core/resolvers/auth.py

# -*- coding: utf-8 -*-

from urllib.parse import quote_plus
from datetime import datetime

from graphql.type import GraphQLResolveInfo
from transliterate import translit
from starlette.responses import RedirectResponse

from auth.tokenstorage import TokenStorage
from auth.authenticate import login_required
from auth.email import send_auth_email
from auth.identity import Identity, Password
from base.exceptions import (
    InvalidPassword,
    InvalidToken,
    ObjectNotExist,
    OperationNotAllowed,
)
from base.orm import local_session
from base.resolvers import mutation, query
from orm import User, Role
from resolvers.profile import get_user_subscriptions
from settings import SESSION_TOKEN_HEADER


@mutation.field("refreshSession")
@login_required
async def get_current_user(_, info):
    user = info.context["request"].user
    user.lastSeen = datetime.now()
    with local_session() as session:
        session.add(user)
        session.commit()
    token = await TokenStorage.create_session(user)
    return {
        "token": token,
        "user": user,
        "news": await get_user_subscriptions(user.slug),
    }


@mutation.field("confirmEmail")
async def confirm_email(_, _info, confirm_token):
    """confirm owning email address"""
    try:
        user_id = await TokenStorage.get(confirm_token)
        with local_session() as session:
            user = session.query(User).where(User.id == user_id).first()
            session_token = TokenStorage.create_session(user)
            user.emailConfirmed = True
            user.lastSeen = datetime.now()
            session.add(user)
            session.commit()
            return {
                "token": session_token,
                "user": user,
                "news": await get_user_subscriptions(user.slug)
            }
    except InvalidToken as e:
        raise InvalidToken(e.message)
    except Exception as e:
        print(e)  # FIXME: debug only
        return {"error": "email is not confirmed"}


async def confirm_email_handler(request):
    token = request.path_params["token"]  # one time
    request.session["token"] = token
    res = await confirm_email(None, token)
    response = RedirectResponse(url="https://new.discours.io/confirm")
    response.set_cookie("token", res["token"])  # session token
    return response


def create_user(user_dict):
    user = User(**user_dict)
    user.roles.append(Role.default_role)
    with local_session() as session:
        session.add(user)
        session.commit()
    return user


def generate_unique_slug(name):
    slug = translit(name, "ru", reversed=True).replace(".", "-").lower()
    with local_session() as session:
        c = 1
        user = session.query(User).where(User.slug == slug).first()
        while user:
            user = session.query(User).where(User.slug == slug).first()
            slug = slug + '-' + str(c)
            c += 1
        if not user:
            unique_slug = slug
            return quote_plus(unique_slug).replace('+', '-')


@mutation.field("registerUser")
async def register(_, _info, email: str, password: str = "", name: str = ""):
    """creates new user account"""
    with local_session() as session:
        user = session.query(User).filter(User.email == email).first()
    if user:
        raise OperationNotAllowed("User already exist")
    else:
        slug = generate_unique_slug(name)
        user_dict = {
            "email": email,
            "username": email,
            "name": name,
            "slug": slug
        }
        if password:
            user_dict["password"] = Password.encode(password)

        user = create_user(user_dict)

        await auth_send_link(_, _info, email)

        return {"user": user}


@mutation.field("sendLink")
async def auth_send_link(_, _info, email, lang="ru"):
    """send link with confirm code to email"""
    with local_session() as session:
        user = session.query(User).filter(User.email == email).first()
        if not user:
            raise ObjectNotExist("User not found")
        else:
            token = await TokenStorage.create_onetime(user)
            await send_auth_email(user, token, lang)
            return user


@query.field("signIn")
async def login(_, _info, email: str, password: str = "", lang: str = "ru"):

    with local_session() as session:
        orm_user = session.query(User).filter(User.email == email).first()
        if orm_user is None:
            print(f"[auth] {email}: email not found")
            # return {"error": "email not found"}
            raise ObjectNotExist("User not found")  # contains webserver status

        if not password:
            print(f"[auth] send confirm link to {email}")
            token = await TokenStorage.create_onetime(orm_user)
            await send_auth_email(orm_user, token, lang)
            # FIXME: not an error, warning
            return {"error": "no password, email link was sent"}

        else:
            # sign in using password
            if not orm_user.emailConfirmed:
                # not an error, warns users
                return {"error": "please, confirm email"}
            else:
                try:
                    user = Identity.password(orm_user, password)
                    session_token = await TokenStorage.create_session(user)
                    print(f"[auth] user {email} authorized")
                    return {
                        "token": session_token,
                        "user": user,
                        "news": await get_user_subscriptions(user.slug),
                    }
                except InvalidPassword:
                    print(f"[auth] {email}: invalid password")
                    raise InvalidPassword("invalid passoword")  # contains webserver status
                    # return {"error": "invalid password"}


@query.field("signOut")
@login_required
async def sign_out(_, info: GraphQLResolveInfo):
    token = info.context["request"].headers[SESSION_TOKEN_HEADER]
    status = await TokenStorage.revoke(token)
    return status


