core/resolvers/auth.py

# -*- coding: utf-8 -*-

import re
from datetime import datetime, timezone
from urllib.parse import quote_plus

from graphql.type import GraphQLResolveInfo
from starlette.responses import RedirectResponse
from transliterate import translit

from auth.authenticate import login_required
from auth.credentials import AuthCredentials
from auth.email import send_auth_email
from auth.identity import Identity, Password
from auth.jwtcodec import JWTCodec
from auth.tokenstorage import TokenStorage
from base.exceptions import (
    BaseHttpException,
    InvalidPassword,
    InvalidToken,
    ObjectNotExist,
    Unauthorized,
)
from base.orm import local_session
from base.resolvers import mutation, query
from orm import Role, User
from settings import FRONTEND_URL, SESSION_TOKEN_HEADER


@mutation.field("getSession")
@login_required
async def get_current_user(_, info):
    auth: AuthCredentials = info.context["request"].auth
    token = info.context["request"].headers.get(SESSION_TOKEN_HEADER)

    with local_session() as session:
        user = session.query(User).where(User.id == auth.user_id).one()
        user.lastSeen = datetime.now(tz=timezone.utc)
        session.commit()

        return {"token": token, "user": user}


@mutation.field("confirmEmail")
async def confirm_email(_, info, token):
    """confirm owning email address"""
    try:
        print("[resolvers.auth] confirm email by token")
        payload = JWTCodec.decode(token)
        user_id = payload.user_id
        await TokenStorage.get(f"{user_id}-{payload.username}-{token}")
        with local_session() as session:
            user = session.query(User).where(User.id == user_id).first()
            session_token = await TokenStorage.create_session(user)
            user.emailConfirmed = True
            user.lastSeen = datetime.now(tz=timezone.utc)
            session.add(user)
            session.commit()
            return {"token": session_token, "user": user}
    except InvalidToken as e:
        raise InvalidToken(e.message)
    except Exception as e:
        print(e)  # FIXME: debug only
        return {"error": "email is not confirmed"}


async def confirm_email_handler(request):
    token = request.path_params["token"]  # one time
    request.session["token"] = token
    res = await confirm_email(None, {}, token)
    print("[resolvers.auth] confirm_email request: %r" % request)
    if "error" in res:
        raise BaseHttpException(res["error"])
    else:
        response = RedirectResponse(url=FRONTEND_URL)
        response.set_cookie("token", res["token"])  # session token
        return response


def create_user(user_dict):
    user = User(**user_dict)
    with local_session() as session:
        user.roles.append(session.query(Role).first())
        session.add(user)
        session.commit()
    return user


def generate_unique_slug(src):
    print("[resolvers.auth] generating slug from: " + src)
    slug = translit(src, "ru", reversed=True).replace(".", "-").lower()
    slug = re.sub("[^0-9a-zA-Z]+", "-", slug)
    if slug != src:
        print("[resolvers.auth] translited name: " + slug)
    c = 1
    with local_session() as session:
        user = session.query(User).where(User.slug == slug).first()
        while user:
            user = session.query(User).where(User.slug == slug).first()
            slug = slug + "-" + str(c)
            c += 1
        if not user:
            unique_slug = slug
            print("[resolvers.auth] " + unique_slug)
            return quote_plus(unique_slug.replace("'", "")).replace("+", "-")


@mutation.field("registerUser")
async def register_by_email(_, _info, email: str, password: str = "", name: str = ""):
    email = email.lower()
    """creates new user account"""
    with local_session() as session:
        user = session.query(User).filter(User.email == email).first()
    if user:
        raise Unauthorized("User already exist")
    else:
        slug = generate_unique_slug(name)
        user = session.query(User).where(User.slug == slug).first()
        if user:
            slug = generate_unique_slug(email.split("@")[0])
        user_dict = {
            "email": email,
            "username": email,  # will be used to store phone number or some messenger network id
            "name": name,
            "slug": slug,
        }
        if password:
            user_dict["password"] = Password.encode(password)
        user = create_user(user_dict)
        user = await auth_send_link(_, _info, email)
        return {"user": user}


@mutation.field("sendLink")
async def auth_send_link(_, _info, email, lang="ru", template="email_confirmation"):
    email = email.lower()
    """send link with confirm code to email"""
    with local_session() as session:
        user = session.query(User).filter(User.email == email).first()
        if not user:
            raise ObjectNotExist("User not found")
        else:
            token = await TokenStorage.create_onetime(user)
            await send_auth_email(user, token, lang, template)
            return user


