add(settings): password changing

accounts/locale/fr/LC_MESSAGES/django.po

@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-03-11 11:02+0100\n"
+"POT-Creation-Date: 2024-03-19 13:37+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -18,10 +18,18 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
-#: serializers/update_user.py:15
+#: serializers/update_password.py:19
+msgid "Current password is incorrect."
+msgstr "Mot de passe actuel incorrect."
+
+#: serializers/update_password.py:24
+msgid "The password does not match."
+msgstr "Le mot de passe ne correspond pas."
+
+#: serializers/update_password.py:31 serializers/update_user.py:15
 msgid "You dont have permission for this user."
 msgstr "Vous n'avez pas de permissions pour cet utilisateur."
 
-#: views/login.py:22
+#: views/login.py:23
 msgid "Invalid username or password."
 msgstr "Nom d'utilisateur ou mot de passe incorect."

accounts/serializers/update_password.py

@@ -0,0 +1,37 @@
+from rest_framework.serializers import ModelSerializer, ValidationError
+from rest_framework.fields import CharField
+from django.contrib.auth.models import User
+from django.contrib.auth import login
+from django.utils.translation import gettext as _
+
+
+class UpdatePasswordSerializer(ModelSerializer):
+    current_password = CharField(write_only=True, required=True)
+    new_password = CharField(write_only=True, required=True)
+    new_password2 = CharField(write_only=True, required=True)
+
+    class Meta:
+        model = User
+        fields = ['current_password', 'new_password', 'new_password2']
+
+    def validate_current_password(self, value):
+        if not self.instance.check_password(value):
+            raise ValidationError(_('Current password is incorrect.'))
+        return value
+
+    def validate(self, data):
+        if data['new_password'] != data['new_password2']:
+            raise ValidationError({'new_password2': _('The password does not match.')})
+        return data
+
+    def update(self, instance, validated_data):
+        user = self.context['request'].user
+
+        if user.pk != instance.pk:
+            raise ValidationError({'authorize': _('You dont have permission for this user.')})
+
+        instance.set_password(validated_data['new_password'])
+
+        instance.save()
+        login(self.context['request'], instance)
+        return instance

accounts/urls.py

@@ -1,6 +1,6 @@
 from django.urls import path
 
-from .views import register, login, logout, delete, logged, update_profile
+from .views import register, login, logout, delete, logged, update_profile, update_password
 
 urlpatterns = [
     path("register", register.RegisterView.as_view(), name="register"),
@@ -8,5 +8,6 @@ urlpatterns = [
     path("logout", logout.LogoutView.as_view(), name="logout"),
     path("logged", logged.LoggedView.as_view(), name="logged"),
     path("delete", delete.DeleteView.as_view(), name="delete"),
-    path('update_profile', update_profile.UpdateProfileView.as_view(), name='update_profile')
+    path('update_profile', update_profile.UpdateProfileView.as_view(), name='update_profile'),
+    path('update_password', update_password.UpdatePasswordView.as_view(), name='update_password')
 ]

accounts/views/update_password.py

@@ -0,0 +1,13 @@
+from ..serializers.update_password import UpdatePasswordSerializer
+from rest_framework.generics import UpdateAPIView
+from rest_framework.permissions import IsAuthenticated
+from django.contrib.auth.models import User
+
+
+class UpdatePasswordView(UpdateAPIView):
+    queryset = User.objects.all()
+    permission_classes = (IsAuthenticated,)
+    serializer_class = UpdatePasswordSerializer
+
+    def get_object(self):
+        return self.queryset.get(pk=self.request.user.pk)