Moved some validations to the serializer #88
Conversation
ghost
requested a review
from 
There was a problem hiding this comment.
I would recommend to merge the code-cleanup-parts, but can you resubmit without the phone-related changes as they would clash with #93, which I plan to merge?
Make sure to rebase from master and resolve the current conflicts.
Also please squash your commits, so there is just one commit in this PR. See https://stackoverflow.com/questions/5189560/squash-my-last-x-commits-together-using-git in case you've not done this before.
| @@ -160,7 +136,7 @@ def post(self, request, *args, **kwargs): | |||
| if not active_user_found and not getattr(settings, 'DJANGO_REST_PASSWORDRESET_NO_INFORMATION_LEAKAGE', False): | |||
| raise exceptions.ValidationError({ | |||
| 'email': [_( | |||
| "There is no active user associated with this e-mail address or the password can not be changed")], | |||
| "We couldn't find an account associate with that email. Please enter another email account.")], | |||
There was a problem hiding this comment.
Should be "We couldn't find an account associated with that email. Please try a different e-mail address."
| def validate_email(self, value): | ||
| phone_number = to_python(value) | ||
| if phone_number and phone_number.is_valid(): | ||
| return value | ||
|
|
||
| try: | ||
| validator = EmailValidator() | ||
| validator(value) | ||
| return value | ||
| except ValidationError: | ||
| raise ValidationError(_('Enter a valid phone number or email address.')) |
There was a problem hiding this comment.
Conflicts with #93, which implements a universal lookup field (Not limited to phone/email)
| # if user.password_reset_tokens.all().count() > 0: | ||
| # # yes, already has a token, re-use this token | ||
| # token = user.password_reset_tokens.all()[0] | ||
| # else: |
There was a problem hiding this comment.
Please remove obsolete code entirely
| # get token validation time | ||
| password_reset_token_validation_time = get_password_reset_token_expiry_time() | ||
|
|
||
| # find token | ||
| try: | ||
| reset_password_token = _get_object_or_404(models.ResetPasswordToken, key=token) | ||
| except (TypeError, ValueError, ValidationError, Http404, | ||
| models.ResetPasswordToken.DoesNotExist): | ||
| raise Http404(_("The OTP password entered is not valid. Please check and try again.")) | ||
|
|
||
| # check expiry date | ||
| expiry_date = reset_password_token.created_at + timedelta( | ||
| hours=password_reset_token_validation_time) | ||
|
|
||
| if timezone.now() > expiry_date: | ||
| # delete expired token | ||
| reset_password_token.delete() | ||
| raise Http404(_("The token has expired")) | ||
| return data | ||
|
|
||
|
|
||
| class PasswordTokenSerializer(PasswordValidateMixin, serializers.Serializer): | ||
| password = serializers.CharField(label=_("Password"), style={'input_type': 'password'}) | ||
| token = serializers.CharField() | ||
|
|
||
|
|
||
| class TokenSerializer(serializers.Serializer): | ||
| class TokenSerializer(PasswordValidateMixin, serializers.Serializer): | ||
| token = serializers.CharField() | ||
|
|
There was a problem hiding this comment.
This looks much cleaner than the functionality in the post-method.
|
I close this because i created a new one, #105 |
I moved some of the validations to the serializer.