Django accounts management app (3), forgot password and account details

saad4software

Saad Alkentar

Posted on November 25, 2024

Django accounts management app (3), forgot password and account details

What to expect from this article?

We started working on the accounts app in the previous articles, this article will build on it. It will cover

  • Serializers for forgetting password, resending code, and account details.
  • Views for the same APIs.
  • And of course the URLs.

I'll try to cover as many details as possible without boring you, but I still expect you to be familiar with some aspects of Python and Django.

the final version of the source code can be found at https://github.com/saad4software/alive-diary-backend

Series order

Check previous articles if interested!

  1. AI Project from Scratch, The Idea, Alive Diary
  2. Prove it is feasible with Google AI Studio
  3. Django API Project Setup
  4. Django accounts management (1), registration and activation
  5. Django accounts management (2), login and change password
  6. Django Rest framework with Swagger
  7. Django accounts management (3), forgot password and account details (You are here 📍)

How does it work?

How does forgetting password request work? the process should follow the steps

  • User forgets his password, obviously 😅, silly me.
  • User enters his/her email address.
  • An email with a verification code is sent to the email.
  • User can use the email, and activation code to set a new password.

So, we need an API that takes the email address, creates an activation code, and sends it to the user, the same as the resend code API.
We also need another API that takes the email, activation code, and the new password to reset the password.
Starting with resend code API sounds like a good idea now.

Resend code API

As always, let's start with the serializer


class SendCodeSerializer(serializers.Serializer):
    username = serializers.CharField(required=True)

    def validate_username(self, value):
        if not is_valid_email(value):
            raise serializers.ValidationError("invalid_email")

        verification_query = get_user_model().objects.filter(username=value).exists()
        if not verification_query:
            raise serializers.ValidationError("invalid_username")

        return value

Enter fullscreen mode Exit fullscreen mode

app_account/serializers.py

This is a generic serializer, with one field, the username, we are checking to make sure it is a valid email address, and the user is registered in the system.

now for the views


class AccountSendCodeView(APIView):
    permission_classes = ()
    renderer_classes = [CustomRenderer, BrowsableAPIRenderer]


    @swagger_auto_schema(request_body=SendCodeSerializer)
    def post(self, request, *args, **kwargs):
        serializer = SendCodeSerializer(data=request.data)

        if not serializer.is_valid():
            raise APIException(serializer.errors)

        user = get_user_model().objects.filter(username=serializer.validated_data.get("username")).first()
        code = VerificationCode(user=user, email=user.username)
        code.save()

        send_mail(
            'Password Reset Code',
            'Your password reset code is ' + str(code.code),
            f'AliveDiary<{settings.EMAIL_SENDER}>',
            [user.username],
            fail_silently=False,
        )

        return Response("success")
Enter fullscreen mode Exit fullscreen mode

app_account/views.py

The view starts by validating the request, then fetching the user and creating a code instant for it. and finally sends the code via email to the user.
And finally, the URLs

urlpatterns = [
    path('register/', AccountRegisterView.as_view()),
    path('activate/', AccountActivateView.as_view()),

    path('login/', AccountLoginView.as_view()),
    path('refresh/', AccountRefreshTokenView.as_view()),

    path('code/', AccountSendCodeView.as_view()), #new

    path('password/', AccountChangePasswordView.as_view()),
]
Enter fullscreen mode Exit fullscreen mode

app_account/urls.py

we can test it on swagger now

Send code view

Reset password API

The serializer should contain the username, the sent code, and the new password; it should check to make sure it is a valid username and code, somewhat like

class ForgotPasswordSerializer(serializers.Serializer):
    username = serializers.CharField(required=True)
    code = serializers.CharField(required=True)
    new_password = serializers.CharField(required=True)

    def validate(self, data):
        verification_query = VerificationCode.objects.filter(
            user__username=data['username'],
        ).order_by('-id')

        if not verification_query.exists():
            raise serializers.ValidationError("no_code")

        code = verification_query[0]
        if str(code.code) != str(data['code']):
            raise serializers.ValidationError("invalid_code")

        return data
Enter fullscreen mode Exit fullscreen mode

app_account/serializers.py

all fields are required, we used the validate function in order to validate both username and code together. if there are no code instants for this user, we raise a validation error, and if the sent code doesn't match the instant code value, we inform the user by raising "invalid_code" validation error.

for the view, we need to validate the serializer at first

class AccountForgotPasswordView(APIView):
    permission_classes = ()
    renderer_classes = [CustomRenderer, BrowsableAPIRenderer]

    @swagger_auto_schema(request_body=ForgotPasswordSerializer)
    def post(self, request, *args, **kwargs):
        serializer = ForgotPasswordSerializer(data=request.data)
        if not serializer.is_valid():
            raise APIException(serializer.errors)

        verification_query = VerificationCode.objects.filter(
            user__username=serializer.validated_data.get('username'),
            code=serializer.validated_data.get('code')
        ).order_by('-id')

        verification_query.delete()

        user = get_user_model().objects.filter(
            username=serializer.validated_data.get('username'),
        ).first()
        user.set_password(serializer.validated_data.get('new_password'))
        user.save()
        return Response("success")
Enter fullscreen mode Exit fullscreen mode

app_account/views.py

if the serializer is not valid, we raise an API exception with the serializer errors, if valid, we are querying the verification instant using the serializer data. Notice that this query always exists, and the sent code is the same as the verification instant code value since this query already passed the serializer check.
Then we delete the verification instance from the database and update the user password with the "new_password" value from the serializer

finally, let's update the URLs file

urlpatterns = [
    path('register/', AccountRegisterView.as_view()),
    path('activate/', AccountActivateView.as_view()),

    path('login/', AccountLoginView.as_view()),
    path('refresh/', AccountRefreshTokenView.as_view()),

    path('code/', AccountSendCodeView.as_view()),
    path('forgot/', AccountForgotPasswordView.as_view()), #new

    path('password/', AccountChangePasswordView.as_view()),
]
Enter fullscreen mode Exit fullscreen mode

app_account/urls.py

The account details API

Let's start by creating a serializer for the user model, it would look like this

class UserSerializer(serializers.ModelSerializer):

    class Meta:
        model = get_user_model()
        fields = [
            'first_name', 
            'last_name', 
            'username', 
            'country_code', 
            'expiration_date',
            'hobbies',
            'job',
            'bio',
            'role',
        ]
        read_only_fields = ['username', 'role',  'expiration_date']
Enter fullscreen mode Exit fullscreen mode

app_account/serializers.py

it is a model serializer, we selected the user model and listed the fields to serialize.

moving to the view, we need a view that allows users to get user details with a GET request and update user details with a POST request, it would look somewhat like

class AccountDetailsView(APIView):
    permission_classes = (IsAuthenticated,)
    renderer_classes = [CustomRenderer, BrowsableAPIRenderer]

    def get(self, request):
        serializer = UserSerializer(request.user)
        return Response(serializer.data)

    @swagger_auto_schema(request_body=UserSerializer)

    def post(self, request, *args, **kwargs):
        user = request.user
        serializer = UserSerializer(user, data=request.data)

        if not serializer.is_valid():
            raise APIException(serializer.errors)

        serializer.save()
        return Response(serializer.data)
Enter fullscreen mode Exit fullscreen mode

app_account/views.py

and the urls

urlpatterns = [
    path('register/', AccountRegisterView.as_view()),
    path('activate/', AccountActivateView.as_view()),

    path('login/', AccountLoginView.as_view()),
    path('refresh/', AccountRefreshTokenView.as_view()),

    path('code/', AccountSendCodeView.as_view()),
    path('forgot/', AccountForgotPasswordView.as_view()),

    path('password/', AccountChangePasswordView.as_view()),
    path('details/', AccountDetailsView.as_view()), #new
]
Enter fullscreen mode Exit fullscreen mode

app_account/urls.py

that is it! let's test this with Swagger, opening http://localhost:8555/swagger/ and using the login allows us to get a valid token. In order to test any authorized requests, we have to click on the lock 🔒 icon, any lock icon in swagger, and provide the token with "Bearer" prefix, somewhat like "Bearer eyJhbGc..."

token authentication

now testing the details API should return the account details as shown

account details

That is it! congrats, you have a fully functional account management app that can be used in any Django app with minimal modifications

Do you believe it requires other functionalities? please make a suggestion!

We will move back to the main app in our next article, so

Stay tuned 😎

💖 💪 🙅 🚩
saad4software
Saad Alkentar

Posted on November 25, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related