sonar issues

2025-07-15 01:55:21 +00:00 · 2023-07-17 17:00:33 +05:30
parent 1399b585e8
commit 6d6d21137f
5 changed files with 25 additions and 5 deletions
--- a/account/serializers.py
+++ b/account/serializers.py
@ -140,15 +140,28 @@ class ForgotPasswordSerializer(serializers.Serializer):
 class SuperUserSerializer(serializers.ModelSerializer):
    """Super admin serializer"""
    user_type = serializers.SerializerMethodField('get_user_type')
+    auth_token = serializers.SerializerMethodField('get_auth_token')
+    refresh_token = serializers.SerializerMethodField('get_refresh_token')
+
+    def get_auth_token(self, obj):
+        refresh = RefreshToken.for_user(obj.auth)
+        access_token = str(refresh.access_token)
+        return access_token
+
+    def get_refresh_token(self, obj):
+        refresh = RefreshToken.for_user(obj.user)
+        refresh_token = str(refresh)
+        return refresh_token

    def get_user_type(self, obj):
        """user type"""
-        return SUPERUSER
+        return str(NUMBER['three'])

    class Meta(object):
        """Meta info"""
        model = User
-        fields = ['id', 'username', 'email', 'first_name', 'last_name', 'is_active', 'user_type']
+        fields = ['id', 'auth_token', 'refresh_token', 'username', 'email', 'first_name',
+                  'last_name', 'is_active', 'user_type']


 class GuardianSerializer(serializers.ModelSerializer):
--- a/account/views.py
+++ b/account/views.py
@ -214,7 +214,7 @@ class ForgotPasswordAPIView(views.APIView):
                User.objects.get(email=email)
            except User.DoesNotExist:
                return custom_error_response(ERROR_CODE['2004'], response_status=status.HTTP_404_NOT_FOUND)
-            verification_code = ''.join([str(random.randrange(9)) for _ in range(6)])
+            verification_code = generate_otp()
            # Send the verification code to the user's email
            from_email = settings.EMAIL_FROM_ADDRESS
            recipient_list = [email]
--- a/base/messages.py
+++ b/base/messages.py
@ -47,6 +47,7 @@ ERROR_CODE = {
    "2021": "Already register",
    "2022": "Invalid Guardian code",
    "2023": "Invalid user",
+    # email not verified
    "2024": "Email not verified",
    "2025": "Invalid input. Expected a list of strings.",
    "2026": "New password should not same as old password",
@ -54,6 +55,7 @@ ERROR_CODE = {
    "2028": "You are not authorized person to sign up on this platform",
    "2029": "Validity of otp verification is expired",
    "2030": "Use correct user type and token",
+    # invalid password
    "2031": "Invalid password",
    "2032": "Failed to send email",
    "2033": "Missing required fields",
--- a/guardian/tasks.py
+++ b/guardian/tasks.py
@ -1,6 +1,7 @@
 """task files"""
 """Django import"""
-import random
+import secrets
 def generate_otp():
    """generate random otp"""
-    return ''.join([str(random.randrange(9)) for _ in range(6)])
+    digits = "0123456789"
+    return "".join(secrets.choice(digits) for _ in range(6))
--- a/guardian/views.py
+++ b/guardian/views.py
@ -176,6 +176,7 @@ class SearchTaskListAPIView(viewsets.ModelViewSet):
        queryset = self.get_queryset()

        paginator = self.pagination_class()
+        # use pagination
        paginated_queryset = paginator.paginate_queryset(queryset, request)
        # use TaskSerializer serializer
        serializer = TaskDetailsSerializer(paginated_queryset, many=True)
@ -242,6 +243,7 @@ class ApproveTaskAPIView(viewsets.ViewSet):
    def get_queryset(self):
        """Get the queryset for the view"""
        guardian = Guardian.objects.filter(user__email=self.request.user).last()
+        # task query
        task_queryset = JuniorTask.objects.filter(id=self.request.data.get('task_id'),
                                                  guardian=guardian,
                                                  junior=self.request.data.get('junior_id')).last()
@ -257,9 +259,11 @@ class ApproveTaskAPIView(viewsets.ViewSet):
                                                    "action": str(request.data['action'])},
                                           data=request.data)
        if str(request.data['action']) == str(NUMBER['one']) and serializer.is_valid():
+            # save serializer
            serializer.save()
            return custom_response(SUCCESS_CODE['3025'], response_status=status.HTTP_200_OK)
        elif str(request.data['action']) == str(NUMBER['two']) and serializer.is_valid():
+            # save serializer
            serializer.save()
            return custom_response(SUCCESS_CODE['3026'], response_status=status.HTTP_200_OK)
        else: