first push

Authentication/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

Authentication/apps.py

@@ -0,0 +1,6 @@
+from django.apps import AppConfig
+
+
+class AuthenticationConfig(AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'Authentication'

Authentication/migrations/0001_initial.py

@@ -0,0 +1,65 @@
+# Generated by Django 3.2.13 on 2023-09-17 15:05
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='ClientToken',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('key', models.UUIDField(default=uuid.uuid4, editable=False, null=True, unique=True)),
+                ('create_date', models.DateTimeField(auto_now_add=True)),
+                ('modify_date', models.DateTimeField(auto_now=True)),
+                ('trash', models.BooleanField(default=False)),
+                ('client_name', models.CharField(max_length=50)),
+                ('client_id', models.CharField(max_length=50)),
+                ('client_secret', models.CharField(max_length=150)),
+                ('client_token', models.CharField(max_length=50)),
+                ('client_web_address', models.CharField(max_length=200, null=True)),
+                ('client_web_address_backend', models.CharField(max_length=200, null=True)),
+                ('created_by', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='clienttoken_createdby', to=settings.AUTH_USER_MODEL)),
+                ('modified_by', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='clienttoken_modifiedby', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.CreateModel(
+            name='UserIdentity',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('key', models.UUIDField(default=uuid.uuid4, editable=False, null=True, unique=True)),
+                ('create_date', models.DateTimeField(auto_now_add=True)),
+                ('modify_date', models.DateTimeField(auto_now=True)),
+                ('trash', models.BooleanField(default=False)),
+                ('first_name', models.CharField(max_length=100, null=True)),
+                ('last_name', models.CharField(max_length=100, null=True)),
+                ('mobile', models.CharField(max_length=20, null=True)),
+                ('national_id', models.CharField(max_length=20, null=True)),
+                ('national_code', models.CharField(max_length=20, null=True)),
+                ('city', models.CharField(max_length=100, null=True)),
+                ('province', models.CharField(max_length=100, null=True)),
+                ('client', models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='client_identity', to='Authentication.clienttoken')),
+                ('created_by', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='useridentity_createdby', to=settings.AUTH_USER_MODEL)),
+                ('modified_by', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='useridentity_modifiedby', to=settings.AUTH_USER_MODEL)),
+                ('role', models.ManyToManyField(related_name='identity_group', to='auth.Group')),
+                ('user', models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='user_identity', to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+    ]

Authentication/models.py

@@ -0,0 +1,41 @@
+from django.db import models
+from Core.models import BaseModel
+from django.contrib.auth.models import User, Group
+
+
+# Create your models here.
+
+class ClientToken(BaseModel):
+    client_name = models.CharField(max_length=50)
+    client_id = models.CharField(max_length=50)
+    client_secret = models.CharField(max_length=150)
+    client_token = models.CharField(max_length=50)
+    client_web_address = models.CharField(max_length=200, null=True)
+    client_web_address_backend = models.CharField(max_length=200, null=True)
+
+    def save(self, *args, **kwargs):
+        super(ClientToken, self).save(*args, **kwargs)
+
+
+class UserIdentity(BaseModel):
+    user = models.ForeignKey(User, on_delete=models.CASCADE, null=True, related_name='user_identity')
+    role = models.ManyToManyField(
+        Group,
+        related_name='identity_group'
+    )
+    client = models.ForeignKey(
+        ClientToken,
+        on_delete=models.CASCADE,
+        null=True,
+        related_name="client_identity"
+    )
+    first_name = models.CharField(max_length=100, null=True)
+    last_name = models.CharField(max_length=100, null=True)
+    mobile = models.CharField(max_length=20, null=True)
+    national_id = models.CharField(max_length=20, null=True)
+    national_code = models.CharField(max_length=20, null=True)
+    city = models.CharField(max_length=100, null=True)
+    province = models.CharField(max_length=100, null=True)
+
+    def save(self, *args, **kwargs):
+        super(UserIdentity, self).save(*args, **kwargs)

