добавил еще исключения в обновление пароля

2024-06-20 11:51:03 +05:00 · 2024-06-20 11:51:03 +05:00 · 288622318c
parent 81fbcba642
commit 288622318c
3 changed files with 21 additions and 2 deletions
--- a/server/proj/account/views.py
+++ b/server/proj/account/views.py
@ -10,7 +10,7 @@ from conf import settings
 from account.serializers import MyUserSerializer, MyTokenObtainPairSerializer
 from account.models import MyUser
 from .schemas import UpdateUserSchema
-
+from conf.settings.base import MIN_LEN_PASSWORD

 PermissionClass = IsAuthenticated if not settings.DEBUG else AllowAny

@ -59,6 +59,21 @@ class MyUserViewSet(ViewSet):
    @action(detail=False, methods=['post'], schema=UpdateUserSchema())
    def update_user(self, request):
        password = request.user.password
+        
+        if request.data['password'] == request.data['email']:
+            return Response(
+                {'detail': 'Почта не может являться паролем', 'error': {'email': 'Почта не может являться паролем'}}, 
+                status=status.HTTP_400_BAD_REQUEST)
+
+        if len(request.data['password']) < MIN_LEN_PASSWORD:
+            return Response(
+                {'detail': 'Минимальная длина - 8 символов', 'error': {'email': 'Минимальная длина - 8 символов'}}, 
+                status=status.HTTP_400_BAD_REQUEST)
+
+        if check_password(request.data['password'], password):
+            return Response(
+                {'detail': 'Пароли одинаковые', 'error': {'email': 'Пароли одинаковые'}}, 
+                status=status.HTTP_400_BAD_REQUEST)

        if check_password(request.data['old_password'], password):
            if 'email' in request.data:
@ -70,7 +85,10 @@ class MyUserViewSet(ViewSet):
            serializer.save()
            return Response(serializer.data)
        else:
-            return Response({'error':'Неверный старый пароль'}, status=status.HTTP_400_BAD_REQUEST)
+            return Response(
+                {'detail': 'Неверный старый пароль', 'error': {'email': 'Неверный старый пароль'}}, 
+                status=status.HTTP_400_BAD_REQUEST)
+        

    @action(detail=False, methods=['post'])
    def password_reset_user(self, request):
--- a/server/proj/conf/settings/pycache/base.cpython-310.pyc
+++ b/server/proj/conf/settings/pycache/base.cpython-310.pyc
--- a/server/proj/conf/settings/base.py
+++ b/server/proj/conf/settings/base.py
@ -160,3 +160,4 @@ CORS_ALLOW_CREDENTIALS = True
 CORS_ALLOWED_ORIGINS = [
    'http://localhost:5173',
 ]
+MIN_LEN_PASSWORD = 8