Merge pull request #23 from DevOps-Cloud-Team5/SCRUM-31_change_pw

password reset done

Author: MaxMB15

.env_example

@@ -0,0 +1,18 @@
+SECRET_KEY=<django_secret>
+
+DB_NAME=<db_name>
+DB_HOST=<db_host>
+DB_USER=<db_user>
+DB_PORT=<db_port>
+DB_PASSWORD=<db_password>
+
+AWS_ACCESS_KEY_ID=<aws_access_id>
+AWS_SECRET_ACCESS_KEY=<aws_access_key>
+AWS_STORAGE_BUCKET_NAME=<aws_bucket_name>
+
+EMAIL_HOST=<email_host>
+EMAIL_PORT=<email_port>
+EMAIL_USER=<email_user>
+EMAIL_PASSWORD=<email_password>
+
+FRONTEND_URL=<frontend_url> # No / after url

api/apps.py

@@ -4,3 +4,6 @@
 class ApiConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
     name = 'api'
+
+    def ready(self):
+        import api.signals

api/serializers.py

@@ -138,4 +138,8 @@ def validate_attendence(self, username, attended):
 
     def validate(self, attrs):
         for username, attended in attrs["usernames"].items(): self.validate_attendence(username, attended)
-        return attrs
+        return attrs
+    
+class MailTestSerializer(serializers.Serializer):
+    email = serializers.CharField(required=True)
+    

api/settings.py

@@ -27,7 +27,7 @@
 TEMPLATES = [
 	{
 		'BACKEND': 'django.template.backends.django.DjangoTemplates',
-		'DIRS': [],
+		'DIRS': [os.path.join(BASE_DIR, 'api', 'templates')],
 		'APP_DIRS': True,
 		'OPTIONS': {
 			'context_processors': [
@@ -81,8 +81,9 @@
 	'django.contrib.staticfiles',
 	'corsheaders',
 	'rest_framework',
-    'drf_spectacular',
+    'django_rest_passwordreset',
     'rest_framework_simplejwt.token_blacklist',
+    'drf_spectacular',
  	"api.apps.ApiConfig"
 ]
 
@@ -92,6 +93,15 @@
 
 AWS_ACCESS_KEY_ID = config('AWS_ACCESS_KEY_ID')
 
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+EMAIL_HOST = config('EMAIL_HOST')
+EMAIL_PORT = config('EMAIL_PORT')
+EMAIL_USE_TLS = True
+EMAIL_HOST_USER = config('EMAIL_USER')
+EMAIL_HOST_PASSWORD = config('EMAIL_PASSWORD')
+
+FRONTEND_URL = config('FRONTEND_URL')
+
 CORS_ALLOW_HEADERS = [
 	'x-requested-with',
 	'content-type',
@@ -141,4 +151,19 @@
         'rest_framework_simplejwt.authentication.JWTAuthentication',
     ),
     'AUTH_HEADER_TYPES': ('JWT',),
-}
+}
+
+DJANGO_REST_PASSWORDRESET_TOKEN_CONFIG = {
+    "CLASS": "django_rest_passwordreset.tokens.RandomStringTokenGenerator",
+    "OPTIONS": {
+        "min_length": 20,
+        "max_length": 30
+    }
+}
+DJANGO_REST_MULTITOKENAUTH_RESET_TOKEN_EXPIRY_TIME = 30  # minutes
+
+DJANGO_REST_PASSWORDRESET_EMAIL_TEMPLATES = {
+    'subject': 'templates/email/password_reset_subject.txt',
+    'plain_body': 'templates/email/password_reset_email.html',
+    'html_body': 'templates/email/password_reset_email.html',
+}

api/signals.py

@@ -0,0 +1,46 @@
+from django.core.mail import EmailMultiAlternatives
+from django.dispatch import receiver
+from django.template.loader import render_to_string
+from django.urls import reverse
+from django.conf import settings
+
+
+from django_rest_passwordreset.signals import reset_password_token_created
+
+
+@receiver(reset_password_token_created)
+def password_reset_token_created(sender, instance, reset_password_token, *args, **kwargs):
+    """
+    Handles password reset tokens
+    When a token is created, an e-mail needs to be sent to the user
+    :param sender: View Class that sent the signal
+    :param instance: View Instance that sent the signal
+    :param reset_password_token: Token Model Object
+    :param args:
+    :param kwargs:
+    :return:
+    """
+    # send an e-mail to the user
+    context = {
+        'current_user': reset_password_token.user,
+        'username': reset_password_token.user.username,
+        'email': reset_password_token.user.email,
+        'reset_password_url': f"{settings.FRONTEND_URL}/reset_password?token={reset_password_token.key}"
+    }
+
+    # render email text
+    email_html_message = render_to_string('email/password_reset_email.html', context)
+    email_plaintext_message = render_to_string('email/password_reset_email.txt', context)
+
+    msg = EmailMultiAlternatives(
+        # title:
+        "Password Reset for Attendunce",
+        # message:
+        email_plaintext_message,
+        # from:
+        "[email protected]", # Does not matter, it will be overridden
+        # to:
+        [reset_password_token.user.email]
+    )
+    msg.attach_alternative(email_html_message, "text/html")
+    msg.send()

