validate img size

Author: rockstarr-programmerr

account/serializers.py

@@ -1,5 +1,6 @@
 from django.conf import settings
 from django.contrib.auth import get_user_model
+from django.contrib.auth.password_validation import validate_password
 from django.utils.translation import gettext as _
 from rest_framework import serializers
 
@@ -27,12 +28,16 @@ def validate(self, attrs):
         return attrs
 
     def validate_avatar(self, img):
+        if not img:
+            return img
+
         size = img.size / 1e6  # bytes to megabytes
         if size > settings.MAX_UPLOAD_SIZE_MEGABYTES:
             raise serializers.ValidationError(
                 _('File size must not exceed %dMB.') % settings.MAX_UPLOAD_SIZE_MEGABYTES,
                 code='exceed_max_upload_size'
             )
+
         return img
 
 
@@ -44,7 +49,7 @@ class Meta(UserSerializer.Meta):
             'password', 'avatar', 'avatar_thumbnail',
         ]
         extra_kwargs = {
-            'password': {'write_only': True},
+            'password': {'write_only': True, 'validators': [validate_password]},
             'avatar_thumbnail': {'read_only': True},
             'name': {'required': False},
             'phone_number': {'required': False},
@@ -54,3 +59,8 @@ class Meta(UserSerializer.Meta):
 
 class MeSerializer(UserSerializer):
     pass
+
+
+class ChangePasswordSerializer(serializers.Serializer):
+    current_password = serializers.CharField(write_only=True)
+    new_password = serializers.CharField(write_only=True, validators=[validate_password])

account/views.py

@@ -1,18 +1,18 @@
 from django.contrib.auth import get_user_model
-from django.db.models import Q
 from django.utils.decorators import classonlymethod, method_decorator
+from django.utils.translation import gettext as _
 from django.views.decorators.debug import sensitive_post_parameters
 from rest_framework import mixins
 from rest_framework.decorators import action
+from rest_framework.exceptions import PermissionDenied
 from rest_framework.generics import get_object_or_404
 from rest_framework.permissions import AllowAny
 from rest_framework.response import Response
 from rest_framework.viewsets import GenericViewSet
 
 from account import business
-from account.managers import UserTypes
-from account.serializers import (MeSerializer, RegisterTeacherSerializer,
-                                 UserSerializer)
+from account.serializers import (ChangePasswordSerializer, MeSerializer,
+                                 RegisterTeacherSerializer, UserSerializer)
 
 User = get_user_model()
 
@@ -66,6 +66,28 @@ def register_teacher(self, request):
         serializer = self.get_serializer(instance=teacher)
         return Response(serializer.data)
 
+    @action(
+        detail=False, methods=['POST'],
+        url_path='change-password',
+        serializer_class=ChangePasswordSerializer,
+    )
+    def change_password(self, request):
+        """
+        Change logged-in user's password, return 403 if `current_password` is not correct.
+        """
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        current_password = serializer.validated_data['current_password']
+        new_password = serializer.validated_data['new_password']
+
+        user = self.request.user
+        if not user.check_password(current_password):
+            raise PermissionDenied(_('Wrong password.'))
+
+        user.set_password(new_password)
+        user.save()
+        return Response()
+
 
 class MeViewSet(mixins.ListModelMixin,
                 mixins.RetrieveModelMixin,

classroom/serializers/exercise.py

@@ -66,10 +66,14 @@ class ReadingExerciseUploadImgSerializer(serializers.Serializer):
     image_url = serializers.URLField(read_only=True)
 
     def validate_image(self, image):
+        if not image:
+            return image
+
         size = image.size / 1e6  # bytes to megabytes
         if size > settings.MAX_UPLOAD_SIZE_MEGABYTES:
             raise serializers.ValidationError(
                 _('File size must not exceed %dMB.') % settings.MAX_UPLOAD_SIZE_MEGABYTES,
                 code='exceed_max_upload_size'
             )
+
         return image