Merge pull request #2517 from yadhukrishnx/production-launchpad-fix

feat(launchpad) : reset password

Author: aswanthabam

api/launchpad/launchpad_views.py

@@ -12,7 +12,7 @@
 from .serializers import (
     LaunchpadJobTaskSerializer, LaunchpadLeaderBoardSerializer, LaunchpadParticipantsSerializer, LaunchpadUserListSerializer,
     CollegeDataSerializer, LaunchpadUserSerializer, UserProfileUpdateSerializer,LaunchpadJobUpdateSerializer,
-    LaunchpadUpdateUserSerializer, LaunchPadRankSerializer, TaskCompletedLeaderBoardSerializer, TaskVerificationSerializer, LaunchpadCompanyPublicSerializer
+    LaunchpadUpdateUserSerializer, LaunchPadRankSerializer, TaskCompletedLeaderBoardSerializer, TaskVerificationSerializer, LaunchpadCompanyPublicSerializer,ForgotPasswordSerializer, ResetPasswordSerializer, ChangePasswordSerializer
 )
 from api.dashboard.profile.profile_serializer import (
     UserProfileSerializer, LinkSocials, UserLevelSerializer, UserLogSerializer,
@@ -39,6 +39,8 @@
 from django.core.mail import send_mail, EmailMessage
 from django.template.loader import render_to_string
 import decouple
+import secrets
+
 
 def send_template_mail(context: dict, subject: str, address: List[str], attachment: str = None):
     """
@@ -717,6 +719,11 @@ def post(self, request):
         if not check_password(password, recruiter.password):
             return CustomResponse(general_message="Invalid credentials.").get_failure_response()
 
+        if not recruiter.company.is_verified:
+            return CustomResponse(
+                general_message="Account does not exist"
+            ).get_failure_response()
+        
         access_token, refresh_token = generate_launchpad_jwt(recruiter, "recruiter")
 
         return CustomResponse(response={
@@ -2875,3 +2882,176 @@ def get(self, request):
         return CustomResponse().paginated_response(
             data=data, pagination=paginated_queryset.get("pagination")
         )
+
+class ForgotPasswordAPI(APIView):
+    def post(self, request):
+        serializer = ForgotPasswordSerializer(data=request.data)
+        
+        if not serializer.is_valid():
+            return CustomResponse(
+                message=serializer.errors,
+                general_message="Invalid request"
+            ).get_failure_response()
+
+        email = serializer.validated_data['email']
+        user_type = serializer.validated_data['user_type']
+        
+        # Generate reset token
+        reset_token = secrets.token_urlsafe(32)
+        expires_at = timezone.now() + timedelta(hours=1)  # Token expires in 1 hour
+        
+        try:
+            if user_type == 'company':
+                user = LaunchpadCompanies.objects.get(poc_email=email)
+                user.reset_token = reset_token
+                user.reset_token_expires = expires_at
+                user.save()
+                
+                user_name = user.name or user.poc_name
+                user_email = user.poc_email
+                
+            else:  # recruiter
+                user = LaunchpadRecruiters.objects.get(email=email)
+                user.reset_token = reset_token
+                user.reset_token_expires = expires_at
+                user.save()
+                
+                user_name = user.name
+                user_email = user.email
+            
+            # Send reset email
+            try:
+                reset_link = f"{decouple.config('FR_DOMAIN_NAME')}/reset-password?token={reset_token}&type={user_type}"
+                send_template_mail(
+                    context={
+                        "email": user_email,
+                        "full_name": user_name,
+                        "reset_link": reset_link,
+                        "expires_in": "1 hour"
+                    },
+                    subject="Password Reset - MuLearn Launchpad",
+                    address=["launchpad-password-reset.html"]
+                )
+            except Exception as e:
+                return CustomResponse(
+                    general_message="Failed to send reset email. Please try again."
+                ).get_failure_response()
+            
+            return CustomResponse(
+                general_message="Password reset link has been sent to your email."
+            ).get_success_response()
+            
+        except (LaunchpadCompanies.DoesNotExist, LaunchpadRecruiters.DoesNotExist):
+            # Don't reveal if user exists or not for security
+            return CustomResponse(
+                general_message="If an account with this email exists, a password reset link has been sent."
+            ).get_success_response()
+
+class ResetPasswordAPI(APIView):
+    def post(self, request):
+        serializer = ResetPasswordSerializer(data=request.data)
+        
+        if not serializer.is_valid():
+            return CustomResponse(
+                message=serializer.errors,
+                general_message="Invalid request"
+            ).get_failure_response()
+
+        user = serializer.validated_data['user']
+        new_password = serializer.validated_data['new_password']
+        
+        # Reset password
+        user.password = make_password(new_password)
+        user.reset_token = None
+        user.reset_token_expires = None
+        user.save()
+        
+        return CustomResponse(
+            general_message="Password has been reset successfully. You can now login with your new password."
+        ).get_success_response()
+
+class VerifyResetTokenAPI(APIView):
+    def post(self, request):
+        token = request.data.get('token')
+        user_type = request.data.get('user_type')
+        
+        if not token or not user_type:
+            return CustomResponse(
+                general_message="Token and user type are required."
+            ).get_failure_response()
+        
+        now = timezone.now()
+        
+        try:
+            if user_type == 'company':
+                user = LaunchpadCompanies.objects.get(
+                    reset_token=token,
+                    reset_token_expires__gt=now
+                )
+                user_name = user.name or user.poc_name
+            else:
+                user = LaunchpadRecruiters.objects.get(
+                    reset_token=token,
+                    reset_token_expires__gt=now
+                )
+                user_name = user.name
+            
+            return CustomResponse(
+                response={
+                    'valid': True,
+                    'user_name': user_name,
+                    'expires_at': user.reset_token_expires
+                },
+                general_message="Token is valid"
+            ).get_success_response()
+            
+        except (LaunchpadCompanies.DoesNotExist, LaunchpadRecruiters.DoesNotExist):
+            return CustomResponse(
+                response={'valid': False},
+                general_message="Invalid or expired token"
+            ).get_failure_response()
+
+class ChangePasswordAPI(APIView):
+    authentication_classes = [LaunchpadJWTPermission]
+    
+    def post(self, request):
+        user_type = request.auth["user_type"]
+        user_id = request.auth["id"]
+        
+        serializer = ChangePasswordSerializer(data=request.data)
+        
+        if not serializer.is_valid():
+            return CustomResponse(
+                message=serializer.errors,
+                general_message="Invalid request"
+            ).get_failure_response()
+
+        current_password = serializer.validated_data['current_password']
+        new_password = serializer.validated_data['new_password']
+        
+        try:
+            if user_type == 'company':
+                user = LaunchpadCompanies.objects.get(id=user_id)
+            else:
+                user = LaunchpadRecruiters.objects.get(id=user_id)
+            
+            # Verify current password
+            if not check_password(current_password, user.password):
+                return CustomResponse(
+                    message={'current_password': ['Current password is incorrect.']},
+                    general_message="Password change failed"
+                ).get_failure_response()
+            
+            # Update password
+            user.password = make_password(new_password)
+            user.save()
+            
+            return CustomResponse(
+                general_message="Password changed successfully."
+            ).get_success_response()
+            
+        except (LaunchpadCompanies.DoesNotExist, LaunchpadRecruiters.DoesNotExist):
+            return CustomResponse(
+                general_message="User not found."
+            ).get_failure_response()
+

api/launchpad/serializers.py

@@ -608,3 +608,63 @@ def get_colleges(self, obj):
         return LaunchPadUserCollegeLink.objects.filter(user=obj).values_list(
             "college_id", "college__title"
         )
+
+
+class ForgotPasswordSerializer(serializers.Serializer):
+    email = serializers.EmailField(required=True)
+    user_type = serializers.ChoiceField(choices=[('company', 'Company'), ('recruiter', 'Recruiter')])
+
+    def validate(self, data):
+        email = data.get('email')
+        user_type = data.get('user_type')
+        
+        if user_type == 'company':
+            if not LaunchpadCompanies.objects.filter(poc_email=email).exists():
+                raise serializers.ValidationError("No company found with this email.")
+        else:
+            if not LaunchpadRecruiters.objects.filter(email=email).exists():
+                raise serializers.ValidationError("No recruiter found with this email.")
+        
+        return data
+
+class ResetPasswordSerializer(serializers.Serializer):
+    token = serializers.CharField(required=True)
+    new_password = serializers.CharField(min_length=8, required=True)
+    confirm_password = serializers.CharField(min_length=8, required=True)
+    user_type = serializers.ChoiceField(choices=[('company', 'Company'), ('recruiter', 'Recruiter')])
+
+    def validate(self, data):
+        if data['new_password'] != data['confirm_password']:
+            raise serializers.ValidationError("Passwords don't match.")
+        
+        token = data.get('token')
+        user_type = data.get('user_type')
+        
+        now = timezone.now()
+        
+        if user_type == 'company':
+            user = LaunchpadCompanies.objects.filter(
+                reset_token=token,
+                reset_token_expires__gt=now
+            ).first()
+        else:
+            user = LaunchpadRecruiters.objects.filter(
+                reset_token=token,
+                reset_token_expires__gt=now
+            ).first()
+        
+        if not user:
+            raise serializers.ValidationError("Invalid or expired reset token.")
+        
+        data['user'] = user
+        return data
+
+class ChangePasswordSerializer(serializers.Serializer):
+    current_password = serializers.CharField(required=True)
+    new_password = serializers.CharField(min_length=8, required=True)
+    confirm_password = serializers.CharField(min_length=8, required=True)
+
+    def validate(self, data):
+        if data['new_password'] != data['confirm_password']:
+            raise serializers.ValidationError("New passwords don't match.")
+        return data

api/launchpad/urls.py

@@ -5,7 +5,8 @@
     LoginCompanyAPI, LoginRecruiterAPI, GetCompanyInfoAPI, GetRecruiterInfoAPI,
     RefreshTokenAPI, CompanyVerifyAPI, ListJobsAPI, VerifyTaskAPI, ListLaunchpadStudentsAPI,
     SendJobInvitationsAPI, StudentJobInvitationsAPI, StudentApplyToJobAPI, AcceptedStudentsAPI,
-    ScheduleInterviewAPI, ApplicationFinalDecisionAPI, CompanyListVerifiedAPI, DeleteCompanyAPI,JobAPI
+    ScheduleInterviewAPI, ApplicationFinalDecisionAPI, CompanyListVerifiedAPI, DeleteCompanyAPI,JobAPI,ForgotPasswordAPI, ResetPasswordAPI, VerifyResetTokenAPI, ChangePasswordAPI,
+    DeleteCompanyAPI,
 )
 
 urlpatterns = [
@@ -59,4 +60,10 @@
         "get-user-levels/<str:launchpad_id>/", launchpad_views.UserLevelsAPI.as_view()
     ),
     path("ig-leaderboard/", launchpad_views.IGLeaderboardView.as_view()),
+    
+    path('forgot-password/', ForgotPasswordAPI.as_view(), name='forgot-password'),
+    path('reset-password/', ResetPasswordAPI.as_view(), name='reset-password'),
+    path('verify-reset-token/', VerifyResetTokenAPI.as_view(), name='verify-reset-token'),
+    path('change-password/', ChangePasswordAPI.as_view(), name='change-password'),
+    
 ]

api/templates/mails/launchpad-password-reset.html

@@ -0,0 +1,40 @@
+{% extends "mails/base_mail.html" %} {% block content %}
+<div style="background: transparent; width: 100%; height: auto">
+  <center>
+    <h1
+      style="
+        color: black;
+        font-family: 'Poppins';
+        font-weight: 600;
+        font-size: 30px;
+      "
+    >
+      REFRESH YOUR SECRETS
+    </h1>
+    <p
+    >
+      Hey there, we got a request to fix up your password! Don't worry, click
+      the button below to reset your password!
+    </p>
+    <div style="width: 100%; height: 10px; background: transparent"></div>
+    <a href="{{ user.reset_link }}" style="width: 160px; height: 40px">
+      <img
+        style="width: 160px; height: 40px"
+        src="https://iili.io/HQFXsFp.png"
+        alt=""
+    /></a>
+    <div style="width: 100%; height: 10px; background: transparent"></div>
+    <p><strong>This link will expire in {{ user.expires_in }}.</strong></p>
+    <p
+      style="
+        color: black;
+        font-family: 'Poppins';
+        line-height: 1.2;
+        font-size: 13px;
+      "
+    >
+      Didn't request a password reset? You can ignore this email then.
+    </p>
+  </center>
+</div>
+{% endblock %}

db/launchpad.py

@@ -16,6 +16,8 @@ class LaunchpadCompanies(models.Model):
     username = models.CharField(max_length=50, unique=True)
     password = models.CharField(max_length=255)
     is_verified = models.BooleanField(default=False)
+    reset_token = models.CharField(max_length=100, null=True, blank=True)
+    reset_token_expires = models.DateTimeField(null=True, blank=True)
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)
 
@@ -37,6 +39,8 @@ class LaunchpadRecruiters(models.Model):
     phone = models.CharField(max_length=20)
     password = models.CharField(max_length=255)
     role = models.CharField(max_length=50, null=True)
+    reset_token = models.CharField(max_length=100, null=True, blank=True)
+    reset_token_expires = models.DateTimeField(null=True, blank=True)
     created_at = models.DateTimeField(auto_now_add=True)
     updated_at = models.DateTimeField(auto_now=True)