feedback changes and added mark all read

fixed guardian reject issue, updated ids in notification method, remove unnecessary condition from analytics and user management
fixed article reward points notification for 0 points earned
2025-08-25 21:59:40 +00:00 · 2023-09-22 19:55:10 +05:30 · 2023-09-13 18:15:07 +05:30 · 2023-09-13 14:45:47 +05:30 · 2023-09-13 14:38:18 +05:30 · 2023-09-13 14:03:13 +05:30
34 changed files with 7250 additions and 139 deletions
--- a/.coverage
+++ b/.coverage
--- a/.gitignore
+++ b/.gitignore
@ -6,7 +6,6 @@ media/
 *.name
 *.iml
 *.log
-*.xml
 *.pyo
 .DS_Store
 .idea
--- a/account/tests.py
+++ b/account/tests.py
@ -1,5 +1,60 @@
-"""Test cases file of account"""
-"""Django import"""
+"""
+test cases file of account
+"""
+# django imports
 from django.test import TestCase
+from rest_framework.test import APIClient
+from rest_framework import status
+from django.contrib.auth.models import User
+from django.urls import reverse
+from rest_framework_simplejwt.tokens import RefreshToken
+
+
+class UserLoginTestCase(TestCase):
+    """
+    test cases for login
+    """
+    def setUp(self):
+        """
+        set up data
+        :return:
+        """
+        self.client = APIClient()
+        self.user_email = 'user@example.com'
+        self.user = User.objects.create_superuser(username=self.user_email,  email=self.user_email)
+        self.user.set_password('user@1234')
+        self.user.save()
+
+    def test_admin_login_success(self):
+        """
+        test admin login with valid credentials
+        :return:
+        """
+        url = reverse('account:admin-login')
+        data = {
+            'email': self.user_email,
+            'password': 'user@1234',
+        }
+        response = self.client.post(url, data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertIn('auth_token', response.data['data'])
+        self.assertIn('refresh_token', response.data['data'])
+        self.assertEqual(response.data['data']['username'], data['email'])
+
+    def test_admin_login_invalid_credentials(self):
+        """
+        test admin login with invalid credentials
+        :return:
+        """
+        url = reverse('account:admin-login')
+        data = {
+            'email': self.user_email,
+            'password': 'user@1235',
+        }
+        response = self.client.post(url, data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertNotIn('auth_token', response.data)
+        self.assertNotIn('refresh_token', response.data)
+
+    # Add more test cases as needed

-# Create your tests here.
--- a/account/utils.py
+++ b/account/utils.py
@ -300,24 +300,21 @@ def make_special_password(length=10):
    lowercase_letters = string.ascii_lowercase
    uppercase_letters = string.ascii_uppercase
    digits = string.digits
-    special_characters = '!@#$%^&*()_-+=<>?/[]{}|'
+    special_characters = '@#$%&*?'

    # Combine character sets
-    all_characters = lowercase_letters + uppercase_letters + digits + special_characters
+    alphabets = lowercase_letters + uppercase_letters

    # Create a password with random characters
-    password = (
-        secrets.choice(lowercase_letters) +
+    password = [
        secrets.choice(uppercase_letters) +
+        secrets.choice(lowercase_letters) +
        secrets.choice(digits) +
        secrets.choice(special_characters) +
-        ''.join(secrets.choice(all_characters) for _ in range(length - 4))
-    )
+        ''.join(secrets.choice(alphabets) for _ in range(length - 4))
+    ]

-    # Shuffle the characters to make it more random
-    password_list = list(password)
-    random.shuffle(password_list)
-    return ''.join(password_list)
+    return ''.join(password)

 def task_status_fun(status_value):
    """task status"""
--- a/base/messages.py
+++ b/base/messages.py
@ -44,7 +44,7 @@ ERROR_CODE = {
    "2018": "Attached File not found",
    "2019": "Invalid Referral code",
    "2020": "Enter valid mobile number",
-    "2021": "Already register",
+    "2021": "User registered",
    "2022": "Invalid Guardian code",
    "2023": "Invalid user",
    # email not verified
@ -103,9 +103,9 @@ ERROR_CODE = {
    "2074": "You can not complete this task because you does not exist in the system",
    # deactivate account
    "2075": "Your account is deactivated. Please contact with admin",
-    "2076": "This junior already associate with you",
+    "2076": "This junior already associated with you",
    "2077": "You can not add guardian",
-    "2078": "This junior is not associate with you",
+    "2078": "This junior is not associated with you",
    # force update
    "2079": "Please update your app version for enjoying uninterrupted services",
    "2080": "Can not add App version",
--- a/base/pagination.py
+++ b/base/pagination.py
@ -32,15 +32,3 @@ class CustomPageNumberPagination(PageNumberPagination):


        ]))
-
-    def get_paginated_dict_response(self, data):
-        """
-        :param data: queryset to be paginated
-        :return: return a simple dict obj
-        """
-        return {
-            'count': self.page.paginator.count,
-            'data': data,
-            'current_page': self.page.number,
-            'total_pages': self.page.paginator.num_pages,
-        }
--- a/base/tasks.py
+++ b/base/tasks.py
@ -53,11 +53,11 @@ def notify_task_expiry():
                         (datetime.datetime.now().date() + datetime.timedelta(days=1))])
    if pending_tasks := all_pending_tasks.filter(task_status=PENDING):
        for task in pending_tasks:
-            send_notification(PENDING_TASK_EXPIRING, None, None, task.junior.auth.id,
+            send_notification(PENDING_TASK_EXPIRING, None, None, task.junior.auth_id,
                              {'task_id': task.id})
    if in_progress_tasks := all_pending_tasks.filter(task_status=IN_PROGRESS):
        for task in in_progress_tasks:
-            send_notification(IN_PROGRESS_TASK_EXPIRING, task.junior.auth.id, JUNIOR, task.guardian.user.id,
+            send_notification(IN_PROGRESS_TASK_EXPIRING, task.junior.auth_id, JUNIOR, task.guardian.user_id,
                              {'task_id': task.id})
    return True

@ -80,7 +80,7 @@ def notify_top_junior():
    prev_top_position = junior_points_qs.filter(position=1).first()
    new_top_position = junior_points_qs.filter(rank=1).first()
    if prev_top_position != new_top_position:
-        send_notification_multiple_user(TOP_JUNIOR, new_top_position.junior.auth.id, JUNIOR,
+        send_notification_multiple_user(TOP_JUNIOR, new_top_position.junior.auth_id, JUNIOR,
                                        {'points': new_top_position.total_points})
    for junior_point in junior_points_qs:
        junior_point.position = junior_point.rank
--- a/BIN
+++ b/BIN
--- a/coverage-reports/coverage.xml
+++ b/coverage-reports/coverage.xml
--- a/guardian/migrations/0022_alter_juniortask_task_description.py
+++ b/guardian/migrations/0022_alter_juniortask_task_description.py
@ -0,0 +1,18 @@
+# Generated by Django 4.2.2 on 2023-09-08 10:41
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('guardian', '0021_guardian_is_deleted'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='juniortask',
+            name='task_description',
+            field=models.CharField(blank=True, max_length=500, null=True),
+        ),
+    ]
--- a/guardian/models.py
+++ b/guardian/models.py
@ -97,7 +97,7 @@ class JuniorTask(models.Model):
    """task details"""
    task_name = models.CharField(max_length=100)
    """task description"""
-    task_description = models.CharField(max_length=500)
+    task_description = models.CharField(max_length=500, null=True, blank=True)
    """points of the task"""
    points = models.IntegerField(default=TASK_POINTS)
    """last date of the task"""
--- a/guardian/serializers.py
+++ b/guardian/serializers.py
@ -243,8 +243,8 @@ class TaskSerializer(serializers.ModelSerializer):
            task_data['junior'] = junior
            instance = JuniorTask.objects.create(**task_data)
            tasks_created.append(instance)
-            send_notification.delay(TASK_ASSIGNED, guardian.user.id, GUARDIAN,
-                                    junior.auth.id, {'task_id': instance.id})
+            send_notification.delay(TASK_ASSIGNED, guardian.user_id, GUARDIAN,
+                                    junior.auth_id, {'task_id': instance.id})
        return instance

 class GuardianDetailSerializer(serializers.ModelSerializer):
@ -443,8 +443,8 @@ class ApproveTaskSerializer(serializers.ModelSerializer):
                # update complete time of task
                # instance.completed_on = real_time()
                instance.completed_on = timezone.now().astimezone(pytz.utc)
-                send_notification.delay(TASK_APPROVED, instance.guardian.user.id, GUARDIAN,
-                                        junior_details.auth.id, {'task_id': instance.id})
+                send_notification.delay(TASK_APPROVED, instance.guardian.user_id, GUARDIAN,
+                                        junior_details.auth_id, {'task_id': instance.id})
            else:
                # reject the task
                instance.task_status = str(NUMBER['three'])
@ -452,8 +452,8 @@ class ApproveTaskSerializer(serializers.ModelSerializer):
                # update reject time of task
                # instance.rejected_on = real_time()
                instance.rejected_on = timezone.now().astimezone(pytz.utc)
-                send_notification.delay(TASK_REJECTED, instance.guardian.user.id, GUARDIAN,
-                                        junior_details.auth.id, {'task_id': instance.id})
+                send_notification.delay(TASK_REJECTED, instance.guardian.user_id, GUARDIAN,
+                                        junior_details.auth_id, {'task_id': instance.id})
            instance.save()
            junior_data.save()
            return junior_details
--- a/guardian/utils.py
+++ b/guardian/utils.py
@ -117,7 +117,7 @@ def update_referral_points(referral_code, referral_code_used):
            junior_query.total_points = junior_query.total_points + NUMBER['five']
            junior_query.referral_points = junior_query.referral_points + NUMBER['five']
            junior_query.save()
-            send_notification.delay(REFERRAL_POINTS, None, None, junior_queryset.auth.id, {})
+            send_notification.delay(REFERRAL_POINTS, None, None, junior_queryset.auth_id, {})



--- a/guardian/views.py
+++ b/guardian/views.py
@ -149,7 +149,7 @@ class TaskListAPIView(viewsets.ModelViewSet):
    def get_queryset(self):
        queryset = JuniorTask.objects.filter(guardian__user=self.request.user
                                             ).select_related('junior', 'junior__auth'
-                                                              ).order_by('due_date', 'created_at')
+                                                              ).order_by('-created_at')

        queryset = self.filter_queryset(queryset)
        return queryset
@ -208,14 +208,13 @@ class CreateTaskAPIView(viewsets.ModelViewSet):
            junior_data = Junior.objects.filter(id__in=junior_ids,
                                                guardian_code__contains=[guardian.guardian_code]
                                                ).select_related('auth')
-            if junior_data:
-                for junior in junior_data:
-                    index = junior.guardian_code.index(guardian.guardian_code)
-                    status_index = junior.guardian_code_status[index]
-                    if status_index == str(NUMBER['three']):
-                        return custom_error_response(ERROR_CODE['2078'], response_status=status.HTTP_400_BAD_REQUEST)
-            else:
+            if not junior_data:
                return custom_error_response(ERROR_CODE['2047'], response_status=status.HTTP_400_BAD_REQUEST)
+            for junior in junior_data:
+                index = junior.guardian_code.index(guardian.guardian_code)
+                status_index = junior.guardian_code_status[index]
+                if status_index == str(NUMBER['three']):
+                    return custom_error_response(ERROR_CODE['2078'], response_status=status.HTTP_400_BAD_REQUEST)

