core/auth/identity.py

from binascii import hexlify
from hashlib import sha256
from typing import TYPE_CHECKING, Any, TypeVar

from passlib.hash import bcrypt

from auth.exceptions import ExpiredToken, InvalidPassword, InvalidToken
from auth.jwtcodec import JWTCodec
from services.db import local_session
from services.redis import redis
from utils.logger import root_logger as logger

# Для типизации
if TYPE_CHECKING:
    from auth.orm import Author

AuthorType = TypeVar("AuthorType", bound="Author")


class Password:
    @staticmethod
    def _to_bytes(data: str) -> bytes:
        return bytes(data.encode())

    @classmethod
    def _get_sha256(cls, password: str) -> bytes:
        bytes_password = cls._to_bytes(password)
        return hexlify(sha256(bytes_password).digest())

    @staticmethod
    def encode(password: str) -> str:
        """
        Кодирует пароль пользователя

        Args:
            password (str): Пароль пользователя

        Returns:
            str: Закодированный пароль
        """
        password_sha256 = Password._get_sha256(password)
        return bcrypt.using(rounds=10).hash(password_sha256)

    @staticmethod
    def verify(password: str, hashed: str) -> bool:
        r"""
        Verify that password hash is equal to specified hash. Hash format:

        $2a$10$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm
        \__/\/ \____________________/\_____________________________/
        |   |        Salt                     Hash
        |  Cost
        Version

        More info: https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html

        :param password: clear text password
        :param hashed: hash of the password
        :return: True if clear text password matches specified hash
        """
        hashed_bytes = Password._to_bytes(hashed)
        password_sha256 = Password._get_sha256(password)

        return bcrypt.verify(password_sha256, hashed_bytes)


class Identity:
    @staticmethod
    def password(orm_author: AuthorType, password: str) -> AuthorType:
        """
        Проверяет пароль пользователя

        Args:
            orm_author (Author): Объект пользователя
            password (str): Пароль пользователя

        Returns:
            Author: Объект автора при успешной проверке

        Raises:
            InvalidPassword: Если пароль не соответствует хешу или отсутствует
        """
        # Импортируем внутри функции для избежания циклических импортов
        from utils.logger import root_logger as logger

        # Проверим исходный пароль в orm_author
        if not orm_author.password:
            logger.warning(f"[auth.identity] Пароль в исходном объекте автора пуст: email={orm_author.email}")
            msg = "Пароль не установлен для данного пользователя"
            raise InvalidPassword(msg)

        # Проверяем пароль напрямую, не используя dict()
        password_hash = str(orm_author.password) if orm_author.password else ""
        if not password_hash or not Password.verify(password, password_hash):
            logger.warning(f"[auth.identity] Неверный пароль для {orm_author.email}")
            msg = "Неверный пароль пользователя"
            raise InvalidPassword(msg)

        # Возвращаем исходный объект, чтобы сохранить все связи
        return orm_author

    @staticmethod
    def oauth(inp: dict[str, Any]) -> Any:
        """
        Создает нового пользователя OAuth, если он не существует

        Args:
            inp (dict): Данные OAuth пользователя

        Returns:
            Author: Объект пользователя
        """
        # Импортируем внутри функции для избежания циклических импортов
        from auth.orm import Author

        with local_session() as session:
            author = session.query(Author).filter(Author.email == inp["email"]).first()
            if not author:
                author = Author(**inp)
                author.email_verified = True  # type: ignore[assignment]
                session.add(author)
                session.commit()

        return author

    @staticmethod
    async def onetime(token: str) -> Any:
        """
        Проверяет одноразовый токен

        Args:
            token (str): Одноразовый токен

        Returns:
            Author: Объект пользователя
        """
        # Импортируем внутри функции для избежания циклических импортов
        from auth.orm import Author

        try:
            print("[auth.identity] using one time token")
            payload = JWTCodec.decode(token)
            if payload is None:
                logger.warning("[Identity.token] Токен не валиден (payload is None)")
                return {"error": "Invalid token"}

            # Проверяем существование токена в хранилище
            token_key = f"{payload.user_id}-{payload.username}-{token}"
            if not await redis.exists(token_key):
                logger.warning(f"[Identity.token] Токен не найден в хранилище: {token_key}")
                return {"error": "Token not found"}

            # Если все проверки пройдены, ищем автора в базе данных
            with local_session() as session:
                author = session.query(Author).filter_by(id=payload.user_id).first()
                if not author:
                    logger.warning(f"[Identity.token] Автор с ID {payload.user_id} не найден")
                    return {"error": "User not found"}

                logger.info(f"[Identity.token] Токен валиден для автора {author.id}")
                return author
        except ExpiredToken:
            # raise InvalidToken("Login token has expired, please try again")
            return {"error": "Token has expired"}
        except InvalidToken:
            # raise InvalidToken("token format error") from e
            return {"error": "Token format error"}
-												lint

