From 1d4bf7fbfedd25c205b4df0702f62617881144e2 Mon Sep 17 00:00:00 2001
From: AlStien <aj601604@gmail.com>
Date: Fri, 5 Nov 2021 15:11:50 +0530
Subject: [PATCH] fixed same OTP issue and configured reset password

---
 VShop/urls.py     |  2 +-
 base/api/urls.py  | 13 ++++++++-----
 base/api/views.py | 45 +++++++++++++++++++++++++++++++++++----------
 3 files changed, 44 insertions(+), 16 deletions(-)

diff --git a/VShop/urls.py b/VShop/urls.py
index 07030de..d404c95 100644
--- a/VShop/urls.py
+++ b/VShop/urls.py
@@ -6,7 +6,7 @@
 )
 urlpatterns = [
     path('', include('base.urls')),
-    path('api/', include('base.api.urls')),
+    path('api/Account/', include('base.api.urls')),
     path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'),
     path('api/token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path('admin/', admin.site.urls),
diff --git a/base/api/urls.py b/base/api/urls.py
index 13ed379..4db063f 100644
--- a/base/api/urls.py
+++ b/base/api/urls.py
@@ -1,3 +1,4 @@
+from os import name
 from django.urls import path
 
 from base.api.serializers import LoginUserSerializer
@@ -6,9 +7,11 @@
 
 app_name = 'base-api'
 urlpatterns = [
-    path('Account/', views.AccountList.as_view(), name="AccountList"),
-    path('Account/<int:pk>', views.AccountDetails.as_view(), name="AccountDetail"),
-    path('Account/create-account/', views.AccountList.as_view(), name="create-account"),
-    path('Account/otp/verify/', views.OTPView.as_view(), name="verify-otp"),
-    path('Account/login/', views.LoginAPIView.as_view(), name="login")
+    path('', views.AccountList.as_view(), name="AccountList"),
+    path('<int:pk>', views.AccountDetails.as_view(), name="AccountDetail"),
+    path('create-account/', views.AccountList.as_view(), name="create-account"),
+    path('otp/verify/', views.OTPView.as_view(), name="verify-otp"),
+    path('login/', views.LoginAPIView.as_view(), name="login"),
+    path('reset-password/email-verify/', views.EmailVerifyView.as_view(), name="email-verify"),
+    path('reset-password/change-password/', views.PasswordChangeView.as_view(), name='change-password'),
 ]
\ No newline at end of file
diff --git a/base/api/views.py b/base/api/views.py
index 4c2b149..e45d198 100644
--- a/base/api/views.py
+++ b/base/api/views.py
@@ -1,8 +1,8 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 from rest_framework import status
-from django.core.mail import EmailMultiAlternatives, message
-from django.shortcuts import redirect
+from django.core.mail import EmailMultiAlternatives
+from django.contrib.auth.hashers import make_password
 from datetime import datetime
 from django.utils import timezone
 from django.contrib.auth.hashers import check_password
@@ -10,13 +10,19 @@
 from .serializers import AccountSerializer, CheckVerify, LoginUserSerializer
 from VShop.settings import EMAIL_HOST_USER
 import random
-import datetime
+import datetime, time
 
 # generating 4-digit OTP
 otp = random.randint(1000, 9999)
 # send otp to required email
-def send_otp(email):
+def send_otp(email, otp=otp):
+    if OTP.objects.filter(otp = otp).exists():
+        if(otp > 9000):
+            otp = random.randint(1000, otp)
+        else:
+            otp = random.randint(otp, 9999)
     OTP.objects.filter(otpEmail__iexact = email).delete()
+    print(otp)
 
     from_email, to = EMAIL_HOST_USER, email
     subject = "OTP for V-Shop Sign-Up"
@@ -96,7 +102,7 @@ def post(self, request, format = None):
                 # OTP verified
                 user.update(is_verified = True)
                 user.update(is_active = True)
-                message = {'message':'OTP verified'}
+                message = {'message':'User verified'}
                 return Response(message,status=status.HTTP_202_ACCEPTED)
             # OTP expired
             message = {'message':'OTP expired'}
@@ -129,15 +135,34 @@ def post(self, request):
             return Response(message, status=status.HTTP_406_NOT_ACCEPTABLE)
         # check_pswd returns True for match
 
-class ForgetResetPasswordView(APIView):
+class EmailVerifyView(APIView):
 
     def post(self, request):
         email = request.data.get("email",)
-        try:
-            entered_usr = NewUser.objects.get(email__iexact=email)
-            send_otp(entered_usr)
+        if NewUser.objects.filter(email = email).exists():
+            send_otp(email)
             message = {'message':'OTP sent to registered Email'}
             return Response(message, status=status.HTTP_202_ACCEPTED)
-        except:
+        else:
             message = {'message':'No matching user found'}
             return Response(message, status=status.HTTP_406_NOT_ACCEPTABLE)
+
+class PasswordChangeView(APIView):
+    def post(self, request):
+        email = request.data.get("email",)
+        password = request.data.get("new password")
+        if OTP.objects.filter(otpEmail = email).exists():
+            if NewUser.objects.filter(email = email).exists():
+                user = NewUser.objects.get(email = email)
+                if user.password == password:
+                    message = {'message':'Password cannot be same as old one'}
+                    return Response(message, status=status.HTTP_406_NOT_ACCEPTABLE)
+                else:
+                    user.password = make_password(password)
+                    user.save()
+                    message = {'message':'Password Changed Successfully'}
+                    return Response(message, status=status.HTTP_202_ACCEPTED)
+        else:
+            message = {'message':'Email entered does not match the verified Email.'}
+            return Response(message, status=status.HTTP_406_NOT_ACCEPTABLE)
+    
\ No newline at end of file