@query.field("isEmailUsed")
async def is_email_used(_, _info, email):
    with local_session() as session:
        user = session.query(User).filter(User.email == email).first()
    return user is not None
i18n email templates 2022-10-21 05:47:58 +00:00			`# -- coding: utf-8 --`

add user slug on register 2021-10-24 10:33:45 +00:00			`from urllib.parse import quote_plus`
stats refactored 2022-09-19 13:50:43 +00:00			`from datetime import datetime`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00
			`from graphql.type import GraphQLResolveInfo`
			`from transliterate import translit`
confirm-fix 2022-10-05 17:06:29 +00:00			`from starlette.responses import RedirectResponse`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00
stats refactored 2022-09-19 13:50:43 +00:00			`from auth.tokenstorage import TokenStorage`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`from auth.authenticate import login_required`
			`from auth.email import send_auth_email`
			`from auth.identity import Identity, Password`
			`from base.exceptions import (`
			`InvalidPassword,`
			`InvalidToken,`
			`ObjectNotExist,`
			`OperationNotAllowed,`
			`)`
refactored 2022-08-11 05:53:14 +00:00			`from base.orm import local_session`
			`from base.resolvers import mutation, query`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`from orm import User, Role`
schema-fixes 2022-10-04 12:07:41 +00:00			`from resolvers.profile import get_user_subscriptions`
fix-confirm 2022-10-05 16:52:17 +00:00			`from settings import SESSION_TOKEN_HEADER`
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
format and lint orm 2022-09-03 10:50:14 +00:00
stats refactored 2022-09-19 13:50:43 +00:00			`@mutation.field("refreshSession")`
			`@login_required`
			`async def get_current_user(_, info):`
			`user = info.context["request"].user`
			`user.lastSeen = datetime.now()`
			`with local_session() as session:`
			`session.add(user)`
			`session.commit()`
			`token = await TokenStorage.create_session(user)`
			`return {`
			`"token": token,`
			`"user": user,`
schema-fixes 2022-10-04 12:07:41 +00:00			`"news": await get_user_subscriptions(user.slug),`
stats refactored 2022-09-19 13:50:43 +00:00			`}`


clear schema and no password auth wip 2021-07-30 12:53:22 +00:00			`@mutation.field("confirmEmail")`
schema-fixes 2022-10-04 12:07:41 +00:00			`async def confirm_email(_, _info, confirm_token):`
format and lint orm 2022-09-03 10:50:14 +00:00			`"""confirm owning email address"""`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`try:`
			`user_id = await TokenStorage.get(confirm_token)`
			`with local_session() as session:`
			`user = session.query(User).where(User.id == user_id).first()`
			`session_token = TokenStorage.create_session(user)`
			`user.emailConfirmed = True`
fix-lastseen 2022-10-05 15:54:29 +00:00			`user.lastSeen = datetime.now()`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`session.add(user)`
			`session.commit()`
fix-lastseen 2022-10-05 15:54:29 +00:00			`return {`
			`"token": session_token,`
			`"user": user,`
			`"news": await get_user_subscriptions(user.slug)`
			`}`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`except InvalidToken as e:`
			`raise InvalidToken(e.message)`
			`except Exception as e:`
			`print(e) # FIXME: debug only`
confirm email url fix 2022-10-01 08:39:56 +00:00			`return {"error": "email is not confirmed"}`


confirm-fix 2022-10-05 17:06:29 +00:00			`async def confirm_email_handler(request):`
			`token = request.path_params["token"] # one time`
			`request.session["token"] = token`
			`res = await confirm_email(None, token)`
			`response = RedirectResponse(url="https://new.discours.io/confirm")`
			`response.set_cookie("token", res["token"]) # session token`
			`return response`


fixes-auth 2022-10-04 09:22:27 +00:00			`def create_user(user_dict):`
			`user = User(**user_dict)`
			`user.roles.append(Role.default_role)`
			`with local_session() as session:`
			`session.add(user)`
			`session.commit()`
			`return user`


auth fix 2022-10-20 22:05:37 +00:00			`def generate_unique_slug(name):`
			`slug = translit(name, "ru", reversed=True).replace(".", "-").lower()`
fixes-auth 2022-10-04 09:22:27 +00:00			`with local_session() as session:`
			`c = 1`
			`user = session.query(User).where(User.slug == slug).first()`
			`while user:`
			`user = session.query(User).where(User.slug == slug).first()`
			`slug = slug + '-' + str(c)`
			`c += 1`
			`if not user:`
			`unique_slug = slug`
i18n email templates 2022-10-21 05:47:58 +00:00			`return quote_plus(unique_slug).replace('+', '-')`
confirmEmail 2021-07-30 13:22:37 +00:00
clear schema and no password auth wip 2021-07-30 12:53:22 +00:00
register user, sign in and sign out working 2021-06-29 10:26:46 +00:00			`@mutation.field("registerUser")`
auth fix 2022-10-20 22:05:37 +00:00			`async def register(_, _info, email: str, password: str = "", name: str = ""):`
format and lint orm 2022-09-03 10:50:14 +00:00			`"""creates new user account"""`
			`with local_session() as session:`
			`user = session.query(User).filter(User.email == email).first()`
			`if user:`
auth status coded 2022-09-05 16:12:49 +00:00			`raise OperationNotAllowed("User already exist")`
fixes-auth 2022-10-04 09:22:27 +00:00			`else:`
auth fix 2022-10-20 22:05:37 +00:00			`slug = generate_unique_slug(name)`
fixes-auth 2022-10-04 09:22:27 +00:00			`user_dict = {`
			`"email": email,`
auth fix 2022-10-20 22:05:37 +00:00			`"username": email,`
			`"name": name,`
			`"slug": slug`
fixes-auth 2022-10-04 09:22:27 +00:00			`}`
			`if password:`
			`user_dict["password"] = Password.encode(password)`

