Merge pull request #15 from AI4Bharat/firebase-auth

remove password from db

backend/users/migrations/0032_alter_user_guest_user.py

@@ -0,0 +1,22 @@
+# Generated by Django 3.2.23 on 2024-01-18 07:24
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("users", "0031_auto_20231227_1055"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="user",
+            name="guest_user",
+            field=models.BooleanField(
+                choices=[(True, "Yes"), (False, "No")],
+                default=True,
+                help_text="Indicates whether the user is a guest user.",
+                verbose_name="guest_user",
+            ),
+        ),
+    ]

backend/users/models.py

@@ -149,7 +149,7 @@ class User(AbstractBaseUser, PermissionsMixin):
 
     guest_user = models.BooleanField(
         verbose_name="guest_user",
-        default=False,
+        default=True,
         choices=GUEST_USER_CHOICES,
         help_text="Indicates whether the user is a guest user.",
     )
@@ -305,28 +305,28 @@ def is_organization_owner(self):
     def is_admin(self):
         return self.role == User.ADMIN
 
-    def send_mail_to_change_password(self, email, key):
-        sent_token = self.generate_reset_token(key)
-        prefix = os.getenv("FRONTEND_URL_FOR_RESET_PASSWORD")
-        link = f"{prefix}/#/forget-password/confirm/{key}/{sent_token}"
-        try:
-            send_mail(
-                "Reset password link for Anudesh",
-                f"Hello! Please click on the following link to reset your password - {link}",
-                settings.DEFAULT_FROM_EMAIL,
-                [email],
-            )
-        except SMTPAuthenticationError:
-            raise Exception(
-                "Failed to authenticate with the SMTP server. Check your email settings."
-            )
-        except (
-            SMTPException,
-            socket.gaierror,
-            SMTPRecipientsRefused,
-            SMTPServerDisconnected,
-        ) as e:
-            raise Exception("Failed to send the email. Please try again later.")
+    # def send_mail_to_change_password(self, email, key):
+    #     sent_token = self.generate_reset_token(key)
+    #     prefix = os.getenv("FRONTEND_URL_FOR_RESET_PASSWORD")
+    #     link = f"{prefix}/#/forget-password/confirm/{key}/{sent_token}"
+    #     try:
+    #         send_mail(
+    #             "Reset password link for Anudesh",
+    #             f"Hello! Please click on the following link to reset your password - {link}",
+    #             settings.DEFAULT_FROM_EMAIL,
+    #             [email],
+    #         )
+    #     except SMTPAuthenticationError:
+    #         raise Exception(
+    #             "Failed to authenticate with the SMTP server. Check your email settings."
+    #         )
+    #     except (
+    #         SMTPException,
+    #         socket.gaierror,
+    #         SMTPRecipientsRefused,
+    #         SMTPServerDisconnected,
+    #     ) as e:
+    #         raise Exception("Failed to send the email. Please try again later.")
 
     def generate_reset_token(self, user_id):
         # Setting token expiration time (2 hours)

backend/users/serializers.py

@@ -19,12 +19,12 @@ def validate_login(self, data):
 class UserSignUpSerializer(serializers.ModelSerializer):
     class Meta:
         model = User
-        fields = ["username", "password", "email"]
+        fields = ["username", "email"]
 
     def update(self, instance, validated_data):
         instance.username = validated_data.get("username")
         instance.has_accepted_invite = True
-        instance.set_password(validated_data.get("password"))
+        instance.guest_user = False
         instance.save()
         return instance
 

backend/users/views.py

@@ -352,7 +352,7 @@ def login(self, request, *args, **kwargs):
         try:
             firebase = pyrebase.initialize_app(config)
             auth = firebase.auth()
-            fire_user = auth.sign_in_with_email_and_password(email, password)
+            auth.sign_in_with_email_and_password(email, password)
             refresh = RefreshToken.for_user(user)
             access_token = str(refresh.access_token)
             refresh_token = str(refresh)
@@ -371,6 +371,41 @@ def login(self, request, *args, **kwargs):
             status=status.HTTP_200_OK,
         )
 
