✨ Feat: [#101] 비밀번호 재설정 기능 구현 완료

2026-01-09 17:18:14 +09:00
parent 41c1aa7013
commit a4fa5d152b
5 changed files with 103 additions and 6 deletions
--- a/codes/services.py
+++ b/codes/services.py
@@ -22,6 +22,10 @@ from users.models import User

 from projects.models import Project, ProjectTeamList

+
+from datetime import timedelta
+from rest_framework_simplejwt.tokens import AccessToken
+
 # from .schemas import send_sms_post_schema  # Swagger나 drf-spectacular 등에 사용되는 데코레이터

 INVITE_CHOICE_USE_TYPE ={
@@ -29,6 +33,8 @@ INVITE_CHOICE_USE_TYPE ={
    'h': InviteCodeUseType.HACKATHON
 }

+PASSWORD_RESET_TOKEN_TTL_MINUTES = 5
+
 class CertificateService:
    @staticmethod
    def send(code, identifier):
@@ -131,3 +137,15 @@ class ProjectInviteService(InviteService):
        return ProjectTeamList.objects.create(user=invitee, project=work)
        

+class PasswordResetTokenService:
+    @staticmethod
+    def issue_temp_access_token(*, user_id: str, identifier: str, use_type: str) -> str:
+        token = AccessToken()
+        token.set_exp(lifetime=timedelta(minutes=PASSWORD_RESET_TOKEN_TTL_MINUTES))
+
+        token["purpose"] = "password_reset"
+        token["user_id"] = str(user_id)
+        token["identifier"] = identifier
+        token["use_type"] = use_type
+
+        return str(token)
--- a/codes/views.py
+++ b/codes/views.py
@@ -56,18 +56,43 @@ class CertificationAPIView(APIView):
    @transaction.atomic
    def patch(self, request):
        use_type = request.query_params.get("type")
+        purpose = request.query_params.get("purpose")
+
        if use_type not in CERTIFICATE_SERVICE_USE_TYPE:
            return Response({"message": "Not defined use_type"}, status=status.HTTP_400_BAD_REQUEST)
+        
        serv = CERTIFICATE_SERVICE_USE_TYPE[use_type]
        code = request.data.get('code', None)
        if not code:
            return Response({"message": "no code"}, status=status.HTTP_400_BAD_REQUEST)
+        
        serializer = CertificateCodeSerializer(data=request.data)
-        if serializer.is_valid():
-            if serv.check_code(use_type, code, serializer.validated_data['identifier']):
-                return Response({"message": "certificated successfully"}, status=status.HTTP_200_OK)
-            return Response({"message": "wrong code, please retry"}, status=status.HTTP_400_BAD_REQUEST)
-        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+        if not serializer.is_valid():
+            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+        identifier = serializer.validated_data["identifier"]
+
+        if not serv.check_code(use_type, code, identifier):
+            return Response({"message": "wrong code or already used code, please retry send code"}, status=status.HTTP_400_BAD_REQUEST)
+        
+        if purpose == "password_reset":
+            user = User.objects.filter(phone=identifier).first()
+            if not user:
+                return Response({"message": "user not found"}, status=status.HTTP_404_NOT_FOUND)
+
+            temp_access_token = PasswordResetTokenService.issue_temp_access_token(
+                user_id=user.id,
+                identifier=identifier,
+                use_type=use_type,
+            )
+
+            return Response(
+                {"message": "certificated successfully", "temp_access_token": temp_access_token},
+                status=status.HTTP_200_OK
+            )
+
+        return Response({"message": "certificated successfully"}, status=status.HTTP_200_OK)

 class InviteByLinkAPIView(APIView):