			`user = create_user(user_dict)`
format and lint orm 2022-09-03 10:50:14 +00:00
auth fix 2022-10-20 22:05:37 +00:00			`await auth_send_link(_, _info, email)`
format and lint orm 2022-09-03 10:50:14 +00:00
schema-fix 2022-10-04 14:30:17 +00:00			`return {"user": user}`
format and lint orm 2022-09-03 10:50:14 +00:00
new api error handling 2021-08-01 11:40:24 +00:00
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`@mutation.field("sendLink")`
i18n email templates 2022-10-21 05:47:58 +00:00			`async def auth_send_link(_, _info, email, lang="ru"):`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`"""send link with confirm code to email"""`
format and lint orm 2022-09-03 10:50:14 +00:00			`with local_session() as session:`
			`user = session.query(User).filter(User.email == email).first()`
fixes-auth 2022-10-04 09:22:27 +00:00			`if not user:`
			`raise ObjectNotExist("User not found")`
			`else:`
			`token = await TokenStorage.create_onetime(user)`
i18n email templates 2022-10-21 05:47:58 +00:00			`await send_auth_email(user, token, lang)`
fixes-auth 2022-10-04 09:22:27 +00:00			`return user`
add reset password api 2022-01-13 12:16:35 +00:00
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
register user, sign in and sign out working 2021-06-29 10:26:46 +00:00			`@query.field("signIn")`
i18n email templates 2022-10-21 05:47:58 +00:00			`async def login(_, _info, email: str, password: str = "", lang: str = "ru"):`
proposals and refactoring 2022-06-19 17:54:39 +00:00
format and lint orm 2022-09-03 10:50:14 +00:00			`with local_session() as session:`
			`orm_user = session.query(User).filter(User.email == email).first()`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`if orm_user is None:`
			`print(f"[auth] {email}: email not found")`
			`# return {"error": "email not found"}`
			`raise ObjectNotExist("User not found") # contains webserver status`

			`if not password:`
			`print(f"[auth] send confirm link to {email}")`
			`token = await TokenStorage.create_onetime(orm_user)`
i18n email templates 2022-10-21 05:47:58 +00:00			`await send_auth_email(orm_user, token, lang)`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`# FIXME: not an error, warning`
			`return {"error": "no password, email link was sent"}`

			`else:`
			`# sign in using password`
			`if not orm_user.emailConfirmed:`
			`# not an error, warns users`
			`return {"error": "please, confirm email"}`
			`else:`
			`try:`
			`user = Identity.password(orm_user, password)`
			`session_token = await TokenStorage.create_session(user)`
			`print(f"[auth] user {email} authorized")`
			`return {`
			`"token": session_token,`
			`"user": user,`
schema-fixes 2022-10-04 12:07:41 +00:00			`"news": await get_user_subscriptions(user.slug),`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`}`
			`except InvalidPassword:`
			`print(f"[auth] {email}: invalid password")`
			`raise InvalidPassword("invalid passoword") # contains webserver status`
			`# return {"error": "invalid password"}`
new api error handling 2021-08-01 11:40:24 +00:00
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
register user, sign in and sign out working 2021-06-29 10:26:46 +00:00			`@query.field("signOut")`
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00			`@login_required`
register user, sign in and sign out working 2021-06-29 10:26:46 +00:00			`async def sign_out(_, info: GraphQLResolveInfo):`
migration, auth, refactoring, formatting 2022-09-17 18:12:14 +00:00			`token = info.context["request"].headers[SESSION_TOKEN_HEADER]`
			`status = await TokenStorage.revoke(token)`
formatted, linted, fixed 2022-09-04 17:20:38 +00:00			`return status`
format and lint orm 2022-09-03 10:50:14 +00:00
wip: redis, sqlalchemy, structured, etc 2021-06-28 09:08:09 +00:00
isEmailFree to isEmailUsed 2022-06-15 12:41:28 +00:00			`@query.field("isEmailUsed")`
schema-fixes 2022-10-04 12:07:41 +00:00			`async def is_email_used(_, _info, email):`
format and lint orm 2022-09-03 10:50:14 +00:00			`with local_session() as session:`
			`user = session.query(User).filter(User.email == email).first()`
formatted, linted, fixed 2022-09-04 17:20:38 +00:00			`return user is not None`