            # use TaskSerializer serializer
            serializer = TaskSerializer(context={"guardian": guardian, "image": image_data,
@ -305,9 +304,13 @@ class ApproveJuniorAPIView(viewsets.ModelViewSet):
        "action":"1"}
        """
        try:
-            guardian = Guardian.objects.filter(user__email=self.request.user).last()
+            relation_obj = JuniorGuardianRelationship.objects.filter(
+                guardian__user__email=self.request.user,
+                junior__id=self.request.data.get('junior_id')
+            ).select_related('guardian', 'junior').first()
+            guardian = relation_obj.guardian
            # fetch junior query
-            junior_queryset = Junior.objects.filter(id=self.request.data.get('junior_id')).last()
+            junior_queryset = relation_obj.junior
            if junior_queryset and (junior_queryset.is_deleted or not junior_queryset.is_active):
                return custom_error_response(ERROR_CODE['2073'], response_status=status.HTTP_400_BAD_REQUEST)
            # action 1 is use for approve and 2 for reject
@ -320,8 +323,8 @@ class ApproveJuniorAPIView(viewsets.ModelViewSet):
                if serializer.is_valid():
                    # save serializer
                    serializer.save()
-                    send_notification.delay(ASSOCIATE_APPROVED, guardian.user.id, GUARDIAN,
-                                            junior_queryset.auth.id, {})
+                    send_notification.delay(ASSOCIATE_APPROVED, guardian.user_id, GUARDIAN,
+                                            junior_queryset.auth_id, {})
                    return custom_response(SUCCESS_CODE['3023'], serializer.data, response_status=status.HTTP_200_OK)
            else:
                if junior_queryset.guardian_code and ('-' in junior_queryset.guardian_code):
@ -332,7 +335,8 @@ class ApproveJuniorAPIView(viewsets.ModelViewSet):
                junior_queryset.guardian_code.remove(guardian.guardian_code)
                junior_queryset.guardian_code_status.pop(index)
                junior_queryset.save()
-                send_notification.delay(ASSOCIATE_REJECTED, guardian.user.id, GUARDIAN, junior_queryset.auth.id, {})
+                send_notification.delay(ASSOCIATE_REJECTED, guardian.user_id, GUARDIAN, junior_queryset.auth_id, {})
+                relation_obj.delete()
                return custom_response(SUCCESS_CODE['3024'], response_status=status.HTTP_200_OK)
        except Exception as e:
            return custom_error_response(str(e), response_status=status.HTTP_400_BAD_REQUEST)
--- a/junior/serializers.py
+++ b/junior/serializers.py
@ -107,8 +107,8 @@ class CreateJuniorSerializer(serializers.ModelSerializer):
                guardian_data = Guardian.objects.filter(guardian_code=guardian_code[0]).last()
                if guardian_data:
                    JuniorGuardianRelationship.objects.get_or_create(guardian=guardian_data, junior=junior)
-                    send_notification.delay(ASSOCIATE_REQUEST, junior.auth.id, JUNIOR, guardian_data.user.id, {})
-                junior_approval_mail.delay(user.email, user.first_name)
+                    send_notification.delay(ASSOCIATE_REQUEST, junior.auth_id, JUNIOR, guardian_data.user_id, {})
+                # junior_approval_mail.delay(user.email, user.first_name) removed as per changes
            junior.dob = validated_data.get('dob', junior.dob)
            junior.passcode = validated_data.get('passcode', junior.passcode)
            junior.country_name = validated_data.get('country_name', junior.country_name)
@ -323,7 +323,7 @@ class AddJuniorSerializer(serializers.ModelSerializer):
            """Notification email"""
            junior_notification_email.delay(email, full_name, email, special_password)
            # push notification
-            send_notification.delay(ASSOCIATE_JUNIOR, None, None, junior_data.auth.id, {})
+            send_notification.delay(ASSOCIATE_JUNIOR, None, None, junior_data.auth_id, {})
            return junior_data


@ -359,8 +359,8 @@ class CompleteTaskSerializer(serializers.ModelSerializer):
        instance.task_status = str(NUMBER['four'])
        instance.is_approved = False
        instance.save()
-        send_notification.delay(TASK_ACTION, instance.junior.auth.id, JUNIOR,
-                                instance.guardian.user.id, {'task_id': instance.id})
+        send_notification.delay(TASK_ACTION, instance.junior.auth_id, JUNIOR,
+                                instance.guardian.user_id, {'task_id': instance.id})
        return instance

 class JuniorPointsSerializer(serializers.ModelSerializer):
@ -466,8 +466,8 @@ class AddGuardianSerializer(serializers.ModelSerializer):

            """Notification email"""
            junior_notification_email(email, full_name, email, password)
-            junior_approval_mail.delay(email, full_name)
-            send_notification.delay(ASSOCIATE_REQUEST, junior_data.auth.id, JUNIOR, guardian_data.user.id, {})
+            # junior_approval_mail.delay(email, full_name) removed as per changes
+            send_notification.delay(ASSOCIATE_REQUEST, junior_data.auth_id, JUNIOR, guardian_data.user_id, {})
            return guardian_data

 class StartTaskSerializer(serializers.ModelSerializer):
--- a/junior/urls.py
+++ b/junior/urls.py
@ -6,7 +6,7 @@ from .views import (UpdateJuniorProfile, ValidateGuardianCode, JuniorListAPIView
                    CompleteJuniorTaskAPIView, JuniorPointsListAPIView, ValidateReferralCode,
                    InviteGuardianAPIView, StartTaskAPIView, ReAssignJuniorTaskAPIView, StartArticleAPIView,
                    StartAssessmentAPIView, CheckAnswerAPIView, CompleteArticleAPIView, ReadArticleCardAPIView,
-                    CreateArticleCardAPIView, RemoveGuardianCodeAPIView, FAQViewSet)
+                    CreateArticleCardAPIView, RemoveGuardianCodeAPIView, FAQViewSet, CheckJuniorApiViewSet)
 """Third party import"""
 from rest_framework import routers

@ -29,6 +29,8 @@ router.register('create-junior-profile', UpdateJuniorProfile, basename='profile-
 router.register('validate-guardian-code', ValidateGuardianCode, basename='validate-guardian-code')
 # junior list API"""
 router.register('junior-list', JuniorListAPIView, basename='junior-list')
+
+router.register('check-junior', CheckJuniorApiViewSet, basename='check-junior')
 # Add junior list API"""
 router.register('add-junior', AddJuniorAPIView, basename='add-junior')
 # Invited junior list API"""
--- a/junior/views.py
+++ b/junior/views.py
@ -164,6 +164,29 @@ class JuniorListAPIView(viewsets.ModelViewSet):
            return custom_error_response(str(e), response_status=status.HTTP_400_BAD_REQUEST)


+class CheckJuniorApiViewSet(viewsets.GenericViewSet):
+    """
+    api to check whether given user exist or not
+    """
+    serializer_class = None
+    permission_classes = [IsAuthenticated]
+
+    def get_queryset(self):
+        junior = Junior.objects.filter(auth__email=self.request.data.get('email')).first()
+        return junior
+
+    def create(self, request, *args, **kwargs):
+        """
+        :param request:
+        :return:
+        """
+        junior = self.get_queryset()
+        data = {
+            'junior_exist': True if junior else False
+        }
+        return custom_response(None, data)
+
+
 class AddJuniorAPIView(viewsets.ModelViewSet):
    """Add Junior by guardian"""
    serializer_class = AddJuniorSerializer
@ -180,6 +203,16 @@ class AddJuniorAPIView(viewsets.ModelViewSet):
            "email":"abc@yopmail.com"
        }"""
        try:
+            if user := User.objects.filter(username=request.data['email']).first():
+                data = self.associate_guardian(user)
+                if data == none:
+                    return custom_error_response(ERROR_CODE['2077'], response_status=status.HTTP_400_BAD_REQUEST)
+                elif not data:
+                    return custom_error_response(ERROR_CODE['2076'], response_status=status.HTTP_400_BAD_REQUEST)
+                elif data == "Max":
+                    return custom_error_response(ERROR_CODE['2081'], response_status=status.HTTP_400_BAD_REQUEST)
+                return custom_response(SUCCESS_CODE['3021'], response_status=status.HTTP_200_OK)
+
            info_data = {'user': request.user, 'relationship': str(request.data['relationship']),
                         'email': request.data['email'], 'first_name': request.data['first_name'],
                         'last_name': request.data['last_name'], 'image':None}
@ -193,15 +226,7 @@ class AddJuniorAPIView(viewsets.ModelViewSet):
                # upload image on ali baba
                image_url = upload_image_to_alibaba(profile_image, filename)
                info_data.update({"image": image_url})
-            if user := User.objects.filter(username=request.data['email']).first():
-                data = self.associate_guardian(user)
-                if data == none:
-                    return custom_error_response(ERROR_CODE['2077'], response_status=status.HTTP_400_BAD_REQUEST)
-                elif not data:
-                    return custom_error_response(ERROR_CODE['2076'], response_status=status.HTTP_400_BAD_REQUEST)
-                elif data == "Max":
-                    return custom_error_response(ERROR_CODE['2081'], response_status=status.HTTP_400_BAD_REQUEST)
-                return custom_response(SUCCESS_CODE['3021'], response_status=status.HTTP_200_OK)
+
            # use AddJuniorSerializer serializer
            serializer = AddJuniorSerializer(data=request.data, context=info_data)
            if serializer.is_valid():
@ -238,7 +263,7 @@ class AddJuniorAPIView(viewsets.ModelViewSet):
        if jun_data:
            jun_data.relationship = str(self.request.data['relationship'])
            jun_data.save()
-        send_notification.delay(ASSOCIATE_EXISTING_JUNIOR, self.request.user.id, GUARDIAN, junior.auth.id, {})
+        send_notification.delay(ASSOCIATE_EXISTING_JUNIOR, guardian.user_id, GUARDIAN, junior.auth_id, {})
        return True


@ -337,7 +362,7 @@ class RemoveJuniorAPIView(views.APIView):
                    # save serializer
                    serializer.save()
                    JuniorGuardianRelationship.objects.filter(guardian=guardian, junior=junior_queryset).delete()
-                    send_notification.delay(REMOVE_JUNIOR, None, None, junior_queryset.auth.id, {})
+                    send_notification.delay(REMOVE_JUNIOR, None, None, junior_queryset.auth_id, {})
                    return custom_response(SUCCESS_CODE['3022'], serializer.data, response_status=status.HTTP_200_OK)
                return custom_error_response(serializer.errors, response_status=status.HTTP_400_BAD_REQUEST)
            else:
@ -358,7 +383,7 @@ class JuniorTaskListAPIView(viewsets.ModelViewSet):
    def get_queryset(self):
        queryset = JuniorTask.objects.filter(junior__auth=self.request.user
                                             ).select_related('junior', 'junior__auth'
-                                                              ).order_by('due_date', 'created_at')
+                                                              ).order_by('-created_at')

        queryset = self.filter_queryset(queryset)
        return queryset
@ -646,7 +671,7 @@ class CheckAnswerAPIView(viewsets.ModelViewSet):
            submit_ans = SurveyOption.objects.filter(id=answer_id).last()
            junior_article_points = JuniorArticlePoints.objects.filter(junior__auth=self.request.user,
                                                                       question=queryset)
-            if submit_ans:
+            if submit_ans.is_answer:
                junior_article_points.update(submitted_answer=submit_ans, is_attempt=True, is_answer_correct=True)
                JuniorPoints.objects.filter(junior__auth=self.request.user).update(total_points=
                                                                                   F('total_points') + queryset.points)
@ -686,8 +711,9 @@ class CompleteArticleAPIView(views.APIView):
                                                       is_answer_correct=True).aggregate(
                total_earn_points=Sum('earn_points'))['total_earn_points']
            data = {"total_earn_points":total_earn_points}
-            send_notification.delay(ARTICLE_REWARD_POINTS, None, None,
-                                    request.user.id, {'points': total_earn_points})
+            if total_earn_points:
+                send_notification.delay(ARTICLE_REWARD_POINTS, None, None,
+                                        request.user.id, {'points': total_earn_points})
            return custom_response(SUCCESS_CODE['3042'], data, response_status=status.HTTP_200_OK)
        except Exception as e:
            return custom_error_response(str(e), response_status=status.HTTP_400_BAD_REQUEST)
--- a/notifications/tests.py
+++ b/notifications/tests.py
@ -1,6 +1,98 @@
 """
 notification test file
 """
-from django.test import TestCase
+# third party imports
+from fcm_django.models import FCMDevice

-# Create your tests here.
+# django imports
+from django.urls import reverse
+from rest_framework import status
+
+from account.models import UserNotification
+# local imports
+from account.serializers import GuardianSerializer
+from notifications.models import Notification
+from web_admin.tests.test_set_up import AnalyticsSetUp
+
+
+class NotificationTestCase(AnalyticsSetUp):
+    """
+    test notification
+    """
+    def setUp(self) -> None:
+        """
+        test data up
+        :return:
+        """
+        super(NotificationTestCase, self).setUp()
+
+        # notification settings create
+        UserNotification.objects.create(user=self.user)
+
+        # notification create
+        self.notification = Notification.objects.create(notification_to=self.user, notification_from=self.user_3)
+
+        # to get guardian/user auth token
+        self.guardian_data = GuardianSerializer(
+            self.guardian, context={'user_type': 2}
+        ).data
+        self.auth_token = self.guardian_data['auth_token']
+
+        # api header
+        self.header = {
+            'HTTP_AUTHORIZATION': f'Bearer {self.auth_token}',
+            'Content-Type': "Application/json"
+        }
+
+    def test_notification_list(self):
+        """
+        test notification list
+        :return:
+        """
+
+        url = reverse('notifications:notifications-list')
+        response = self.client.get(url, **self.header)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming only one notification exists in the database
+        self.assertEqual(Notification.objects.filter(notification_to=self.user).count(), 1)
+
+    def test_fcm_register(self):
+        """
+        test fcm register
+        :return:
+        """
+        url = reverse('notifications:notifications-device')
+        data = {
+            'registration_id': 'registration_id',
+            'device_id': 'device_id',
+            'type': 'ios'
+        }
+        response = self.client.post(url, data, **self.header)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # device created for user
+        self.assertEqual(FCMDevice.objects.count(), 1)
+
+    def test_send_test_notification(self):
+        """
+        test send test notification
+        :return:
+        """
+        url = reverse('notifications:notifications-test')
+        response = self.client.get(url, **self.header)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming one notification exists in the database and two created after api run
+        self.assertEqual(Notification.objects.filter(notification_to=self.user).count(), 3)
+
+    def test_mark_as_read(self):
+        """
+        test mark as read
+        :return:
+        """
+        url = reverse('notifications:notifications-mark-as-read')
+        data = {
+            'id': [self.notification.id]
+        }
+        response = self.client.patch(url, data, **self.header)
+        self.notification.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.notification.is_read, True)
--- a/notifications/utils.py
+++ b/notifications/utils.py
@ -104,7 +104,6 @@ def send_notification(notification_type, from_user_id, from_user_type, to_user_i
    notification_data, push_data, from_user, to_user = get_notification_data(notification_type, from_user_id,
                                                                             from_user_type, to_user_id, extra_data)
    user_notification_type = UserNotification.objects.filter(user=to_user).first()
-    notification_data.update({'badge': Notification.objects.filter(notification_to=to_user, is_read=False).count()})
    Notification.objects.create(notification_type=notification_type, notification_from=from_user,
                                notification_to=to_user, data=notification_data)
    if user_notification_type and user_notification_type.push_notification:
@ -139,43 +138,10 @@ def send_notification_multiple_user(notification_type, from_user_id, from_user_t

    notification_list = []
    for user in to_user_list:
-        notification_copy_data = notification_data.copy()
-        notification_copy_data.update(
-            {'badge': Notification.objects.filter(notification_to=user, is_read=False).count()})
        notification_list.append(Notification(notification_type=notification_type,
                                              notification_to=user,
                                              notification_from=from_user,
-                                              data=notification_copy_data))
+                                              data=notification_data))
    Notification.objects.bulk_create(notification_list)
    to_user_list = to_user_list.filter(user_notification__push_notification=True)
    send_multiple_push(to_user_list, push_data)
-
-
-@shared_task()
-def send_notification_to_guardian(notification_type, from_user_id, to_user_id, extra_data):
-    """
-    :param notification_type:
-    :param from_user_id:
-    :param to_user_id:
-    :param extra_data:
-    :return:
-    """
-    if from_user_id:
-        from_user = Junior.objects.filter(auth_id=from_user_id).first()
-        extra_data['from_user_image'] = from_user.image
-    send_notification(notification_type, from_user_id, to_user_id, extra_data)
-
-
-@shared_task()
-def send_notification_to_junior(notification_type, from_user_id, to_user_id, extra_data):
-    """
-    :param notification_type:
-    :param from_user_id:
-    :param to_user_id:
-    :param extra_data:
-    :return:
-    """
-    if from_user_id:
-        from_user = Guardian.objects.filter(user_id=from_user_id).first()
-        extra_data['from_user_image'] = from_user.image
-    send_notification(notification_type, from_user_id, to_user_id, extra_data)
--- a/notifications/views.py
+++ b/notifications/views.py
@ -68,5 +68,8 @@ class NotificationViewSet(viewsets.GenericViewSet):
        """
        notification list
        """
-        Notification.objects.filter(id__in=request.data.get('id')).update(is_read=True)
+        if request.query_params.get('all'):
+            Notification.objects.filter(notification_to_id=request.auth.payload['user_id']).update(is_read=True)
+        elif request.data.get('id'):
+            Notification.objects.filter(id__in=request.data.get('id')).update(is_read=True)
        return custom_response(SUCCESS_CODE['3039'], response_status=status.HTTP_200_OK)
--- a/requirements.txt
+++ b/requirements.txt
@ -101,4 +101,5 @@ vine==5.0.0
 wcwidth==0.2.6

 pandas==2.0.3
-XlsxWriter==3.1.2
+XlsxWriter==3.1.2
+coverage==7.3.1
--- a/web_admin/serializers/analytics_serializer.py
+++ b/web_admin/serializers/analytics_serializer.py
@ -115,8 +115,6 @@ class UserCSVReportSerializer(serializers.ModelSerializer):
        if profile := (obj.guardian_profile.all().first() or obj.junior_profile.all().first()):
            return f"+{profile.country_code}{profile.phone}" \
                if profile.country_code and profile.phone else profile.phone
-        else:
-            return None

    @staticmethod
    def get_user_type(obj):
@ -128,8 +126,6 @@ class UserCSVReportSerializer(serializers.ModelSerializer):
            return dict(USER_TYPE).get('2').capitalize()
        elif obj.junior_profile.all().first():
            return dict(USER_TYPE).get('1').capitalize()
-        else:
-            return None

    @staticmethod
    def get_is_active(obj):
--- a/web_admin/serializers/article_serializer.py
+++ b/web_admin/serializers/article_serializer.py
@ -357,8 +357,9 @@ class ArticleCardlistSerializer(serializers.ModelSerializer):
        """current page"""
        context_data = self.context.get('user')
        data = JuniorArticle.objects.filter(junior__auth=context_data, article=obj.article).last()
+        total_count = self.context.get('card_count')
        if data:
-            return data.current_card_page
+            return data.current_card_page if data.current_card_page < total_count else data.current_card_page - 1
        return NUMBER['zero']

    class Meta(object):
--- a/web_admin/serializers/user_management_serializer.py
+++ b/web_admin/serializers/user_management_serializer.py
@ -50,8 +50,6 @@ class UserManagementListSerializer(serializers.ModelSerializer):
            return profile.country_code if profile.country_code else None
        elif profile := obj.junior_profile.all().first():
            return profile.country_code if profile.country_code else None
-        else:
-            return None

    @staticmethod
    def get_phone(obj):
@ -63,8 +61,6 @@ class UserManagementListSerializer(serializers.ModelSerializer):
            return profile.phone if profile.phone else None
        elif profile := obj.junior_profile.all().first():
            return profile.phone if profile.phone else None
-        else:
-            return None

    @staticmethod
    def get_user_type(obj):
@ -76,8 +72,6 @@ class UserManagementListSerializer(serializers.ModelSerializer):
            return dict(USER_TYPE).get('2')
        elif obj.junior_profile.all().first():
            return dict(USER_TYPE).get('1')
-        else:
-            return None

    @staticmethod
    def get_is_active(obj):
@ -89,8 +83,6 @@ class UserManagementListSerializer(serializers.ModelSerializer):
            return profile.is_active
        elif profile := obj.junior_profile.all().first():
            return profile.is_active
-        else:
-            return obj.is_active


