core/auth/identity.py

from binascii import hexlify
from hashlib import sha256

from passlib.hash import bcrypt

from auth.exceptions import ExpiredToken, InvalidToken
from auth.jwtcodec import JWTCodec
from auth.tokenstorage import TokenStorage
from orm.user import User

# from base.exceptions import InvalidPassword, InvalidToken
from services.db import local_session


class Password:
    @staticmethod
    def _to_bytes(data: str) -> bytes:
        return bytes(data.encode())

    @classmethod
    def _get_sha256(cls, password: str) -> bytes:
        bytes_password = cls._to_bytes(password)
        return hexlify(sha256(bytes_password).digest())

    @staticmethod
    def encode(password: str) -> str:
        password_sha256 = Password._get_sha256(password)
        return bcrypt.using(rounds=10).hash(password_sha256)

    @staticmethod
    def verify(password: str, hashed: str) -> bool:
        """
        Verify that password hash is equal to specified hash. Hash format:

        $2a$10$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm
        \__/\/ \____________________/\_____________________________/  # noqa: W605
        |   |        Salt                     Hash
        |  Cost
        Version

        More info: https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html

        :param password: clear text password
        :param hashed: hash of the password
        :return: True if clear text password matches specified hash
        """
        hashed_bytes = Password._to_bytes(hashed)
        password_sha256 = Password._get_sha256(password)

        return bcrypt.verify(password_sha256, hashed_bytes)


class Identity:
    @staticmethod
    def password(orm_user: User, password: str) -> User:
        user = User(**orm_user.dict())
        if not user.password:
            # raise InvalidPassword("User password is empty")
            return {"error": "User password is empty"}
        if not Password.verify(password, user.password):
            # raise InvalidPassword("Wrong user password")
            return {"error": "Wrong user password"}
        return user

    @staticmethod
    def oauth(inp) -> User:
        with local_session() as session:
            user = session.query(User).filter(User.email == inp["email"]).first()
            if not user:
                user = User.create(**inp, emailConfirmed=True)
                session.commit()

        return user

    @staticmethod
    async def onetime(token: str) -> User:
        try:
            print("[auth.identity] using one time token")
            payload = JWTCodec.decode(token)
            if not await TokenStorage.exist(f"{payload.user_id}-{payload.username}-{token}"):
                # raise InvalidToken("Login token has expired, please login again")
                return {"error": "Token has expired"}
        except ExpiredToken:
            # raise InvalidToken("Login token has expired, please try again")
            return {"error": "Token has expired"}
        except InvalidToken:
            # raise InvalidToken("token format error") from e
            return {"error": "Token format error"}
        with local_session() as session:
            user = session.query(User).filter_by(id=payload.user_id).first()
            if not user:
                # raise Exception("user not exist")
                return {"error": "User does not exist"}
            if not user.emailConfirmed:
                user.emailConfirmed = True
                session.commit()
            return user
lint 2023-10-26 20:38:31 +00:00			`from binascii import hexlify`
			`from hashlib import sha256`
Revert "Feature/lint" 2023-10-26 21:07:35 +00:00
lint 2023-10-26 20:38:31 +00:00			`from passlib.hash import bcrypt`
Revert "Feature/lint" 2023-10-26 21:07:35 +00:00
0.4.10-a 2025-02-11 09:00:35 +00:00			`from auth.exceptions import ExpiredToken, InvalidToken`
Revert "Feature/lint" 2023-10-26 21:07:35 +00:00			`from auth.jwtcodec import JWTCodec`
			`from auth.tokenstorage import TokenStorage`
0.4.9-b 2025-02-09 19:26:50 +00:00			`from orm.user import User`
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
0.4.10-a 2025-02-11 09:00:35 +00:00			`# from base.exceptions import InvalidPassword, InvalidToken`
			`from services.db import local_session`

migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00
			`class Password:`
			`@staticmethod`
added password hash check 2022-11-10 21:47:19 +00:00			`def _to_bytes(data: str) -> bytes:`
			`return bytes(data.encode())`

			`@classmethod`
			`def _get_sha256(cls, password: str) -> bytes:`
			`bytes_password = cls._to_bytes(password)`
			`return hexlify(sha256(bytes_password).digest())`
fix-scheme 2022-11-08 15:50:28 +00:00
added password hash check 2022-11-10 21:47:19 +00:00			`@staticmethod`
			`def encode(password: str) -> str:`
			`password_sha256 = Password._get_sha256(password)`
			`return bcrypt.using(rounds=10).hash(password_sha256)`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00
			`@staticmethod`
fix-scheme 2022-11-08 15:50:28 +00:00			`def verify(password: str, hashed: str) -> bool:`
added password hash check 2022-11-10 21:47:19 +00:00			`"""`
			`Verify that password hash is equal to specified hash. Hash format:`

