diff --git a/apps/account/serializers/user.py b/apps/account/serializers/user.py index df34944..82adfc3 100644 --- a/apps/account/serializers/user.py +++ b/apps/account/serializers/user.py @@ -32,10 +32,18 @@ class UserProfileSerializer(serializers.ModelSerializer): # return value def update(self, instance, validated_data): + # Pop the password from the data to handle it separately + password = validated_data.pop('password', None) + + # Use the default update logic for all other fields for attr, value in validated_data.items(): if value is not None: setattr(instance, attr, value) + # If a new password was provided, hash and set it correctly + if password: + instance.set_password(password) + instance.save() return instance diff --git a/apps/account/views/user.py b/apps/account/views/user.py index cf17cb0..b9b6a08 100644 --- a/apps/account/views/user.py +++ b/apps/account/views/user.py @@ -202,7 +202,7 @@ class UserVerifyView(CreateAPIView): device_id = kwargs.get('device_id') user = User.objects.filter(email=email).first() if user: - if kwargs['password']: + if kwargs.get('password'): user.is_active = True user.deletion_date = None if device_id: @@ -217,10 +217,17 @@ class UserVerifyView(CreateAPIView): user = None if not user: + # Create the user from the verified data user = User.objects.create(**kwargs) + # Set a non-functional password to prevent authentication errors + user.set_unusable_password() + user.save() else: + # Taking over a guest account user.email = email - user.fullname = kwargs['fullname'] + user.fullname = kwargs.get('fullname') + # Also set unusable password for converted guest accounts + user.set_unusable_password() if device_id: user.device_id = device_id