@query.field("signIn")
async def login(_, info, email: str, password: str = "", lang: str = "ru"):
    email = email.lower()
    with local_session() as session:
        orm_user = session.query(User).filter(User.email == email).first()
        if orm_user is None:
            print(f"[auth] {email}: email not found")
            # return {"error": "email not found"}
            raise ObjectNotExist("User not found")  # contains webserver status

        if not password:
            print(f"[auth] send confirm link to {email}")
            token = await TokenStorage.create_onetime(orm_user)
            await send_auth_email(orm_user, token, lang)
            # FIXME: not an error, warning
            return {"error": "no password, email link was sent"}

        else:
            # sign in using password
            if not orm_user.emailConfirmed:
                # not an error, warns users
                return {"error": "please, confirm email"}
            else:
                try:
                    user = Identity.password(orm_user, password)
                    session_token = await TokenStorage.create_session(user)
                    print(f"[auth] user {email} authorized")
                    return {"token": session_token, "user": user}
                except InvalidPassword:
                    print(f"[auth] {email}: invalid password")
                    raise InvalidPassword("invalid password")  # contains webserver status
                    # return {"error": "invalid password"}


@query.field("signOut")
@login_required
async def sign_out(_, info: GraphQLResolveInfo):
    token = info.context["request"].headers.get(SESSION_TOKEN_HEADER, "")
    status = await TokenStorage.revoke(token)
    return status


@query.field("isEmailUsed")
async def is_email_used(_, _info, email):
    email = email.lower()
    with local_session() as session:
        user = session.query(User).filter(User.email == email).first()
    return user is not None
i18n email templates 2022-10-21 05:47:58 +00:00			`# -- coding: utf-8 --`

configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`import re`
Revert "Feature/lint" 2023-10-26 21:07:35 +00:00			`from datetime import datetime, timezone`
			`from urllib.parse import quote_plus`

			`from graphql.type import GraphQLResolveInfo`
			`from starlette.responses import RedirectResponse`
			`from transliterate import translit`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`from auth.authenticate import login_required`
context user fix 2022-12-01 14:45:19 +00:00			`from auth.credentials import AuthCredentials`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`from auth.email import send_auth_email`
			`from auth.identity import Identity, Password`
imports-format+id-fix+remigrate 2022-11-10 05:40:32 +00:00			`from auth.jwtcodec import JWTCodec`
			`from auth.tokenstorage import TokenStorage`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`from base.exceptions import (`
			`BaseHttpException,`
			`InvalidPassword,`
			`InvalidToken,`
			`ObjectNotExist,`
			`Unauthorized,`
			`)`
refactored 2022-08-11 05:53:14 +00:00			`from base.orm import local_session`
			`from base.resolvers import mutation, query`
imports-format+id-fix+remigrate 2022-11-10 05:40:32 +00:00			`from orm import Role, User`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`from settings import FRONTEND_URL, SESSION_TOKEN_HEADER`
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
format and lint orm 2022-09-03 10:50:14 +00:00
fix getSession, fix getAuthor 2022-11-24 15:19:58 +00:00			`@mutation.field("getSession")`
stats refactored 2022-09-19 13:50:43 +00:00			`@login_required`
			`async def get_current_user(_, info):`
context user fix 2022-12-01 14:45:19 +00:00			`auth: AuthCredentials = info.context["request"].auth`
fixes 2022-12-01 13:24:05 +00:00			`token = info.context["request"].headers.get(SESSION_TOKEN_HEADER)`

context user fix 2022-12-01 14:45:19 +00:00			`with local_session() as session:`
			`user = session.query(User).where(User.id == auth.user_id).one()`
			`user.lastSeen = datetime.now(tz=timezone.utc)`
			`session.commit()`
fixes 2022-12-01 13:24:05 +00:00
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"token": token, "user": user}`
stats refactored 2022-09-19 13:50:43 +00:00

