SkillsForge-Community · Hordunlarmy · Jul 20, 2024
diff --git a/sigma/authentication/serializers.py b/sigma/authentication/serializers.py
@@ -93,16 +93,16 @@ def to_representation(self, instance):
 
 
 class ChangePasswordSerializer(serializers.Serializer):
-    old_password = serializers.CharField(write_only=True)
+    email = serializers.EmailField(write_only=True)
     new_password = serializers.CharField(write_only=True)
 
-    def validate_old_password(self, value):
-        """This is for validating old password"""
+    def validate_email(self, value):
+        """This is for validating email"""
 
-        user = self.context["request"].user
+        user = User.objects.filter(email=value).first()
 
-        if not user.check_password(value):
-            raise serializers.ValidationError("Wrong Old Password", code="Invalid Password")
+        if user is None:
+            raise serializers.ValidationError("User doesn't exist", code="Not Found")
 
         return value
 

diff --git a/sigma/authentication/urls.py b/sigma/authentication/urls.py
@@ -7,5 +7,5 @@
 urlpatterns = [
     path("register/admin/", RegisterAdminAPIView.as_view(), name="register_admin"),
     path("login/", LoginInAPIView.as_view(), name="login"),
-    path("password/change/", ChangePasswordAPIView.as_view(), name="change_password"),
+    path("password/reset/", ChangePasswordAPIView.as_view(), name="change_password"),
 ]
diff --git a/sigma/authentication/views.py b/sigma/authentication/views.py
@@ -33,11 +33,9 @@ def post(self, request, *args, **kwargs):
 
 class ChangePasswordAPIView(generics.GenericAPIView):
     serializer_class = ChangePasswordSerializer
-    permission_classes = [
-        permissions.IsAuthenticated,
-    ]
+    permission_classes = (permissions.IsAuthenticated,)
 
-    def post(self, request, *args, **kwargs):
+    def put(self, request, *args, **kwargs):
         user = self.request.user
 
         serializer = self.get_serializer(data=request.data)

diff --git a/tests/authentication/test_serializers.py b/tests/authentication/test_serializers.py
@@ -146,13 +146,13 @@ def test_error_raised_for_short_length_of_password(self):
             ),
         )
 
-    def test_error_not_raised_when_when_valid_data_are_provided(self):
+    def test_error_not_raised_when_valid_data_are_provided(self):
         """Test user password changed when valid data are provided"""
 
         request = MagicMock()
         request.user = self.user
 
-        data = {"old_password": "old_password", "new_password": "new_password"}
+        data = {"email": request.user.email, "new_password": "new_password"}
 
         serializer = ChangePasswordSerializer(data=data, context={"request": request})
         self.assertTrue(serializer.is_valid())
diff --git a/tests/authentication/test_views.py b/tests/authentication/test_views.py
@@ -175,9 +175,8 @@ def test_user_can_change_password_with_valid_data(self):
 
         self.client.force_authenticate(self.user)
 
-        request_data = {"old_password": "old_password", "new_password": "new_password"}
-
-        response = self.client.post(self.url, request_data, format="json")
+        request_data = {"email": self.user.email, "new_password": "new_password"}
+        response = self.client.put(self.url, request_data, format="json")
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.json(), {"message": "Password Successfully updated"})
@@ -190,23 +189,23 @@ def test_user_cannot_change_password_with_invalid_data(self):
 
         self.client.force_authenticate(self.user)
 
-        request_data = {"old_password": "old_password", "new_password": "new"}
+        request_data = {"email": "[email protected]", "new_password": "new"}
 
-        response = self.client.post(self.url, request_data, format="json")
+        response = self.client.put(self.url, request_data, format="json")
 
         self.assertEqual(response.status_code, 400)
 
         user = User.objects.filter(email="[email protected]").first()
-        self.assertTrue(user.check_password(request_data["old_password"]))
+        self.assertFalse(user.check_password(request_data["new_password"]))
 
     def test_user_new_password_cannot_be_same_as_old_password(self):
         """Test user new password cannot be same as old password"""
 
         self.client.force_authenticate(self.user)
 
-        request_data = {"old_password": "old_password", "new_password": "old_password"}
+        request_data = {"email": self.user.email, "new_password": "old_password"}
 
-        response = self.client.post(self.url, request_data)
+        response = self.client.put(self.url, request_data)
 
         self.assertEqual(response.status_code, 400)
         self.assertEqual(