some changes in forgot password api

2025-07-13 17:17:20 +00:00 · 2023-07-27 10:59:10 +05:30
parent a83e27b12a
commit c079f3ceca
5 changed files with 23 additions and 34 deletions
--- a/.gitignore
+++ b/.gitignore
@ -21,4 +21,4 @@ static/*
 __pycache__/
 *.env
 ve/*
-
+celerybeat-schedule
--- a/base/messages.py
+++ b/base/messages.py
@ -88,7 +88,9 @@ ERROR_CODE = {
    "2060": "Task does not exist or not in pending state",
    "2061": "Please insert image or check the image is valid or not.",
    # email not null
-    "2062": "Please enter email address"
+    "2062": "Please enter email address",
+    "2063": "Unauthorized access.",
+    "2064": "To change your password first request an OTP and get it verify then change your password."
 }
 """Success message code"""
 SUCCESS_CODE = {
--- a/BIN
+++ b/BIN
--- a/web_admin/serializers/auth_serializer.py
+++ b/web_admin/serializers/auth_serializer.py
@ -9,11 +9,11 @@ from rest_framework import serializers
 from django.contrib.auth import get_user_model
 from django.conf import settings
 from django.utils import timezone
-from rest_framework import status
 from templated_email import send_templated_mail

 # local imports
 from account.models import UserEmailOtp
+from base.constants import USER_TYPE
 from base.messages import ERROR_CODE
 from guardian.tasks import generate_otp

@ -35,11 +35,11 @@ class AdminOTPSerializer(serializers.ModelSerializer):

    def validate(self, attrs):
        """ used to validate the incoming data """
-        user = USER.objects.filter(email=attrs['email']).first()
+        user = USER.objects.filter(email=attrs.get('email')).first()
        if not user:
            raise serializers.ValidationError(ERROR_CODE['2004'])
        elif not user.is_superuser:
-            raise serializers.ValidationError(ERROR_CODE['2036'])
+            raise serializers.ValidationError(ERROR_CODE['2063'])
        attrs.update({'user': user})
        return attrs

@ -67,9 +67,11 @@ class AdminOTPSerializer(serializers.ModelSerializer):
        user_data, created = UserEmailOtp.objects.get_or_create(email=email)
        if created:
            user_data.expired_at = expiry
+            user_data.user_type = dict(USER_TYPE).get('3')
        if user_data:
            user_data.otp = verification_code
            user_data.expired_at = expiry
+            user_data.user_type = dict(USER_TYPE).get('3')
        user_data.save()
        return user_data

@ -93,15 +95,12 @@ class AdminVerifyOTPSerializer(serializers.Serializer):
        email = attrs.get('email')
        otp = attrs.get('otp')

-        user = USER.objects.filter(email=attrs['email']).first()
-        if not user:
-            raise serializers.ValidationError(ERROR_CODE['2004'])
-        elif not user.is_superuser:
-            raise serializers.ValidationError(ERROR_CODE['2036'])
        # fetch email otp object of the user
        user_otp_details = UserEmailOtp.objects.filter(email=email, otp=otp).last()
        if not user_otp_details:
-            raise serializers.ValidationError(ERROR_CODE['2008'])
+            raise serializers.ValidationError(ERROR_CODE['2064'])
+        if user_otp_details.user_type != dict(USER_TYPE).get('3'):
+            raise serializers.ValidationError(ERROR_CODE['2063'])
        if user_otp_details.expired_at.replace(tzinfo=None) < datetime.utcnow():
            raise serializers.ValidationError(ERROR_CODE['2029'])
        user_otp_details.is_verified = True
@ -137,26 +136,12 @@ class AdminCreatePasswordSerializer(serializers.ModelSerializer):
        if new_password != confirm_password:
            raise serializers.ValidationError('password do not match')

-        user = USER.objects.filter(email=attrs['email']).first()
-        if not user:
-            raise serializers.ValidationError(ERROR_CODE['2004'])
-        elif not user.is_superuser:
-            raise serializers.ValidationError(ERROR_CODE['2036'])
-
        user_otp_details = UserEmailOtp.objects.filter(email=email).last()
-
-        if user_otp_details and user_otp_details.is_verified:
+        if not user_otp_details:
+            raise serializers.ValidationError(ERROR_CODE['2064'])
+        if user_otp_details.user_type != dict(USER_TYPE).get('3'):
+            raise serializers.ValidationError(ERROR_CODE['2063'])
+        if not user_otp_details.is_verified:
+            raise serializers.ValidationError(ERROR_CODE['2064'])
        user_otp_details.delete()
-            attrs.update({'user': user})
        return attrs
-        raise serializers.ValidationError(ERROR_CODE['2036'])
-
-    def create(self, validated_data):
-        """
-        to create password
-        :return: user
-        """
-        user = validated_data.get('user')
-        user.set_password(validated_data.get('password'))
-        user.save()
-        return user
--- a/web_admin/views/auth.py
+++ b/web_admin/views/auth.py
@ -53,5 +53,7 @@ class ForgotAndResetPasswordViewSet(GenericViewSet):
        """
        serializer = self.serializer_class(data=request.data)
        serializer.is_valid(raise_exception=True)
-        serializer.save()
+        user = USER.objects.filter(email=serializer.validated_data.get('email')).first()
+        user.set_password(serializer.validated_data.get('new_password'))
+        user.save()
        return custom_response(SUCCESS_CODE['3007'])