추가: 임시비밀번호 api 생성

- random string 10자리로 조정 - 임시비밀번호 고지 이메일 celery 비동기 처리 - 이메일만 입력하면 비밀번호가 전송되는 점에서 보안관련 이슈 존재
Sahayana · Nov 9, 2023 · da82f45 · da82f45
1 parent 88fafea
commit da82f45
Show file tree

Hide file tree

Showing 5 changed files with 69 additions and 7 deletions.
diff --git a/alaltalk/cache_key.py b/alaltalk/cache_key.py
@@ -3,3 +3,10 @@
 # Friend
 RECOMMEND_FRIEND = "recommend_friend_{user_id}"
 USER_LIKE_DATA = "user_like_data_{user_id}"
+
+# Search
+
+USER_YOUTUBE = "youtube_user_{user_id}"
+USER_BOOK = "book_user_{user_id}"
+USER_NEWS = "news_user_{user_id}"
+USER_SHOPPING = "shopping_user_{user_id}"
diff --git a/apps/account/services/user_service.py b/apps/account/services/user_service.py
@@ -3,8 +3,8 @@
 from django.utils.http import urlsafe_base64_decode
 
 from apps.account.models import CustomUser, UserLikeKeyWord, UserProfileImage
-from apps.account.tasks import send_email_verification
-from apps.account.utils import accounts_verify_token
+from apps.account.tasks import send_email_verification, send_temporary_password
+from apps.account.utils import accounts_verify_token, random_string_generator
 
 
 class UserService:
@@ -26,9 +26,7 @@ def create_single_user(
             email=email, nickname=nickname, bio=bio, password=password
         )
         if img:
-            image = UserProfileImage.objects.create(user=user, img=img)
-            user.profile_image = image
-            user.save()
+            UserProfileImage.objects.create(user=user, img=img)
 
         # TODO: Celery 비동기 처리
         transaction.on_commit(lambda: send_email_verification.delay(user.id))
@@ -84,3 +82,27 @@ def like_public_setting(cls, user_id: int, value: str) -> CustomUser:
             raise KeyError("value 값은 'ON'/'OFF'만 가능합니다.")
 
         return user
+
+    @classmethod
+    def delete_user_account(cls, user_id: int):
+
+        user = CustomUser.objects.get(id=user_id)
+        user.is_deleted = True
+        user.save()
+        return user
+
+    @classmethod
+    @transaction.atomic()
+    def change_temporary_password(cls, user_id: int):
+
+        user = CustomUser.objects.get(id=user_id)
+        temp_password = random_string_generator(length=10)
+
+        user.set_password(temp_password)
+        user.save()
+
+        transaction.on_commit(
+            lambda: send_temporary_password.delay(user.id, temp_password)
+        )
+
+        return user
diff --git a/apps/account/tasks.py b/apps/account/tasks.py
@@ -1,5 +1,5 @@
 from celery import shared_task
-from django.core.mail import EmailMessage
+from django.core.mail import EmailMessage, send_mail
 from django.template.loader import render_to_string
 from django.utils.encoding import force_bytes
 from django.utils.http import urlsafe_base64_encode
@@ -11,7 +11,7 @@
 
 
 @shared_task
-def send_email_verification(user_id: int) -> None:
+def send_email_verification(user_id: int):
     """
     새로 생성한 유저에게 사용자 인증 이메일을 전송합니다.
     """
@@ -27,3 +27,14 @@ def send_email_verification(user_id: int) -> None:
     )
     email_message = EmailMessage(EMAIL_VERIFY_TITLE, message, to=[user.email])
     return email_message.send()
+
+
+@shared_task
+def send_temporary_password(email: str, temp_pw: str):
+    return send_mail(
+        "[alaltalk] 임시 비밀번호 메일입니다.",
+        f"회원님의 임시 비밀번호는 {temp_pw} 입니다.\n로그인 후 비밀번호를 꼭 변경해주세요.",
+        "[email protected]",
+        [email],
+        fail_silently=False,
+    )
diff --git a/apps/account/v1/apis/user_api.py b/apps/account/v1/apis/user_api.py
@@ -150,6 +150,23 @@ def post(self, request, *args, **kwargs):
         return Response(data=data, status=status.HTTP_200_OK)
 
 
+class TemporaryPasswordView(views.APIView):
+
+    permission_classes = [permissions.AllowAny]
+
+    def post(self, request, *args, **kwargs):
+
+        email = request.query_params.get("q")
+        try:
+            user = CustomUser.objects.get(email=email)
+        except CustomUser.DoesNotExist:
+            return Response({"msg": "none-user"}, status=status.HTTP_400_BAD_REQUEST0)
+
+        after_user = UserService.change_temporary_password(user_id=user.id)
+        data = {"msg": "ok", "data": UserReadSerializer(after_user).data}
+        return Response(data=data, status=status.HTTP_200_OK)
+
+
 # TODO:친구 관련 API 개발에 추가
 class UserLikeKeywordSaveView(views.APIView):
 

diff --git a/apps/account/v1/urls.py b/apps/account/v1/urls.py
@@ -12,4 +12,9 @@
         name="user_activation",
     ),
     path("login", user_api.LoginView.as_view(), name="login"),
+    path(
+        "login/temp",
+        user_api.TemporaryPasswordView.as_view(),
+        name="temporary_password",
+    ),
 ]