 class GuardianSerializer(serializers.ModelSerializer):
@ -292,5 +284,3 @@ class UserManagementDetailSerializer(serializers.ModelSerializer):
                                                   is_verified=True).select_related('user')
                serializer = GuardianSerializer(guardian, many=True)
                return serializer.data
-        else:
-            return None
--- a/web_admin/tests.py
+++ b/web_admin/tests.py
@ -1,6 +0,0 @@
-"""
-web_admin test file
-"""
-from django.test import TestCase
-
-# Create your tests here.
--- a/web_admin/tests/init.py
+++ b/web_admin/tests/init.py
--- a/web_admin/tests/test_analytics.py
+++ b/web_admin/tests/test_analytics.py
@ -0,0 +1,109 @@
+"""
+web admin test analytics file
+"""
+# django imports
+from django.urls import reverse
+from rest_framework import status
+
+# local imports
+from web_admin.tests.test_set_up import AnalyticsSetUp
+
+
+class AnalyticsViewSetTestCase(AnalyticsSetUp):
+    """
+    test cases for analytics, users count, new sign-ups,
+    assign tasks report, junior leaderboard, export excel
+    """
+    def setUp(self) -> None:
+        """
+        test data set up
+        :return:
+        """
+        super(AnalyticsViewSetTestCase, self).setUp()
+
+    def test_total_sign_up_count(self):
+        """
+        test total sign up count
+        :return:
+        """
+        self.client.force_authenticate(self.admin_user)
+        url = reverse('web_admin:analytics-users-count')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming four users exists in the database
+        self.assertEqual(response.data['data']['total_users'], 4)
+        # Assuming two guardians exists in the database
+        self.assertEqual(response.data['data']['total_guardians'], 2)
+        # Assuming two juniors exists in the database
+        self.assertEqual(response.data['data']['total_juniors'], 2)
+
+    def test_new_user_sign_ups(self):
+        """
+        test new user sign-ups
+        :return:
+        """
+        self.client.force_authenticate(self.admin_user)
+        url = reverse('web_admin:analytics-new-signups')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming four users exists in the database
+        self.assertEqual(response.data['data'][0]['signups'], 4)
+
+    def test_new_user_sign_ups_between_given_dates(self):
+        """
+        test new user sign-ups
+        :return:
+        """
+        self.client.force_authenticate(self.admin_user)
+        url = reverse('web_admin:analytics-new-signups')
+        query_params = {
+            'start_date': '2023-09-12',
+            'end_date': '2023-09-13'
+        }
+        response = self.client.get(url, query_params)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming four users exists in the database
+        self.assertEqual(response.data['data'][0]['signups'], 4)
+
+    def test_assign_tasks_report(self):
+        """
+        test assign tasks report
+        :return:
+        """
+        self.client.force_authenticate(self.admin_user)
+        url = reverse('web_admin:analytics-assign-tasks')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming two completed tasks exists in the database
+        self.assertEqual(response.data['data']['task_completed'], 2)
+        # Assuming two pending tasks exists in the database
+        self.assertEqual(response.data['data']['task_pending'], 2)
+        # Assuming two in progress tasks exists in the database
+        self.assertEqual(response.data['data']['task_in_progress'], 2)
+        # Assuming two requested tasks exists in the database
+        self.assertEqual(response.data['data']['task_requested'], 2)
+        # Assuming two rejected tasks exists in the database
+        self.assertEqual(response.data['data']['task_rejected'], 2)
+        # Assuming two expired tasks exists in the database
+        self.assertEqual(response.data['data']['task_expired'], 2)
+
+    def test_junior_leaderboard(self):
+        """
+        test junior leaderboard
+        :return:
+        """
+        self.client.force_authenticate(self.admin_user)
+        url = reverse('web_admin:analytics-junior-leaderboard')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_export_excel(self):
+        """
+        test export excel
+        :return:
+        """
+        self.client.force_authenticate(self.admin_user)
+        url = reverse('web_admin:analytics-export-excel')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertURLEqual(response.data['data'], self.export_excel_url)
--- a/web_admin/tests/test_article.py
+++ b/web_admin/tests/test_article.py
@ -0,0 +1,255 @@
+"""
+web_admin test article file
+"""
+# django imports
+from django.test import TestCase
+from django.urls import reverse
+from django.contrib.auth import get_user_model
+from rest_framework.test import APITestCase
+from rest_framework.test import APIClient
+from rest_framework import status
+
+# local imports
+from web_admin.models import Article, ArticleCard, ArticleSurvey, DefaultArticleCardImage
+from web_admin.tests.test_set_up import ArticleTestSetUp
+
+# user model
+User = get_user_model()
+
+
+class ArticleViewSetTestCase(ArticleTestSetUp):
+    """
+    test cases for article create, update, list, retrieve, delete
+    """
+    def setUp(self):
+        """
+        inherit data here
+        :return:
+        """
+        super(ArticleViewSetTestCase, self).setUp()
+
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+
+    def test_article_create_with_default_card_image(self):
+        """
+        test article create with default card_image
+        :return:
+        """
+        url = reverse(self.article_list_url)
+        response = self.client.post(url, self.article_data_with_default_card_image, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Check that a new article was created
+        self.assertEqual(Article.objects.count(), 2)
+
+    def test_article_create_with_base64_card_image(self):
+        """
+        test article create with base64 card image
+        :return:
+        """
+        self.client.force_authenticate(user=self.admin_user)
+        url = reverse(self.article_list_url)
+        response = self.client.post(url, self.article_data_with_base64_card_image, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Check that a new article was created
+        self.assertEqual(Article.objects.count(), 2)
+
+    def test_article_update(self):
+        """
+        test article update
+        :return:
+        """
+        self.client.force_authenticate(user=self.admin_user)
+        url = reverse(self.article_detail_url, kwargs={'pk': self.article.id})
+        response = self.client.put(url, self.article_update_data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.article.refresh_from_db()
+        self.assertEqual(self.article.title, self.article_update_data['title'])
+        self.assertEqual(self.article.article_cards.count(), 1)
+        self.assertEqual(self.article.article_survey.count(), 6)
+        self.assertEqual(self.article.article_survey.first().options.count(), 3)
+
+    def test_articles_list(self):
+        """
+        test articles list
+        :return:
+        """
+        url = reverse(self.article_list_url)
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming only one article exists in the database
+        self.assertEqual(len(response.data['data']), 1)
+
+    def test_article_retrieve(self):
+        """
+        test article retrieve
+        :return:
+        """
+        url = reverse(self.article_detail_url, kwargs={'pk': self.article.id})
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+    def test_article_delete(self):
+        """
+        test article delete
+        :return:
+        """
+        url = reverse(self.article_detail_url, kwargs={'pk': self.article.id})
+        response = self.client.delete(url)
+        self.article.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.article.is_deleted, True)
+
+    def test_article_create_with_invalid_data(self):
+        """
+        test article create with invalid data
+        :return:
+        """
+        url = reverse(self.article_list_url)
+        # Missing article_cards
+        invalid_data = {
+            "title": "Invalid Article",
+            "article_survey": [{"question": "Invalid Survey Question"}]
+        }
+        response = self.client.post(url, invalid_data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_article_status_change(self):
+        """
+        test article status change (publish/un-publish)
+        :return:
+        """
+        url = reverse('web_admin:article-status-change', kwargs={'pk': self.article.id})
+        data = {
+            "is_published": False
+        }
+        response = self.client.patch(url, data, format='json')
+        self.article.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.article.is_published, False)
+
+    def test_article_card_remove(self):
+        """
+        test article card remove
+        :return:
+        """
+        url = reverse('web_admin:article-remove-card', kwargs={'pk': self.article_card.id})
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(ArticleCard.objects.count(), 0)
+
+    def test_article_survey_remove(self):
+        """
+        test article survey remove
+        :return:
+        """
+        url = reverse('web_admin:article-remove-survey', kwargs={'pk': self.article_survey.id})
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(ArticleSurvey.objects.count(), 0)
+
+    def test_article_card_create_with_default_card_image(self):
+        """
+        test article card create with default card_image
+        :return:
+        """
+        url = reverse('web_admin:article-test-add-card')
+        response = self.client.post(url, self.article_card_data_with_default_card_image, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Check that a new article card was created
+        self.assertEqual(ArticleCard.objects.count(), 2)
+
+    def test_article_cards_list(self):
+        """
+        test article cards list
+        :return:
+        """
+        url = reverse('web_admin:article-test-list-card')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming only one article exists in the database
+        self.assertEqual(len(response.data['data']), 1)
+
+
+class DefaultArticleCardImagesViewSetTestCase(APITestCase):
+    """
+    test case for default article card image
+    """
+    def setUp(self):
+        """
+        data setup
+        :return:
+        """
+        self.client = APIClient()
+        self.admin_user = User.objects.create_user(username='admin@example.com', email='admin@example.com',
+                                                   password='admin@1234', is_staff=True, is_superuser=True)
+        self.default_image = DefaultArticleCardImage.objects.create(
+                                                        image_name="card1.jpg",
+                                                        image_url="https://example.com/updated_card1.jpg")
+
+    def test_default_article_card_image_list(self):
+        """
+        test default article card image list
+        :return:
+        """
+        self.client.force_authenticate(user=self.admin_user)
+        url = reverse('web_admin:default-card-images-list')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming only one default article card image exists in the database
+        self.assertEqual(len(response.data['data']), 1)
+
+
+class ArticleListViewSetTestCase(ArticleTestSetUp):
+    """
+    test cases for article list for junior
+    """
+    def setUp(self):
+        """
+        data setup
+        :return:
+        """
+        super(ArticleListViewSetTestCase, self).setUp()
+
+        self.client.force_authenticate(user=self.user)
+
+    def test_article_list(self):
+        """
+        test article list
+        :return:
+        """
+        url = reverse('web_admin:article-list-list')
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming only one article exists in the database
+        self.assertEqual(len(response.data['data']), 1)
+
+
+class ArticleCardListViewSetTestCase(ArticleTestSetUp):
+    """
+    test cases for article card list for junior
+    """
+    def setUp(self):
+        """
+        data setup
+        :return:
+        """
+        super(ArticleCardListViewSetTestCase, self).setUp()
+
+        self.client.force_authenticate(user=self.user)
