result": True},
]
for data in data_provider:
result = validate_password(data['password'])
self.assertEqual(result, data['result'])
def sign_up(request):
"""
Adds a new user to database
Note: client's email is stored as username in database (NO explicit difference in email and username)
:param request: contains first name, last name, email Id (username) and password
:return: 400 if incorrect parameters are sent or email ID already exists
:return: 201 successful
"""
firstname = request.POST.get('firstname', None)
lastname = request.POST.get('lastname', None)
username = parseaddr(request.POST.get('email', None))[1].lower()
password = request.POST.get('password', None)
if not firstname or not lastname or not username or not password:
# incorrect request received
error_message = "Missing parameters in request. Send firstname, lastname, email, password"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
if not validate_email(username):
error_message = "Invalid email Id"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
if not validate_password(password):
error_message = "Invalid Password"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
try:
User.objects.get(username=username)
error_message = "Email Id already exists"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
except User.DoesNotExist:
user = User.objects.create_user(username, password=password)
user.first_name = firstname
user.last_name = lastname
user.is_superuser = False
user.is_staff = False
user.save()
except Exception as e:
error_message = str(e)
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
success_message = "Successfully registered"
return Response(success_message, status=status.HTTP_201_CREATED)
def forgot_password_verify_code(request, username, code, new_password):
"""
Updates password after verification of code and new password
:param request:
:param username: email to identify the user
:param code: 4 digit code received over mail
:param new_password:
:return: 400 if code generation fails
:return: 404 if invalid username
:return: 200 successful
"""
try:
# check if user with given username exists
user = User.objects.get(username=username)
try:
pass_ver = PasswordVerification.objects.get(user=user)
if code == pass_ver.code:
if validate_password(new_password):
user.set_password(new_password)
user.save()
pass_ver.delete()
else:
return Response("Invalid new password",
status=status.HTTP_400_BAD_REQUEST)
else:
return Response("Code mismatch",
status=status.HTTP_400_BAD_REQUEST)
except PasswordVerification.DoesNotExist:
return Response("Forgot password code not yet generated",
status=status.HTTP_400_BAD_REQUEST)
except Exception as e:
return Response(str(e), status=status.HTTP_400_BAD_REQUEST)
return Response("Password updated succesfully",
status=status.HTTP_200_OK)
except User.DoesNotExist:
error_message = "Invalid username"
return Response(error_message, status=status.HTTP_404_NOT_FOUND)
def update_user_password(request):
old_password = request.POST.get('old_password', None)
new_password = request.POST.get('new_password', None)
user = request.user
confirm_password = user.password
if not old_password or not new_password:
error_message = "Missing parameters in request"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
if not confirm_password == old_password:
error_message = "Password not found"
return Response(error_message, status=status.HTTP_404_NOT_FOUND)
if not validate_password(new_password):
error_message = "New Password not valid"
return Response(error_message, status=status.HTTP_400_BAD_REQUEST)
user.password = new_password
user.save()
return Response("Password update succesful", status=status.HTTP_200_OK)
