Merge pull request #73 from KiwiTechLLC/sprint3

sonar issues

account/serializers.py

@@ -140,15 +140,28 @@ class ForgotPasswordSerializer(serializers.Serializer):
 class SuperUserSerializer(serializers.ModelSerializer):
     """Super admin serializer"""
     user_type = serializers.SerializerMethodField('get_user_type')
+    auth_token = serializers.SerializerMethodField('get_auth_token')
+    refresh_token = serializers.SerializerMethodField('get_refresh_token')
+
+    def get_auth_token(self, obj):
+        refresh = RefreshToken.for_user(obj.auth)
+        access_token = str(refresh.access_token)
+        return access_token
+
+    def get_refresh_token(self, obj):
+        refresh = RefreshToken.for_user(obj.user)
+        refresh_token = str(refresh)
+        return refresh_token
 
     def get_user_type(self, obj):
         """user type"""
-        return SUPERUSER
+        return str(NUMBER['three'])
 
     class Meta(object):
         """Meta info"""
         model = User
-        fields = ['id', 'username', 'email', 'first_name', 'last_name', 'is_active', 'user_type']
+        fields = ['id', 'auth_token', 'refresh_token', 'username', 'email', 'first_name',
+                  'last_name', 'is_active', 'user_type']
 
 
 class GuardianSerializer(serializers.ModelSerializer):

account/views.py

@@ -214,7 +214,7 @@ class ForgotPasswordAPIView(views.APIView):
                 User.objects.get(email=email)
             except User.DoesNotExist:
                 return custom_error_response(ERROR_CODE['2004'], response_status=status.HTTP_404_NOT_FOUND)
-            verification_code = ''.join([str(random.randrange(9)) for _ in range(6)])
+            verification_code = generate_otp()
             # Send the verification code to the user's email
             from_email = settings.EMAIL_FROM_ADDRESS
             recipient_list = [email]
@@ -321,7 +321,7 @@ class UserLogin(viewsets.ViewSet):
                 return custom_response(ERROR_CODE['2024'], {"email_otp": otp, "is_email_verified": is_verified},
                                        response_status=status.HTTP_200_OK)
             data.update({"is_email_verified": is_verified})
-            return custom_response(None, data, response_status=status.HTTP_200_OK)
+            return custom_response(SUCCESS_CODE['3003'], data, response_status=status.HTTP_200_OK)
 
     @action(methods=['post'], detail=False)
     def admin_login(self, request):

base/messages.py

@@ -47,6 +47,7 @@ ERROR_CODE = {
     "2021": "Already register",
     "2022": "Invalid Guardian code",
     "2023": "Invalid user",
+    # email not verified
     "2024": "Email not verified",
     "2025": "Invalid input. Expected a list of strings.",
     "2026": "New password should not same as old password",
@@ -54,6 +55,7 @@ ERROR_CODE = {
     "2028": "You are not authorized person to sign up on this platform",
     "2029": "Validity of otp verification is expired",
     "2030": "Use correct user type and token",
+    # invalid password
     "2031": "Invalid password",
     "2032": "Failed to send email",
     "2033": "Missing required fields",

guardian/tasks.py

@@ -1,6 +1,7 @@
 """task files"""
 """Django import"""
-import random
+import secrets
 def generate_otp():
     """generate random otp"""
-    return ''.join([str(random.randrange(9)) for _ in range(6)])
+    digits = "0123456789"
+    return "".join(secrets.choice(digits) for _ in range(6))

guardian/views.py

@@ -176,6 +176,7 @@ class SearchTaskListAPIView(viewsets.ModelViewSet):
         queryset = self.get_queryset()
 
         paginator = self.pagination_class()
+        # use pagination
         paginated_queryset = paginator.paginate_queryset(queryset, request)
         # use TaskSerializer serializer
         serializer = TaskDetailsSerializer(paginated_queryset, many=True)
@@ -242,6 +243,7 @@ class ApproveTaskAPIView(viewsets.ViewSet):
     def get_queryset(self):
         """Get the queryset for the view"""
         guardian = Guardian.objects.filter(user__email=self.request.user).last()
+        # task query
         task_queryset = JuniorTask.objects.filter(id=self.request.data.get('task_id'),
                                                   guardian=guardian,
                                                   junior=self.request.data.get('junior_id')).last()
@@ -257,9 +259,11 @@ class ApproveTaskAPIView(viewsets.ViewSet):
                                                     "action": str(request.data['action'])},
                                            data=request.data)
         if str(request.data['action']) == str(NUMBER['one']) and serializer.is_valid():
+            # save serializer
             serializer.save()
             return custom_response(SUCCESS_CODE['3025'], response_status=status.HTTP_200_OK)
         elif str(request.data['action']) == str(NUMBER['two']) and serializer.is_valid():
+            # save serializer
             serializer.save()
             return custom_response(SUCCESS_CODE['3026'], response_status=status.HTTP_200_OK)
         else: