From ea7d8aacbe622c834808ba4741062273691508c9 Mon Sep 17 00:00:00 2001 From: kartikvirendrar Date: Thu, 18 Jan 2024 12:28:42 +0530 Subject: [PATCH 1/5] remove password field from db --- backend/users/models.py | 46 ++++++++++++++++++------------------ backend/users/serializers.py | 4 ++-- backend/users/views.py | 4 +--- 3 files changed, 26 insertions(+), 28 deletions(-) diff --git a/backend/users/models.py b/backend/users/models.py index cf1a1b16..cdb6df5a 100644 --- a/backend/users/models.py +++ b/backend/users/models.py @@ -149,7 +149,7 @@ class User(AbstractBaseUser, PermissionsMixin): guest_user = models.BooleanField( verbose_name="guest_user", - default=False, + default=True, choices=GUEST_USER_CHOICES, help_text="Indicates whether the user is a guest user.", ) @@ -305,28 +305,28 @@ def is_organization_owner(self): def is_admin(self): return self.role == User.ADMIN - def send_mail_to_change_password(self, email, key): - sent_token = self.generate_reset_token(key) - prefix = os.getenv("FRONTEND_URL_FOR_RESET_PASSWORD") - link = f"{prefix}/#/forget-password/confirm/{key}/{sent_token}" - try: - send_mail( - "Reset password link for Anudesh", - f"Hello! Please click on the following link to reset your password - {link}", - settings.DEFAULT_FROM_EMAIL, - [email], - ) - except SMTPAuthenticationError: - raise Exception( - "Failed to authenticate with the SMTP server. Check your email settings." - ) - except ( - SMTPException, - socket.gaierror, - SMTPRecipientsRefused, - SMTPServerDisconnected, - ) as e: - raise Exception("Failed to send the email. Please try again later.") + # def send_mail_to_change_password(self, email, key): + # sent_token = self.generate_reset_token(key) + # prefix = os.getenv("FRONTEND_URL_FOR_RESET_PASSWORD") + # link = f"{prefix}/#/forget-password/confirm/{key}/{sent_token}" + # try: + # send_mail( + # "Reset password link for Anudesh", + # f"Hello! Please click on the following link to reset your password - {link}", + # settings.DEFAULT_FROM_EMAIL, + # [email], + # ) + # except SMTPAuthenticationError: + # raise Exception( + # "Failed to authenticate with the SMTP server. Check your email settings." + # ) + # except ( + # SMTPException, + # socket.gaierror, + # SMTPRecipientsRefused, + # SMTPServerDisconnected, + # ) as e: + # raise Exception("Failed to send the email. Please try again later.") def generate_reset_token(self, user_id): # Setting token expiration time (2 hours) diff --git a/backend/users/serializers.py b/backend/users/serializers.py index 573aaf04..77f74add 100644 --- a/backend/users/serializers.py +++ b/backend/users/serializers.py @@ -19,12 +19,12 @@ def validate_login(self, data): class UserSignUpSerializer(serializers.ModelSerializer): class Meta: model = User - fields = ["username", "password", "email"] + fields = ["username", "email"] def update(self, instance, validated_data): instance.username = validated_data.get("username") instance.has_accepted_invite = True - instance.set_password(validated_data.get("password")) + instance.guest_user = False instance.save() return instance diff --git a/backend/users/views.py b/backend/users/views.py index 05cd3d6e..1e395ca3 100644 --- a/backend/users/views.py +++ b/backend/users/views.py @@ -352,7 +352,7 @@ def login(self, request, *args, **kwargs): try: firebase = pyrebase.initialize_app(config) auth = firebase.auth() - fire_user = auth.sign_in_with_email_and_password(email, password) + auth.sign_in_with_email_and_password(email, password) refresh = RefreshToken.for_user(user) access_token = str(refresh.access_token) refresh_token = str(refresh) @@ -414,8 +414,6 @@ def google_login(self, request, *args, **kwargs): email=email.lower(), role=1, ) - # user.set_password("googleLogin"+generate_random_string(20)) - user.set_password("googleLogin" + email) users = [] users.append(user) User.objects.bulk_create(users) From d87f06ac512c822b96c16043335924dcc7d4b257 Mon Sep 17 00:00:00 2001 From: kartikvirendrar Date: Thu, 18 Jan 2024 12:51:12 +0530 Subject: [PATCH 2/5] updated reset password api --- backend/users/views.py | 101 +++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 64 deletions(-) diff --git a/backend/users/views.py b/backend/users/views.py index 1e395ca3..bb6e423d 100644 --- a/backend/users/views.py +++ b/backend/users/views.py @@ -370,6 +370,43 @@ def login(self, request, *args, **kwargs): }, status=status.HTTP_200_OK, ) + + @permission_classes([AllowAny]) + @action( + detail=True, + methods=["post"], + url_path="reset_password", + url_name="reset_password", + ) + def reset_password(self, request, *args, **kwargs): + """ + User change password functionality + """ + try: + email = request.data.get("email") + user = User.objects.get(email=email) + except User.DoesNotExist: + return Response( + {"message": "Incorrect email, User not found"}, + status=status.HTTP_404_NOT_FOUND, + ) + firebase = pyrebase.initialize_app(config) + auth = firebase.auth() + try: + auth.send_password_reset_email(email) + return Response( + { + "message": "Please check your registered email and click on the link to reset your password.", + }, + status=status.HTTP_200_OK, + ) + except Exception as error: + return