[前台]修改修改密码功能,api添加@login_requrie,去掉界面和api中的username字段,这个从request可以拿到,要用户输入反而不好弄了,也没必要,顺便改了测试[CI不能SKIP]

account/views.py

@@ -35,7 +35,7 @@ class UserLoginAPIView(APIView):
         else:
             return serializer_invalid_response(serializer)
 
-
+@login_required
 def logout(request):
     auth.logout(request)
     return http.HttpResponseRedirect("/")
@@ -69,6 +69,7 @@ class UserRegisterAPIView(APIView):
 
 
 class UserChangePasswordAPIView(APIView):
+    @login_required
     def post(self, request):
         """
         用户修改密码json api接口
@@ -78,7 +79,8 @@ class UserChangePasswordAPIView(APIView):
         serializer = UserChangePasswordSerializer(data=request.data)
         if serializer.is_valid():
             data = serializer.data
-            user = auth.authenticate(username=data["username"], password=data["old_password"])
+            username = request.user.username
+            user = auth.authenticate(username=username, password=data["old_password"])
             if user:
                 user.set_password(data["new_password"])
                 user.save()