Authentication/serializers.py

@@ -0,0 +1,31 @@
+from rest_framework import serializers
+from django.contrib.auth.models import Group
+from Authentication.models import ClientToken, UserIdentity
+
+
+class GroupSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Group
+        fields = '__all__'
+
+
+class ClientTokenSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = ClientToken
+        fields = (
+            'client_name',
+        )
+
+
+class UserIdentitySerializer(serializers.ModelSerializer):
+    client = ClientTokenSerializer(required=False)
+
+    class Meta:
+        model = UserIdentity
+        exclude = (
+            'id',
+            'created_by',
+            'modified_by',
+            'trash'
+        )
+        extra_kwargs = {'role': {'required': False}, }

Authentication/sms.py

@@ -0,0 +1,17 @@
+import requests
+
+
+def send_otp_code(receptor, rand):
+    receptor = str(receptor)
+    message = 'سلام همراه عزیز کد پیامکی ارسالی  برای شما :{}'.format(rand)
+    u = "http://webservice.sahandsms.com/newsmswebservice.asmx/SendPostUrl?username=pmstores&password=Aht00100&from=30002501&to={}&message={}".format(
+        receptor, message)
+
+    url = u.format()
+
+    payload = {}
+    headers = {"Content-Type": "application/x-www-form-urlencoded"}
+
+    response = requests.request("GET", url, headers=headers, data=payload, verify=False)
+
+    print(response.text)

Authentication/tests.py

@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.

Authentication/urls.py

@@ -0,0 +1,60 @@
+from django.urls import path, include
+from rest_framework import routers
+from django.conf import settings
+import oauth2_provider.views as oauth2_views
+
+from Authentication.views import (
+    register,
+    login,
+    change_password,
+    check_otp,
+    send_otp,
+    UserIdentityViewSet, store_send_otp, Find_User, Identity, register_all, change_user_mobile, NumberOfActiveUsers,
+    remove_access_token,check_user_exists, remove_user_role
+)
+
+router = routers.DefaultRouter()
+router.register('user_identity', UserIdentityViewSet, basename='user_identity')
+
+oauth2_endpoint_views = [
+    path('authorize/', oauth2_views.AuthorizationView.as_view(), name="authorize"),
+    path('token/', oauth2_views.TokenView.as_view(), name="token"),
+    path('register/', register, name="register"),
+    path('register_all/', register_all, name="register_all"),
+    path('login/', login, name="login"),
+    path('change_password/', change_password, name="change_password"),
+    path('send_otp/', send_otp, name="send_otp"),
+    path('send/', store_send_otp, name="send"),
+    path('check_otp/', check_otp, name="check_otp"),
+    path('find/', Find_User, name="find"),
+    path('identity/', Identity, name="identity"),
+    path('active-users/', NumberOfActiveUsers, name="active-users"),
+    path('remove_access_token/', remove_access_token, name="remove_access_token"),
+    path('check_user_exists/', check_user_exists, name="check_user_exists"),
+    path('remove_user_role/', remove_user_role, name="remove_user_role"),
+
+]
+
+if settings.DEBUG:
+    # OAuth2 Application Management endpoints
+    oauth2_endpoint_views += [
+        path('applications/', oauth2_views.ApplicationList.as_view(), name="list"),
+        path('applications/register/', oauth2_views.ApplicationRegistration.as_view(), name="register"),
+        path('applications/<pk>/', oauth2_views.ApplicationDetail.as_view(), name="detail"),
+        path('applications/<pk>/delete/', oauth2_views.ApplicationDelete.as_view(), name="delete"),
+        path('applications/<pk>/update/', oauth2_views.ApplicationUpdate.as_view(), name="update"),
+    ]
+
+    # OAuth2 Token Management endpoints
+    oauth2_endpoint_views += [
+        path('authorized-tokens/', oauth2_views.AuthorizedTokensListView.as_view(), name="authorized-token-list"),
+        path('authorized-tokens/<pk>/delete/', oauth2_views.AuthorizedTokenDeleteView.as_view(),
+             name="authorized-token-delete"),
+    ]
+
+urlpatterns = [
+    path('', include(router.urls)),
+    path('api/', include((oauth2_endpoint_views, 'oauth2_provider.urls'), namespace="oauth2_provider")),
+    path('change_mobile_number/', change_user_mobile),
+
+]

Authentication/views.py

@@ -0,0 +1,635 @@
+import cryptocode
+from django.core.cache import cache
+from rest_framework.decorators import permission_classes, api_view
+from .models import UserIdentity
+from rest_framework.permissions import AllowAny
+from django.contrib.auth.models import User, Group
+from rest_framework.response import Response
+from django.http import HttpResponse
+from django.shortcuts import render
+from rest_framework import status, viewsets
+from oauth2_provider.models import AccessToken
+import json
+import requests
+import random
+import uuid
+import cryptocode
+from oauth2_provider.contrib.rest_framework import (
+    TokenHasReadWriteScope,
+    OAuth2Authentication, )
+from rest_framework.decorators import authentication_classes
+from Authentication.models import ClientToken
+from Authentication.sms import send_otp_code
+from .serializers import UserIdentitySerializer
+from datetime import timedelta
+
+BASE_URL = "https://userbackend.rasadyar.com/api/"
+
+ARTA_CLIENT_ID = 'cpxlBf9GPPnk0nfOMLEa6fZyUrew6Z17wujOUMJr'
+ARTA_CLIENT_SECRET = 'ONFoHxBCPOtIUw72QnLL4oa0wOKQNQ6h3Hc8pZrk3qHcR759hmgFn7fJZJMh1nQRWMeRGUHbRoTBFCIQn7OsiKrY7y4JM975T7mjM7WXJs3Ezl30gMAUgfpuEpzJgChz'
+
+CHICKEN_CLIENT_SECRET = '4EK8EAPBOGsUHTeTHpgXrjQwbOQKAnNnQIOHmZa3IlOYVafwV1rmoKHhJE91OmLJ201yp7UkGu5TikiesoZxhNj0FYOyTtC7YtcqvopdBO36e2PSnjuqkLt0yCmaK2ph'
+CHICKEN_CLIENT_ID = 'DhL3VMce6p3CBPSTwBg1AJjcaREvddWoOP8G8pHc'
+
+LO_CHICKEN_CLIENT_SECRET = "xqZM6iTDe0XDS1mC8iVhahXqb2TWIZ07mx7yYOZrzTYHyHoFYIpvBm6IcM169fsGZ8uQs3gBHmicgbUMVXwbHyJIaCOeFp9SNK72E4v2OR51om3eH43VMQSK4pEKmMX6"
+LO_CHICKEN_CLIENT_ID = "kSHxeTGASY8JsczTinnt5t820clWOKC3X1NHnMOi"
+
+HA_CHICKEN_CLIENT_SECRET = 'l2Gt9AgwOfIneoQU2hamnGYCOiIUdAY2nmLI9eCkNo7wXU6TvNEU93oHtk8IzSHzJc5vVkm9scJaAlWGbzumNenGsQbIESbA1mAsLXWoWSllZKCuGyCBTJtKQ7BhnHZ6'
+HA_CHICKEN_CLIENT_ID = 'WwpP780hSemYh8K93MqeuZ3HAir3ahQxDTGG43nG'
+
+DM_CLIENT_ID = '2fDx0CopuiLnRz7YyCQD8nBXKjpxzqZg38Fcl02l'
+DM_CLIENT_SECRET = 'PKStjauydu4k157bSaoPVenKHvLVtLI9Upn4JxU7tnHhuHPfAUp1abkfWp55orh7dFCXdE09E5CeWu7vBJsv1VpXz13EBl7OSW2LAceo3ztvq4FNAEVmEEt56cEmQzpF'
+
+INSPECTION_CLIENT_ID = 'R2Ox6eqrXPeh1KbeWLDO5MCapuOFpHDvstOOD1XC'
+INSPECTION_CLIENT_SECRET = 'imFgEGkcs248XZkLE7JNMo6mwVkiUMGYUBenBAlgZFwW0lyCYILrmh5Akh8dpHbgpCYaSvuYepFu3WdUXY3ZXPDZq11KbqlrmjHwf8wuW2DUsa0oSDozDv4p9Lx3lJPO'
+
+
+# # Create your views here.
+# @api_view(["POST"])
+# @permission_classes([AllowAny])
+# def GernalSendOtp(request):
+#     mobile = request.data["mobile"]
+#     state = request.data["state"]
+#     try:
+#         user = User.objects.get(username__exact=mobile)
+#         user_identity = UserIdentity.objects.get(user)
+#         client = ClientToken.objects.get(key=user_identity.client.key)
+#     except User.DoesNotExist:
+#         return Response({'is_user': False}, status=status.HTTP_401_UNAUTHORIZED)
+#     if len(mobile) < 11 or len(mobile) > 11:
+#         return Response(
+#             {
+#                 "pattern": "wrong",
+#             },
+#             status=status.HTTP_403_FORBIDDEN,
+#         )
+#     key = str(uuid.uuid4())
+#     rand = random.randint(10000, 99000)
+#     cache.set(key, str(rand), timeout=120)
+#     if not User.objects.filter(username=mobile).exists():
+#         receptor = mobile
+#         send_otp_code(receptor, rand)
+#         return Response(
+#             {
+#                 "is_user": False,
+#                 "key": key,
+#             },
+#             status=status.HTTP_404_NOT_FOUND,
+#         )
+#
+#     if state == "forget_password":
+#         receptor = mobile
+#         send_otp_code(receptor, rand)
+#         return Response(
+#             {
+#                 "is_user": True,
+#                 "key": key,
+#             },
+#             status=status.HTTP_200_OK,
+#         )
+#
+#     elif state == "change_password":
+#         receptor = mobile
+#         send_otp_code(receptor, rand)
+#         return Response(
+#             {
+#                 "is_user": True,
+#                 "key": key,
+#             },
+#             status=status.HTTP_200_OK,
+#         )
+#
+#     elif state == "":
+#         return Response(
+#             {
+#                 "is_user": True,
+#             },
+#             status=status.HTTP_200_OK,
+#         )
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def send_otp(request):
+    # frontend_url = request.headers.get("Origin")
+    # frontend_url = request.data.get("frontend_url", frontend_url)
