def change_user_password(self, request, **kwargs): if request.method != 'POST': return HttpResponse(json.dumps({"message":"method not allowed"}), content_type="application/json",status=401) try: load = json.loads(request.body) except: return HttpResponse(content_type="application/json", status=404) type = kwargs['type'] otp_token = load.get('otp_token') password = load.get('password1') repassword = load.get('password2') invalid_password = check_password(repassword) if (invalid_password): return HttpBadRequest("password is not meant according to the rules") auth_key = load.get('auth_key') user_details = {} if not type: return HttpBadRequest("type not defined use email/phone") if password != repassword: return HttpBadRequest("password1 and password2 not matched") try: if type=='phone': try: if not (settings.ENV in settings.IGNORE_ENV and otp_token in settings.HARCODED_OTPS): consumer = afterbuy_model.OTPToken.objects.get(token=otp_token).user otp_handler.validate_otp(otp_token, user=consumer) except Exception: raise ImmediateHttpResponse( response=http.HttpBadRequest('Wrong OTP!')) user_details['id'] = consumer.user.id elif type=='email': try: user_obj = afterbuy_model.EmailToken.objects.get(activation_key=auth_key).user except Exception: raise ImmediateHttpResponse( response=http.HttpBadRequest('invalid authentication key!')) user_details['email'] = user_obj.user.email user = User.objects.filter(**user_details)[0] user.set_password(password) user.save() data = {'status': 1, 'message': "password updated successfully"} except Exception as ex: logger.error('Invalid details, mobile {0} and exception {1}'.format(request.POST.get('phone_number', ''),ex)) data = {'status': 0, 'message': "password not updated"} return HttpResponse(json.dumps(data), content_type="application/json")
def change_password(request): if request.method == 'GET': return render(request, 'portal/change_password.html') if request.method == 'POST': groups = utils.stringify_groups(request.user) if Roles.DEALERS in groups or Roles.ASCS in groups: user = User.objects.get(username=request.user) old_password = request.POST.get('oldPassword') new_password = request.POST.get('newPassword') check_pass = user.check_password(str(old_password)) if check_pass: invalid_password = check_password(new_password) if (invalid_password): data = {'message':"password does not match the rules",'status':False} else: user.set_password(str(new_password)) user.save() data = {'message': 'Password Changed successfully', 'status': True} else: data = {'message': 'Old password wrong', 'status': False} return HttpResponse(json.dumps(data), content_type='application/json') else: return HttpResponseBadRequest('Not Allowed')