confirm email on user registration improve

2022-06-09 13:52:56 +03:00 · 2022-06-09 13:52:56 +03:00 · 0cef013137
commit 0cef013137
parent 9558a1afaa
3 changed files with 19 additions and 11 deletions
--- a/auth/email.py
+++ b/auth/email.py
@ -1,10 +1,10 @@
 import requests
-from starlette.responses import PlainTextResponse
+from starlette.responses import RedirectResponse
 from starlette.exceptions import HTTPException

 from auth.authenticate import EmailAuthenticate, ResetPassword

-from settings import BACKEND_URL, MAILGUN_API_KEY, MAILGUN_DOMAIN, RESET_PWD_URL
+from settings import BACKEND_URL, MAILGUN_API_KEY, MAILGUN_DOMAIN, RESET_PWD_URL, CONFIRM_EMAIL_URL

 MAILGUN_API_URL = "https://api.mailgun.net/v3/%s/messages" % (MAILGUN_DOMAIN)
 MAILGUN_FROM = "postmaster <postmaster@%s>" % (MAILGUN_DOMAIN)
@ -28,7 +28,7 @@ async def send_reset_password_email(user):

 async def send_email(user, url, text, token):
 	to = "%s <%s>" % (user.username, user.email)
-	url_with_token = "%s/%s" % (url, token)
+	url_with_token = "%s?token=%s" % (url, token)
 	text = text % (url_with_token)
 	response = requests.post(
 		MAILGUN_API_URL,
@ -46,5 +46,14 @@ async def email_authorize(request):
 	token = request.query_params.get('token')
 	if not token:
 		raise HTTPException(500, "invalid url")
+
 	auth_token, user = await EmailAuthenticate.authenticate(token)
-	return PlainTextResponse(auth_token)
+	
+	if not user.emailConfirmed:
+		with local_session() as session:
+			user.emailConfirmed = True
+			session.commit()
+
+	response = RedirectResponse(url = CONFIRM_EMAIL_URL)
+	response.set_cookie("token", auth_token)
+	return response
--- a/resolvers/auth.py
+++ b/resolvers/auth.py
@ -46,14 +46,9 @@ async def register(*_, email: str, password: str = ""):
 		session.add(user)
 		session.commit()

-	await UserStorage.add_user(user)
-
-	if not password:
 	await send_confirm_email(user)
-		return { "user": user }

-	token = await Authorize.authorize(user)
-	return {"user": user, "token": token }
+	return { "user": user }

@mutation.field("requestPasswordUpdate")
 async def request_password_update(_, info, email):
@ -95,6 +90,9 @@ async def login(_, info: GraphQLResolveInfo, email: str, password: str = ""):
 		await send_auth_email(orm_user)
 		return {}

+	if not orm_user.emailConfirmed:
+		return {"error" : "email not confirmed"}
+
 	try:
 		device = info.context["request"].headers['device']
 	except KeyError:
--- a/settings.py
+++ b/settings.py
@ -7,6 +7,7 @@ INBOX_SERVICE_PORT = 8081
 BACKEND_URL = environ.get("BACKEND_URL") or "https://localhost:8080"
 OAUTH_CALLBACK_URL = environ.get("OAUTH_CALLBACK_URL") or "https://localhost:8080"
 RESET_PWD_URL = environ.get("RESET_PWD_URL") or "https://localhost:8080/reset_pwd"
+CONFIRM_EMAIL_URL = environ.get("CONFIRM_EMAIL_URL") or "https://new.discours.io"

 DB_URL = environ.get("DATABASE_URL") or environ.get("DB_URL") or "sqlite:///db.sqlite3"
 JWT_ALGORITHM = "HS256"