2019-02-09 19:42:36 +04:00
|
|
|
from datetime import timedelta
|
2023-12-27 19:06:47 +01:00
|
|
|
from typing import Annotated, Any
|
2019-02-09 19:42:36 +04:00
|
|
|
|
2023-12-27 19:06:47 +01:00
|
|
|
from fastapi import APIRouter, Depends, HTTPException
|
2019-02-09 19:42:36 +04:00
|
|
|
from fastapi.security import OAuth2PasswordRequestForm
|
|
|
|
|
|
2023-12-27 19:06:47 +01:00
|
|
|
from app import crud
|
|
|
|
|
from app.api.deps import CurrentUser, SessionDep
|
:recycle: Refactor backend, settings, DB sessions, types, configs, plugins (#158)
* :recycle: Refactor backend, update DB session handling
* :sparkles: Add mypy config and plugins
* :heavy_plus_sign: Use Python-jose instead of PyJWT
as it has some extra functionalities and features
* :sparkles: Add/update scripts for test, lint, format
* :wrench: Update lint and format configs
* :art: Update import format, comments, and types
* :art: Add types to config
* :sparkles: Add types for all the code, and small fixes
* :art: Use global imports to simplify exploring with Jupyter
* :recycle: Import schemas and models, instead of each class
* :truck: Rename db_session to db for simplicity
* :pushpin: Update dependencies installation for testing
2020-04-20 19:03:13 +02:00
|
|
|
from app.core import security
|
2020-04-16 23:56:10 -06:00
|
|
|
from app.core.config import settings
|
2019-02-23 18:44:29 +04:00
|
|
|
from app.core.security import get_password_hash
|
2024-03-07 18:21:46 -05:00
|
|
|
from app.models import Message, NewPassword, Token, User, UserOut
|
2019-02-09 19:42:36 +04:00
|
|
|
from app.utils import (
|
|
|
|
|
generate_password_reset_token,
|
|
|
|
|
send_reset_password_email,
|
|
|
|
|
verify_password_reset_token,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
|
|
|
|
|
2023-12-27 19:06:47 +01:00
|
|
|
@router.post("/login/access-token")
|
2019-02-23 18:44:29 +04:00
|
|
|
def login_access_token(
|
2023-12-27 19:06:47 +01:00
|
|
|
session: SessionDep, form_data: Annotated[OAuth2PasswordRequestForm, Depends()]
|
|
|
|
|
) -> Token:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
|
|
|
|
OAuth2 compatible token login, get an access token for future requests
|
|
|
|
|
"""
|
2023-12-27 19:06:47 +01:00
|
|
|
user = crud.authenticate(
|
|
|
|
|
session=session, email=form_data.username, password=form_data.password
|
2019-02-23 18:44:29 +04:00
|
|
|
)
|
2019-02-09 19:42:36 +04:00
|
|
|
if not user:
|
|
|
|
|
raise HTTPException(status_code=400, detail="Incorrect email or password")
|
2023-12-27 19:06:47 +01:00
|
|
|
elif not user.is_active:
|
2019-02-09 19:42:36 +04:00
|
|
|
raise HTTPException(status_code=400, detail="Inactive user")
|
2020-04-16 23:56:10 -06:00
|
|
|
access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
|
2023-12-27 19:06:47 +01:00
|
|
|
return Token(
|
|
|
|
|
access_token=security.create_access_token(
|
:recycle: Refactor backend, settings, DB sessions, types, configs, plugins (#158)
* :recycle: Refactor backend, update DB session handling
* :sparkles: Add mypy config and plugins
* :heavy_plus_sign: Use Python-jose instead of PyJWT
as it has some extra functionalities and features
* :sparkles: Add/update scripts for test, lint, format
* :wrench: Update lint and format configs
* :art: Update import format, comments, and types
* :art: Add types to config
* :sparkles: Add types for all the code, and small fixes
* :art: Use global imports to simplify exploring with Jupyter
* :recycle: Import schemas and models, instead of each class
* :truck: Rename db_session to db for simplicity
* :pushpin: Update dependencies installation for testing
2020-04-20 19:03:13 +02:00
|
|
|
user.id, expires_delta=access_token_expires
|
2023-12-27 19:06:47 +01:00
|
|
|
)
|
|
|
|
|
)
|
2019-02-09 19:42:36 +04:00
|
|
|
|
|
|
|
|
|
2023-12-27 19:06:47 +01:00
|
|
|
@router.post("/login/test-token", response_model=UserOut)
|
|
|
|
|
def test_token(current_user: CurrentUser) -> Any:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
|
|
|
|
Test access token
|
|
|
|
|
"""
|
|
|
|
|
return current_user
|
|
|
|
|
|
|
|
|
|
|
2023-12-27 19:06:47 +01:00
|
|
|
@router.post("/password-recovery/{email}")
|
|
|
|
|
def recover_password(email: str, session: SessionDep) -> Message:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
|
|
|
|
Password Recovery
|
|
|
|
|
"""
|
2023-12-27 19:06:47 +01:00
|
|
|
user = crud.get_user_by_email(session=session, email=email)
|
2019-02-09 19:42:36 +04:00
|
|
|
|
|
|
|
|
if not user:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=404,
|
|
|
|
|
detail="The user with this username does not exist in the system.",
|
|
|
|
|
)
|
2019-02-23 18:44:29 +04:00
|
|
|
password_reset_token = generate_password_reset_token(email=email)
|
2019-02-09 19:42:36 +04:00
|
|
|
send_reset_password_email(
|
2019-02-23 18:44:29 +04:00
|
|
|
email_to=user.email, email=email, token=password_reset_token
|
2019-02-09 19:42:36 +04:00
|
|
|
)
|
2023-12-27 19:06:47 +01:00
|
|
|
return Message(message="Password recovery email sent")
|
2019-02-09 19:42:36 +04:00
|
|
|
|
|
|
|
|
|
2023-12-27 19:06:47 +01:00
|
|
|
@router.post("/reset-password/")
|
2023-12-27 13:37:05 -05:00
|
|
|
def reset_password(session: SessionDep, body: NewPassword) -> Message:
|
2019-02-09 19:42:36 +04:00
|
|
|
"""
|
|
|
|
|
Reset password
|
|
|
|
|
"""
|
2024-03-07 18:21:46 -05:00
|
|
|
user_id = verify_password_reset_token(token=body.token)
|
|
|
|
|
if not user_id:
|
2019-02-09 19:42:36 +04:00
|
|
|
raise HTTPException(status_code=400, detail="Invalid token")
|
2024-03-07 18:21:46 -05:00
|
|
|
user = session.get(User, int(user_id))
|
2019-02-09 19:42:36 +04:00
|
|
|
if not user:
|
|
|
|
|
raise HTTPException(
|
|
|
|
|
status_code=404,
|
|
|
|
|
detail="The user with this username does not exist in the system.",
|
|
|
|
|
)
|
2023-12-27 19:06:47 +01:00
|
|
|
elif not user.is_active:
|
2019-02-09 19:42:36 +04:00
|
|
|
raise HTTPException(status_code=400, detail="Inactive user")
|
2023-12-27 19:06:47 +01:00
|
|
|
hashed_password = get_password_hash(password=body.new_password)
|
2019-02-23 18:44:29 +04:00
|
|
|
user.hashed_password = hashed_password
|
2023-12-27 19:06:47 +01:00
|
|
|
session.add(user)
|
|
|
|
|
session.commit()
|
|
|
|
|
return Message(message="Password updated successfully")
|