+
+    def test_article_cards_list(self):
+        """
+        test article cards list for junior
+        :return:
+        """
+        url = reverse('web_admin:article-card-list-list')
+        query_params = {
+            'article_id': self.article.id,
+        }
+        response = self.client.get(url, query_params)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming only one article exists in the database
+        self.assertEqual(len(response.data['data']), 1)
+
+    # Add more test cases for edge cases, permissions, etc.
--- a/web_admin/tests/test_auth.py
+++ b/web_admin/tests/test_auth.py
@ -0,0 +1,160 @@
+"""
+web admin test auth file
+"""
+from datetime import datetime
+from django.utils import timezone
+from django.urls import reverse
+from django.contrib.auth import get_user_model
+
+from rest_framework.test import APITestCase, APIClient
+from rest_framework import status
+
+from account.models import UserEmailOtp
+from base.constants import USER_TYPE
+from guardian.tasks import generate_otp
+from web_admin.tests.test_set_up import BaseSetUp
+
+User = get_user_model()
+
+
+class AdminOTPTestCase(BaseSetUp):
+    """
+    test case to send otp to admin email
+    """
+
+    def setUp(self):
+        """
+        inherit data here
+        :return:
+        """
+        super(AdminOTPTestCase, self).setUp()
+        self.url = reverse('web_admin:admin-otp')
+
+    def test_admin_otp_for_valid_email(self):
+        """
+        test admin otp for valid email
+        :return:
+        """
+        data = {
+            'email': self.admin_email
+        }
+        response = self.client.post(self.url, data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(UserEmailOtp.objects.count(), 1)
+
+    def test_admin_otp_for_invalid_email(self):
+        """
+        test admin otp for invalid email
+        :return:
+        """
+        data = {
+            'email': 'notadmin@example.com'
+        }
+        response = self.client.post(self.url, data, format='json')
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+
+class AdminVerifyOTPTestCase(BaseSetUp):
+    """
+    test case to verify otp for admin email
+    """
+
+    def setUp(self):
+        """
+        inherit data here
+        :return:
+        """
+        super(AdminVerifyOTPTestCase, self).setUp()
+        self.verification_code = generate_otp()
+        expiry = timezone.now() + timezone.timedelta(days=1)
+        self.user_email_otp = UserEmailOtp.objects.create(email=self.admin_email,
+                                                          otp=self.verification_code,
+                                                          expired_at=expiry,
+                                                          user_type=dict(USER_TYPE).get('3'),
+                                                          )
+        self.url = reverse('web_admin:admin-verify-otp')
+
+    def test_admin_verify_otp_with_valid_otp(self):
+        """
+        test admin verify otp with valid otp
+        :return:
+        """
+
+        data = {
+            'email': self.admin_email,
+            "otp": self.verification_code
+        }
+
+        response = self.client.post(self.url, data)
+        self.user_email_otp.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.user_email_otp.is_verified, True)
+
+    def test_admin_verify_otp_with_invalid_otp(self):
+        """
+        test admin verify otp with invalid otp
+        :return:
+        """
+        data = {
+            'email': self.admin_email,
+            "otp": generate_otp()
+        }
+
+        response = self.client.post(self.url, data)
+        self.user_email_otp.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(self.user_email_otp.is_verified, False)
+
+
+class AdminCreateNewPassword(BaseSetUp):
+    """
+    test case to create new password for admin email
+    """
+
+    def setUp(self):
+        """
+        inherit data here
+        :return:
+        """
+        super(AdminCreateNewPassword, self).setUp()
+        self.verification_code = generate_otp()
+        expiry = timezone.now() + timezone.timedelta(days=1)
+        self.user_email_otp = UserEmailOtp.objects.create(email=self.admin_email,
+                                                          otp=self.verification_code,
+                                                          expired_at=expiry,
+                                                          user_type=dict(USER_TYPE).get('3'),
+                                                          )
+        self.url = reverse('web_admin:admin-create-password')
+
+    def test_admin_create_new_password_after_verification(self):
+        """
+        test admin create new password
+        :return:
+        """
+        self.user_email_otp.is_verified = True
+        self.user_email_otp.save()
+
+        data = {
+            'email': self.admin_email,
+            "new_password": "New@1234",
+            "confirm_password": "New@1234"
+        }
+
+        response = self.client.post(self.url, data)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(UserEmailOtp.objects.count(), 0)
+
+    def test_admin_create_new_password_without_verification(self):
+        """
+        test admin create new password
+        :return:
+        """
+        data = {
+            'email': self.admin_email,
+            "new_password": "Some@1234",
+            "confirm_password": "Some@1234"
+        }
+
+        response = self.client.post(self.url, data)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertEqual(UserEmailOtp.objects.count(), 1)
--- a/web_admin/tests/test_set_up.py
+++ b/web_admin/tests/test_set_up.py
@ -0,0 +1,407 @@
+"""
+web_admin test set up file
+"""
+# django imports
+from django.test import TestCase
+from django.contrib.auth import get_user_model
+from django.conf import settings
+from rest_framework.test import APITestCase
+from rest_framework.test import APIClient
+
+# local imports
+from guardian.models import Guardian, JuniorTask
+from junior.models import Junior, JuniorPoints
+from web_admin.models import Article, ArticleCard, ArticleSurvey, SurveyOption
+
+# user model
+User = get_user_model()
+
+# image data in base 64 string
+base64_image = ("data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAoHCBISEhIREhISEhgSERIREREYEhg"
+                "SGRERGRgZGhgYGBgcIS4lHB4rHxgYJjgmLC8xNTU1GiQ7QDszPy40NTEBDAwMEA8QGhISHjEhISE0NDQ0NDQ0N"
+                "DQ0NDQ0NDQxNDQ1NDQxNDQ0NDQ0NDQ0NDExNDE0MTQ0NDQ0NDQ0NDQ0P//AABEIALcBEwMBIgACEQEDEQH/xAAb"
+                "AAACAgMBAAAAAAAAAAAAAAAAAQIEAwUGB//EAEkQAAIBAgMEBgYGBgcIAwAAAAECAAMRBBIhBTFRYQYTIkFxkTJC"
+                "UoGhsRRDYnKCkhYjU8HR4QcVVGOD0vEkM5OissLT8ERVlP/EABgBAQEBAQEAAAAAAAAAAAAAAAABAgME/8QAIBEBA"
+                "QEBAAIDAQEBAQAAAAAAAAERAhIhMUFRAyJhE//aAAwDAQACEQMRAD8AuXiiJivAd4rxQgMGO8hHeQSvCRhKiUcheO"
+                "8CUJG8AZBK8d5G8cBxyMcCV4XkY7wHCKOA4RXheA4RQgOEUJQxHFCFOEUcBiSEhJQJRiREYgStCEIFGEIoBEYXheQ"
+                "AjkYAwJQihAccjHAcIoQHHIxwiQhFAGFSjkbwhEoCKOA4RQgOEUcAjvFKNPaSNdgjlL2VwV7YHeqneOBuL791pRfv"
+                "CVU2jRPrOn3qZP8A0ZpmTE0zuqU/A1FQ/lax+EDJGI8jWvlNuNtPORBhUowZGOBISUgJIQJQihAowvCK8AhFeEgcI"
+                "oQHCKOA7wvFCA4QhAcIrwgShIkxwHHIg90jSqBlzDcb/A2/dAyiCtfUd+4zFiKopo7nciM58ACZDZwtRpA7xSp38c"
+                "ohFmEIQHCKJmABJNgASSdwA3mBT2i5IWkpINS+YjetIemeRNwo5tfukGo303ACwG6wkab2DVn0NSxVTvSmPQXkbEs"
+                "RxYjulGviqjE5dBN5kWLRwR7jInDuOcqpiqi75Zw+0GYgWPlI2gKGU3ChTxXsHzGsyriqg3Van4m6z/rzTZCiGGsq"
+                "vhVJ3wmMa7Sqjvpt96nY/wDIyj4TMu1j61IeK1f+1k/7pWfBHumF8LUFgouWIVBxYmwHn38LwZG+w1ZaiB1DAEstm"
+                "ABBG/UEgzKJFECJTpqbimmUG1s7Elnc82YsffJCRlKEUIFGKEjeAQheK8gcIoxAJKRhAlHIR3gShISUBxyMcDG1TK"
+                "DmUkAbwM1x4DWURj1QqVcVKbNkJvc0mtcA99vHdNlNPtnZocGrTFnGrgfWKONt5kos47FCjUSo3oOOrc+yRcofi05"
+                "zAbYc5KTEj9eq3/uzmBB95kNt4rrKVDtf7tyHXnaynnpce+aYVwTfKFN9XF9bA917A+FpPJHc9KsRkwrjvqMtMeBN"
+                "2/5QZtaAsiDgqj4CcZtrH/SPoaA71zuPtk5B8m852GJxC01zMbDMqDmzEKAPeZZdGe8r4XFCo1TLqqMEze049Kx7w"
+                "NB5zT9INsFf9noHNUqHJcepfTfx+UnRqdXSTCYbtuq5Ge3YVvXYnS537o0b681m1cQMyUd+bt1B/dg6L+JhbwDS67"
+                "inTLOdES7NbuA1NpocPUNSobLnqVGD1ADpRX1VY8QthYbzc981BaqMahu3uEyJhXbcLTZ4fBqgzVDraZmxtNRYWm2"
+                "o1qbKJ3y2tGnTGttJixG0idFEqZKlQ3N98mLrLisffspvMwUsHUPaLHwmxw2BVe7WXGCqLnQCMNalcJV9qWcDS1NQ"
+                "nNkzU6Z4vudx4DsDmXlDE7UarUXD0Dq7ZS+8Io1Zj4AE+6blVVQqILKihUG85Rx4k7zzJk3TqYYkhIiSEjCUIQga6"
+                "8V4ooU4RQkDhFCBKO8jeECV4XkYQJXheRjgOSvIAxwJQvIwgcL0godXUqINASHX7p1+BvNUmthzM67pZhcypU4XRv"
+                "A7vj85ydGmSRyNjOPXrRbwDKlSm7g2QqzAbyVJNvMTNjsbUr1OsqNYJqiA2CcLc+cxV6eU3vpYHz3yuzm2gv47v5z"
+                "E6tRdwjqTmYM3BQcoP3mm42Vj6SEhKb1KjdyWyoL7hY7uJmowOw8RWsxXKvcXOUEclGpnR9VUwtJ3apSRKaliEo2"
+                "JPcAS2pJsNZ15lMU+kONqVGp4Yfq8xV6rXuyi/ZWw0uSL2ufRF9JtdkNTwyZFXmp3kt3knvM4vZuJZ6r16tRFLG7"
+                "FiMxOg7I3AWsL23Cb+njLgEeIuLXnWLG+frKlybgQXA8ZfwTh0Vh3j4ywEm1UqWDAlpKdtwmdUlbHY6nRQsxGm4c"
+                "4VOvXSmpZyBYTjdq7aeqSFuq/OV9qbVesddFvumDZeC+kVUp6hdXqMPVpr6R8ToBzYTn11vqOnPPjNro+i+C6uma"
+                "7DtVhlp/Zog7/AMTDyUcZuryJYdwCgABVG5VAsAOQFoXlkxyt26mDGDIXkgZUTvCLNFCNfETFeRkVK8LyMtYbChwT"
+                "1iLb1b3Y/hkFe8Ly+mzr31bQE+ja9pE4Rcpa7aWvuG+XE2KccylEHteY/hMbFR3N+Yfwg0oXgHS9u18DMtOhnNkLE"
+                "86Zt5i8isUInUqSDvBsfGK8Cd4XkLx3gTvC8xfSKanLULj7qhtPeRJtXo+q5P3iU+SkRpjBtKl1lKonFSR4jUTjMJ"
+                "SHWWPebTuhWTvQtySrTb4Egzkm2biDUY08PXK5mKE0z6N+zecf6y34WD6EHYM25QFVOLXOpm52fsdFIeoAzb1U7l5"
+                "24xbLwddNamFrOfV3Jl56jWdBRwVR99OrT+8EI8w9/hJ/P+d+eisF5xnTPaJd1wqXISz1Ld7n0VPgDf3jhOx26hwlC"
+                "pXcoQgAVbkFnOirqOP755W2Ie7OWOZmLseLHUmd2WajhqisGybt1wrfAmdZsSilU3rVFp2toWy33776i9vA9xM4s1G"
+                "be3mYUUJN8nWAd1jY+UsHrmGx+FT9XTqK9jlOTthT9phoPObLOoF7zy3AdY4ChkRF1NNcxPgb7p0CYmoqdltw3Humt"
+                "Tnqblb/AGnthKYOus4rH7Qaq12OncJDEVyxuxuZXYicuutevnnEGedh0fwfU0QzCz18rvxWn6i/HMfvDhNBsTALWqg"
+                "MLpTHWVeag9lPxNYeGbhOueoWJY7ybmXmfbn/AE6+k80eaYg0YaacmUNJBpiDRhoGa8JjvCBTvIVXyqW4SRMxV0zKR"
+                "5SB4Z6mW5eopOtkcoF8t58Zq9pF+su7FyR6R3kbhfnNwoBRXXdorD2WHcfGa3aydkNwNj4GZ6+G+flSSow3MR7zLaY"
+                "yoPrH/MZrc0yK8SpY2i42p+0b8xjOLf2jKC1JLrZpleXFVCfTbztMqVmZtWJ14zWo8vYLffhrBi4TC8jeF4ErwvI3h"
+                "eBRxnp+4TDeZsV6XuErmYt9tyegZ3ez79VT19RflOCvO+wY/Vp9wfKa5Ss+bnC8LTWdI9pjC4d6gIzt2KQPfUINjbv"
+                "AALHks0w4vpxtIV6woA3p4cnNro1e1m/KDl8S05g0U9kTLpvuTckknUkneSe8kxGFZcMqbsqg/dEvIk1qb78JfpV7/"
+                "wAJZXLufa1RpgHNuPfz8ZYaoRulQVIGrNMe2HFJrfjKz6C8z1nvLmwcKHqGq4ulCzkHc9U+gnPUFjyXnOPU9+nt46s"
+                "52t3s/CfR6S0zo72qVuTkdlPwrp4lpYzSu1Qkkk3JJJPEx5ppzt32sZow0r5pINKjOGkw0wBpNWgZ80Ux5oQJnCniI"
+                "voh9oeU2hpiRKiTK3/lrUwzISyMpuLMhHZccDMWJw9N1ZM4psynsOQtj3Wc6MLzcBRMeJwqOuV1BHxB4g90mU9OAOk"
+                "SvNptvZTUQHBzKTa/eOF5pC8zPXpeloPJq8pB5lR5WV6nqZvsDhxluTa81OysOXbkN/hN/cAWA3Rf+LJPtH6OvtHyh"
+                "1Ce0YZ+UYY8JP8AX61nJjDJ7Rk/oqcWgpPCZkvwjL+p6aTHoFqEC+4b/CUnmw2oP1jeC/ISg4mftpjG+eg4Ydhfuj5"
+                "Tz4DUeInodD0V8B8pvlz6ZQJ5Z0z2t9JxJRDdKGamnBnv228wFH3ec7fpdtY4bDNkNqlW9OlxW47T/hHxKzy6nTCjw"
+                "0m2TQaCNorxGQMGNHsbxWvIQq+tS8iX1tK+Gexliqljy3zU9xicyXRr3AkkgADUknQAc7zucFstaVGnSIBIu9Q39Kq"
+                "3peIAAUchNJ0QwBqVDWYdmibJ9qqRp+UG/iVnZmlymMei9StZ9DT2R5mH0RPZHmZsTT5RdXyjGdigMIvsiAwi+yJf6"
+                "rkfKMUjwPlGGxSGFX2RJfRl4CXOr5GHV8jGGqn0deAhLnVHgfKKMNXDhxxMRoLzjNE85gqU27rzbDMmGB3Bj4awNBR"
+                "vVvKaPGbSqYOotRaqWIAeg5sHW51HA67/AJ7p1Gy9o0cWmemdRbPTPpIeY7xz3RC+mj2slNqNRCrklGygKWOa3Zt77"
+                "TgDsyqfq6g8UInsL4YcpgbDLxXzEl52nk8i/qyt+zf8ss4fZdS+qMPwz1L6MnL5wGHTh8I8WfJzOx8OiIQ6sCSPVO6"
+                "bMYVDqB8xNqKKD/SZkVB/pHgvm0ybPU+qPOZBsq/qjzkdo9H2Japh6jAsSzUmqNkYnUlD6hPDd4b5z1Q1Q3Vv1qNTN"
+                "8pbK6Xtfc1iDbmpjxh5V1C7K5LJjZ9u5ZyVSs4Fn6zLcHODoCO863Q79b219LW0RrVFBDFqikEHXtW7wVuQ48LHkd8"
+                "vjDyq/tjYNarUzJURLCygG1xz01mpbo/i1+soN4syn4CTTDP6dMPUAJtqWsQdbPqQQQdD394tKdTDqxIAWmw9JHBU9"
+                "28W5bxp4zP/AJxrzqwmxMSWAJoXvuFRifLJOtFZlQEqNBr2rDzM4KojKynLlYEZXV7knuytv3A6aHwnQbP6QOoC4he"
+                "sXvqA5WUfaJ0O7vPf6RicyM3q1zvSgYjEYhn6tslNFSnZlcZd7EZTvJ4dwE583Ghnqf8AVNGqDUwrimd7Kq3Qk69un"
+                "3anepF+Jmo2pspDpiafVncKy6o3Dt27Pg4HK8uJrghrHpNxtDo7Up6p2xv0328P9ZpmUqbMCJMaPNEkRMZEBbtZdw9"
