From 0e9a98f34235d48db4a66e06d403e8a06306f9fb Mon Sep 17 00:00:00 2001 From: mortezaei Date: Thu, 25 Sep 2025 13:56:36 +0330 Subject: [PATCH] feat(account): streamline user verification and password handling - Enhanced UserVerifyView to set user passwords securely during account creation and takeover. - Removed the use of unusable passwords, ensuring all users have functional passwords upon verification. --- apps/account/views/user.py | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/apps/account/views/user.py b/apps/account/views/user.py index b9b6a08..49874c7 100644 --- a/apps/account/views/user.py +++ b/apps/account/views/user.py @@ -202,12 +202,13 @@ class UserVerifyView(CreateAPIView): device_id = kwargs.get('device_id') user = User.objects.filter(email=email).first() if user: - if kwargs.get('password'): + if kwargs['password']: user.is_active = True user.deletion_date = None if device_id: user.device_id = device_id user.last_login = timezone.now() + user.set_password(kwargs['password']) user.save() else: # If device_id is provided, try to find existing user with that device_id @@ -217,22 +218,17 @@ class UserVerifyView(CreateAPIView): user = None if not user: - # Create the user from the verified data user = User.objects.create(**kwargs) - # Set a non-functional password to prevent authentication errors - user.set_unusable_password() - user.save() + user.set_password(kwargs['password']) else: - # Taking over a guest account user.email = email - user.fullname = kwargs.get('fullname') - # Also set unusable password for converted guest accounts - user.set_unusable_password() - + user.fullname = kwargs['fullname'] + user.set_password(kwargs['password']) if device_id: user.device_id = device_id user.last_login = timezone.now() user.is_active = True + user.deletion_date = None user.save() return user