configured isort, black, flake8

2023-10-30 22:00:55 +01:00
parent 17c29c7f4f
commit 441bcc1e90
75 changed files with 2420 additions and 1730 deletions
--- a/auth/authenticate.py
+++ b/auth/authenticate.py
@@ -2,75 +2,71 @@ from functools import wraps
 from typing import Optional, Tuple

 from graphql.type import GraphQLResolveInfo
-from sqlalchemy.orm import joinedload, exc
+from sqlalchemy.orm import exc, joinedload
 from starlette.authentication import AuthenticationBackend
 from starlette.requests import HTTPConnection

 from auth.credentials import AuthCredentials, AuthUser
-from base.orm import local_session
-from orm.user import User, Role
-
-from settings import SESSION_TOKEN_HEADER
 from auth.tokenstorage import SessionToken
 from base.exceptions import OperationNotAllowed
+from base.orm import local_session
+from orm.user import Role, User
+from settings import SESSION_TOKEN_HEADER


 class JWTAuthenticate(AuthenticationBackend):
    async def authenticate(
        self, request: HTTPConnection
    ) -> Optional[Tuple[AuthCredentials, AuthUser]]:
-
        if SESSION_TOKEN_HEADER not in request.headers:
-            return AuthCredentials(scopes={}), AuthUser(user_id=None, username='')
+            return AuthCredentials(scopes={}), AuthUser(user_id=None, username="")

        token = request.headers.get(SESSION_TOKEN_HEADER)
        if not token:
            print("[auth.authenticate] no token in header %s" % SESSION_TOKEN_HEADER)
            return AuthCredentials(scopes={}, error_message=str("no token")), AuthUser(
-                user_id=None, username=''
+                user_id=None, username=""
            )

-        if len(token.split('.')) > 1:
+        if len(token.split(".")) > 1:
            payload = await SessionToken.verify(token)

            with local_session() as session:
                try:
                    user = (
-                        session.query(User).options(
+                        session.query(User)
+                        .options(
                            joinedload(User.roles).options(joinedload(Role.permissions)),
-                            joinedload(User.ratings)
-                        ).filter(
-                            User.id == payload.user_id
-                        ).one()
+                            joinedload(User.ratings),
+                        )
+                        .filter(User.id == payload.user_id)
+                        .one()
                    )

                    scopes = {}  # TODO: integrate await user.get_permission()

                    return (
-                        AuthCredentials(
-                            user_id=payload.user_id,
-                            scopes=scopes,
-                            logged_in=True
-                        ),
-                        AuthUser(user_id=user.id, username=''),
+                        AuthCredentials(user_id=payload.user_id, scopes=scopes, logged_in=True),
+                        AuthUser(user_id=user.id, username=""),
                    )
                except exc.NoResultFound:
                    pass

-        return AuthCredentials(scopes={}, error_message=str('Invalid token')), AuthUser(user_id=None, username='')
+        return AuthCredentials(scopes={}, error_message=str("Invalid token")), AuthUser(
+            user_id=None, username=""
+        )


 def login_required(func):
    @wraps(func)
    async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
-        # print('[auth.authenticate] login required for %r with info %r' % (func, info))  # debug only
+        # debug only
+        # print('[auth.authenticate] login required for %r with info %r' % (func, info))
        auth: AuthCredentials = info.context["request"].auth
        # print(auth)
        if not auth or not auth.logged_in:
            # raise Unauthorized(auth.error_message or "Please login")
-            return {
-                "error": "Please login first"
-            }
+            return {"error": "Please login first"}
        return await func(parent, info, *args, **kwargs)

    return wrap
@@ -79,7 +75,9 @@ def login_required(func):
 def permission_required(resource, operation, func):
    @wraps(func)
    async def wrap(parent, info: GraphQLResolveInfo, *args, **kwargs):
-        print('[auth.authenticate] permission_required for %r with info %r' % (func, info))  # debug only
+        print(
+            "[auth.authenticate] permission_required for %r with info %r" % (func, info)
+        )  # debug only
        auth: AuthCredentials = info.context["request"].auth
        if not auth.logged_in:
            raise OperationNotAllowed(auth.error_message or "Please login")
--- a/auth/credentials.py
+++ b/auth/credentials.py
@@ -23,13 +23,11 @@ class AuthCredentials(BaseModel):
    async def permissions(self) -> List[Permission]:
        if self.user_id is None:
            # raise Unauthorized("Please login first")
-            return {
-                "error": "Please login first"
-            }
+            return {"error": "Please login first"}
        else:
            # TODO: implement permissions logix
            print(self.user_id)
-        return NotImplemented()
+        return NotImplemented


