from rest_framework import serializers from django.contrib.auth import authenticate from django.contrib.auth.password_validation import validate_password from django.core.exceptions import ValidationError from role.models import Role from role.serializers import RoleSerializer from branch.serializers import BranchSerializer from .models import User, LoginSession class RegisterSerializer(serializers.ModelSerializer): password = serializers.CharField(write_only=True, required=True, validators=[validate_password]) password2 = serializers.CharField(write_only=True, required=True) role_id = serializers.PrimaryKeyRelatedField( queryset=Role.objects.all(), source='role', write_only=True ) role = RoleSerializer(read_only=True) class Meta: model = User fields = ('id', 'username', 'email', 'first_name', 'last_name', 'password', 'password2', 'role_id', 'role', 'branch', 'date_created') def validate(self, data): if data['password'] != data['password2']: raise serializers.ValidationError({"password": "Password fields didn't match."}) return data def create(self, validated_data): validated_data.pop('password2') user = User.objects.create_user(**validated_data) return user class LoginSerializer(serializers.Serializer): username = serializers.CharField(required=True) password = serializers.CharField(write_only=True, required=True) branch_id = serializers.IntegerField(required=False, allow_null=True) def validate(self, data): user = authenticate(username=data['username'], password=data['password']) if not user: raise serializers.ValidationError("Invalid credentials.") # Check if user is admin (check for 'Admin' role) is_admin = user.role and user.role.name.lower() == 'admin' # Require branch_id only for non-admin users if not is_admin and not data.get('branch_id'): raise serializers.ValidationError({"branch_id": "branch_id is required for non-admin users."}) data['user'] = user return data class ChangePasswordSerializer(serializers.Serializer): old_password = serializers.CharField(write_only=True, required=True) new_password = serializers.CharField(write_only=True, required=True, validators=[validate_password]) new_password2 = serializers.CharField(write_only=True, required=True) def validate(self, data): if data['new_password'] != data['new_password2']: raise serializers.ValidationError({"new_password": "Password fields didn't match."}) return data def validate_old_password(self, value): user = self.context['request'].user if not user.check_password(value): raise serializers.ValidationError("Old password is not correct.") return value class ForgotPasswordSerializer(serializers.Serializer): email = serializers.EmailField(required=True) def validate_email(self, value): try: User.objects.get(email=value) except User.DoesNotExist: raise serializers.ValidationError("User with this email does not exist.") return value class ResetPasswordSerializer(serializers.Serializer): token = serializers.CharField(required=True) new_password = serializers.CharField(write_only=True, required=True, validators=[validate_password]) new_password2 = serializers.CharField(write_only=True, required=True) def validate(self, data): if data['new_password'] != data['new_password2']: raise serializers.ValidationError({"new_password": "Password fields didn't match."}) return data class UserSerializer(serializers.ModelSerializer): class Meta: model = User fields = ('id', 'username', 'email', 'first_name', 'last_name', 'branch', 'date_created', 'role') class LoginSessionSerializer(serializers.ModelSerializer): user = UserSerializer(read_only=True) branch = BranchSerializer(read_only=True) class Meta: model = LoginSession fields = ('id', 'user', 'branch', 'login_time', 'logout_time', 'ip_address', 'user_agent') class LoginResponseSerializer(serializers.Serializer): message = serializers.CharField() access = serializers.CharField() refresh = serializers.CharField() user = UserSerializer() # session = LoginSessionSerializer()