Response( + { + "message": "Error: "+error + }, + status=status.HTTP_400_BAD_REQUEST, + ) class GoogleLogin(viewsets.ViewSet): @@ -438,70 +475,6 @@ def google_login(self, request, *args, **kwargs): status=status.HTTP_200_OK, ) - @permission_classes([AllowAny]) - @swagger_auto_schema(request_body=ChangePasswordWithoutOldPassword) - @action( - detail=True, - methods=["post"], - url_path="reset_password", - url_name="reset_password", - ) - def reset_password(self, request, *args, **kwargs): - """ - User change password functionality - """ - if not request.data.get("new_password"): - try: - email = request.data.get("email") - user = User.objects.get(email=email) - except User.DoesNotExist: - return Response( - {"message": "Incorrect email, User not found"}, - status=status.HTTP_404_NOT_FOUND, - ) - key = user.id - user.send_mail_to_change_password(email, key) - return Response( - { - "message": "Please check your registered email and click on the link to reset your password.", - }, - status=status.HTTP_200_OK, - ) - else: - try: - received_token = request.data.get("token") - user_id = request.data.get("uid") - new_password = request.data.get("new_password") - except KeyError: - raise Exception("Insufficient details") - user = User.objects.get(id=user_id) - try: - secret_key = os.getenv("SECRET_KEY") - decodedToken = jwt.decode(received_token, secret_key, "HS256") - except InvalidSignatureError: - raise Exception( - "The password reset link has expired. Please request a new link." - ) - except DecodeError: - raise Exception( - "Invalid token. Please make sure the token is correct and try again." - ) - - serializer = ChangePasswordWithoutOldPassword(user, request.data) - serializer.is_valid(raise_exception=True) - - validation_response = serializer.validation_checks( - user, request.data - ) # checks for min_length, whether password is similar to user details etc. - if validation_response != "Validation successful": - return Response( - {"message": validation_response}, - status=status.HTTP_400_BAD_REQUEST, - ) - - user = serializer.save(user, request.data) - return Response({"message": "Password changed."}, status=status.HTTP_200_OK) - class UserViewSet(viewsets.ViewSet): permission_classes = (IsAuthenticated,) From b401388f0052f199504963c455cd9ed103380636 Mon Sep 17 00:00:00 2001 From: kartikvirendrar Date: Thu, 18 Jan 2024 12:52:54 +0530 Subject: [PATCH 3/5] updated reset password api --- backend/users/views.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/backend/users/views.py b/backend/users/views.py index bb6e423d..93257914 100644 --- a/backend/users/views.py +++ b/backend/users/views.py @@ -370,7 +370,7 @@ def login(self, request, *args, **kwargs): }, status=status.HTTP_200_OK, ) - + @permission_classes([AllowAny]) @action( detail=True, @@ -402,9 +402,7 @@ def reset_password(self, request, *args, **kwargs): ) except Exception as error: return Response( - { - "message": "Error: "+error - }, + {"message": "Error: " + error}, status=status.HTTP_400_BAD_REQUEST, ) From 4c033ac4c3744cb3e58238335c9cbd7f0bf77291 Mon Sep 17 00:00:00 2001 From: kartikvirendrar Date: Thu, 18 Jan 2024 12:54:39 +0530 Subject: [PATCH 4/5] make migrations --- .../migrations/0032_alter_user_guest_user.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 backend/users/migrations/0032_alter_user_guest_user.py diff --git a/backend/users/migrations/0032_alter_user_guest_user.py b/backend/users/migrations/0032_alter_user_guest_user.py new file mode 100644 index 00000000..7f4d4423 --- /dev/null +++ b/backend/users/migrations/0032_alter_user_guest_user.py @@ -0,0 +1,18 @@ +# Generated by Django 3.2.23 on 2024-01-18 07:24 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0031_auto_20231227_1055'), + ] + + operations = [ + migrations.AlterField( + model_name='user', + name='guest_user', + field=models.BooleanField(choices=[(True, 'Yes'), (False, 'No')], default=True, help_text='Indicates whether the user is a guest user.', verbose_name='guest_user'), + ), + ] From 1488871b8ab69a025832ccb5d2ba353755571b44 Mon Sep 17 00:00:00 2001 From: kartikvirendrar Date: Thu, 18 Jan 2024 12:55:41 +0530 Subject: [PATCH 5/5] make migrations --- .../users/migrations/0032_alter_user_guest_user.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/backend/users/migrations/0032_alter_user_guest_user.py b/backend/users/migrations/0032_alter_user_guest_user.py index 7f4d4423..172e5e0e 100644 --- a/backend/users/migrations/0032_alter_user_guest_user.py +++ b/backend/users/migrations/0032_alter_user_guest_user.py @@ -4,15 +4,19 @@ class Migration(migrations.Migration): - dependencies = [ - ('users', '0031_auto_20231227_1055'), + ("users", "0031_auto_20231227_1055"), ] operations = [ migrations.AlterField( - model_name='user', - name='guest_user', - field=models.BooleanField(choices=[(True, 'Yes'), (False, 'No')], default=True, help_text='Indicates whether the user is a guest user.', verbose_name='guest_user'), + model_name="user", + name="guest_user", + field=models.BooleanField( + choices=[(True, "Yes"), (False, "No")], + default=True, + help_text="Indicates whether the user is a guest user.", + verbose_name="guest_user", + ), ), ]