def login(request): if request.method != 'POST': return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, '')) password = request.POST.get('password', False) phoneNumber = request.POST.get('phoneNumber', False) # we share the otp with user as secret, only the users # who have correct otp and phonenumber match and valid # opt are allowed to add password # validation if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit(): Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber)) return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber)) if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password): return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, '')) appId = request.POST.get('appId', False) if not appId: return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId)) now = timezone.now() # create sha512 hashObj = hashlib.sha512() hashObj.update(password) hashObj.update(phoneNumber) hashObj.update(Settings.SECRET_KEY) hash = hashObj.hexdigest() try: row = User.models.Users.objects.get(userPrimaryPhone=phoneNumber, userPasswordHash=hash) # user name is valid row.userAppId = appId row.save() except User.models.Users.DoesNotExist: Helpers.logger.debug('Invalid username password {0} {1}'.format(phoneNumber, password)) return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidUsernamePassword, '')) # create session here response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, '')) Helpers.create_user_session(request, phoneNumber, row.id) return response
def reset_password(request): if request.method != 'POST': return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.NotPostRequest, '')) password = request.POST.get('password', False) phoneNumber = request.POST.get('phoneNumber', False) otpValue = request.POST.get('otpValue', False) # we share the otp with user as secret, only the users # who have correct otp and phonenumber match and valid # opt are allowed to add password # validation if not otpValue or len(otpValue) != 5 or not otpValue.isdigit(): Helpers.logger.debug('Invalid otpValue {0}'.format(otpValue)) return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidOtpValue, otpValue)) if not phoneNumber or len(phoneNumber) != 10 or not phoneNumber.isdigit(): Helpers.logger.debug('Invalid phoneNumber {0}'.format(phoneNumber)) return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber)) if not password or len(password) > 15 or not re.match(Settings.PASSWORD_REGEX_PATTERN, password): return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPassword, '')) now = timezone.now() # validdate otp try: otpRow = User.models.OTPMappings.objects.get(phoneNumber=phoneNumber) # check if opt is correct and valid if otpRow.expiaryDate > now and otpRow.otpValue == otpValue: # valid otp mapping exists Helpers.logger.debug('Otp exists and valid {0}'.format(otpValue)) else: # already exists and valid no need to update Helpers.logger.debug('Otp exists, but invalid {0}'.format(otpValue)) return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, {'otpValue': otpValue })) except User.models.OTPMappings.DoesNotExist: # create new Helpers.logger.debug('Otp doesnot exists {0}'.format(otpValue)) return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.OtpValidationFailed, otpValue)) appId = request.POST.get('appId', False) if not appId: return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidAppId, appId)) # create sha512 hashObj = hashlib.sha512() hashObj.update(password) hashObj.update(phoneNumber) hashObj.update(Settings.SECRET_KEY) hash = hashObj.hexdigest() try: row = User.models.Users.objects.get(userPrimaryPhone=phoneNumber) except User.models.User.DoesNotExist: # phonenum doesn't exists, we want phonenumber to be present return HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.InvalidPhoneNum, phoneNumber)) # resetting password row.userPasswordHash=hash row.userAppId = appId row.save() Helpers.logger.debug('Seller password reset success with phoneNumber {0}'.format(phoneNumber)) response = HttpResponse(Helpers.create_json_output(Helpers.StatusCodes.Success, 'reset')) Helpers.create_user_session(request, phoneNumber, row.id) # make the otp expired, the otp is job is done otpRow.expiaryDate = now otpRow.save() return response