Example #1
0
def login(request):
    if request.method != 'POST':
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, ''))

    password = request.POST.get('password', False)
    phoneNumber =  request.POST.get('phoneNumber', False)

    # we share the otp with user as secret, only the users
    # who have correct otp and phonenumber match and valid
    # opt are allowed to add password
    
    # validation
    if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit():
        Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber))
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))

    if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password):
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, ''))

    appId = request.POST.get('appId', False)

    if not appId:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId))

    now = timezone.now()

    # create sha512
    hashObj = hashlib.sha512()
    hashObj.update(password)
    hashObj.update(phoneNumber)
    hashObj.update(Settings.SECRET_KEY)
    hash = hashObj.hexdigest()

    try:
        row = Seller.models.Sellers.objects.get(sellerPrimaryPhone=phoneNumber, sellerPasswordHash=hash)
        # seller name is valid
        row.sellerAppId = appId
        row.save()


    except Seller.models.Sellers.DoesNotExist:

        Helpers.logger.debug('Invalid seller name or password {0} {1}'.format(phoneNumber, password))
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidUsernamePassword, ''))

    # create session here 
    response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, ''))
    
    Helpers.create_seller_session(request, phoneNumber, row.id)

    return response
Example #2
0
def reset_password(request):
    '''
        profile update
    '''

    if request.method != 'POST':
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, ''))

    password = request.POST.get('password', False)
    phoneNumber =  request.POST.get('phoneNumber', False)
    otpValue = request.POST.get('otpValue', False)

    # we share the otp with user as secret, only the users
    # who have correct otp and phonenumber match and valid
    # opt are allowed to add password



    # validation
    if not  otpValue or len(otpValue) != 5 or not otpValue.isdigit():
        Helpers.logger.debug('Invalid otpValue {0}'.format(otpValue))
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidOtpValue, otpValue))


    if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit():
        Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber))
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))

    if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password):
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, ''))
    now = timezone.now()

    # validdate otp
    try:
        row = Seller.models.SellerOTPMappings.objects.get(phoneNumber=phoneNumber)
        # check if opt is correct and valid
        if row.expiaryDate > now and row.otpValue == otpValue:
            # valid otp mapping exists
            Helpers.logger.debug('Otp exists and valid {0}'.format(otpValue))
            # make the otp expired, the otp is job is done
            row.expiaryDate = now
            row.save()
            
        else:
            # already exists and valid no need to update
            Helpers.logger.debug('Otp exists, but invalid {0}'.format(otpValue))  
            return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, {'otpValue': otpValue }))          


    except Seller.models.SellerOTPMappings.DoesNotExist:
        # create new 
        Helpers.logger.debug('Otp doesnot exists {0}'.format(otpValue))
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, otpValue))

    appId = request.POST.get('appId', False)

    if not appId:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId))

    # create sha512
    hashObj = hashlib.sha512()
    hashObj.update(password)
    hashObj.update(phoneNumber)
    hashObj.update(Settings.SECRET_KEY)
    hash = hashObj.hexdigest()

    try:
        row = Seller.models.Sellers.objects.get(sellerPrimaryPhone=phoneNumber)

    except Seller.models.Sellers.DoesNotExist:
        # phonenum doesn't exists, we want phonenumber to be present
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))


    # resetting password
    row.sellerPasswordHash=hash
    row.sellerAppId = appId
    row.save()

    Helpers.logger.debug('Seller password reset success with phoneNumber {0}'.format(phoneNumber))
    response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, 'reset'))   

    Helpers.create_seller_session(request, phoneNumber, row.id)

    return response
Example #3
0
def signup_password(request):
    if request.method != 'POST':
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, ''))

    password = request.POST.get('password', False)
    phoneNumber =  request.POST.get('phoneNumber', False)
    otpValue = request.POST.get('otpValue', False)
    sellerName = request.POST.get('sellerName', False)
    cityName = request.POST.get('cityName', False)
    address = request.POST.get('address', False)
    # TODO - do we need secondary phonenumber, we need validation of 
    # secondary phonenumber before using it
    #secondaryPhone = request.POST.get('secondaryPhoneNumber', False)
    latitude = request.POST.get('latitude', False)
    longitude = request.POST.get('longitude', False)
    mailId = request.POST.get('mailId', False)
    website = request.POST.get('website', False)
    description = request.POST.get('description', False)
    appId = request.POST.get('appId', False)