clear schema and no password auth wip 2021-07-30 12:53:22 +00:00			`@mutation.field("confirmEmail")`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`async def confirm_email(_, info, token):`
format and lint orm 2022-09-03 10:50:14 +00:00			`"""confirm owning email address"""`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`try:`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`print("[resolvers.auth] confirm email by token")`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`payload = JWTCodec.decode(token)`
confirm email fix attempt 2022-10-21 18:21:24 +00:00			`user_id = payload.user_id`
fix-session 2023-01-31 06:57:35 +00:00			`await TokenStorage.get(f"{user_id}-{payload.username}-{token}")`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`with local_session() as session:`
			`user = session.query(User).where(User.id == user_id).first()`
fix-slug-generator 2022-10-22 12:02:15 +00:00			`session_token = await TokenStorage.create_session(user)`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`user.emailConfirmed = True`
try timezones 2022-11-23 14:09:35 +00:00			`user.lastSeen = datetime.now(tz=timezone.utc)`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`session.add(user)`
			`session.commit()`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"token": session_token, "user": user}`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`except InvalidToken as e:`
			`raise InvalidToken(e.message)`
			`except Exception as e:`
			`print(e) # FIXME: debug only`
confirm email url fix 2022-10-01 08:39:56 +00:00			`return {"error": "email is not confirmed"}`


confirm-fix 2022-10-05 17:06:29 +00:00			`async def confirm_email_handler(request):`
			`token = request.path_params["token"] # one time`
			`request.session["token"] = token`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`res = await confirm_email(None, {}, token)`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`print("[resolvers.auth] confirm_email request: %r" % request)`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`if "error" in res:`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`raise BaseHttpException(res["error"])`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`else:`
frontend url setting 2022-11-25 23:49:02 +00:00			`response = RedirectResponse(url=FRONTEND_URL)`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`response.set_cookie("token", res["token"]) # session token`
			`return response`
confirm-fix 2022-10-05 17:06:29 +00:00

fixes-auth 2022-10-04 09:22:27 +00:00			`def create_user(user_dict):`
			`user = User(**user_dict)`
			`with local_session() as session:`
init 2022-11-24 08:27:01 +00:00			`user.roles.append(session.query(Role).first())`
fixes-auth 2022-10-04 09:22:27 +00:00			`session.add(user)`
			`session.commit()`
			`return user`


fix-slug-generator 2022-10-22 12:02:15 +00:00			`def generate_unique_slug(src):`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`print("[resolvers.auth] generating slug from: " + src)`
fix-slug-generator 2022-10-22 12:02:15 +00:00			`slug = translit(src, "ru", reversed=True).replace(".", "-").lower()`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`slug = re.sub("[^0-9a-zA-Z]+", "-", slug)`
fix-slug-generator 2022-10-22 12:02:15 +00:00			`if slug != src:`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`print("[resolvers.auth] translited name: " + slug)`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`c = 1`
fixes-auth 2022-10-04 09:22:27 +00:00			`with local_session() as session:`
			`user = session.query(User).where(User.slug == slug).first()`
			`while user:`
			`user = session.query(User).where(User.slug == slug).first()`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`slug = slug + "-" + str(c)`
fixes-auth 2022-10-04 09:22:27 +00:00			`c += 1`
			`if not user:`
			`unique_slug = slug`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`print("[resolvers.auth] " + unique_slug)`
			`return quote_plus(unique_slug.replace("'", "")).replace("+", "-")`
confirmEmail 2021-07-30 13:22:37 +00:00
clear schema and no password auth wip 2021-07-30 12:53:22 +00:00
register user, sign in and sign out working 2021-06-29 10:26:46 +00:00			`@mutation.field("registerUser")`
fix-slug-generator 2022-10-22 12:02:15 +00:00			`async def register_by_email(_, _info, email: str, password: str = "", name: str = ""):`
added lead field to shout, new table event (#71) * added lead field to shout, new table event * repurposed unused notifications table 2023-08-06 20:01:40 +00:00			`email = email.lower()`
format and lint orm 2022-09-03 10:50:14 +00:00			`"""creates new user account"""`
			`with local_session() as session:`
			`user = session.query(User).filter(User.email == email).first()`
			`if user:`
load fixed, auth wip 2022-12-01 08:12:48 +00:00			`raise Unauthorized("User already exist")`
fixes-auth 2022-10-04 09:22:27 +00:00			`else:`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`slug = generate_unique_slug(name)`
			`user = session.query(User).where(User.slug == slug).first()`
			`if user:`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`slug = generate_unique_slug(email.split("@")[0])`
fixes-auth 2022-10-04 09:22:27 +00:00			`user_dict = {`
			`"email": email,`
fix-slug-generator 2022-10-22 12:02:15 +00:00			`"username": email, # will be used to store phone number or some messenger network id`
auth fix 2022-10-20 22:05:37 +00:00			`"name": name,`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`"slug": slug,`
fixes-auth 2022-10-04 09:22:27 +00:00			`}`
			`if password:`
			`user_dict["password"] = Password.encode(password)`
			`user = create_user(user_dict)`
fix-slug-generator 2022-10-22 12:02:15 +00:00			`user = await auth_send_link(_, _info, email)`
schema-fix 2022-10-04 14:30:17 +00:00			`return {"user": user}`
format and lint orm 2022-09-03 10:50:14 +00:00
new api error handling 2021-08-01 11:40:24 +00:00
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`@mutation.field("sendLink")`
hotfix-loadchats 2022-11-27 13:14:17 +00:00			`async def auth_send_link(_, _info, email, lang="ru", template="email_confirmation"):`
added lead field to shout, new table event (#71) * added lead field to shout, new table event * repurposed unused notifications table 2023-08-06 20:01:40 +00:00			`email = email.lower()`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`"""send link with confirm code to email"""`
format and lint orm 2022-09-03 10:50:14 +00:00			`with local_session() as session:`
			`user = session.query(User).filter(User.email == email).first()`
fixes-auth 2022-10-04 09:22:27 +00:00			`if not user:`
			`raise ObjectNotExist("User not found")`
			`else:`
			`token = await TokenStorage.create_onetime(user)`
hotfix-loadchats 2022-11-27 13:14:17 +00:00			`await send_auth_email(user, token, lang, template)`
fixes-auth 2022-10-04 09:22:27 +00:00			`return user`
add reset password api 2022-01-13 12:16:35 +00:00
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
register user, sign in and sign out working 2021-06-29 10:26:46 +00:00			`@query.field("signIn")`
confirm-token-fix 2022-10-23 09:33:28 +00:00			`async def login(_, info, email: str, password: str = "", lang: str = "ru"):`
added lead field to shout, new table event (#71) * added lead field to shout, new table event * repurposed unused notifications table 2023-08-06 20:01:40 +00:00			`email = email.lower()`
format and lint orm 2022-09-03 10:50:14 +00:00			`with local_session() as session:`
			`orm_user = session.query(User).filter(User.email == email).first()`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`if orm_user is None:`
			`print(f"[auth] {email}: email not found")`
			`# return {"error": "email not found"}`
			`raise ObjectNotExist("User not found") # contains webserver status`

