From 6d6d21137fec028c6656e8fa1a3a37a3a49ef2b4 Mon Sep 17 00:00:00 2001
From: jain <ankita.jain@kiwitech.com>
Date: Mon, 17 Jul 2023 17:00:33 +0530
Subject: [PATCH] sonar issues

---
 account/serializers.py | 17 +++++++++++++++--
 account/views.py       |  2 +-
 base/messages.py       |  2 ++
 guardian/tasks.py      |  5 +++--
 guardian/views.py      |  4 ++++
 5 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/account/serializers.py b/account/serializers.py
index 3596c07..11944e6 100644
--- a/account/serializers.py
+++ b/account/serializers.py
@@ -140,15 +140,28 @@ class ForgotPasswordSerializer(serializers.Serializer):
 class SuperUserSerializer(serializers.ModelSerializer):
     """Super admin serializer"""
     user_type = serializers.SerializerMethodField('get_user_type')
+    auth_token = serializers.SerializerMethodField('get_auth_token')
+    refresh_token = serializers.SerializerMethodField('get_refresh_token')
+
+    def get_auth_token(self, obj):
+        refresh = RefreshToken.for_user(obj.auth)
+        access_token = str(refresh.access_token)
+        return access_token
+
+    def get_refresh_token(self, obj):
+        refresh = RefreshToken.for_user(obj.user)
+        refresh_token = str(refresh)
+        return refresh_token
 
     def get_user_type(self, obj):
         """user type"""
-        return SUPERUSER
+        return str(NUMBER['three'])
 
     class Meta(object):
         """Meta info"""
         model = User
-        fields = ['id', 'username', 'email', 'first_name', 'last_name', 'is_active', 'user_type']
+        fields = ['id', 'auth_token', 'refresh_token', 'username', 'email', 'first_name',
+                  'last_name', 'is_active', 'user_type']
 
 
 class GuardianSerializer(serializers.ModelSerializer):
diff --git a/account/views.py b/account/views.py
index b6fc821..c11e955 100644
--- a/account/views.py
+++ b/account/views.py
@@ -214,7 +214,7 @@ class ForgotPasswordAPIView(views.APIView):
                 User.objects.get(email=email)
             except User.DoesNotExist:
                 return custom_error_response(ERROR_CODE['2004'], response_status=status.HTTP_404_NOT_FOUND)
-            verification_code = ''.join([str(random.randrange(9)) for _ in range(6)])
+            verification_code = generate_otp()
             # Send the verification code to the user's email
             from_email = settings.EMAIL_FROM_ADDRESS
             recipient_list = [email]
diff --git a/base/messages.py b/base/messages.py
index 8b65d2a..82d471a 100644
--- a/base/messages.py
+++ b/base/messages.py
@@ -47,6 +47,7 @@ ERROR_CODE = {
     "2021": "Already register",
     "2022": "Invalid Guardian code",
     "2023": "Invalid user",
+    # email not verified
     "2024": "Email not verified",
     "2025": "Invalid input. Expected a list of strings.",
     "2026": "New password should not same as old password",
@@ -54,6 +55,7 @@ ERROR_CODE = {
     "2028": "You are not authorized person to sign up on this platform",
     "2029": "Validity of otp verification is expired",
     "2030": "Use correct user type and token",
+    # invalid password
     "2031": "Invalid password",
     "2032": "Failed to send email",
     "2033": "Missing required fields",
diff --git a/guardian/tasks.py b/guardian/tasks.py
index 7a5dd90..9cf39b3 100644
--- a/guardian/tasks.py
+++ b/guardian/tasks.py
@@ -1,6 +1,7 @@
 """task files"""
 """Django import"""
-import random
+import secrets
 def generate_otp():
     """generate random otp"""
-    return ''.join([str(random.randrange(9)) for _ in range(6)])
+    digits = "0123456789"
+    return "".join(secrets.choice(digits) for _ in range(6))
diff --git a/guardian/views.py b/guardian/views.py
index f53dc7d..1d1808e 100644
--- a/guardian/views.py
+++ b/guardian/views.py
@@ -176,6 +176,7 @@ class SearchTaskListAPIView(viewsets.ModelViewSet):
         queryset = self.get_queryset()
 
         paginator = self.pagination_class()
+        # use pagination
         paginated_queryset = paginator.paginate_queryset(queryset, request)
         # use TaskSerializer serializer
         serializer = TaskDetailsSerializer(paginated_queryset, many=True)
@@ -242,6 +243,7 @@ class ApproveTaskAPIView(viewsets.ViewSet):
     def get_queryset(self):
         """Get the queryset for the view"""
         guardian = Guardian.objects.filter(user__email=self.request.user).last()
+        # task query
         task_queryset = JuniorTask.objects.filter(id=self.request.data.get('task_id'),
                                                   guardian=guardian,
                                                   junior=self.request.data.get('junior_id')).last()
@@ -257,9 +259,11 @@ class ApproveTaskAPIView(viewsets.ViewSet):
                                                     "action": str(request.data['action'])},
                                            data=request.data)
         if str(request.data['action']) == str(NUMBER['one']) and serializer.is_valid():
+            # save serializer
             serializer.save()
             return custom_response(SUCCESS_CODE['3025'], response_status=status.HTTP_200_OK)
         elif str(request.data['action']) == str(NUMBER['two']) and serializer.is_valid():
+            # save serializer
             serializer.save()
             return custom_response(SUCCESS_CODE['3026'], response_status=status.HTTP_200_OK)
         else: