Release 4-8-6

rog/views.py

@@ -2,12 +2,17 @@ from .models import JpnSubPerf  # このインポート文をファイルの先
 from django.contrib.auth import get_user_model
 User = get_user_model()
 import traceback
+from django.contrib.auth.hashers import make_password
+
+from django.contrib.auth.tokens import default_token_generator
+from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
+from django.utils.encoding import force_bytes, force_str
 
 import requests 
 from rest_framework import serializers
 from django.db import IntegrityError
 from django.urls import reverse
-from .utils import send_verification_email,send_invitation_email,send_team_join_email
+from .utils import send_verification_email,send_invitation_email,send_team_join_email,send_reset_password_email
 from django.conf import settings
 import uuid
 from rest_framework.exceptions import ValidationError as DRFValidationError
@@ -26,7 +31,7 @@ from curses.ascii import NUL
 from django.core.serializers import serialize
 from .models import GoalImages, Location, Location_line, Location_polygon, JpnAdminMainPerf, Useractions, GifuAreas, RogUser, CustomUser, UserTracks, GoalImages, CheckinImages, NewEvent,NewEvent2, Team, Category, NewCategory,Entry, Member, TempUser,EntryMember
 from rest_framework import viewsets
-from .serializers import LocationSerializer, Location_lineSerializer, Location_polygonSerializer, JPN_main_perfSerializer, LocationCatSerializer, UserSerializer, LoginUserSerializer, UseractionsSerializer, UserDestinationSerializer, GifuAreaSerializer, LocationEventNameSerializer, RogUserSerializer, UserTracksSerializer, ChangePasswordSerializer, GolaImageSerializer, CheckinImageSerializer, RegistrationSerializer, MemberWithUserSerializer,TempUserRegistrationSerializer
+from .serializers import LocationSerializer, Location_lineSerializer, Location_polygonSerializer, JPN_main_perfSerializer, LocationCatSerializer, UserSerializer, LoginUserSerializer, UseractionsSerializer, UserDestinationSerializer, GifuAreaSerializer, LocationEventNameSerializer, RogUserSerializer, UserTracksSerializer, ChangePasswordSerializer, GolaImageSerializer, CheckinImageSerializer, RegistrationSerializer, MemberWithUserSerializer,TempUserRegistrationSerializer, PasswordResetRequestSerializer, PasswordResetConfirmSerializer
 from knox.models import AuthToken
 
 from rest_framework import viewsets, generics, status
@@ -483,7 +488,6 @@ class LoginView(APIView):
         password = request.data.get('password')
 
         # デバッグコード
-        from django.contrib.auth.hashers import make_password, check_password
         user = CustomUser.objects.filter(email=email).first()
         if user:
             stored_hash = user.password
@@ -1699,12 +1703,17 @@ class TempUserRegistrationView(APIView):
             # 新規仮登録
             serializer = TempUserRegistrationSerializer(data=request.data)
             if serializer.is_valid():
-                temp_user = serializer.save()
+                # シリアライザのvalidated_dataからパスワードを取得
+                password = serializer.validated_data.get('password')
+                # パスワードをハッシュ化
+                hashed_password = make_password(password)
+                # ハッシュ化されたパスワードでTempUserを作成
+                temp_user = serializer.save(password=hashed_password)
+
                 verification_code = uuid.uuid4()
                 temp_user.verification_code = verification_code
-                #password = serializer.validated_data.pop('password')
-                #temp_user.set_password(password)
                 temp_user.save()
+
                 verification_url = request.build_absolute_uri(
                     reverse('verify-email', kwargs={'verification_code': verification_code})
                 )
@@ -1736,6 +1745,8 @@ class VerifyEmailView(APIView):
             if temp_user.is_valid():
                 user_data = {
                     'email': temp_user.email,
+                    'is_rogaining':True,    # ここでis_rogainingをTrueに設定
+                    'password':temp_user.password,
                     'is_rogaining': temp_user.is_rogaining,
                     'zekken_number': temp_user.zekken_number,
                     'event_code': temp_user.event_code,
@@ -1752,11 +1763,13 @@ class VerifyEmailView(APIView):
 
                 try:
                     # CustomUserを作成
-                    user = CustomUser.objects.create_user(
-                        email=user_data['email'],
-                        password=temp_user.password,
-                        **{k: v for k, v in user_data.items() if k != 'email'}
-                    )
+                    user = CustomUser.objects.create(**user_data)
+
+                    #user = CustomUser.objects.create_user(
+                    #    email=user_data['email'],
+                    #    password=temp_user.password,     # ハッシュ化されたパスワードを直接使用
+                    #    **{k: v for k, v in user_data.items() if k != 'email'}
+                    #)
                 except ValidationError as e:
                     # パスワードのバリデーションエラーなどの処理
                     return render(request, 'verification_error.html', {'message': str(e), 'title': 'エラー'})
@@ -1795,3 +1808,55 @@ class TeamMembersWithUserView(generics.ListAPIView):
         team_id = self.kwargs['team_id']
         return Member.objects.filter(team_id=team_id).select_related('user', 'team')
 
+
+class PasswordResetRequestView(APIView):
+    def post(self, request):
+        serializer = PasswordResetRequestSerializer(data=request.data)
+        if serializer.is_valid():
+            email = serializer.validated_data['email']
+            user = CustomUser.objects.filter(email=email).first()
+            if user:
+                token = default_token_generator.make_token(user)
+                uid = urlsafe_base64_encode(force_bytes(user.pk))
+                reset_link = f"{settings.FRONTEND_URL}/api/reset-password/{uid}/{token}/"
+                send_reset_password_email(email,reset_link)
+
+                return Response({"message": "Password reset email sent"}, status=status.HTTP_200_OK)
+            return Response({"message": "User not found"}, status=status.HTTP_404_NOT_FOUND)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+class PasswordResetConfirmView(APIView):
+    def get(self, request, uidb64, token):
+        try:
+            uid = force_str(urlsafe_base64_decode(uidb64))
+            user = CustomUser.objects.get(pk=uid)
+        except (TypeError, ValueError, OverflowError, CustomUser.DoesNotExist):
+            user = None
+
+        if user is not None and default_token_generator.check_token(user, token):
+            return render(request, 'password_reset.html', {'uid': uidb64, 'token': token})
+        else:
+            return render(request, 'password_reset_invalid.html')
+
+        if user is not None and default_token_generator.check_token(user, token):
+            return Response({"message": "Token is valid"}, status=status.HTTP_200_OK)
+        return Response({"message": "Invalid reset link"}, status=status.HTTP_400_BAD_REQUEST)
+
+
+    def post(self, request, uidb64, token):
+        try:
+            uid = force_str(urlsafe_base64_decode(uidb64))
+            user = CustomUser.objects.get(pk=uid)
+        except (TypeError, ValueError, OverflowError, CustomUser.DoesNotExist):
+            return Response({"error": "Invalid reset link"}, status=status.HTTP_400_BAD_REQUEST)
+
+        if default_token_generator.check_token(user, token):
+            serializer = PasswordResetConfirmSerializer(data=request.data)
+            if serializer.is_valid():
+                user.set_password(serializer.validated_data['new_password'])
+                user.save()
+                return Response({"message": "Password has been reset successfully"}, status=status.HTTP_200_OK)
+            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+        return Response({"error": "Invalid reset link"}, status=status.HTTP_400_BAD_REQUEST)
+
+