def login(request):
if request.method != 'POST':
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, ''))
password = request.POST.get('password', False)
phoneNumber = request.POST.get('phoneNumber', False)
# we share the otp with user as secret, only the users
# who have correct otp and phonenumber match and valid
# opt are allowed to add password
# validation
if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit():
Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))
if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password):
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, ''))
appId = request.POST.get('appId', False)
if not appId:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId))
now = timezone.now()
# create sha512
hashObj = hashlib.sha512()
hashObj.update(password)
hashObj.update(phoneNumber)
hashObj.update(Settings.SECRET_KEY)
hash = hashObj.hexdigest()
try:
row = Seller.models.Sellers.objects.get(sellerPrimaryPhone=phoneNumber, sellerPasswordHash=hash)
# seller name is valid
row.sellerAppId = appId
row.save()
except Seller.models.Sellers.DoesNotExist:
Helpers.logger.debug('Invalid seller name or password {0} {1}'.format(phoneNumber, password))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidUsernamePassword, ''))
# create session here
response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, ''))
Helpers.create_seller_session(request, phoneNumber, row.id)
return response
def reset_password(request):
'''
profile update
'''
if request.method != 'POST':
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, ''))
password = request.POST.get('password', False)
phoneNumber = request.POST.get('phoneNumber', False)
otpValue = request.POST.get('otpValue', False)
# we share the otp with user as secret, only the users
# who have correct otp and phonenumber match and valid
# opt are allowed to add password
# validation
if not otpValue or len(otpValue) != 5 or not otpValue.isdigit():
Helpers.logger.debug('Invalid otpValue {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidOtpValue, otpValue))
if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit():
Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))
if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password):
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, ''))
now = timezone.now()
# validdate otp
try:
row = Seller.models.SellerOTPMappings.objects.get(phoneNumber=phoneNumber)
# check if opt is correct and valid
if row.expiaryDate > now and row.otpValue == otpValue:
# valid otp mapping exists
Helpers.logger.debug('Otp exists and valid {0}'.format(otpValue))
# make the otp expired, the otp is job is done
row.expiaryDate = now
row.save()
else:
# already exists and valid no need to update
Helpers.logger.debug('Otp exists, but invalid {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, {'otpValue': otpValue }))
except Seller.models.SellerOTPMappings.DoesNotExist:
# create new
Helpers.logger.debug('Otp doesnot exists {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, otpValue))
appId = request.POST.get('appId', False)
if not appId:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId))
# create sha512
hashObj = hashlib.sha512()
hashObj.update(password)
hashObj.update(phoneNumber)
hashObj.update(Settings.SECRET_KEY)
hash = hashObj.hexdigest()
try:
row = Seller.models.Sellers.objects.get(sellerPrimaryPhone=phoneNumber)
except Seller.models.Sellers.DoesNotExist:
# phonenum doesn't exists, we want phonenumber to be present
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))
# resetting password
row.sellerPasswordHash=hash
row.sellerAppId = appId
row.save()
Helpers.logger.debug('Seller password reset success with phoneNumber {0}'.format(phoneNumber))
response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, 'reset'))
Helpers.create_seller_session(request, phoneNumber, row.id)
return response
def signup_password(request):
if request.method != 'POST':
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, ''))
password = request.POST.get('password', False)
phoneNumber = request.POST.get('phoneNumber', False)
otpValue = request.POST.get('otpValue', False)
sellerName = request.POST.get('sellerName', False)
cityName = request.POST.get('cityName', False)
address = request.POST.get('address', False)
# TODO - do we need secondary phonenumber, we need validation of
# secondary phonenumber before using it
#secondaryPhone = request.POST.get('secondaryPhoneNumber', False)
latitude = request.POST.get('latitude', False)
longitude = request.POST.get('longitude', False)
mailId = request.POST.get('mailId', False)
website = request.POST.get('website', False)
description = request.POST.get('description', False)
appId = request.POST.get('appId', False)