 class AuthUser(BaseModel):
@@ -40,6 +38,6 @@ class AuthUser(BaseModel):
    def is_authenticated(self) -> bool:
        return self.user_id is not None

-    @property
-    def display_id(self) -> int:
-        return self.user_id
+    # @property
+    # def display_id(self) -> int:
+    #     return self.user_id
--- a/auth/email.py
+++ b/auth/email.py
@@ -2,19 +2,16 @@ import requests

 from settings import MAILGUN_API_KEY, MAILGUN_DOMAIN

-api_url = "https://api.mailgun.net/v3/%s/messages" % (MAILGUN_DOMAIN or 'discours.io')
-noreply = "discours.io <noreply@%s>" % (MAILGUN_DOMAIN or 'discours.io')
-lang_subject = {
-    "ru": "Подтверждение почты",
-    "en": "Confirm email"
-}
+api_url = "https://api.mailgun.net/v3/%s/messages" % (MAILGUN_DOMAIN or "discours.io")
+noreply = "discours.io <noreply@%s>" % (MAILGUN_DOMAIN or "discours.io")
+lang_subject = {"ru": "Подтверждение почты", "en": "Confirm email"}


 async def send_auth_email(user, token, lang="ru", template="email_confirmation"):
    try:
        to = "%s <%s>" % (user.name, user.email)
-        if lang not in ['ru', 'en']:
-            lang = 'ru'
+        if lang not in ["ru", "en"]:
+            lang = "ru"
        subject = lang_subject.get(lang, lang_subject["en"])
        template = template + "_" + lang
        payload = {
@@ -22,16 +19,12 @@ async def send_auth_email(user, token, lang="ru", template="email_confirmation")
            "to": to,
            "subject": subject,
            "template": template,
-            "h:X-Mailgun-Variables": "{ \"token\": \"%s\" }" % token
+            "h:X-Mailgun-Variables": '{ "token": "%s" }' % token,
        }
-        print('[auth.email] payload: %r' % payload)
+        print("[auth.email] payload: %r" % payload)
        # debug
        # print('http://localhost:3000/?modal=auth&mode=confirm-email&token=%s' % token)
-        response = requests.post(
-            api_url,
-            auth=("api", MAILGUN_API_KEY),
-            data=payload
-        )
+        response = requests.post(api_url, auth=("api", MAILGUN_API_KEY), data=payload)
        response.raise_for_status()
    except Exception as e:
        print(e)
--- a/auth/identity.py
+++ b/auth/identity.py
@@ -7,6 +7,7 @@ from sqlalchemy import or_

 from auth.jwtcodec import JWTCodec
 from auth.tokenstorage import TokenStorage
+
 # from base.exceptions import InvalidPassword, InvalidToken
 from base.orm import local_session
 from orm import User
@@ -34,7 +35,7 @@ class Password:
        Verify that password hash is equal to specified hash. Hash format:

        $2a$10$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm
-        \__/\/ \____________________/\_____________________________/
+        \__/\/ \____________________/\_____________________________/  # noqa: W605
        |   |        Salt                     Hash
        |  Cost
        Version
@@ -57,14 +58,10 @@ class Identity:
        user = User(**orm_user.dict())
        if not user.password:
            # raise InvalidPassword("User password is empty")
-            return {
-                "error": "User password is empty"
-            }
+            return {"error": "User password is empty"}
        if not Password.verify(password, user.password):
            # raise InvalidPassword("Wrong user password")
-            return {
-                "error": "Wrong user password"
-            }
+            return {"error": "Wrong user password"}
        return user