+                "6mVFF2YhUHFibASi06/8Ao/2TnqNinHZp3SlzcjtN7gbe88JdxHZbGwlPDUadEAkqLs3tOdWPnLpqLwMnlEXViTI2x"
+                "9YvsmLrF9k+cmaYiyCMgh1q8D5x9aOB848ghkEZE1HrR7J84Gry+MnkEMgjIqHXcvj/AChMmQQjIGzGYmvM5EiymbY"
+                "aTbWyVxFMq2+2jW1BnAK+K2ZWFy+QGyuu9VO+3EcjPV2QzX4/ZtOspSooYH4eElmrKsdGeklPFAU2qIXIuh3dYO8W3"
+                "Zhbd8Jvmp8J4rtnY1bZ9TrKRZ6ZOa2oynxG4852vRHputVVp4huCiqdCp4VP83nxidfVS8/jtDS5SJonhLQPf5GBmm"
+                "FPqTwh1J4S1FArimw3eXGYcbs6nWUCoCCPRcGzIfst+7ce+XYXHEQOLx+yatElizOg+sXeuvrp3feGm+4WUGVaah1q"
+                "hVNiAai9W191jc5O70dOVzeehF14jzE0+L2PSZ+spVFoPmzNaxVj7RUEENzBHO8DlKaI5DremxF75SM6g6HMpKuvO5"
+                "te1wbwq1FtlqqdPRqLVCqDpuLAMh+Hdczpf6opub18QatiCqhxTUaWvckvm78wYGQbZgFwMVTI1AzKrNY9zFXUH8sN"
+                "OQxVGrYgXqLuKsi1CRzUGzjwHumKmhAzKM3fY5l3cGBJB0Oh7+8Tqf0fojdXpr9kKoUeC5tPO3KA2DRvm+k2PENluN"
+                "wBs2tu6+6Qc9QJRr026t11y5hoN18oKmx4g28Zv8ABbfOiYhAL6ZwDY3G7dlbv0uDodDHV2PhdBUxIPeMzrpzUk6Hm"
+                "NZA7OwY/wDmDv8AWo6g9x7OsQWn2PTdc+FqKg9j06RPDJvQ/dIGtyDOe2ps1b5cTT6snRal7o7buxUta+ugYBuU3iU"
+                "sPRXrFx1RFGmc1EZbk20LKQBcgW3cpdp7ewdQij9Io1C4IyZg3WADW62sdATuhl5tj+jVRLtTOcezuPumjdGU2YEHm"
+                "J6i7bNps3+09WBvpB7oh+zmUlfAG3KafpZsFBQfG08W7IqhjTdFdHU2yhSigg6ixN9+8SWNSuIwuHarUSlT1aowVeX"
+                "EnkBc+6e0bLwKUKNOkm5FA8T3k8ydZxf9HOy87VMUV9ECmneATqSPh4C3Gegii3CSNI2ECBJ9SeERonhL6GMgSJAmU"
+                "0WkeobhAx2E5na3S+nRqNSp0alZkYo5DKiq47u8/CdV1DTgekn9H9avXqYinVS9RsxRhaxsBoR4SU9sn6Z4o6jZx/O"
+                "5+VOQPTTGDU7Nb3M/+SaM9DNr0/QZvwYgr8LiMbH24m41z/jB/mTJsXK3P6eYj/62p/xH/wDHCaf6Dtz++80jk0yvV"
+                "TIFhMxSRKTpiMVxItaZssWWBTxNBKilHUMDoRPOukPRl8O5r4fNbeRv04Ed4nqBSQeiGBBAIMzZqy48ewfSerS0/XL"
+                "9lajADwE3CdPrKAaddjxNSdXieimGdixpjXlMQ6JYQfViZ9xc5rmm6ff3NU/4n8pibp4f7O/vqfynVHozhR9WvlD+o"
+                "MMPq0/KI2njy5JunL92G86n8pH9Nqn9nH5iZ2I2Phx9Wn5ZlXZVAfVp5RtM5cOemlfuw6ebfxkW6Y4o7qFPyc/vnoK"
+                "bIo/s18hLC7Io/s18hH+jOXmn6W4zuo0/yt/GH6V439lT/I38Z6imyKPsL5CZP6rpD1F8hHszl5Q3SbHndTQf4ZMP0"
+                "j2kfUT/AIRnqpwNMeovkIhhE9lfyiPaenkWJ2ljapBqUaVQqCFL4ZWsO+2YTD1uL/s9D/8AHT/yT2Q4VPZHkJjxgSl"
+                "TqVOrz9WjPlA1awvYR7PTyX6VtDJ1YpqE3ZBhkC777gvHWYsMMcj56dMI1iMwoICAd+uWdRiemBqXFE06Q3dvD9Yb/"
+                "eFTn7M0+Ix+MqHTH0wDpYBqHxyD5xl/TZ+NZWw+Mdi1SmCSbsxoJr78s6LZeKxlWm+HxFOpiKDBUYIQjUgN1sgt3bmE"
+                "0VXZOIqEE1UxGouoxGcn3m9p1WB6GBaYr0atSjW9JUUE07g6KyvdmG/Um3KWc02fjpMDtzCYemKFOnVQU0zCmaToSt7M"
+                "13tnNyLnXfIVemPsUiebOB8AD84ld8Th8tWmKdanchCCoYi47Bb1XW45ZuU5tcG7OVSx4EkLcd2/v5TWYzrdP0txJOi0"
+                "1HDKT8SZJOl9YelTpt4XX95lGnsGqd5A/C3zIA+Mm+y6VP8A3ldF43dE+AzQjaJ0xHrUj+FwfgQJap9KqB39YnigPyJnN"
+                "ddgU+sap9xGf43t8Jmp45NOqwdd/tELTPwAMnlJ841JXXYba9Kp6FS/4WHzEuAk6g3B1B33E45Fx1Q6YWlTXddv1j28WG"
+                "hnZ4NMtNFIIIUAgm5v36gSSy/C5Z8l2odqZ4SjD2v/AERzLCRGIyBhCbChaEICKwKwhMjGyGYnQwhAr1FMwtTPKEJloivG"
+                "wgjjj8I4TNtVZpgnvlpFMITUZZ1TnApzihKqLU+cQpc4QhEhS5xVsMrqytqGBVhxB3whCOZxHQHAvuDJf2WImtxX9HFK3Y"
+                "rOORsR8oQkxdazE9A8QostdSBuBFvlKI6PY6ibg0z4VCscJi9WK3WzRiwmRqGHY3vndi5Hnebangse2hrpSHBEAjhE6rXj"
+                "GYdEC/arYms/HtkfAS7huhuDXXJmPEkn5whN4xrZ0NkYdPRpIPdLS0kG5QPdCEskKlYcIWHCEJUO3KFuUIQD3QhCB//Z")
+
+# export excel path and
+# export excel url
+export_excel_path = 'analytics/ZOD_Bank_Analytics.xlsx'
+export_excel_url = f"https://{settings.ALIYUN_OSS_BUCKET_NAME}.{settings.ALIYUN_OSS_ENDPOINT}/{export_excel_path}"
+
+
+class BaseSetUp(APITestCase):
+    """
+    basic setup
+    """
+
+    def setUp(self) -> None:
+        """
+        user data
+        :return:
+        """
+        # user and admin email
+        self.user_email = 'user@example.com'
+        self.admin_email = 'admin@example.com'
+        self.client = APIClient()
+
+        # create user
+        self.user = User.objects.create_user(username=self.user_email, email=self.user_email)
+        self.user.set_password('user@1234')
+        self.user.save()
+
+        # create admin
+        self.admin_user = User.objects.create_user(username=self.admin_email, email=self.admin_email,
+                                                   is_staff=True, is_superuser=True)
+        self.admin_user.set_password('admin@1234')
+        self.admin_user.save()
+
+
+class ArticleTestSetUp(BaseSetUp):
+    """
+    test cases data set up
+    for article create, update, list, retrieve and
+    remove card, survey and add test card, list test card and
+    default image upload and list
+    """
+
+    def setUp(self):
+        """
+        set up data for test
+        create user and admin
+        create article, article card and article survey and survey options
+        :return:
+        """
+        super(ArticleTestSetUp, self).setUp()
+
+        # create article
+        self.article = Article.objects.create(title="Existing Article", description="Existing Description",
+                                              is_published=True)
+        # create article card
+        self.article_card = ArticleCard.objects.create(article=self.article, title="Existing Card 1",
+                                                       description="Existing Card 1 Description")
+        # create article survey
+        self.article_survey = ArticleSurvey.objects.create(article=self.article, points=5,
+                                                           question="Existing Survey Question 1")
+        # create article survey options
+        SurveyOption.objects.create(survey=self.article_survey, option="Existing Option 1", is_answer=True)
+        SurveyOption.objects.create(survey=self.article_survey, option="Existing Option 2", is_answer=False)
+
+        # article api url used for get api
+        self.article_list_url = 'web_admin:article-list'
+
+        # article api url used for post api
+        self.article_detail_url = 'web_admin:article-detail'
+
+        # article card data with default card image
+        self.article_card_data_with_default_card_image = {
+            "title": "Card 1",
+            "description": "Card 1 Description",
+            "image_name": "card1.jpg",
+            "image_url": "https://example.com/card1.jpg"
+        }
+
+        # article card data with base64 image
+        self.article_card_data_with_base64_image = {
+            "title": "Card base64",
+            "description": "Card base64 Description",
+            "image_name": "base64_image.jpg",
+            "image_url": base64_image
+        }
+
+        # article survey option data
+        self.article_survey_option_data = [
+            {"option": "Option 1", "is_answer": True},
+            {"option": "Option 2", "is_answer": False}
+        ]
+
+        # article survey data
+        self.article_survey_data = [
+            {
+                "question": "Survey Question 1",
+                "options": self.article_survey_option_data
+            },
+            {
+                "question": "Survey Question 2",
+                "options": self.article_survey_option_data
+            },
+            {
+                "question": "Survey Question 3",
+                "options": self.article_survey_option_data
+            },
+            {
+                "question": "Survey Question 4",
+                "options": self.article_survey_option_data
+            },
+            {
+                "question": "Survey Question 5",
+                "options": self.article_survey_option_data
+            },
+        ]
+
+        # article data with default card image
+        self.article_data_with_default_card_image = {
+            "title": "Test Article",
+            "description": "Test Description",
+            "article_cards": [
+                self.article_card_data_with_default_card_image
+            ],
+            # minimum 5 article survey needed
+            "article_survey": self.article_survey_data
+        }
+
+        # article data with base64 card image
+        self.article_data_with_base64_card_image = {
+            "title": "Test Article",
+            "description": "Test Description",
+            "article_cards": [
+                self.article_card_data_with_base64_image
+            ],
+            # minimum 5 article survey needed
+            "article_survey": self.article_survey_data
+        }
+
+        # article update data
+        self.article_update_data = {
+            "title": "Updated Article",
+            "description": "Updated Description",
+
+            # updated article card
+            "article_cards": [
+                {
+                    "id": self.article_card.id,
+                    "title": "Updated Card 1",
+                    "description": "Updated Card 1 Description",
+                    "image_name": "updated_card1.jpg",
+                    "image_url": "https://example.com/updated_card1.jpg"
+                }
+            ],
+            # updated article survey
+            "article_survey": [
+                                  # updated article survey
+                                  {
+                                      "id": self.article_survey.id,
+                                      "question": "Updated Survey Question 1",
+                                      "options": [
+                                          {"id": self.article_survey.options.first().id,
+                                           "option": "Updated Option 1", "is_answer": False},
+                                          # New option
+                                          {"option": "New Option 3", "is_answer": True}
+                                      ]
+                                      # added new articles
+                                  }] + self.article_survey_data
+        }
+
+
+class UserManagementSetUp(BaseSetUp):
+    """
+    test cases for user management
+    users count, new sign-ups,
+    """
+    def setUp(self) -> None:
+        """
+        data setup
+        create new guardian and junior
+        :return:
+        """
+        super(UserManagementSetUp, self).setUp()
+        # guardian codes
+        self.guardian_code_1 = 'GRD123'
+        self.guardian_code_2 = 'GRD456'
+
+        # guardian 1
+        self.guardian = Guardian.objects.create(user=self.user, country_code=91, phone='8765876565',
+                                                country_name='India', gender=2, is_verified=True,
+                                                guardian_code=self.guardian_code_1)
+
+        # user 2 email
+        self.user_email_2 = 'user2@yopmail.com'
+        # create user 2
+        self.user_2 = User.objects.create_user(username=self.user_email_2, email=self.user_email_2)
+        self.user_2.set_password('user2@1234')
+        self.user_2.save()
+
+        # guardian 2
+        self.guardian_2 = Guardian.objects.create(user=self.user_2, country_code=92, phone='8765876575',
+                                                  country_name='India', gender=1, is_verified=True,
+                                                  guardian_code=self.guardian_code_2)
+
+        # user 3 email
+        self.user_email_3 = 'user3@yopmail.com'
+        # create user 3
+        self.user_3 = User.objects.create_user(username=self.user_email_3, email=self.user_email_3)
+        self.user_3.set_password('user3@1234')
+        self.user_3.save()
+
+        # junior 1
+        self.junior = Junior.objects.create(auth=self.user_3, country_name='India', gender=2,
+                                            is_verified=True, guardian_code=[self.guardian_code_1])
+
+        # user 4 email
+        self.user_email_4 = 'user4@yopmail.com'
+        # create user 4
+        self.user_4 = User.objects.create_user(username=self.user_email_4, email=self.user_email_4)
+        self.user_4.set_password('user4@1234')
+        self.user_4.save()
+
+        # junior 2
+        self.junior_2 = Junior.objects.create(auth=self.user_4, country_code=92, phone='8768763443',
+                                              country_name='India', gender=1, is_verified=True,
+                                              guardian_code=[self.guardian_code_2])
+
+
+class AnalyticsSetUp(UserManagementSetUp):
+    """
+    test analytics
+    task assign report, junior leaderboard
+    """
+    def setUp(self) -> None:
+        """
+        test data set up
+        create task and assigned to junior
+        create junior points data
+        :return:
+        """
+        super(AnalyticsSetUp, self).setUp()
+
+        # pending tasks 1
+        self.pending_task_1 = JuniorTask.objects.create(guardian=self.guardian, junior=self.junior,
+                                                        task_name='Pending Task 1', task_status=1,
+                                                        due_date='2023-09-12')
+        # pending tasks 2
+        self.pending_task_2 = JuniorTask.objects.create(guardian=self.guardian_2, junior=self.junior_2,
+                                                        task_name='Pending Task 2', task_status=1,
+                                                        due_date='2023-09-12')
+
+        # in progress tasks 1
+        self.in_progress_task_1 = JuniorTask.objects.create(guardian=self.guardian, junior=self.junior,
+                                                            task_name='In progress Task 1', task_status=2,
+                                                            due_date='2023-09-12')
+        # in progress tasks 2
+        self.in_progress_task_2 = JuniorTask.objects.create(guardian=self.guardian_2, junior=self.junior_2,
+                                                            task_name='In progress Task 2', task_status=2,
+                                                            due_date='2023-09-12')
+
+        # rejected tasks 1
+        self.rejected_task_1 = JuniorTask.objects.create(guardian=self.guardian, junior=self.junior,
+                                                         task_name='Rejected Task 1', task_status=3,
+                                                         due_date='2023-09-12')
+        # rejected tasks 2
+        self.rejected_task_2 = JuniorTask.objects.create(guardian=self.guardian_2, junior=self.junior_2,
+                                                         task_name='Rejected Task 2', task_status=3,
+                                                         due_date='2023-09-12')
+
+        # requested task 1
+        self.requested_task_1 = JuniorTask.objects.create(guardian=self.guardian, junior=self.junior,
+                                                          task_name='Requested Task 1', task_status=4,
+                                                          due_date='2023-09-12')
+        # requested task 2
+        self.requested_task_2 = JuniorTask.objects.create(guardian=self.guardian_2, junior=self.junior_2,
+                                                          task_name='Requested Task 2', task_status=4,
+                                                          due_date='2023-09-12')
+
+        # completed task 1
+        self.completed_task_1 = JuniorTask.objects.create(guardian=self.guardian, junior=self.junior,
+                                                          task_name='Completed Task 1', task_status=5,
+                                                          due_date='2023-09-12')
+        # completed task 2
+        self.completed_task_2 = JuniorTask.objects.create(guardian=self.guardian_2, junior=self.junior_2,
+                                                          task_name='Completed Task 2', task_status=5,
+                                                          due_date='2023-09-12')
+
+        # expired task 1
+        self.expired_task_1 = JuniorTask.objects.create(guardian=self.guardian, junior=self.junior,
+                                                        task_name='Expired Task 1', task_status=6,
+                                                        due_date='2023-09-11')
+        # expired task 2
+        self.expired_task_2 = JuniorTask.objects.create(guardian=self.guardian_2, junior=self.junior_2,
+                                                        task_name='Expired Task 2', task_status=6,
+                                                        due_date='2023-09-11')
+
+        # junior point table data
+        JuniorPoints.objects.create(junior=self.junior_2, total_points=50)
+        JuniorPoints.objects.create(junior=self.junior, total_points=40)
+
+        # export excel url
+        self.export_excel_url = export_excel_url
--- a/web_admin/tests/test_user_management.py
+++ b/web_admin/tests/test_user_management.py
@ -0,0 +1,255 @@
+"""
+web admin test user management file
+"""
+# django imports
+from django.contrib.auth import get_user_model
+from rest_framework import status
+
+# local imports
+from base.constants import GUARDIAN, JUNIOR
+from web_admin.tests.test_set_up import UserManagementSetUp
+
+# user model
+User = get_user_model()
+
+
+class UserManagementViewSetTestCase(UserManagementSetUp):
+    """
+    test cases for user management
+    """
+    def setUp(self) -> None:
+        super(UserManagementViewSetTestCase, self).setUp()
+
+        self.update_data = {
+            'email': 'user5@yopmail.com',
+            'country_code': 93,
+            'phone': '8765454235'
+        }
+        self.user_management_endpoint = "/api/v1/user-management"
+
+    def test_user_management_list_all_users(self):
+        """
+        test user management list all users
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/"
+        response = self.client.get(url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming four user exists in the database
+        self.assertEqual(len(response.data['data']), 4)
+
+    def test_user_management_list_guardians(self):
+        """
+        test user management list guardians
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/?user_type={GUARDIAN}"
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming two guardians exists in the database
+        self.assertEqual(len(response.data['data']), 2)
+
+    def test_user_management_list_juniors(self):
+        """
+        test user management list juniors
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/?user_type={JUNIOR}"
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        # Assuming two juniors exists in the database
+        self.assertEqual(len(response.data['data']), 2)
+
+    def test_user_management_list_with_unauthorised_user(self):
+        """
+        test user management list with unauthorised user
+        :return:
+        """
+        # user unauthorised access
+        self.client.force_authenticate(user=self.user)
+        url = f"{self.user_management_endpoint}/"
+        response = self.client.get(url, format='json')
+        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
+
+    def test_user_management_retrieve_guardian(self):
+        """
+        test user management retrieve guardian
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user.id}/?user_type={GUARDIAN}"
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(len(response.data['data']), 1)
+
+    def test_user_management_retrieve_junior(self):
+        """
+        test user management retrieve junior
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user_3.id}/?user_type={JUNIOR}"
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(len(response.data['data']), 1)
+
+    def test_user_management_retrieve_without_user_type(self):
+        """
+        test user management retrieve without user type
+        user status is mandatory
+        API will throw error
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user.id}/"
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_user_management_update_guardian(self):
+        """
+        test user management update guardian
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user.id}/?user_type={GUARDIAN}"
+        response = self.client.patch(url, self.update_data, format='json',)
+        self.user.refresh_from_db()
+        self.guardian.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.user.email, self.update_data['email'])
+        self.assertEqual(self.guardian.country_code, self.update_data['country_code'])
+        self.assertEqual(self.guardian.phone, self.update_data['phone'])
+
+    def test_user_management_update_guardian_with_existing_email(self):
+        """
+        test user management update guardian with existing email
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user.id}/?user_type={GUARDIAN}"
+        data = {
+            'email': self.user_email_2
+        }
+        response = self.client.patch(url, data, format='json',)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_user_management_update_guardian_with_existing_phone(self):
+        """
+        test user management update guardian with existing phone
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user.id}/?user_type={GUARDIAN}"
+        data = {
+            'phone': self.guardian_2.phone
+        }
+        response = self.client.patch(url, data, format='json',)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_user_management_update_junior(self):
+        """
+        test user management update junior
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user_3.id}/?user_type={JUNIOR}"
+        response = self.client.patch(url, self.update_data, format='json',)
+        self.user_3.refresh_from_db()
+        self.junior.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.user_3.email, self.update_data['email'])
+        self.assertEqual(self.junior.country_code, self.update_data['country_code'])
+        self.assertEqual(self.junior.phone, self.update_data['phone'])
+
+    def test_user_management_update_junior_with_existing_email(self):
+        """
+        test user management update guardian with existing phone
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user_3.id}/?user_type={JUNIOR}"
+        data = {
+            'email': self.user_email_4
+        }
+        response = self.client.patch(url, data, format='json',)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_user_management_update_junior_with_existing_phone(self):
+        """
+        test user management update junior with existing phone
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user_3.id}/?user_type={JUNIOR}"
+        data = {
+            'phone': self.junior_2.phone
+        }
+        response = self.client.patch(url, data, format='json',)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_user_management_update_without_user_type(self):
+        """
+        test user management update without user type
+        user status is mandatory
+        API will throw error
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user_3.id}/"
+        response = self.client.patch(url, self.update_data, format='json',)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+
+    def test_user_management_change_status_guardian(self):
+        """
+        test user management change status guardian
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user.id}/change-status/?user_type={GUARDIAN}"
+        response = self.client.get(url)
+        self.guardian.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.guardian.is_active, False)
+
+    def test_user_management_change_status_junior(self):
+        """
+        test user management change status junior
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user_3.id}/change-status/?user_type={JUNIOR}"
+        response = self.client.get(url)
+        self.junior.refresh_from_db()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(self.junior.is_active, False)
+
+    def test_user_management_change_status_without_user_type(self):
+        """
+        test user management change status without user type
+        user status is mandatory
+        API will throw error
+        :return:
+        """
+        # admin user authentication
+        self.client.force_authenticate(user=self.admin_user)
+        url = f"{self.user_management_endpoint}/{self.user.id}/"
+        response = self.client.get(url)
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
--- a/web_admin/urls.py
+++ b/web_admin/urls.py
@ -18,7 +18,7 @@ router = routers.SimpleRouter()
 router.register('article', ArticleViewSet, basename='article')
 router.register('default-card-images', DefaultArticleCardImagesViewSet, basename='default-card-images')
 router.register('user-management', UserManagementViewSet, basename='user')
-router.register('analytics', AnalyticsViewSet, basename='user-analytics')
+router.register('analytics', AnalyticsViewSet, basename='analytics')