# we share the otp with user as secret, only the users
# who have correct otp and phonenumber match and valid
# opt are allowed to add password
# validation
if not otpValue or len(otpValue) != 5 or not otpValue.isdigit():
Helpers.logger.debug('Invalid otpValue {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidOtpValue, otpValue))
if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit():
Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))
if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password):
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, ''))
now = timezone.now()
# validdate otp
try:
otpRow = Seller.models.SellerOTPMappings.objects.get(phoneNumber=phoneNumber)
# check if opt is correct and valid
if otpRow.expiaryDate > now and otpRow.otpValue == otpValue:
# rest is handled below
pass
else:
# already exists and valid no need to update
Helpers.logger.debug('Otp exists, but invalid {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, {'otpValue': otpValue }))
except Seller.models.SellerOTPMappings.DoesNotExist:
# create new
Helpers.logger.debug('Otp doesnot exists {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, otpValue))
# valid otp mapping exists
Helpers.logger.debug('Otp exists and valid {0}'.format(otpValue))
# validate other params and create seller profile if validation passes
# keep otp alive till we validate all params
if not sellerName or len(sellerName) > 100 or not re.match(Settings.SELLER_NAME_REGEX_PATTERN, sellerName):
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidSellerName, sellerName))
if not cityName or len(cityName) > 50 or not cityName.isalpha():
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidCityName, cityName))
#TODO - address validation ?
if not address or len(address) > 300:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAddress, address))
# http://stackoverflow.com/questions/6536232/validate-latitude-and-longitude
if not latitude:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLatitude, latitude))
try:
latitude = float(latitude)
except ValueError:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLatitude, latitude))
if latitude < -90 or latitude > 90:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLatitude, latitude))
if not longitude:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLongitude, longitude))
try:
longitude = float(longitude)
except ValueError:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLongitude, longitude))
if longitude < -180 or longitude > 180:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLongitude, longitude))
# mail is optional, so validate only if provided
if mailId:
if not re.match(Settings.EMAIL_REGEX_PATTERN, mailId):
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidMailId, mailId))
else:
mailId = ''
# website is optional and validate only if provided
if website:
urlValidator = validators.URLValidator()
try:
urlValidator(website)
except ValidationError:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidWebsite, website))
else:
website = ''
# TODO - description validation ?
# description is optional
if description:
if len(description) > 1024:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidDescription, description))
else:
description = ''
if not appId:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId))
# create sha512
hashObj = hashlib.sha512()
hashObj.update(password)
hashObj.update(phoneNumber)
hashObj.update(Settings.SECRET_KEY)
hash = hashObj.hexdigest()
row = None
try:
row = Seller.models.Sellers.objects.get(sellerPrimaryPhone=phoneNumber)
except Seller.models.Sellers.DoesNotExist:
pass
# row already exists
if row:
# phonenum already exists
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.PhoneNumAlreadyExists, phoneNumber))
Helpers.logger.debug('New seller profile phone:{} name:{} city:{} ,\
address:{} latitude:{} longitude:{} mailId:{} website:{} desc:{}'.format(\
phoneNumber, sellerName, cityName, address, latitude, longitude, mailId, website, description))
row = Seller.models.Sellers()
# adding new user password
row.sellerPrimaryPhone = phoneNumber
row.sellerName = sellerName
row.sellerCityName = cityName
row.sellerAddress = address
row.sellerLatitude = latitude
row.sellerLongitude = longitude
row.sellerMailId = mailId
row.sellerWebsite = website
row.sellerDescription= description
row.sellerPasswordHash=hash
row.sellerAppId = appId
row.save()
Helpers.logger.debug('seller added successfully with phoneNumber {0}'.format(phoneNumber))
response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, 'added'))
Helpers.create_seller_session(request, phoneNumber, row.id)
# make the otp expired, the otp is job is done
otpRow.expiaryDate = now
otpRow.save()
return response