+    # if "https://rasadyaar.ir" in frontend_url:
+    #     return Response({'result': 'https://rasadyar.net'}, status.HTTP_401_UNAUTHORIZED)
+    mobile = request.data["mobile"]
+    state = request.data["state"]
+    try:
+        user = User.objects.get(username__exact=mobile)
+        user_identity = UserIdentity.objects.get(user=user)
+    except User.DoesNotExist:
+        return Response({'is_user': False}, status=status.HTTP_404_NOT_FOUND)
+    if len(mobile) < 11 or len(mobile) > 11:
+        return Response(
+            {
+                "pattern": "wrong",
+            },
+            status=status.HTTP_403_FORBIDDEN,
+        )
+    key = str(uuid.uuid4())
+    rand = random.randint(10000, 99000)
+    cache.set(key, str(rand), timeout=120)
+    if not User.objects.filter(username=mobile).exists():
+        receptor = mobile
+        # send_otp_code(receptor, rand)
+        return Response(
+            {
+                "is_user": False,
+                "key": key,
+            },
+            status=status.HTTP_404_NOT_FOUND,
+        )
+
+    if state == "forget_password":
+        receptor = mobile
+        send_otp_code(receptor, rand)
+        return Response(
+            {
+                "is_user": True,
+                "key": key,
+                "address": user_identity.client.client_web_address,
+                "backend": user_identity.client.client_web_address_backend,
+                "api_key": user_identity.client.client_token,
+
+            },
+            status=status.HTTP_200_OK,
+        )
+
+    elif state == "change_password":
+        receptor = mobile
+        send_otp_code(receptor, rand)
+        return Response(
+            {
+                "is_user": True,
+                "key": key,
+                "address": user_identity.client.client_web_address,
+                "backend": user_identity.client.client_web_address_backend,
+                "api_key": user_identity.client.client_token,
+            },
+            status=status.HTTP_200_OK,
+        )
+
+    elif state == "":
+        return Response(
+            {
+                "is_user": True,
+                "address": user_identity.client.client_web_address,
+                "backend": user_identity.client.client_web_address_backend,
+                "api_key": user_identity.client.client_token,
+
+            },
+            status=status.HTTP_200_OK,
+        )
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def store_send_otp(request):
+    mobile = request.data["mobile"]
+    key = str(uuid.uuid4())
+    rand = random.randint(10000, 99000)
+    cache.set(key, str(rand), timeout=120)
+    receptor = mobile
+    send_otp_code(receptor, rand)
+
+    return Response(
+        {
+            "key": key,
+        },
+        status=status.HTTP_200_OK,
+    )
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def change_user_mobile(request):
+    first_mobile = request.data["first_mobile_number"]
+    second_mobile = request.data["second_mobile_number"]
+    user = User.objects.get(username=first_mobile)
+    user.username = second_mobile
+    user.save()
+    # user_identity=UserIdentity.objects.get(mobile=first_mobile)
+    # user_identity.mobile=second_mobile
+    # user_identity.save()
+
+    return Response({"result": "number changed"}, status=status.HTTP_200_OK)
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def check_otp(request):
+    key = request.data["key"]
+    code = cache.get(key)
+    if request.data["code"] == code:
+        return Response(
+            {
+                "code": True,
+            },
+            status=status.HTTP_200_OK,
+        )
+    else:
+        return Response(
+            {
+                "code": False,
+            },
+            status=status.HTTP_403_FORBIDDEN,
+        )
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+# @permission_classes([TokenHasReadWriteScope])
+@authentication_classes([OAuth2Authentication])
+def change_password(request):
+    username = request.data["username"]
+    password = request.data["password"]
+    user = User.objects.get(username=username)
+    user.password = cryptocode.encrypt(password, password)
+    user.save()
+
+    return Response({"password": "changed"}, status=status.HTTP_200_OK)
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def register(request):
+    # if 'role' in request.data.keys() and 'tenant' in request.data.keys():
+    #     request.data.pop('role')