			`if not password:`
			`print(f"[auth] send confirm link to {email}")`
			`token = await TokenStorage.create_onetime(orm_user)`
i18n email templates 2022-10-21 05:47:58 +00:00			`await send_auth_email(orm_user, token, lang)`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`# FIXME: not an error, warning`
			`return {"error": "no password, email link was sent"}`

			`else:`
			`# sign in using password`
			`if not orm_user.emailConfirmed:`
			`# not an error, warns users`
			`return {"error": "please, confirm email"}`
			`else:`
			`try:`
			`user = Identity.password(orm_user, password)`
			`session_token = await TokenStorage.create_session(user)`
			`print(f"[auth] user {email} authorized")`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"token": session_token, "user": user}`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`except InvalidPassword:`
			`print(f"[auth] {email}: invalid password")`
viewed fixed 2022-11-23 11:30:44 +00:00			`raise InvalidPassword("invalid password") # contains webserver status`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`# return {"error": "invalid password"}`
new api error handling 2021-08-01 11:40:24 +00:00
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
register user, sign in and sign out working 2021-06-29 10:26:46 +00:00			`@query.field("signOut")`
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00			`@login_required`
register user, sign in and sign out working 2021-06-29 10:26:46 +00:00			`async def sign_out(_, info: GraphQLResolveInfo):`
auth and minor fixes 2022-11-22 03:11:26 +00:00			`token = info.context["request"].headers.get(SESSION_TOKEN_HEADER, "")`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`status = await TokenStorage.revoke(token)`
formatted, linted, fixed 2022-09-04 17:20:38 +00:00			`return status`
format and lint orm 2022-09-03 10:50:14 +00:00
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
isEmailFree to isEmailUsed 2022-06-15 12:41:28 +00:00			`@query.field("isEmailUsed")`
schema-fixes 2022-10-04 12:07:41 +00:00			`async def is_email_used(_, _info, email):`
added lead field to shout, new table event (#71) * added lead field to shout, new table event * repurposed unused notifications table 2023-08-06 20:01:40 +00:00			`email = email.lower()`
format and lint orm 2022-09-03 10:50:14 +00:00			`with local_session() as session:`
			`user = session.query(User).filter(User.email == email).first()`
formatted, linted, fixed 2022-09-04 17:20:38 +00:00			`return user is not None`