											
										
										
											2023-10-26 20:38:31 +00:00
+								from binascii import hexlify
 								from hashlib import sha256
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								from typing import TYPE_CHECKING, Any, TypeVar
-												Revert "Feature/lint"

											
										
										
											2023-10-26 21:07:35 +00:00
-												lint

											
										
										
											2023-10-26 20:38:31 +00:00
+								from passlib.hash import bcrypt
-												Revert "Feature/lint"

											
										
										
											2023-10-26 21:07:35 +00:00
-												linted+fmt

											
										
										
											2025-05-29 09:37:39 +00:00
+								from auth.exceptions import ExpiredToken, InvalidPassword, InvalidToken
-												Revert "Feature/lint"

											
										
										
											2023-10-26 21:07:35 +00:00
+								from auth.jwtcodec import JWTCodec
-.4.10-a

											
										
										
											2025-02-11 09:00:35 +00:00
+								from services.db import local_session
-												token-storage-refactored

											
										
										
											2025-06-02 18:50:58 +00:00
+								from services.redis import redis
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								from utils.logger import root_logger as logger
-.4.10-a

											
										
										
											2025-02-11 09:00:35 +00:00
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								# Для типизации
 								if TYPE_CHECKING:
 								    from auth.orm import Author
 								AuthorType = TypeVar("AuthorType", bound="Author")
-												migration, auth, refactoring, formatting

											
										
										
											2022-09-17 18:12:14 +00:00
 								class Password:
 								    @staticmethod
-												added password hash check

											
										
										
											2022-11-10 21:47:19 +00:00
+								    def _to_bytes(data: str) -> bytes:
 								        return bytes(data.encode())
 								    @classmethod
 								    def _get_sha256(cls, password: str) -> bytes:
 								        bytes_password = cls._to_bytes(password)
 								        return hexlify(sha256(bytes_password).digest())
-												fix-scheme

											
										
										
											2022-11-08 15:50:28 +00:00
-												added password hash check

											
										
										
											2022-11-10 21:47:19 +00:00
+								    @staticmethod
 								    def encode(password: str) -> str:
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								        """
 								        Кодирует пароль пользователя
 								        Args:
 								            password (str): Пароль пользователя
 								        Returns:
 								            str: Закодированный пароль
 								        """
-												added password hash check

											
										
										
											2022-11-10 21:47:19 +00:00
+								        password_sha256 = Password._get_sha256(password)
 								        return bcrypt.using(rounds=10).hash(password_sha256)
-												migration, auth, refactoring, formatting

											
										
										
											2022-09-17 18:12:14 +00:00
 								    @staticmethod
-												fix-scheme

											
										
										
											2022-11-08 15:50:28 +00:00
+								    def verify(password: str, hashed: str) -> bool:
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								        r"""
-												added password hash check

											
										
										
											2022-11-10 21:47:19 +00:00
+								        Verify that password hash is equal to specified hash. Hash format:
 								        $2a$10$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								        \__/\/ \____________________/\_____________________________/
-												added password hash check

											
										
										
											2022-11-10 21:47:19 +00:00
+								        |   |        Salt                     Hash
 								        |  Cost
 								        Version
 								        More info: https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html
 								        :param password: clear text password
 								        :param hashed: hash of the password
 								        :return: True if clear text password matches specified hash
 								        """
 								        hashed_bytes = Password._to_bytes(hashed)
 								        password_sha256 = Password._get_sha256(password)
 								        return bcrypt.verify(password_sha256, hashed_bytes)
-												auth fixes

											
										
										
											2021-07-14 14:45:31 +00:00
-												wip: redis, sqlalchemy, structured, etc

											
										
										
											2021-06-28 09:08:09 +00:00
 								class Identity:
-												format and lint orm

											
										
										
											2022-09-03 10:50:14 +00:00
+								    @staticmethod
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								    def password(orm_author: AuthorType, password: str) -> AuthorType:
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								        """
 								        Проверяет пароль пользователя
 								        Args:
 								            orm_author (Author): Объект пользователя
 								            password (str): Пароль пользователя
 								        Returns:
 								            Author: Объект автора при успешной проверке
 								        Raises:
 								            InvalidPassword: Если пароль не соответствует хешу или отсутствует
 								        """
 								        # Импортируем внутри функции для избежания циклических импортов
 								        from utils.logger import root_logger as logger
 								        # Проверим исходный пароль в orm_author
 								        if not orm_author.password:
-												linted+fmt

											
										
