исправил изменения пароля

2024-06-20 11:25:30 +05:00 · 2024-06-20 11:25:30 +05:00 · 81fbcba642
parent 9f221e2b20
commit 81fbcba642
2 changed files with 29 additions and 16 deletions
--- a/server/proj/account/schemas.py
+++ b/server/proj/account/schemas.py
@ -3,19 +3,25 @@ import coreapi
 import coreschema


-""" class PlayListSchema(AutoSchema):
+class UpdateUserSchema(AutoSchema):
    def get_serializer_fields(self, path, method):
        return [
                coreapi.Field(
-                    name='playlist_id',
+                    name='email',
                    location='form',
                    required=False,
-                    schema=coreschema.Integer(description='ID плейлиста')
+                    schema=coreschema.String(description='Email пользователя')
                ),
                coreapi.Field(
-                    name='songs_id',
+                    name='old_password',
                    location='form',
                    required=False,
-                    schema=coreschema.Array(description='ID треков')
+                    schema=coreschema.String(description='Старый пароль')
                ),
-        ] """
+                coreapi.Field(
+                    name='password',
+                    location='form',
+                    required=False,
+                    schema=coreschema.String(description='Новый пароль')
+                ),
+        ]
--- a/server/proj/account/views.py
+++ b/server/proj/account/views.py
@ -5,10 +5,13 @@ from rest_framework_simplejwt.views import TokenObtainPairView
 from rest_framework.decorators import action
 from rest_framework import status
 from django.core.mail import send_mail
-from django.contrib.auth.hashers import make_password
+from django.contrib.auth.hashers import make_password, check_password
 from conf import settings
 from account.serializers import MyUserSerializer, MyTokenObtainPairSerializer
 from account.models import MyUser
+from .schemas import UpdateUserSchema
+
+
 PermissionClass = IsAuthenticated if not settings.DEBUG else AllowAny

 class MyTokenObtainPairView(TokenObtainPairView):
@ -53,17 +56,21 @@ class MyUserViewSet(ViewSet):
        token_serializer.is_valid(raise_exception=True)
        return Response(token_serializer.validated_data, status=status.HTTP_201_CREATED)

-    @action(detail=False, methods=['post'])
+    @action(detail=False, methods=['post'], schema=UpdateUserSchema())
    def update_user(self, request):
-        if 'email' in request.data:
-            del request.data['email']
-        if 'password' in request.data:
-            request.data['password'] = make_password(request.data['password'])
-        serializer = MyUserSerializer(request.user, data=request.data, partial=True)
-        serializer.is_valid(raise_exception=True)
-        serializer.save()
+        password = request.user.password

-        return Response(serializer.data)
+        if check_password(request.data['old_password'], password):
+            if 'email' in request.data:
+                del request.data['email']
+            if 'password' in request.data:
+                request.data['password'] = make_password(request.data['password'])
+            serializer = MyUserSerializer(request.user, data=request.data, partial=True)
+            serializer.is_valid(raise_exception=True)
+            serializer.save()
+            return Response(serializer.data)
+        else:
+            return Response({'error':'Неверный старый пароль'}, status=status.HTTP_400_BAD_REQUEST)

    @action(detail=False, methods=['post'])
    def password_reset_user(self, request):