Tag Assignment - organization OTP

apps/authentication/api/v1/api.py

@@ -1,5 +1,5 @@
 import typing
-
+from rest_framework.permissions import AllowAny
 from apps.authentication.api.v1.serializers.jwt import CustomizedTokenObtainPairSerializer
 from rest_framework_simplejwt.authentication import JWTAuthentication
 from rest_framework.decorators import action, permission_classes
@@ -26,7 +26,10 @@ from apps.authentication.models import (
 from django.db import transaction
 from rest_framework.response import Response
 from common.tools import CustomOperations
+from django.core.cache import cache
 from rest_framework import status
+from common.sms import send_sms
+import random
 
 
 class CustomizedTokenObtainPairView(TokenObtainPairView):
@@ -138,6 +141,20 @@ class UserViewSet(ModelViewSet):
         else:
             return Response(serializer.errors, status=status.HTTP_403_FORBIDDEN)
 
+    @action(
+        methods=['get'],
+        detail=False,
+        url_name='profile',
+        url_path='profile',
+        name='profile',
+        permission_classes=[AllowAny]
+    )
+    def profile(self, request):
+        serializer = authorize_view.UserRelationSerializer(
+            authorize_view.UserRelations.objects.get(user=request.user)
+        )
+        return Response(serializer.data, status.HTTP_200_OK)
+
 
 class CityViewSet(ModelViewSet):
     """ Crud operations for city model """  #
@@ -195,3 +212,76 @@ class BankAccountViewSet(ModelViewSet):
     """ Crud operations for bank account model """  #
     queryset = BankAccountInformation.objects.all()
     serializer_class = BankAccountSerializer
+
+
+class GeneralOTPViewSet(ModelViewSet):
+    """ general OTP user authorization """
+
+    user_relations_queryset = authorize_view.UserRelations.objects.all()
+    organization_queryset = Organization.objects.all()
+    user_queryset = User.objects.all()
+    user_serializer = UserSerializer
+    organization_serializer = OrganizationSerializer
+    user_relations_serializer = authorize_view.UserRelationSerializer
+
+    @classmethod
+    def get_user_mobile(cls, data: dict) -> typing.Any:
+        """ find user mobile in multiple modes like from organization """
+
+        if data['get_mobile_type'] == 'organization':
+            # get user mobile by his/her organization
+            user_mobile = cls.user_relations_queryset.filter(
+                organization_id=int(data['object_id']),
+                role__role_name='Management').first().user.mobile
+            return user_mobile
+
+        if data['get_mobile_type'] == 'general':
+            return data['mobile']
+
+    @action(
+        methods=['post'],
+        detail=False,
+        url_path='send_otp',
+        url_name='send_otp',
+        name='send_otp'
+    )
+    @transaction.atomic
+    def send_otp(self, request):
+        """
+        This module is for sending otp in whole project and different parts
+        like send otp code to user by organization or by general user mobile
+        """
+
+        mobile = self.get_user_mobile(
+            data=request.data
+        )
+
+        # generate random integer and message for otp code
+        random_number = random.randint(10000, 99999)
+        message = f'کد احراز شما : {random_number}'  # noqa
+
+        # caching code
+        if 'timeout' in request.data.keys():
+            cache.set(f"{random_number}", str(random_number), timeout=60 * int(request.data['timeout']))
+        else:
+            cache.set(f"{random_number}", str(random_number), timeout=60 * 3)
+
+        sms_response = send_sms(mobile=mobile, message=message)
+        return Response(status=status.HTTP_200_OK)
+
+    @action(
+        methods=['post'],
+        detail=False,
+        url_name='check_otp',
+        url_path='check_otp',
+        name='check_otp'
+    )
+    def check_otp(self, request):
+        """ Check sent otp code to user """
+
+        entered_code = request.data['code']
+        cached_code = cache.get(entered_code)
+
+        if entered_code == cached_code:
+            return Response(status=status.HTTP_200_OK)
+        return Response(status=status.HTTP_403_FORBIDDEN)