def change_user_password(self, request, **kwargs):
if request.method != 'POST':
return HttpResponse(json.dumps({"message":"method not allowed"}), content_type="application/json",status=401)
try:
load = json.loads(request.body)
except:
return HttpResponse(content_type="application/json", status=404)
type = kwargs['type']
otp_token = load.get('otp_token')
password = load.get('password1')
repassword = load.get('password2')
invalid_password = check_password(repassword)
if (invalid_password):
return HttpBadRequest("password is not meant according to the rules")
auth_key = load.get('auth_key')
user_details = {}
if not type:
return HttpBadRequest("type not defined use email/phone")
if password != repassword:
return HttpBadRequest("password1 and password2 not matched")
try:
if type=='phone':
try:
if not (settings.ENV in settings.IGNORE_ENV and otp_token in settings.HARCODED_OTPS):
consumer = afterbuy_model.OTPToken.objects.get(token=otp_token).user
otp_handler.validate_otp(otp_token, user=consumer)
except Exception:
raise ImmediateHttpResponse(
response=http.HttpBadRequest('Wrong OTP!'))
user_details['id'] = consumer.user.id
elif type=='email':
try:
user_obj = afterbuy_model.EmailToken.objects.get(activation_key=auth_key).user
except Exception:
raise ImmediateHttpResponse(
response=http.HttpBadRequest('invalid authentication key!'))
user_details['email'] = user_obj.user.email
user = User.objects.filter(**user_details)[0]
user.set_password(password)
user.save()
data = {'status': 1, 'message': "password updated successfully"}
except Exception as ex:
logger.error('Invalid details, mobile {0} and exception {1}'.format(request.POST.get('phone_number', ''),ex))
data = {'status': 0, 'message': "password not updated"}
return HttpResponse(json.dumps(data), content_type="application/json")
def change_password(request):
if request.method == 'GET':
return render(request, 'portal/change_password.html')
if request.method == 'POST':
groups = utils.stringify_groups(request.user)
if Roles.DEALERS in groups or Roles.ASCS in groups:
user = User.objects.get(username=request.user)
old_password = request.POST.get('oldPassword')
new_password = request.POST.get('newPassword')
check_pass = user.check_password(str(old_password))
if check_pass:
invalid_password = check_password(new_password)
if (invalid_password):
data = {'message':"password does not match the rules",'status':False}
else:
user.set_password(str(new_password))
user.save()
data = {'message': 'Password Changed successfully', 'status': True}
else:
data = {'message': 'Old password wrong', 'status': False}
return HttpResponse(json.dumps(data), content_type='application/json')
else:
return HttpResponseBadRequest('Not Allowed')