api/templates/email/password_reset_email.html

@@ -0,0 +1,9 @@
+<p>Hello,</p>
+
+<p>We received a request to reset the password for your account. If you made this request, please click on the link below or copy and paste it into your browser to complete the process:</p>
+
+<p><a href="{{ reset_password_url }}">{{ reset_password_url }}</a></p>
+
+<p>The link will be valid for the next 30 minutes</p>
+
+<p>If you did not request to reset your password, please ignore this email and your password will remain unchanged.</p>

api/templates/email/password_reset_email.txt

@@ -0,0 +1,9 @@
+Hello,
+
+We received a request to reset the password for your account. If you made this request, please click on the link below or copy and paste it into your browser to complete the process:</p>
+
+{{ reset_password_url }}
+
+The link will be valid for the next 30 minutes
+
+If you did not request to reset your password, please ignore this email and your password will remain unchanged.

api/urls.py

@@ -13,9 +13,10 @@
     1. Import the include() function: from django.urls import include, path
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
-from django.urls import path
+from django.urls import include, path
 from rest_framework_simplejwt.views import TokenRefreshView, TokenVerifyView, TokenBlacklistView
 from drf_spectacular.views import SpectacularAPIView, SpectacularSwaggerView
+from django_rest_passwordreset.views import ResetPasswordConfirm, ResetPasswordValidateToken
 from .views import (
                     AddLectureView,
                     GetCourseLecturesView,
@@ -24,8 +25,9 @@
                     MassEnrollCourseView,
                     SetStudentAttView,
                     SetTeacherAttView,
+                    test,
+                    MailTestView,
                     UnsetStudentAttView,
-                    test, 
                     genAdmin, 
 
                     GetTokenView, 
@@ -41,18 +43,24 @@
                     DestroyCourseView, 
                     EnrollCourseView,
                     GetCourseByName, 
-                    GetCoursesAll, 
-                    )
+                    GetCoursesAll
+                )
 
 urlpatterns = [
     path('test', test),
+    path('send_welcome_email', MailTestView.as_view(), name='send_welcome_email'),
     path('genadmin', genAdmin),
 
     # Manage tokens, by requesting one with credentials, refreshing or verifying one. Essentially the login API
     path('token/', GetTokenView.as_view(), name='token_obtain_pair'),
     path('token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path('token/verify/', TokenVerifyView.as_view(), name='token_verify'),
     path('token/blacklist/', TokenBlacklistView.as_view(), name='token_blacklist'),
+
+    # Password resets
+    path('password_reset/', include('django_rest_passwordreset.urls', namespace='password_reset')),
+    path('password_reset/confirm', ResetPasswordConfirm.as_view(), name='password_reset_confirm'),
+    path('password_reset/validate_token', ResetPasswordValidateToken.as_view(), name='password_reset_validate_token'),
 
     # All user paths
     path('user/register/', CreateUserView.as_view(), name='user_register'),

api/views.py

@@ -16,9 +16,9 @@
 
 from .permissions import IsTeacher, IsAdmin, IsStudent
 from .models import Course, AccountRoles, CourseLecture
-from .serializers import AddLectureSerializer, CustomTokenSerializer, CreateUserSerializer, LectureSerializer, MassEnrollSerializer, SetAttendenceTeacherSerializer, UserSerializer, CourseCreateSerializer, CourseSerializer
+from .serializers import AddLectureSerializer, CustomTokenSerializer, CreateUserSerializer, LectureSerializer, MassEnrollSerializer, SetAttendenceTeacherSerializer, UserSerializer, CourseCreateSerializer, CourseSerializer, MailTestSerializer
 
-import pdb
+from django.core.mail import send_mail
 
 
 User = get_user_model()
@@ -37,6 +37,32 @@
 def test(request):
     return Response({"ping": "pong"}, 200)
 
+@extend_schema(
+    summary="Send Test Email",
+    description="Tries to send a test email.",
+    responses={
+        status.HTTP_200_OK: OpenApiResponse(description="Success - An email was sent."),
+        status.HTTP_400_BAD_REQUEST: OpenApiResponse(description="Failure - No email given as a parameter."),
+        status.HTTP_418_IM_A_TEAPOT: OpenApiResponse(description="Failure - The email could not be sent.")
+    }
+)
+class MailTestView(generics.CreateAPIView):
+    serializer_class = MailTestSerializer
+
+    def post(self, request, *args, **kwargs):
+        subject = 'Welcome to My Site'
+        message = 'Thank you for creating an account!'
+        from_email = '[email protected]'
+        recipient_list = [request.POST.get("email", "")]
+        if recipient_list[0] == "":
+            Response({"status": "fail"}, 400)
+        ret_code = send_mail(subject, message, from_email, recipient_list)
+        if ret_code == 1:
+            Response({"status": "success"}, 200)
+        else:
+            Response({"status": "fail", "return_code": ret_code}, 418)
+
+
 # DEBUG function
 # Generate an admin account if no admin accounts exists
 # Dangerous endpoint which should be turned off in production but can be used to setup the DB