Password resetting

src/accounts/api/serializers.py

@@ -3,7 +3,7 @@
 from django_email_verification import sendConfirm
 from rest_framework import serializers
 
-from ..models import Account
+from ..models import (Account, PasswordResetRequestModel)
 
 
 class PublicAccountDataSerializer(serializers.ModelSerializer):
@@ -81,3 +81,35 @@ def validate(self, data):
                 "Verification token seems invalid or maybe outdated. Try requesting a new one."
             )
         return account
+
+class ChangePasswordSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Account
+        fields = ("password")
+        extra_kwargs = {"password": {"write_only": True}}
+
+    def update(self, instance, validated_data):
+        instance.set_password(validated_data.get("password", instance.password))
+        instance.save()
+        return instance
+
+
+class ChangePasswordRequestSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = PasswordResetRequestModel
+        fields = ["email"]
+
+    email = serializers.EmailField()
+
+    def validate(self, data):
+        account = Account.objects.filter(email=data["email"]).first()
+        #note: make this silently fail later, users dont need to know about this.
+        if account is None:
+            raise serializers.ValidationError("Account with this email doesn't exist.")
+        newModel = PasswordResetRequestModel(token=account.verification_token, account=account)
+        return newModel
+
+    def create(self, validated_data):
+        print(validated_data)
+        reset_request = PasswordResetRequestModel.objects.create(token=validated_data.token, account=validated_data.account)
+        return reset_request

src/accounts/api/urls.py

@@ -9,6 +9,8 @@
     RequestVerificationTokenView,
     UpdateAccountView,
     VerifyAccountView,
+    ChangePasswordView,
+    RequestPasswordResetView,
 )
 
 app_name = "account"
@@ -32,4 +34,6 @@
         name="request-verification-token",
     ),
     path("verify-account", VerifyAccountView.as_view(), name="verify-account"),
+    path("change-password/<str:unique_identifier>/<str:token>", ChangePasswordView.as_view(), name="change-passwordd"),
+    path("change-password/", RequestPasswordResetView.as_view(), name="change-password"),
 ]

src/accounts/api/views.py

@@ -8,6 +8,14 @@
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.serializers import ValidationError
+from django.shortcuts import get_object_or_404
+from django.contrib.auth.models import User
+from django.contrib.auth.tokens import default_token_generator
+from django.utils.encoding import force_text
+from django.utils.http import urlsafe_base64_decode
+from django.contrib.auth.views import PasswordResetConfirmView
+from django.contrib.auth.forms import SetPasswordForm
+from django.http import HttpResponse
 
 from ..exceptions import MissingMailConfirmationError
 from ..models import Account
@@ -17,6 +25,8 @@
     RegisterAccountSerializer,
     UpdateAccountSerializer,
     VerifyAccountSerializer,
+    ChangePasswordSerializer,
+    ChangePasswordRequestSerializer,
 )
 
 
@@ -181,3 +191,34 @@ def post(self, request):
         public_data = PublicAccountDataSerializer(account).data
 
         return Response(public_data, status=status.HTTP_200_OK)
+
+class ChangePasswordView(GenericAPIView):
+    permission_classes = (AllowAny,)
+    serializer_class = ChangePasswordSerializer
+
+    def get(self, unique_identifier, token):
+        try:
+            account = Account.objects.get(unique_identifier)
+        except (TypeError, ValueError, OverflowError, User.DoesNotExist):
+            return Response({'detail': 'Invalid link or expired.'}, status=status.HTTP_400_BAD_REQUEST)
+
+        if account is not None and default_token_generator.check_token(account, token):
+            return Response({'detail': 'Password reset successfully.'}, status=status.HTTP_200_OK)
+        else:
+            return Response({'detail': 'Invalid link or expired.'}, status=status.HTTP_400_BAD_REQUEST)
+
+class RequestPasswordResetView(GenericAPIView):
+    permission_classes = (AllowAny,)
+    serializer_class = ChangePasswordRequestSerializer
+
+    def post(self, request):
+        serializer = self.serializer_class(data=request.data)
+        try:
+            serializer.is_valid(raise_exception=True)
+        except ValidationError as e:
+            return Response(data={"error V": str(e)}, status=e.status_code)
+        except Exception as e:
+            return Response(data={"error E": str(e)}, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
+        serializer.create(serializer.validated_data)
+        #return Response(data={"sucess test" : "soup"}, status=status.HTTP_200_OK)
+        return Response(data={"sucess" : str(serializer)}, status=status.HTTP_200_OK)

src/accounts/migrations/0002_passwordresetrequest.py

@@ -0,0 +1,23 @@
+# Generated by Django 3.2.22 on 2024-01-13 17:03
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='PasswordResetRequest',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('token', models.UUIDField()),
+                ('account', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+    ]

src/accounts/migrations/0003_auto_20240113_1858.py

@@ -0,0 +1,26 @@
+# Generated by Django 3.2.22 on 2024-01-13 18:58
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0002_passwordresetrequest'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='PasswordResetRequestModel',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('token', models.UUIDField()),
+                ('account', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.DeleteModel(
+            name='PasswordResetRequest',
+        ),
+    ]

src/accounts/models.py

@@ -69,3 +69,7 @@ def save(self, *args, **kwargs):
 
     def __str__(self):
         return f"{self.unique_identifier} as {self.username}"
+
+class PasswordResetRequestModel(models.Model):
+    token = models.UUIDField()
+    account = models.ForeignKey(Account, on_delete=models.CASCADE)