def login(request):
if request.method != 'POST':
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, ''))
password = request.POST.get('password', False)
phoneNumber = request.POST.get('phoneNumber', False)
# we share the otp with user as secret, only the users
# who have correct otp and phonenumber match and valid
# opt are allowed to add password
# validation
if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit():
Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))
if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password):
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, ''))
appId = request.POST.get('appId', False)
if not appId:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId))
now = timezone.now()
# create sha512
hashObj = hashlib.sha512()
hashObj.update(password)
hashObj.update(phoneNumber)
hashObj.update(Settings.SECRET_KEY)
hash = hashObj.hexdigest()
try:
row = User.models.Users.objects.get(userPrimaryPhone=phoneNumber, userPasswordHash=hash)
# user name is valid
row.userAppId = appId
row.save()
except User.models.Users.DoesNotExist:
Helpers.logger.debug('Invalid username password {0} {1}'.format(phoneNumber, password))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidUsernamePassword, ''))
# create session here
response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, ''))
Helpers.create_user_session(request, phoneNumber, row.id)
return response
def reset_password(request):
if request.method != 'POST':
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, ''))
password = request.POST.get('password', False)
phoneNumber = request.POST.get('phoneNumber', False)
otpValue = request.POST.get('otpValue', False)
# we share the otp with user as secret, only the users
# who have correct otp and phonenumber match and valid
# opt are allowed to add password
# validation
if not otpValue or len(otpValue) != 5 or not otpValue.isdigit():
Helpers.logger.debug('Invalid otpValue {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidOtpValue, otpValue))
if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit():
Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))
if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password):
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, ''))
now = timezone.now()
# validdate otp
try:
otpRow = User.models.OTPMappings.objects.get(phoneNumber=phoneNumber)
# check if opt is correct and valid
if otpRow.expiaryDate > now and otpRow.otpValue == otpValue:
# valid otp mapping exists
Helpers.logger.debug('Otp exists and valid {0}'.format(otpValue))
else:
# already exists and valid no need to update
Helpers.logger.debug('Otp exists, but invalid {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, {'otpValue': otpValue }))
except User.models.OTPMappings.DoesNotExist:
# create new
Helpers.logger.debug('Otp doesnot exists {0}'.format(otpValue))
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, otpValue))
appId = request.POST.get('appId', False)
if not appId:
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId))
# create sha512
hashObj = hashlib.sha512()
hashObj.update(password)
hashObj.update(phoneNumber)
hashObj.update(Settings.SECRET_KEY)
hash = hashObj.hexdigest()
try:
row = User.models.Users.objects.get(userPrimaryPhone=phoneNumber)
except User.models.User.DoesNotExist:
# phonenum doesn't exists, we want phonenumber to be present
return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber))
# resetting password
row.userPasswordHash=hash
row.userAppId = appId
row.save()
Helpers.logger.debug('Seller password reset success with phoneNumber {0}'.format(phoneNumber))
response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, 'reset'))
Helpers.create_user_session(request, phoneNumber, row.id)
# make the otp expired, the otp is job is done
otpRow.expiaryDate = now
otpRow.save()
return response