+    #     request.data.pop('tenant')
+
+    username = request.data["username"]
+    password = request.data["password"]
+    api_key = request.data["api_key"]
+    client = ClientToken.objects.get(client_token=api_key)
+    if User.objects.filter(username__exact=username).exists():
+        return Response({"result": "user exist"}, status=status.HTTP_400_BAD_REQUEST)
+
+    if 'first_name' in request.data.keys() and 'last_name' in request.data.keys():
+        user = User(
+            username=username, password=cryptocode.encrypt(password, password), first_name=request.data['first_name'],
+            last_name=request.data['last_name']
+        )
+    else:
+
+        user = User(
+            username=username, password=cryptocode.encrypt(password, password)
+        )
+    user.save()
+    # if 'role' in request.data.keys():
+    #     group = Group.objects.get(name__exact=request.data['role'])
+    if not UserIdentity.objects.filter(user=user):
+        user_identity = UserIdentity(
+            user=user,
+            client=client
+        )
+        user_identity.save()
+        if 'national_code' in request.data.keys():
+            user_identity.national_id = request.data['national_code']
+        if 'first_name' in request.data.keys() and 'last_name' in request.data.keys():
+            user_identity.first_name = request.data['first_name']
+            user_identity.last_name = request.data['last_name']
+        user_identity.mobile = request.data['username']
+        user_identity.save()
+
+        # user_identity.role.add(group)
+    data = {
+        "username": str(user.username),
+        "password": user.password,
+        "client_id": client.client_id,
+        "client_secret": client.client_secret,
+        "grant_type": "client_credentials",
+        # "scope": "read"
+        "scope": "read write",
+    }
+    r = requests.post(url=BASE_URL + "token/", data=json.dumps(data), verify=False)
+    access = AccessToken.objects.get(token=r.json()["access_token"])
+    access.user = user
+    access.save()
+    dict_info = {
+        "access_token": r.json()["access_token"],
+        "expires_in": r.json()["expires_in"],
+        "token_type": r.json()["token_type"],
+        "scope": r.json()["scope"],
+        "expire_time": access.expires,
+    }
+    # r.json()["expire_time"]=access.expires
+    return Response(dict_info, status=status.HTTP_200_OK)
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def register_all(request):
+    username = request.data["username"]
+    password = request.data["password"]
+    api_key = request.data["api_key"]
+    client = ClientToken.objects.get(client_token=api_key)
+    if User.objects.filter(username__exact=username).exists():
+        pass
+
+    else:
+        if 'first_name' in request.data.keys() and 'last_name' in request.data.keys():
+            user = User(
+                username=username, password=password, first_name=request.data['first_name'],
+                last_name=request.data['last_name']
+            )
+        else:
+            user = User(
+                username=username, password=password
+            )
+        user.save()
+        if not UserIdentity.objects.filter(user=user):
+            user_identity = UserIdentity(
+                user=user,
+                client=client
+            )
+            user_identity.save()
+            if 'national_code' in request.data.keys():
+                user_identity.national_id = request.data['national_code']
+            if 'first_name' in request.data.keys() and 'last_name' in request.data.keys():
+                user_identity.first_name = request.data['first_name']
+                user_identity.last_name = request.data['last_name']
+            user_identity.mobile = request.data['username']
+            user_identity.save()
+
+        return Response("ok", status=status.HTTP_200_OK)
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def login(request):
+    username = request.data['username']
+    password = (request.data['password'],)
+    api_key = request.data["api_key"]
+    roles = []
+    roles_from_request = []
+    client = ClientToken.objects.get(client_token=api_key)
+    try:
+        user = User.objects.get(username__exact=username)
+    except User.DoesNotExist:
+        return Response({'is_user': False}, status=status.HTTP_401_UNAUTHORIZED)
+
+    if 'role' in request.data.keys():
+        if type(request.data['role']) is list:
+            roles_from_request = request.data['role']
+        else:
+            roles_from_request.append(request.data['role'])
+
+    if 'user_key' in request.data.keys():
+        for item in roles_from_request:
+            group = Group.objects.get(name__exact=item)
+            if not UserIdentity.objects.filter(user=user, role=group):
+                if not UserIdentity.objects.filter(user=user).exists():
+                    user_identity = UserIdentity()
+                else:
+                    user_identity = UserIdentity.objects.get(user=user)
+                user_identity.user = user
+                user_identity.key = request.data['user_key']
+                user_identity.client = client
+                user_identity.save()
+                user_identity.role.add(group)
+            else:
+                user_identity = UserIdentity.objects.get(user=user)
+                user_identity.key = request.data['user_key']
+                user_identity.client = client
+                user_identity.save()
+        for item in user_identity.role.all():
+            roles.append(item.name)
+    decrypted_password = cryptocode.decrypt(user.password, password[0])
+    if decrypted_password != password[0]:
+        return Response({'password': 'wrong'}, status=status.HTTP_401_UNAUTHORIZED)
+    data = {
+        "username": username,
+        "password": password,
+        "client_id": client.client_id,
+        "client_secret": client.client_secret,
+        "grant_type": "client_credentials",
+        "scope": "read write",
+    }
+    r = requests.post(url=BASE_URL + "token/", data=json.dumps(data), verify=False)
+    access = AccessToken.objects.get(token=r.json()["access_token"])
+    access.user = user
+    access.save()
+    dict_info = {
+        "access_token": r.json()["access_token"],
+        "expires_in": r.json()["expires_in"],
+        "token_type": r.json()["token_type"],
+        "scope": r.json()["scope"],
+        "expire_time": access.expires,
+        "role": roles
+    }
+    return Response(dict_info, status=status.HTTP_200_OK)
+
+
+class UserIdentityViewSet(viewsets.ModelViewSet):
+    queryset = UserIdentity.objects.all()
+    serializer_class = UserIdentitySerializer
+    permission_classes = [TokenHasReadWriteScope]
+
+    def list(self, request, *args, **kwargs):
+        pass
+
+    def retrieve(self, request, *args, **kwargs):
+        pass
+
+    def create(self, request, *args, **kwargs):
+        edit_type = request.data['type']
+        request.data.pop('type')
+
+        if edit_type == 'check_user':
+            # return Response({'sss': 'exist'}, status=status.HTTP_201_CREATED)
+            # if user exists in system
+            if self.queryset.filter(
+                    mobile=request.data['value']
+            ).exists() or self.queryset.filter(
+                national_id=request.data['value']
+            ).exists():
+
+                if self.queryset.filter(
+                        mobile=request.data['value']
+                ).exists():
+                    # contains user object
+                    user = self.queryset.get(
+                        mobile=request.data['value'],
+                    )
+
+                if self.queryset.filter(
+                        national_id=request.data['value']
+                ).exists():
+                    # contains user object
+                    user = self.queryset.get(
+                        national_id=request.data['value'],
+                    )
+                serializer = self.serializer_class(user)
+                return Response(serializer.data, status=status.HTTP_200_OK)
+            return Response(status=status.HTTP_404_NOT_FOUND)
+
+    def update(self, request, *args, **kwargs):
+
+        # contains user identity object
+        user_identity = UserIdentity.objects.get(key=request.data['userprofile_key'])
+        request.data.pop('userprofile_key')  # remove user key from data
+
+        serializer = self.serializer_class(data=request.data)
+        if serializer.is_valid():
+            identity_obj = serializer.update(validated_data=request.data, instance=user_identity)
+            serializer = self.serializer_class(identity_obj)
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    def destroy(self, request, *args, **kwargs):
+        pass
+
+
+@api_view(["GET"])
+@permission_classes([AllowAny])
+def Find_User(request):
+    data = request.GET["data"]
