Skip to content

L
library-app-django
Commit 15af9dc3 authored by impfundev's avatar impfundev
Browse files
Options

feat: api login, logout and change password as librarian and member

parent ae9c9a19
Hide whitespace changes
Inline Side-by-side
Showing with 230 additions and 7 deletions
api/urls.py
View file @ 15af9dc3
...@@ -6,6 +6,12 @@ from api.views import ( ...@@ -6,6 +6,12 @@ from api.views import (
MemberViewSet, MemberViewSet,
LibrarianViewSet, LibrarianViewSet,
BookLoanViewSet, BookLoanViewSet,
LoginAsLibrarian,
LogoutAsLibrarian,
ChangePasswordAsLibrarian,
LoginAsMember,
LogoutAsMember,
ChangePasswordAsMember,
) )
router = routers.DefaultRouter() router = routers.DefaultRouter()
...@@ -17,4 +23,26 @@ router.register(r"book_loans", BookLoanViewSet, basename="book_loans") ...@@ -17,4 +23,26 @@ router.register(r"book_loans", BookLoanViewSet, basename="book_loans")
urlpatterns = [ urlpatterns = [
path("", include(router.urls)), path("", include(router.urls)),
path("login/librarian/", LoginAsLibrarian.as_view(), name="login_librarian"),
path(
"logout/librarian/<int:pk>/",
LogoutAsLibrarian.as_view(),
name="logout_librarian",
),
path(
"librarians/<int:pk>/change_password/",
ChangePasswordAsLibrarian.as_view(),
name="change_pw_librarian",
),
path("login/member/", LoginAsMember.as_view(), name="login_member"),
path(
"logout/member/<int:pk>/",
LogoutAsMember.as_view(),
name="logout_member",
),
path(
"members/<int:pk>/change_password/",
ChangePasswordAsMember.as_view(),
name="change_pw_member",
),
] ]
api/views.py
View file @ 15af9dc3
import jwt
from django.conf import settings
from datetime import datetime, timedelta
from rest_framework import views, viewsets, status
from rest_framework.response import Response
from rest_framework.filters import SearchFilter from rest_framework.filters import SearchFilter
from rest_framework.viewsets import ModelViewSet
from rest_framework.permissions import IsAuthenticated from rest_framework.permissions import IsAuthenticated
from django_filters.rest_framework import DjangoFilterBackend from django_filters.rest_framework import DjangoFilterBackend
from authentications.utils import Hasher
from api.serializers import ( from api.serializers import (
get_user_model, get_user_model,
UserSerializer, UserSerializer,
...@@ -15,23 +21,24 @@ from api.serializers import ( ...@@ -15,23 +21,24 @@ from api.serializers import (
BookLoans, BookLoans,
BookLoanSerializer, BookLoanSerializer,
) )
from librarians.models import LoginHistory
class UserViewSet(ModelViewSet): class UserViewSet(viewsets.ModelViewSet):
permission_classes = [IsAuthenticated] permission_classes = [IsAuthenticated]
queryset = get_user_model().objects.all().order_by("id") queryset = get_user_model().objects.all().order_by("id")
serializer_class = UserSerializer serializer_class = UserSerializer
class BookViewSet(ModelViewSet): class BookViewSet(viewsets.ModelViewSet):
queryset = Book.objects.all().order_by("created_at") queryset = Book.objects.all().order_by("created_at")
serializer_class = BookSerializer serializer_class = BookSerializer
filter_backends = [DjangoFilterBackend, SearchFilter] filter_backends = [DjangoFilterBackend, SearchFilter]
filterset_fields = ["title", "description"] filterset_fields = ["published_year", "category__name"]
search_fields = filterset_fields search_fields = filterset_fields
class MemberViewSet(ModelViewSet): class MemberViewSet(viewsets.ModelViewSet):
queryset = Members.objects.all().order_by("created_at") queryset = Members.objects.all().order_by("created_at")
serializer_class = MemberSerializer serializer_class = MemberSerializer
filter_backends = [DjangoFilterBackend, SearchFilter] filter_backends = [DjangoFilterBackend, SearchFilter]
...@@ -39,7 +46,7 @@ class MemberViewSet(ModelViewSet): ...@@ -39,7 +46,7 @@ class MemberViewSet(ModelViewSet):
search_fields = filterset_fields search_fields = filterset_fields
class LibrarianViewSet(ModelViewSet): class LibrarianViewSet(viewsets.ModelViewSet):
queryset = Librarians.objects.all().order_by("created_at") queryset = Librarians.objects.all().order_by("created_at")
serializer_class = LibrarianSerializer serializer_class = LibrarianSerializer
filter_backends = [DjangoFilterBackend, SearchFilter] filter_backends = [DjangoFilterBackend, SearchFilter]
...@@ -47,7 +54,7 @@ class LibrarianViewSet(ModelViewSet): ...@@ -47,7 +54,7 @@ class LibrarianViewSet(ModelViewSet):
search_fields = filterset_fields search_fields = filterset_fields
class BookLoanViewSet(ModelViewSet): class BookLoanViewSet(viewsets.ModelViewSet):
queryset = BookLoans.objects.all().order_by("created_at") queryset = BookLoans.objects.all().order_by("created_at")
serializer_class = BookLoanSerializer serializer_class = BookLoanSerializer
filter_backends = [DjangoFilterBackend, SearchFilter] filter_backends = [DjangoFilterBackend, SearchFilter]
...@@ -57,3 +64,191 @@ class BookLoanViewSet(ModelViewSet): ...@@ -57,3 +64,191 @@ class BookLoanViewSet(ModelViewSet):