 router.register('article-list', ArticleListViewSet, basename='article-list')
 router.register('article-card-list', ArticleCardListViewSet, basename='article-card-list')
--- a/web_admin/views/article.py
+++ b/web_admin/views/article.py
@ -279,7 +279,8 @@ class ArticleCardListViewSet(viewsets.ModelViewSet):
        try:
            queryset = self.get_queryset()
            # article card list
-            serializer = ArticleCardlistSerializer(queryset, context={"user": self.request.user}, many=True)
+            serializer = ArticleCardlistSerializer(queryset, context={"user": self.request.user,
+                                                                      "card_count": queryset.count()}, many=True)
            return custom_response(None, serializer.data, response_status=status.HTTP_200_OK)
        except Exception as e:
            return custom_error_response(str(e), response_status=status.HTTP_400_BAD_REQUEST)
--- a/web_admin/views/auth.py
+++ b/web_admin/views/auth.py
@ -4,7 +4,7 @@ web_admin auth views file
 # django imports
 from rest_framework.viewsets import GenericViewSet
 from rest_framework.decorators import action
-from  rest_framework import status
+from rest_framework import status
 from django.contrib.auth import get_user_model

 # local imports
Author	SHA1	Message	Date
abutalib-kiwi	3afd7fecf3	feedback changes and added mark all read	2023-09-22 19:55:10 +05:30
abutalib-kiwi	d1a4b86b09	fixed guardian reject issue, updated ids in notification method, remove unnecessary condition from analytics and user management	2023-09-13 18:15:07 +05:30
abutalib-kiwi	e157e98a17	fixed article reward points notification for 0 points earned	2023-09-13 14:45:47 +05:30
abutalib-kiwi	a653518cfd	fixed article reward points notification for 0 points earned	2023-09-13 14:38:18 +05:30
abutalib-kiwi	eaf67b682f	modified get article card current page method	2023-09-13 14:03:13 +05:30
abutalib-kiwi	085607128b	modified get article card current page method	2023-09-13 13:36:25 +05:30
abutalib-kiwi	fbdef7c0c4	Merge branch 'dev' of https://github.com/KiwiTechLLC/ZODBank-Backend into dev	2023-09-13 13:34:14 +05:30
dilipshrivastwa-kiwi	535e2e7f56	Merge pull request #329 from KiwiTechLLC/ZBKADM-73-test-cases added a test case, updated coverage file	2023-09-13 12:15:37 +05:30
abutalib-kiwi	08f54f28a4	added a test case, updated coverage file	2023-09-12 23:08:17 +05:30
dilipshrivastwa-kiwi	de710c8a7b	Merge pull request #328 from KiwiTechLLC/ZBKADM-73-test-cases updated coverage file	2023-09-12 15:18:55 +05:30
abutalib-kiwi	af06dddbeb	updated coverage file	2023-09-12 15:03:12 +05:30
abutalib-kiwi	0a9dde2038	Merge branch 'dev' of https://github.com/KiwiTechLLC/ZODBank-Backend into dev	2023-09-12 14:58:35 +05:30
dilipshrivastwa-kiwi	f11959d6bc	Merge pull request #327 from KiwiTechLLC/ZBKADM-73-test-cases test cases for admin user management, analytics and notification	2023-09-12 14:54:26 +05:30
abutalib-kiwi	7aee372606	test cases for admin user management, analytics and notification	2023-09-12 14:51:28 +05:30
abutalib-kiwi	1dec5ace3f	test cases for admin user management, analytics and notification	2023-09-12 14:42:44 +05:30
abutalib-kiwi	2444b6f55e	test cases for admin user management, analytics and notification	2023-09-12 14:40:50 +05:30
dilipshrivastwa-kiwi	3ecbc1d303	Merge pull request #324 from KiwiTechLLC/ZBKBCK-52 make special password method modified	2023-09-11 17:37:42 +05:30
abutalib-kiwi	ca0041caa6	make special password method modified	2023-09-11 17:01:03 +05:30
abutalib-kiwi	c800853e9b	make special password method modified	2023-09-11 16:45:07 +05:30
abutalib-kiwi	373c1b70ab	make special password method modified	2023-09-11 16:40:07 +05:30
dilipshrivastwa-kiwi	3a84b1ea75	Merge pull request #323 from KiwiTechLLC/ZBKADM-73-test-cases test cases for web admin auth	2023-09-11 14:45:25 +05:30
abutalib-kiwi	bf1004696a	added test cases for auth	2023-09-11 14:39:01 +05:30
abutalib-kiwi	d937c1bb92	Merge branch 'dev' into ZBKADM-73-test-cases	2023-09-11 13:00:04 +05:30
dilipshrivastwa-kiwi	0a877b410e	Merge pull request #320 from KiwiTechLLC/ZBKBCK-52 modified add junior api for exsiting junior.	2023-09-11 12:22:31 +05:30
abutalib-kiwi	9d4e7b05e4	modified add junior api for exsiting junior.	2023-09-11 12:08:22 +05:30
dilipshrivastwa-kiwi	b20e1cf516	Merge pull request #319 from KiwiTechLLC/ZBKBCK-52 api to check whether given user exist or not	2023-09-09 16:52:03 +05:30
abutalib-kiwi	6b0ea91742	api to check whether given user exist or not	2023-09-08 20:55:32 +05:30
abutalib-kiwi	859d26d073	test cases for web admin auth	2023-09-08 19:07:06 +05:30
Abu Talib	154b9de32b	Merge pull request #317 from KiwiTechLLC/ZBKBCK-52 check answer api fixed	2023-09-08 16:56:18 +05:30
abutalib-kiwi	4a554272a0	check answer api fixed	2023-09-08 16:54:37 +05:30
dilipshrivastwa-kiwi	8533a27cb7	Merge pull request #316 from KiwiTechLLC/ZBKBCK-52 check answer api fixed	2023-09-08 16:54:31 +05:30
abutalib-kiwi	7db6502a89	check answer api fixed	2023-09-08 16:41:59 +05:30
dilipshrivastwa-kiwi	a8e9a09d3f	Merge pull request #315 from KiwiTechLLC/ZBKBCK-52 modified task description field, modified check answer api and create…	2023-09-08 16:17:20 +05:30
abutalib-kiwi	1e97d7bd6b	modified task description field, modified check answer api and create task api	2023-09-08 16:14:29 +05:30
dilipshrivastwa-kiwi	b084b255dc	Merge pull request #314 from KiwiTechLLC/ZBKADM-73-test-cases test cases for web admin article	2023-09-08 11:08:18 +05:30
abutalib-kiwi	441842df74	test cases for web admin article	2023-09-07 19:47:25 +05:30
dilipshrivastwa-kiwi	78fb5f5650	Merge pull request #311 from KiwiTechLLC/ZBKBCK-50 modification in create task api	2023-09-07 15:13:33 +05:30
dilipshrivastwa-kiwi	f63d9ddea0	Merge pull request #310 from KiwiTechLLC/ZBKBCK-50 modified article publish and un-publish api, sonar issues, modificati…	2023-09-07 13:51:57 +05:30
dilipshrivastwa-kiwi	0471a3d588	Merge pull request #308 from KiwiTechLLC/ZBKBCK-50 modified some success messages.	2023-09-06 17:41:49 +05:30