Merge 4eb6b9f into 0092a33

.travis.yml

@@ -8,6 +8,8 @@ services:
 
 before_script:
     - psql -c 'create database ah_zeus_db;' -U postgres
+    - python manage.py makemigrations
+    - python manage.py migrate
 
 install:
     - pip install -r requirements.txt

authors/apps/authentication/serializers.py

@@ -148,4 +148,6 @@ def update(self, instance, validated_data):
 
         return instance
 
+class PasswordSerializer(serializers.Serializer):
+    new_password = serializers.CharField(max_length=255, required=True)
 

authors/apps/authentication/urls.py

@@ -2,7 +2,8 @@
 from rest_framework_swagger.views import get_swagger_view
 
 from .views import (
-    LoginAPIView, RegistrationAPIView, UserRetrieveUpdateAPIView, AccountVerified
+    LoginAPIView, RegistrationAPIView, UserRetrieveUpdateAPIView, AccountVerified, 
+    PasswordResetAPIView, PasswordUpdateAPIView
 )
 
 schema_view = get_swagger_view(title='Authors Haven')
@@ -13,5 +14,7 @@
     path('users/login/', LoginAPIView.as_view(), name = "user_login"),
     path('swagger/', schema_view),
     path('users/verified_account/<token>/<uid>', AccountVerified.as_view(), name="verify_account"),
+    path('users/password_reset/', PasswordResetAPIView.as_view()),
+    path('users/password_update/<token>',PasswordUpdateAPIView.as_view()),
 
 ]

authors/apps/authentication/views.py

@@ -18,7 +18,7 @@
 
 from .renderers import UserJSONRenderer
 from .serializers import (
-    LoginSerializer, RegistrationSerializer, UserSerializer
+    LoginSerializer, RegistrationSerializer, UserSerializer, PasswordSerializer
 )
 
 
@@ -88,6 +88,67 @@ def get(self, request, token, uid):
 
         return Response(msg, status=st)
 
+def generate_password_reset_token(data):
+    token = jwt.encode({
+        'email': data
+    }, settings.SECRET_KEY, algorithm='HS256')
+
+    return token.decode('utf-8')
+
+
+class PasswordResetAPIView(generics.CreateAPIView):
+    permission_classes = (AllowAny,)
+    renderer_classes = (UserJSONRenderer,)
+    serializer_class = UserSerializer
+
+    def post(self, request):
+        user_data = request.data['user']['email']
+
+        if not user_data:
+            return Response({"message": "Please enter your email"}, status=status.HTTP_400_BAD_REQUEST)
+
+        try:
+            user = User.objects.get(email=user_data)
+
+            token = generate_password_reset_token(user_data)
+
+            serializer_data = self.serializer_class(user)
+            email_sender = EMAIL_HOST_USER
+            receipient = [serializer_data['email'].value]
+            subject = "Password Reset "
+            message = "Click this link to reset your password:" + "http://{}/api/users/password_update/{}".format(
+                get_current_site(request), token)
+            send_mail(subject, message, email_sender,
+                      receipient, fail_silently=False)
+            return Response(
+                {'message': 'Check your email for the password reset link', "token": token}, status=status.HTTP_201_CREATED)
+        except:
+            return Response({'message': 'User not found'}, status=status.HTTP_400_BAD_REQUEST)
+
+
+
+class PasswordUpdateAPIView(generics.UpdateAPIView):
+    permission_classes = (AllowAny,)
+    serializer_class = PasswordSerializer
+    #The URL conf should include a keyword argument corresponding to this value
+    look_url_kwarg = 'token'
+
+    def update(self, request, *args, **kwargs):
+        token = self.kwargs.get(self.look_url_kwarg)
+        new_password = request.data.get('new_password')
+
+        if not new_password:
+            return Response({"message": "Please enter your password"}, status=status.HTTP_400_BAD_REQUEST)
+        try:
+            decode_token = jwt.decode(
+                token, settings.SECRET_KEY, algorithms=['HS256'])
+            user = User.objects.get(email=decode_token['email'])
+            user.set_password(new_password)
+            user.save()
+            return Response({'message': 'Your password has been reset'}, status=status.HTTP_201_CREATED)
+        except:
+            return Response({'message': 'Cannot reset password'}, status=status.HTTP_400_BAD_REQUEST)
+
 class LoginAPIView(APIView):
     permission_classes = (AllowAny,)
     renderer_classes = (UserJSONRenderer,)