def put(self, request, pk, format=None):
user = self.get_object(pk)
data = request.data
serializer = ChangePasswordSerializer(data=data)
if serializer.is_valid():
# Check old password
if not user.check_password(
serializer.data.get("current_password")):
return Response(
{
'error': {
"current_password": ["Wrong current password."]
}
},
status=status.HTTP_400_BAD_REQUEST)
# set_password also hashes the password that the user will get
user.set_password(serializer.data.get("new_password"))
UserNoteManager.change_password_logger(
None, None, user, 'Changed on {now}'.format(
now=UserNoteManager.get_current_time()), user)
user.save()
return Response("Success.", status=status.HTTP_200_OK)
return Response({'error': serializer.errors},
status=status.HTTP_400_BAD_REQUEST)
def post(self, request, *args, **kwargs):
# simply delete the token to force a login
user = request.user
UserNoteManager.logout_logger(
None, None, user,
'{now} logged out'.format(now=UserNoteManager.get_current_time()),
user
)
try:
user.auth_token.delete()
except (AttributeError, ObjectDoesNotExist):
pass
return Response(status=status.HTTP_200_OK)
def post(self, request, *args, **kwargs):
serializer = self.serializer_class(
data=request.data,
context={'request': request}
)
serializer.is_valid(raise_exception=True)
user = serializer.validated_data['user']
payload = jwt_payload_handler(user)
payload['type'] = user.type
token = jwt_encode_handler(payload)
UserNoteManager.login_logger(
None, None, user,
'{now} logged in'.format(now=UserNoteManager.get_current_time()),
user
)
return Response({'token': token})
