Merge pull request #47 from codescalersinternships/development_1.1_ch…

…ange_password

Support change password endpoint

server/test_tracker/routs/auth.py

@@ -1,6 +1,7 @@
 from django.urls import path
 
 from test_tracker.views.auth import (
+    ChangePasswordView,
     DecodeAndVerifySignatureAPIView,
     GetUserAPIView,
     LoginByTokenAPIView,
@@ -21,4 +22,5 @@
     path("settings/", UpdateUserSettingsAPIView.as_view()),
     path("github/access_token/", GithubAccessTokenAPIView.as_view()),
     path("github/user/", GithubUserDataAPIView.as_view()),
+    path("change-password/", ChangePasswordView.as_view()),
 ]

server/test_tracker/serializers/auth.py

@@ -114,4 +114,8 @@ class GitHubRequestToGetAccessTokenSerializers(Serializer):
     code = CharField()
 
 class GitHubUserDataSerializers(Serializer):
-    access_token = CharField()
+    access_token = CharField()
+
+class ChangePasswordSerializer(Serializer):
+    old_password = CharField()
+    new_password = CharField()

server/test_tracker/views/auth.py

@@ -11,6 +11,7 @@
 from test_tracker.api.response import CustomResponse
 from test_tracker.models.users import User
 from test_tracker.serializers.auth import (
+    ChangePasswordSerializer,
     GitHubRequestToGetAccessTokenSerializers,
     GitHubUserDataSerializers,
     MyTokenObtainPairSerializer,
@@ -26,6 +27,8 @@
 from components import config
 
 from test_tracker.utils.generate_password import generate_password
+from django.contrib.auth.hashers import check_password
+
 
 
 class RegisterAPIView(GenericAPIView):
@@ -109,6 +112,34 @@ def get(self, request: Request, email: str) -> Response:
             message="User not found",
         )
 
+class ChangePasswordView(GenericAPIView):
+    serializer_class = ChangePasswordSerializer
+    permission_classes = [
+        UserIsAuthenticated,
+    ]
+
+    def put(self, request: Request) -> Response:
+        """Class change password to change user password."""
+        serializer = self.get_serializer(data=request.data)
+        if serializer.is_valid():
+            user_password: str = request.user.password
+
+            new_password = make_password(serializer.validated_data.get("new_password"))
+            checked_password: bool = check_password(
+                serializer.validated_data.get("old_password"), user_password
+            )
+
+            if checked_password:
+                request.user.password = new_password
+                request.user.save()
+                return CustomResponse.success(message="Success updated password")
+            return CustomResponse.unauthorized(
+                message="Incorrect password. Please ensure that the password provided is accurate."
+            )
+        return CustomResponse.bad_request(
+            message="Please make sure that you entered a valid data.",
+            error=serializer.errors,
+        )
 
 class UpdateUserSettingsAPIView(GenericAPIView):
     """This class to update profile info"""
@@ -120,10 +151,10 @@ def put(self, request: Request) -> Response:
         """Update user settings"""
         user = get_user_by_id(request.user.id)
         serializer = self.get_serializer(user, data=request.data)
-        if not request.data.get("password"):
-            request.data["password"] = user.password
-        else:
-            request.data["password"] = make_password(request.data["password"])
+        # if not request.data.get("password"):
+        #     request.data["password"] = user.password
+        # else:
+        #     request.data["password"] = make_password(request.data["password"])
         if serializer.is_valid():
             serializer.save()
             return CustomResponse.success(