some changes in forgot password api

.gitignore

@@ -21,4 +21,4 @@ static/*
 __pycache__/
 *.env
 ve/*
-
+celerybeat-schedule

base/messages.py

@@ -88,7 +88,9 @@ ERROR_CODE = {
     "2060": "Task does not exist or not in pending state",
     "2061": "Please insert image or check the image is valid or not.",
     # email not null
-    "2062": "Please enter email address"
+    "2062": "Please enter email address",
+    "2063": "Unauthorized access.",
+    "2064": "To change your password first request an OTP and get it verify then change your password."
 }
 """Success message code"""
 SUCCESS_CODE = {

web_admin/serializers/auth_serializer.py

@@ -9,11 +9,11 @@ from rest_framework import serializers
 from django.contrib.auth import get_user_model
 from django.conf import settings
 from django.utils import timezone
-from rest_framework import status
 from templated_email import send_templated_mail
 
 # local imports
 from account.models import UserEmailOtp
+from base.constants import USER_TYPE
 from base.messages import ERROR_CODE
 from guardian.tasks import generate_otp
 
@@ -35,11 +35,11 @@ class AdminOTPSerializer(serializers.ModelSerializer):
 
     def validate(self, attrs):
         """ used to validate the incoming data """
-        user = USER.objects.filter(email=attrs['email']).first()
+        user = USER.objects.filter(email=attrs.get('email')).first()
         if not user:
             raise serializers.ValidationError(ERROR_CODE['2004'])
         elif not user.is_superuser:
-            raise serializers.ValidationError(ERROR_CODE['2036'])
+            raise serializers.ValidationError(ERROR_CODE['2063'])
         attrs.update({'user': user})
         return attrs
 
@@ -67,9 +67,11 @@ class AdminOTPSerializer(serializers.ModelSerializer):
         user_data, created = UserEmailOtp.objects.get_or_create(email=email)
         if created:
             user_data.expired_at = expiry
+            user_data.user_type = dict(USER_TYPE).get('3')
         if user_data:
             user_data.otp = verification_code
             user_data.expired_at = expiry
+            user_data.user_type = dict(USER_TYPE).get('3')
         user_data.save()
         return user_data
 
@@ -93,15 +95,12 @@ class AdminVerifyOTPSerializer(serializers.Serializer):
         email = attrs.get('email')
         otp = attrs.get('otp')
 
-        user = USER.objects.filter(email=attrs['email']).first()
-        if not user:
-            raise serializers.ValidationError(ERROR_CODE['2004'])
-        elif not user.is_superuser:
-            raise serializers.ValidationError(ERROR_CODE['2036'])
         # fetch email otp object of the user
         user_otp_details = UserEmailOtp.objects.filter(email=email, otp=otp).last()
         if not user_otp_details:
-            raise serializers.ValidationError(ERROR_CODE['2008'])
+            raise serializers.ValidationError(ERROR_CODE['2064'])
+        if user_otp_details.user_type != dict(USER_TYPE).get('3'):
+            raise serializers.ValidationError(ERROR_CODE['2063'])
         if user_otp_details.expired_at.replace(tzinfo=None) < datetime.utcnow():
             raise serializers.ValidationError(ERROR_CODE['2029'])
         user_otp_details.is_verified = True
@@ -137,26 +136,12 @@ class AdminCreatePasswordSerializer(serializers.ModelSerializer):
         if new_password != confirm_password:
             raise serializers.ValidationError('password do not match')
 
-        user = USER.objects.filter(email=attrs['email']).first()
-        if not user:
-            raise serializers.ValidationError(ERROR_CODE['2004'])
-        elif not user.is_superuser:
-            raise serializers.ValidationError(ERROR_CODE['2036'])
-
         user_otp_details = UserEmailOtp.objects.filter(email=email).last()
-
+        if not user_otp_details:
-        if user_otp_details and user_otp_details.is_verified:
+            raise serializers.ValidationError(ERROR_CODE['2064'])
+        if user_otp_details.user_type != dict(USER_TYPE).get('3'):
+            raise serializers.ValidationError(ERROR_CODE['2063'])
+        if not user_otp_details.is_verified:
+            raise serializers.ValidationError(ERROR_CODE['2064'])
         user_otp_details.delete()
-            attrs.update({'user': user})
         return attrs
-        raise serializers.ValidationError(ERROR_CODE['2036'])
-
-    def create(self, validated_data):
-        """
-        to create password
-        :return: user
-        """
-        user = validated_data.get('user')
-        user.set_password(validated_data.get('password'))
-        user.save()
-        return user

web_admin/views/auth.py

@@ -53,5 +53,7 @@ class ForgotAndResetPasswordViewSet(GenericViewSet):
         """
         serializer = self.serializer_class(data=request.data)
         serializer.is_valid(raise_exception=True)
-        serializer.save()
+        user = USER.objects.filter(email=serializer.validated_data.get('email')).first()
+        user.set_password(serializer.validated_data.get('new_password'))
+        user.save()
         return custom_response(SUCCESS_CODE['3007'])