										
											2025-05-29 09:37:39 +00:00
+								            logger.warning(f"[auth.identity] Пароль в исходном объекте автора пуст: email={orm_author.email}")
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								            msg = "Пароль не установлен для данного пользователя"
 								            raise InvalidPassword(msg)
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
-												auth-wip

											
										
										
											2025-05-20 22:34:02 +00:00
+								        # Проверяем пароль напрямую, не используя dict()
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								        password_hash = str(orm_author.password) if orm_author.password else ""
 								        if not password_hash or not Password.verify(password, password_hash):
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								            logger.warning(f"[auth.identity] Неверный пароль для {orm_author.email}")
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								            msg = "Неверный пароль пользователя"
 								            raise InvalidPassword(msg)
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
 								        # Возвращаем исходный объект, чтобы сохранить все связи
 								        return orm_author
-												auth fixes

											
										
										
											2021-07-14 14:45:31 +00:00
-												format and lint orm

											
										
										
											2022-09-03 10:50:14 +00:00
+								    @staticmethod
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								    def oauth(inp: dict[str, Any]) -> Any:
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								        """
 								        Создает нового пользователя OAuth, если он не существует
 								        Args:
 								            inp (dict): Данные OAuth пользователя
 								        Returns:
 								            Author: Объект пользователя
 								        """
 								        # Импортируем внутри функции для избежания циклических импортов
 								        from auth.orm import Author
-												format and lint orm

											
										
										
											2022-09-03 10:50:14 +00:00
+								        with local_session() as session:
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								            author = session.query(Author).filter(Author.email == inp["email"]).first()
 								            if not author:
 								                author = Author(**inp)
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								                author.email_verified = True  # type: ignore[assignment]
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								                session.add(author)
-												format and lint orm

											
										
										
											2022-09-03 10:50:14 +00:00
+								                session.commit()
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								        return author
-												migration, auth, refactoring, formatting

											
										
										
											2022-09-17 18:12:14 +00:00
 								    @staticmethod
-												upgrade schema, resolvers, panel added

											
										
										
											2025-05-16 06:23:48 +00:00
+								    async def onetime(token: str) -> Any:
 								        """
 								        Проверяет одноразовый токен
 								        Args:
 								            token (str): Одноразовый токен
 								        Returns:
 								            Author: Объект пользователя
 								        """
 								        # Импортируем внутри функции для избежания циклических импортов
 								        from auth.orm import Author
-												migration, auth, refactoring, formatting

											
										
										
											2022-09-17 18:12:14 +00:00
+								        try:
-												configured isort, black, flake8

											
										
										
											2023-10-30 21:00:55 +00:00
+								            print("[auth.identity] using one time token")
-												migration, auth, refactoring, formatting

											
										
										
											2022-09-17 18:12:14 +00:00
+								            payload = JWTCodec.decode(token)
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								            if payload is None:
 								                logger.warning("[Identity.token] Токен не валиден (payload is None)")
 								                return {"error": "Invalid token"}
 								            # Проверяем существование токена в хранилище
 								            token_key = f"{payload.user_id}-{payload.username}-{token}"
-												token-storage-refactored

											
										
										
											2025-06-02 18:50:58 +00:00
+								            if not await redis.exists(token_key):
-												Improve topic sorting: add popular sorting by publications and authors count

											
										
										
											2025-06-01 23:56:11 +00:00
+								                logger.warning(f"[Identity.token] Токен не найден в хранилище: {token_key}")
 								                return {"error": "Token not found"}
 								            # Если все проверки пройдены, ищем автора в базе данных
 								            with local_session() as session:
 								                author = session.query(Author).filter_by(id=payload.user_id).first()
 								                if not author:
 								                    logger.warning(f"[Identity.token] Автор с ID {payload.user_id} не найден")
 								                    return {"error": "User not found"}
 								                logger.info(f"[Identity.token] Токен валиден для автора {author.id}")
 								                return author
-.4.9-b

											
										
										
											2025-02-09 19:26:50 +00:00
+								        except ExpiredToken:
-												less exceptions raise

											
										
										
											2023-01-10 08:15:28 +00:00
+								            # raise InvalidToken("Login token has expired, please try again")
-												configured isort, black, flake8

											
										
										
											2023-10-30 21:00:55 +00:00
+								            return {"error": "Token has expired"}
-.4.9-b

											
										
										
											2025-02-09 19:26:50 +00:00
+								        except InvalidToken:
-												less exceptions raise

											
										
										
											2023-01-10 08:15:28 +00:00
+								            # raise InvalidToken("token format error") from e
-												configured isort, black, flake8

											
										
										
											2023-10-30 21:00:55 +00:00
+								            return {"error": "Token format error"}