+    if UserIdentity.objects.filter(mobile=data).exists():
+        user = UserIdentity.objects.get(mobile=data)
+    elif UserIdentity.objects.filter(national_id=data).exists():
+        user = UserIdentity.objects.get(national_id=data)
+    else:
+        return Response({"result": "user not found"}, status=status.HTTP_401_UNAUTHORIZED)
+
+    return Response({
+        "firstname": user.first_name,
+        "lastname": user.last_name,
+        "national_id": user.national_id,
+        "mobile": user.mobile,
+        "city": user.city,
+        "province": user.province,
+    })
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def Identity(request):
+    user = UserIdentity.objects.get(user__username=request.data["mobile"])
+    user.mobile = request.data["mobile"]
+    user.first_name = request.data["first_name"]
+    user.last_name = request.data["last_name"]
+    user.national_id = request.data["national_id"]
+    user.city = request.data["city"]
+    user.province = request.data["province"]
+    user.save()
+    return Response({"mobile": user.mobile, "first_name": user.first_name, "last_name": user.last_name})
+
+
+@api_view(["GET"])
+@permission_classes([AllowAny])
+def NumberOfActiveUsers(request):
+    from datetime import datetime
+    now=datetime.now().date()
+    access = AccessToken.objects.filter(expires__date__gte=now)
+    return Response({"number_of_active_users":len(access)})
+
+
+@api_view(["GET"])
+@permission_classes([AllowAny])
+def remove_access_token(request):
+    import datetime
+    token=request.GET.get('token')
+    now = datetime.datetime.now()
+    accesses = AccessToken.objects.filter(created__date__gte=now.date() - timedelta(days=3))
+    if token is not None:
+        accesses=accesses.filter(token=token)
+    for access in accesses:
+        access.expires = now - timedelta(days=2)
+        access.save()
+    return Response("ok",status=status.HTTP_200_OK)
+
+
+@api_view(["GET"])
+@permission_classes([AllowAny])
+def check_user_exists(request):
+    mobile = request.GET.get('mobile')
+
+    if not mobile:
+        return Response(
+            {"error": "mobile parameter is required"},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+
+    try:
+        user = User.objects.get(username__exact=mobile)
+        return Response(
+            {
+                "exists": True,
+                "mobile": mobile,
+                "user_id": user.id
+            },
+            status=status.HTTP_404_NOT_FOUND
+        )
+    except User.DoesNotExist:
+        return Response(
+            {
+                "exists": False,
+                "mobile": mobile
+            },
+            status=status.HTTP_200_OK
+        )
+
+
+@api_view(["POST"])
+@permission_classes([AllowAny])
+def remove_user_role(request):
+    mobile = request.data.get('mobile')
+    role = request.data.get('role')
+
+    if not mobile:
+        return Response(
+            {"error": "mobile parameter is required"},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+
+    if not role:
+        return Response(
+            {"error": "role parameter is required"},
+            status=status.HTTP_400_BAD_REQUEST
+        )
+
+    try:
+        user = User.objects.get(username__exact=mobile)
+    except User.DoesNotExist:
+        return Response(
+            {"error": "user not found"},
+            status=status.HTTP_404_NOT_FOUND
+        )
+
+    try:
+        user_identity = UserIdentity.objects.get(user=user)
+    except UserIdentity.DoesNotExist:
+        return Response(
+            {"error": "user identity not found"},
+            status=status.HTTP_404_NOT_FOUND
+        )
+
+    try:
+        group = Group.objects.get(name__exact=role)
+    except Group.DoesNotExist:
+        return Response(
+            {"error": "role not found"},
+            status=status.HTTP_404_NOT_FOUND
+        )
+
+    if user_identity.role.filter(id=group.id).exists():
+        user_identity.role.remove(group)
+        return Response(
+            {
+                "result": "role removed successfully",
+                "mobile": mobile,
+                "role": role
+            },
+            status=status.HTTP_200_OK
+        )
+    else:
+        return Response(
+            {
+                "error": "user does not have this role",
+                "mobile": mobile,
+                "role": role
+            },
+            status=status.HTTP_400_BAD_REQUEST
+        )