"return_date", "return_date",
] ]
search_fields = filterset_fields search_fields = filterset_fields
class LoginAsLibrarian(views.APIView):
def post(self, request):
data = request.data
librarians = Librarians.objects.all()
librarian = librarians.filter(email=data.get("email"))
is_email_exists = librarian.exists()
if not is_email_exists:
return Response(
{
"message": "Invalid Email, please enter valid email or sign up firts!"
},
status=status.HTTP_401_UNAUTHORIZED,
)
is_password_verified = Hasher.verify(
data.get("password"), librarian[0].password
)
if not is_password_verified:
return Response(
{"message": "Invalid Password, please enter valid password!"},
status=status.HTTP_401_UNAUTHORIZED,
)
expiration_time = datetime.now() + timedelta(hours=2)
payload = {
"exp": expiration_time.timestamp(),
"librarian_id": librarian[0].id,
"name": librarian[0].name,
"email": librarian[0].email,
}
token = jwt.encode(payload, settings.JWT_SECRET, algorithm="HS256")
LoginHistory.objects.create(librarian_id=librarian[0].id)
key = "auth_session_" + str(librarian[0].uuid)
request.session[key] = token
return Response({"message": "Login success!"}, status=status.HTTP_200_OK)
class LogoutAsLibrarian(views.APIView):
def get(self, request, pk):
librarian = Librarians.objects.get(pk=pk)
key = "auth_session_" + str(librarian.uuid)
if request.session[key] is None:
return Response(
{"message": "Logout failed, invalid key!"},
status=status.HTTP_400_BAD_REQUEST,
)
del request.session[key]
return Response({"message": "Logout success!"}, status=status.HTTP_200_OK)
class ChangePasswordAsLibrarian(views.APIView):
def post(self, request, pk):
data = request.data
librarians = Librarians.objects.all()
librarian = librarians.filter(pk=pk, email=data.get("email"))
is_email_exists = librarian.exists()
new_password = data.get("new_password")
if not is_email_exists:
return Response(
{"message": "Invalid Email, please enter valid email!"},
status=status.HTTP_400_BAD_REQUEST,
)
is_old_password_verified = Hasher.verify(
data.get("password"), librarian[0].password
)
if not is_old_password_verified:
return Response(
{"message": "Invalid Old Password, please enter valid password!"},
status=status.HTTP_400_BAD_REQUEST,
)
if new_password is None:
return Response(
{"message": "Request failed, new_password is required field!"},
status=status.HTTP_400_BAD_REQUEST,
)
hashed_password = Hasher.encode(new_password)
librarian.update(password=hashed_password)
return Response(
{"message": "Change password success!"}, status=status.HTTP_200_OK
)
class LoginAsMember(views.APIView):
def post(self, request):
data = request.data
members = Members.objects.all()
member = members.filter(email=data.get("email"))
is_email_exists = member.exists()
if not is_email_exists:
return Response(
{
"message": "Invalid Email, please enter valid email or sign up firts!"
},
status=status.HTTP_401_UNAUTHORIZED,
)
is_password_verified = Hasher.verify(data.get("password"), member[0].password)
if not is_password_verified:
return Response(
{"message": "Invalid Password, please enter valid password!"},
status=status.HTTP_401_UNAUTHORIZED,
)
expiration_time = datetime.now() + timedelta(hours=2)
payload = {
"exp": expiration_time.timestamp(),
"librarian_id": member[0].id,
"name": member[0].name,
"email": member[0].email,
}
token = jwt.encode(payload, settings.JWT_SECRET, algorithm="HS256")
LoginHistory.objects.create(librarian_id=member[0].id)
key = "auth_session_" + member[0].account_number
request.session[key] = token
return Response({"message": "Login success!"}, status=status.HTTP_200_OK)
class LogoutAsMember(views.APIView):
def get(self, request, pk):
member = Members.objects.get(pk=pk)
key = "auth_session_" + member.account_number
if request.session[key] is None:
return Response(
{"message": "Logout failed, invalid key!"},
status=status.HTTP_400_BAD_REQUEST,
)
del request.session[key]
return Response({"message": "Logout success!"}, status=status.HTTP_200_OK)
class ChangePasswordAsMember(views.APIView):
def post(self, request, pk):
data = request.data
members = Members.objects.all()
member = members.filter(pk=pk, email=data.get("email"))
is_email_exists = member.exists()
new_password = data.get("new_password")
if not is_email_exists:
return Response(
{"message": "Invalid Email, please enter valid email!"},
status=status.HTTP_400_BAD_REQUEST,
)
is_old_password_verified = Hasher.verify(
data.get("password"), member[0].password
)
if not is_old_password_verified:
return Response(
{"message": "Invalid Old Password, please enter valid password!"},
status=status.HTTP_400_BAD_REQUEST,
)
if new_password is None:
return Response(
{"message": "Request failed, new_password is required field!"},
status=status.HTTP_400_BAD_REQUEST,
)
hashed_password = Hasher.encode(new_password)
member.update(password=hashed_password)
return Response(
{"message": "Change password success!"}, status=status.HTTP_200_OK
)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment