def forgot_password_verify_code(request, code, new_password): """ Updates password after verification of code and new password :param request: :param code: 4 digit code received over mail :param new_password: :return: 400 if code generation fails :return: 200 successful """ try: pass_ver = PasswordVerification.objects.get(user=request.user) if code == pass_ver.code: if validate_password(new_password): request.user.set_password(new_password) request.user.save() pass_ver.delete() else: return Response("Invalid new password", status=status.HTTP_400_BAD_REQUEST) else: return Response("Code mismatch", status=status.HTTP_400_BAD_REQUEST) except PasswordVerification.DoesNotExist: return Response("Forgot password code not yet generated", status=status.HTTP_400_BAD_REQUEST) except Exception as e: return Response(str(e), status=status.HTTP_400_BAD_REQUEST) return Response("Password updated succesfully", status=status.HTTP_200_OK)
def update_password(request): """ update password :param request: :return: 400 if incorrect parameters are sent :return: 200 successful """ old_password = request.POST.get('old_password', None) new_password = request.POST.get('new_password', None) if not old_password or not new_password: error_message = "Missing parameters in request. Send old_password, new_password" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) try: if request.user.check_password(old_password): if validate_password(new_password): request.user.set_password(new_password) request.user.save() else: return Response("Invalid new password", status=status.HTTP_400_BAD_REQUEST) else: return Response("Incorrect old password", status=status.HTTP_400_BAD_REQUEST) except Exception as e: return Response(str(e), status=status.HTTP_400_BAD_REQUEST) return Response("Password updated successfully", status=status.HTTP_200_OK)
def sign_up(request): """ Adds a new user to database Note: client's email is stored as username in database (NO explicit difference in email and username) :param request: contains first name, last name, email Id (username) and password :return: 400 if incorrect parameters are sent or email ID already exists :return: 201 successful """ firstname = request.POST.get('firstname', None) lastname = request.POST.get('lastname', None) username = parseaddr(request.POST.get('email', None))[1].lower() password = request.POST.get('password', None) if not firstname or not lastname or not username or not password: # incorrect request received error_message = "Missing parameters in request. Send firstname, lastname, email, password" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) if not validate_email(username): error_message = "Invalid email Id" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) if not validate_password(password): error_message = "Invalid Password" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) try: User.objects.get(username=username) error_message = "Email Id already exists" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) except User.DoesNotExist: user = User.objects.create_user(username, password=password) user.first_name = firstname user.last_name = lastname user.is_superuser = False user.is_staff = False user.save() try: to_list = [user.username] fullname = "{} {}".format(firstname, lastname) mail_subject = WELCOME_MAIL_SUBJECT.format(firstname) mail_content = WELCOME_MAIL_CONTENT.format(fullname) send_mail(mail_subject, mail_content, DEFAULT_EMAIL_SENDER, to_list, fail_silently=False) except SMTPException as e: error_message = "Registration successful. Unable to send a welcome email to user" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) except Exception as e: error_message = str(e) return Response(error_message, status=status.HTTP_400_BAD_REQUEST) success_message = "Successfully registered" return Response(success_message, status=status.HTTP_201_CREATED)
def test_validate_password(self): data_provider = [ {"password": "******", "result": False}, {"password": "******", "result": False}, {"password": "******", "result": True}, {"password": '******', "result": True}, ] for data in data_provider: result = validate_password(data['password']) self.assertEqual(result, data['result'])
def sign_up(request): """ Adds a new user to database Note: client's email is stored as username in database (NO explicit difference in email and username) :param request: contains first name, last name, email Id (username) and password :return: 400 if incorrect parameters are sent or email ID already exists :return: 201 successful """ firstname = request.POST.get('firstname', None) lastname = request.POST.get('lastname', None) username = parseaddr(request.POST.get('email', None))[1].lower() password = request.POST.get('password', None) if not firstname or not lastname or not username or not password: # incorrect request received error_message = "Missing parameters in request. Send firstname, lastname, email, password" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) if not validate_email(username): error_message = "Invalid email Id" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) if not validate_password(password): error_message = "Invalid Password" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) try: User.objects.get(username=username) error_message = "Email Id already exists" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) except User.DoesNotExist: user = User.objects.create_user(username, password=password) user.first_name = firstname user.last_name = lastname user.is_superuser = False user.is_staff = False user.save() except Exception as e: error_message = str(e) return Response(error_message, status=status.HTTP_400_BAD_REQUEST) success_message = "Successfully registered" return Response(success_message, status=status.HTTP_201_CREATED)
def forgot_password_verify_code(request, username, code, new_password): """ Updates password after verification of code and new password :param request: :param username: email to identify the user :param code: 4 digit code received over mail :param new_password: :return: 400 if code generation fails :return: 404 if invalid username :return: 200 successful """ try: # check if user with given username exists user = User.objects.get(username=username) try: pass_ver = PasswordVerification.objects.get(user=user) if code == pass_ver.code: if validate_password(new_password): user.set_password(new_password) user.save() pass_ver.delete() else: return Response("Invalid new password", status=status.HTTP_400_BAD_REQUEST) else: return Response("Code mismatch", status=status.HTTP_400_BAD_REQUEST) except PasswordVerification.DoesNotExist: return Response("Forgot password code not yet generated", status=status.HTTP_400_BAD_REQUEST) except Exception as e: return Response(str(e), status=status.HTTP_400_BAD_REQUEST) return Response("Password updated succesfully", status=status.HTTP_200_OK) except User.DoesNotExist: error_message = "Invalid username" return Response(error_message, status=status.HTTP_404_NOT_FOUND)
def update_user_password(request): old_password = request.POST.get('old_password', None) new_password = request.POST.get('new_password', None) user = request.user confirm_password = user.password if not old_password or not new_password: error_message = "Missing parameters in request" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) if not confirm_password == old_password: error_message = "Password not found" return Response(error_message, status=status.HTTP_404_NOT_FOUND) if not validate_password(new_password): error_message = "New Password not valid" return Response(error_message, status=status.HTTP_400_BAD_REQUEST) user.password = new_password user.save() return Response("Password update succesful", status=status.HTTP_200_OK)