+    @permission_classes([AllowAny])
+    @action(
+        detail=True,
+        methods=["post"],
+        url_path="reset_password",
+        url_name="reset_password",
+    )
+    def reset_password(self, request, *args, **kwargs):
+        """
+        User change password functionality
+        """
+        try:
+            email = request.data.get("email")
+            user = User.objects.get(email=email)
+        except User.DoesNotExist:
+            return Response(
+                {"message": "Incorrect email, User not found"},
+                status=status.HTTP_404_NOT_FOUND,
+            )
+        firebase = pyrebase.initialize_app(config)
+        auth = firebase.auth()
+        try:
+            auth.send_password_reset_email(email)
+            return Response(
+                {
+                    "message": "Please check your registered email and click on the link to reset your password.",
+                },
+                status=status.HTTP_200_OK,
+            )
+        except Exception as error:
+            return Response(
+                {"message": "Error: " + error},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
 
 class GoogleLogin(viewsets.ViewSet):
     @permission_classes([AllowAny])
@@ -414,8 +449,6 @@ def google_login(self, request, *args, **kwargs):
                 email=email.lower(),
                 role=1,
             )
-            # user.set_password("googleLogin"+generate_random_string(20))
-            user.set_password("googleLogin" + email)
             users = []
             users.append(user)
             User.objects.bulk_create(users)
@@ -440,70 +473,6 @@ def google_login(self, request, *args, **kwargs):
             status=status.HTTP_200_OK,
         )
 
-    @permission_classes([AllowAny])
-    @swagger_auto_schema(request_body=ChangePasswordWithoutOldPassword)
-    @action(
-        detail=True,
-        methods=["post"],
-        url_path="reset_password",
-        url_name="reset_password",
-    )
-    def reset_password(self, request, *args, **kwargs):
-        """
-        User change password functionality
-        """
-        if not request.data.get("new_password"):
-            try:
-                email = request.data.get("email")
-                user = User.objects.get(email=email)
-            except User.DoesNotExist:
-                return Response(
-                    {"message": "Incorrect email, User not found"},
-                    status=status.HTTP_404_NOT_FOUND,
-                )
-            key = user.id
-            user.send_mail_to_change_password(email, key)
-            return Response(
-                {
-                    "message": "Please check your registered email and click on the link to reset your password.",
-                },
-                status=status.HTTP_200_OK,
-            )
-        else:
-            try:
-                received_token = request.data.get("token")
-                user_id = request.data.get("uid")
-                new_password = request.data.get("new_password")
-            except KeyError:
-                raise Exception("Insufficient details")
-            user = User.objects.get(id=user_id)
-            try:
-                secret_key = os.getenv("SECRET_KEY")
-                decodedToken = jwt.decode(received_token, secret_key, "HS256")
-            except InvalidSignatureError:
-                raise Exception(
-                    "The password reset link has expired. Please request a new link."
-                )
-            except DecodeError:
-                raise Exception(
-                    "Invalid token. Please make sure the token is correct and try again."
-                )
-
-            serializer = ChangePasswordWithoutOldPassword(user, request.data)
-            serializer.is_valid(raise_exception=True)
-
-            validation_response = serializer.validation_checks(
-                user, request.data
-            )  # checks for min_length, whether password is similar to user details etc.
-            if validation_response != "Validation successful":
-                return Response(
-                    {"message": validation_response},
-                    status=status.HTTP_400_BAD_REQUEST,
-                )
-
-            user = serializer.save(user, request.data)
-            return Response({"message": "Password changed."}, status=status.HTTP_200_OK)
-
 
 class UserViewSet(viewsets.ViewSet):
     permission_classes = (IsAuthenticated,)