diff --git a/backend/users/migrations/0032_alter_user_guest_user.py b/backend/users/migrations/0032_alter_user_guest_user.py new file mode 100644 index 00000000..172e5e0e --- /dev/null +++ b/backend/users/migrations/0032_alter_user_guest_user.py @@ -0,0 +1,22 @@ +# Generated by Django 3.2.23 on 2024-01-18 07:24 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + dependencies = [ + ("users", "0031_auto_20231227_1055"), + ] + + operations = [ + migrations.AlterField( + model_name="user", + name="guest_user", + field=models.BooleanField( + choices=[(True, "Yes"), (False, "No")], + default=True, + help_text="Indicates whether the user is a guest user.", + verbose_name="guest_user", + ), + ), + ] diff --git a/backend/users/models.py b/backend/users/models.py index cf1a1b16..cdb6df5a 100644 --- a/backend/users/models.py +++ b/backend/users/models.py @@ -149,7 +149,7 @@ class User(AbstractBaseUser, PermissionsMixin): guest_user = models.BooleanField( verbose_name="guest_user", - default=False, + default=True, choices=GUEST_USER_CHOICES, help_text="Indicates whether the user is a guest user.", ) @@ -305,28 +305,28 @@ def is_organization_owner(self): def is_admin(self): return self.role == User.ADMIN - def send_mail_to_change_password(self, email, key): - sent_token = self.generate_reset_token(key) - prefix = os.getenv("FRONTEND_URL_FOR_RESET_PASSWORD") - link = f"{prefix}/#/forget-password/confirm/{key}/{sent_token}" - try: - send_mail( - "Reset password link for Anudesh", - f"Hello! Please click on the following link to reset your password - {link}", - settings.DEFAULT_FROM_EMAIL, - [email], - ) - except SMTPAuthenticationError: - raise Exception( - "Failed to authenticate with the SMTP server. Check your email settings." - ) - except ( - SMTPException, - socket.gaierror, - SMTPRecipientsRefused, - SMTPServerDisconnected, - ) as e: - raise Exception("Failed to send the email. Please try again later.") + # def send_mail_to_change_password(self, email, key): + # sent_token = self.generate_reset_token(key) + # prefix = os.getenv("FRONTEND_URL_FOR_RESET_PASSWORD") + # link = f"{prefix}/#/forget-password/confirm/{key}/{sent_token}" + # try: + # send_mail( + # "Reset password link for Anudesh", + # f"Hello! Please click on the following link to reset your password - {link}", + # settings.DEFAULT_FROM_EMAIL, + # [email], + # ) + # except SMTPAuthenticationError: + # raise Exception( + # "Failed to authenticate with the SMTP server. Check your email settings." + # ) + # except ( + # SMTPException, + # socket.gaierror, + # SMTPRecipientsRefused, + # SMTPServerDisconnected, + # ) as e: + # raise Exception("Failed to send the email. Please try again later.") def generate_reset_token(self, user_id): # Setting token expiration time (2 hours) diff --git a/backend/users/serializers.py b/backend/users/serializers.py index 573aaf04..77f74add 100644 --- a/backend/users/serializers.py +++ b/backend/users/serializers.py @@ -19,12 +19,12 @@ def validate_login(self, data): class UserSignUpSerializer(serializers.ModelSerializer): class Meta: model = User - fields = ["username", "password", "email"] + fields = ["username", "email"] def update(self, instance, validated_data): instance.username = validated_data.get("username") instance.has_accepted_invite = True - instance.set_password(validated_data.get("password")) + instance.guest_user = False instance.save() return instance diff --git a/backend/users/views.py b/backend/users/views.py index 05cd3d6e..93257914 100644 --- a/backend/users/views.py +++ b/backend/users/views.py @@ -352,7 +352,7 @@ def login(self, request, *args, **kwargs): try: firebase = pyrebase.initialize_app(config) auth = firebase.auth() - fire_user = auth.sign_in_with_email_and_password(email, password) + auth.sign_in_with_email_and_password(email, password) refresh = RefreshToken.for_user(user) access_token = str(refresh.access_token) refresh_token = str(refresh) @@ -371,6 +371,41 @@ def login(self, request, *args, **kwargs): status=status.HTTP_200_OK, ) + @permission_classes([AllowAny]) + @action( + detail=True, + methods=["post"], + url_path="reset_password", + url_name="reset_password", + ) + def reset_password(self, request, *args, **kwargs): + """ + User change password functionality + """ + try: + email = request.data.get("email") + user = User.objects.get(email=email) + except User.DoesNotExist: + return Response( + {"message": "Incorrect email, User not found"}, + status=status.HTTP_404_NOT_FOUND, + ) + firebase = pyrebase.initialize_app(config) + auth = firebase.auth() + try: + auth.send_password_reset_email(email) + return Response( + { + "message": "Please check your registered email and click on the link to reset your password.", + }, + status=status.HTTP_200_OK, + ) + except Exception as error: + return Response( + {"message": "Error: " + error}, + status=status.HTTP_400_BAD_REQUEST, + ) + class GoogleLogin(viewsets.ViewSet): @permission_classes([AllowAny]) @@ -414,8 +449,6 @@ def google_login(self, request, *args, **kwargs): email=email.lower(), role=1, ) - # user.set_password("googleLogin"+generate_random_string(20)) - user.set_password("googleLogin" + email) users = [] users.append(user) User.objects.bulk_create(users) @@ -440,70 +473,6 @@ def google_login(self, request, *args, **kwargs): status=status.HTTP_200_OK, ) - @permission_classes([AllowAny]) - @swagger_auto_schema(request_body=ChangePasswordWithoutOldPassword) - @action( - detail=True, - methods=["post"], - url_path="reset_password", - url_name="reset_password", - ) - def reset_password(self, request, *args, **kwargs): - """ - User change password functionality - """ - if not request.data.get("new_password"): - try: - email = request.data.get("email") - user = User.objects.get(email=email) - except User.DoesNotExist: - return Response( - {"message": "Incorrect email, User not found"}, - status=status.HTTP_404_NOT_FOUND, - ) - key = user.id - user.send_mail_to_change_password(email, key) - return Response( - { - "message": "Please check your registered email and click on the link to reset your password.", - }, - status=status.HTTP_200_OK, - ) - else: - try: - received_token = request.data.get("token") - user_id = request.data.get("uid") - new_password = request.data.get("new_password") - except KeyError: - raise Exception("Insufficient details") - user = User.objects.get(id=user_id) - try: - secret_key = os.getenv("SECRET_KEY") - decodedToken = jwt.decode(received_token, secret_key, "HS256") - except InvalidSignatureError: - raise Exception( - "The password reset link has expired. Please request a new link." - ) - except DecodeError: - raise Exception( - "Invalid token. Please make sure the token is correct and try again." - ) - - serializer = ChangePasswordWithoutOldPassword(user, request.data) - serializer.is_valid(raise_exception=True) - - validation_response = serializer.validation_checks( - user, request.data - ) # checks for min_length, whether password is similar to user details etc. - if validation_response != "Validation successful": - return Response( - {"message": validation_response}, - status=status.HTTP_400_BAD_REQUEST, - ) - - user = serializer.save(user, request.data) - return Response({"message": "Password changed."}, status=status.HTTP_200_OK) - class UserViewSet(viewsets.ViewSet): permission_classes = (IsAuthenticated,)