    # we share the otp with user as secret, only the users
    # who have correct otp and phonenumber match and valid
    # opt are allowed to add password



    # validation
    if not  otpValue or len(otpValue) != 5 or not otpValue.isdigit():
        Helpers.logger.debug('Invalid otpValue {0}'.format(otpValue))
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidOtpValue, otpValue))


    if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit():
        Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber))
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))

    if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password):
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, ''))
    now = timezone.now()

    # validdate otp
    try:
        otpRow = Seller.models.SellerOTPMappings.objects.get(phoneNumber=phoneNumber)
        # check if opt is correct and valid
        if otpRow.expiaryDate > now and otpRow.otpValue == otpValue:
            # rest is handled below
            pass             
            
        else:
            # already exists and valid no need to update
            Helpers.logger.debug('Otp exists, but invalid {0}'.format(otpValue))  
            return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, {'otpValue': otpValue }))          


    except Seller.models.SellerOTPMappings.DoesNotExist:
        # create new 
        Helpers.logger.debug('Otp doesnot exists {0}'.format(otpValue))
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, otpValue))

    # valid otp mapping exists
    Helpers.logger.debug('Otp exists and valid {0}'.format(otpValue))

    # validate other params and create seller profile if validation passes
    # keep otp alive till we validate all params

    if not sellerName or len(sellerName) > 100 or not re.match(Settings.SELLER_NAME_REGEX_PATTERN, sellerName):
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidSellerName, sellerName))


    if not cityName or len(cityName) > 50 or not cityName.isalpha():
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidCityName, cityName))


    #TODO - address validation ?
    if not address or len(address) > 300:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAddress, address))

    # http://stackoverflow.com/questions/6536232/validate-latitude-and-longitude
    if not latitude:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLatitude, latitude))
    try:
        latitude = float(latitude)
    except ValueError:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLatitude, latitude))

    if latitude < -90 or latitude > 90:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLatitude, latitude))



    if not longitude:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLongitude, longitude))
    try:
        longitude = float(longitude)
    except ValueError:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLongitude, longitude))

    if longitude < -180 or longitude > 180:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidLongitude, longitude))

    # mail is optional, so validate only if provided

    if mailId:
        if not re.match(Settings.EMAIL_REGEX_PATTERN, mailId):
            return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidMailId, mailId))
    else:
        mailId = ''


    # website is optional and validate only if provided
    
    

    if website:
        urlValidator = validators.URLValidator()

        try:
            urlValidator(website)
        except ValidationError:
            return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidWebsite, website))
    else:
        website = ''
        


    # TODO - description validation ?
    # description is optional
    
    if description:
        if len(description) > 1024:
            return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidDescription, description))
    else:
        description = ''
    
     
    if not appId:
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId))






    # create sha512
    hashObj = hashlib.sha512()
    hashObj.update(password)
    hashObj.update(phoneNumber)
    hashObj.update(Settings.SECRET_KEY)
    hash = hashObj.hexdigest()
    
    row = None
    try:
        row = Seller.models.Sellers.objects.get(sellerPrimaryPhone=phoneNumber)

    except Seller.models.Sellers.DoesNotExist:
        pass



    # row already exists 
    if row:
        # phonenum already exists
        return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.PhoneNumAlreadyExists, phoneNumber))

    Helpers.logger.debug('New seller profile phone:{} name:{} city:{} ,\
            address:{} latitude:{} longitude:{} mailId:{} website:{} desc:{}'.format(\
                phoneNumber, sellerName, cityName, address, latitude, longitude, mailId, website, description))

    row = Seller.models.Sellers()

    # adding new user password 
    row.sellerPrimaryPhone = phoneNumber
    row.sellerName = sellerName
    row.sellerCityName = cityName
    row.sellerAddress = address
    row.sellerLatitude = latitude
    row.sellerLongitude = longitude
    row.sellerMailId = mailId
    row.sellerWebsite = website
    row.sellerDescription= description

    row.sellerPasswordHash=hash
    row.sellerAppId = appId

    row.save()

    Helpers.logger.debug('seller added successfully with phoneNumber {0}'.format(phoneNumber))
    response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, 'added'))   

    Helpers.create_seller_session(request, phoneNumber, row.id)

    # make the otp expired, the otp is job is done
    
    otpRow.expiaryDate = now
    otpRow.save()

    return response