			`$2a$10$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`\__/\/ \____________________/\_____________________________/ # noqa: W605`
added password hash check 2022-11-10 21:47:19 +00:00			`\| \| Salt Hash`
			`\| Cost`
			`Version`

			`More info: https://passlib.readthedocs.io/en/stable/lib/passlib.hash.bcrypt.html`

			`:param password: clear text password`
			`:param hashed: hash of the password`
			`:return: True if clear text password matches specified hash`
			`"""`
			`hashed_bytes = Password._to_bytes(hashed)`
			`password_sha256 = Password._get_sha256(password)`

			`return bcrypt.verify(password_sha256, hashed_bytes)`
auth fixes 2021-07-14 14:45:31 +00:00
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
			`class Identity:`
format and lint orm 2022-09-03 10:50:14 +00:00			`@staticmethod`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`def password(orm_user: User, password: str) -> User:`
fix identity 2022-09-17 19:48:21 +00:00			`user = User(**orm_user.dict())`
auth status coded 2022-09-05 16:12:49 +00:00			`if not user.password:`
less exceptions raise 2023-01-10 08:15:28 +00:00			`# raise InvalidPassword("User password is empty")`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"error": "User password is empty"}`
format and lint orm 2022-09-03 10:50:14 +00:00			`if not Password.verify(password, user.password):`
less exceptions raise 2023-01-10 08:15:28 +00:00			`# raise InvalidPassword("Wrong user password")`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"error": "Wrong user password"}`
format and lint orm 2022-09-03 10:50:14 +00:00			`return user`
auth fixes 2021-07-14 14:45:31 +00:00
format and lint orm 2022-09-03 10:50:14 +00:00			`@staticmethod`
Feature/google oauth (#106) google oauth --------- Co-authored-by: Igor Lobanov <igor.lobanov@onetwotrip.com> 2023-11-08 18:12:55 +00:00			`def oauth(inp) -> User:`
format and lint orm 2022-09-03 10:50:14 +00:00			`with local_session() as session:`
Feature/google oauth (#106) google oauth --------- Co-authored-by: Igor Lobanov <igor.lobanov@onetwotrip.com> 2023-11-08 18:12:55 +00:00			`user = session.query(User).filter(User.email == inp["email"]).first()`
format and lint orm 2022-09-03 10:50:14 +00:00			`if not user:`
Feature/google oauth (#106) google oauth --------- Co-authored-by: Igor Lobanov <igor.lobanov@onetwotrip.com> 2023-11-08 18:12:55 +00:00			`user = User.create(**inp, emailConfirmed=True)`
format and lint orm 2022-09-03 10:50:14 +00:00			`session.commit()`

			`return user`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00
			`@staticmethod`
			`async def onetime(token: str) -> User:`
			`try:`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`print("[auth.identity] using one time token")`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`payload = JWTCodec.decode(token)`
fix-session 2023-01-31 06:57:35 +00:00			`if not await TokenStorage.exist(f"{payload.user_id}-{payload.username}-{token}"):`
less exceptions raise 2023-01-10 08:15:28 +00:00			`# raise InvalidToken("Login token has expired, please login again")`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"error": "Token has expired"}`
0.4.9-b 2025-02-09 19:26:50 +00:00			`except ExpiredToken:`
less exceptions raise 2023-01-10 08:15:28 +00:00			`# raise InvalidToken("Login token has expired, please try again")`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"error": "Token has expired"}`
0.4.9-b 2025-02-09 19:26:50 +00:00			`except InvalidToken:`
less exceptions raise 2023-01-10 08:15:28 +00:00			`# raise InvalidToken("token format error") from e`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"error": "Token format error"}`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`with local_session() as session:`
			`user = session.query(User).filter_by(id=payload.user_id).first()`
			`if not user:`
less exceptions raise 2023-01-10 08:15:28 +00:00			`# raise Exception("user not exist")`
configured isort, black, flake8 2023-10-30 21:00:55 +00:00			`return {"error": "User does not exist"}`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`if not user.emailConfirmed:`
			`user.emailConfirmed = True`
			`session.commit()`
			`return user`