    @staticmethod
@@ -87,30 +84,22 @@ class Identity:
    @staticmethod
    async def onetime(token: str) -> User:
        try:
-            print('[auth.identity] using one time token')
+            print("[auth.identity] using one time token")
            payload = JWTCodec.decode(token)
            if not await TokenStorage.exist(f"{payload.user_id}-{payload.username}-{token}"):
                # raise InvalidToken("Login token has expired, please login again")
-                return {
-                    "error": "Token has expired"
-                }
+                return {"error": "Token has expired"}
        except ExpiredSignatureError:
            # raise InvalidToken("Login token has expired, please try again")
-            return {
-                "error": "Token has expired"
-            }
+            return {"error": "Token has expired"}
        except DecodeError:
            # raise InvalidToken("token format error") from e
-            return {
-                "error": "Token format error"
-            }
+            return {"error": "Token format error"}
        with local_session() as session:
            user = session.query(User).filter_by(id=payload.user_id).first()
            if not user:
                # raise Exception("user not exist")
-                return {
-                    "error": "User does not exist"
-                }
+                return {"error": "User does not exist"}
            if not user.emailConfirmed:
                user.emailConfirmed = True
                session.commit()
--- a/auth/jwtcodec.py
+++ b/auth/jwtcodec.py
@@ -1,8 +1,10 @@
 from datetime import datetime, timezone
+
 import jwt
+
 from base.exceptions import ExpiredToken, InvalidToken
-from validations.auth import TokenPayload, AuthInput
 from settings import JWT_ALGORITHM, JWT_SECRET_KEY
+from validations.auth import AuthInput, TokenPayload


 class JWTCodec:
@@ -13,12 +15,12 @@ class JWTCodec:
            "username": user.email or user.phone,
            "exp": exp,
            "iat": datetime.now(tz=timezone.utc),
-            "iss": "discours"
+            "iss": "discours",
        }
        try:
            return jwt.encode(payload, JWT_SECRET_KEY, JWT_ALGORITHM)
        except Exception as e:
-            print('[auth.jwtcodec] JWT encode error %r' % e)
+            print("[auth.jwtcodec] JWT encode error %r" % e)

    @staticmethod
    def decode(token: str, verify_exp: bool = True) -> TokenPayload:
@@ -33,18 +35,18 @@ class JWTCodec:
                    # "verify_signature": False
                },
                algorithms=[JWT_ALGORITHM],
-                issuer="discours"
+                issuer="discours",
            )
            r = TokenPayload(**payload)
            # print('[auth.jwtcodec] debug token %r' % r)
            return r
        except jwt.InvalidIssuedAtError:
-            print('[auth.jwtcodec] invalid issued at: %r' % payload)
-            raise ExpiredToken('check token issued time')
+            print("[auth.jwtcodec] invalid issued at: %r" % payload)
+            raise ExpiredToken("check token issued time")
        except jwt.ExpiredSignatureError:
-            print('[auth.jwtcodec] expired signature %r' % payload)
-            raise ExpiredToken('check token lifetime')
+            print("[auth.jwtcodec] expired signature %r" % payload)
+            raise ExpiredToken("check token lifetime")
        except jwt.InvalidTokenError:
-            raise InvalidToken('token is not valid')
+            raise InvalidToken("token is not valid")
        except jwt.InvalidSignatureError:
-            raise InvalidToken('token is not valid')
+            raise InvalidToken("token is not valid")
--- a/auth/oauth.py
+++ b/auth/oauth.py
@@ -1,8 +1,9 @@
 from authlib.integrations.starlette_client import OAuth
 from starlette.responses import RedirectResponse
+
 from auth.identity import Identity
 from auth.tokenstorage import TokenStorage
-from settings import OAUTH_CLIENTS, FRONTEND_URL
+from settings import FRONTEND_URL, OAUTH_CLIENTS

 oauth = OAuth()

--- a/auth/tokenstorage.py
+++ b/auth/tokenstorage.py
@@ -1,9 +1,9 @@
 from datetime import datetime, timedelta, timezone

 from auth.jwtcodec import JWTCodec
-from validations.auth import AuthInput
 from base.redis import redis
-from settings import SESSION_TOKEN_LIFE_SPAN, ONETIME_TOKEN_LIFE_SPAN
+from settings import ONETIME_TOKEN_LIFE_SPAN, SESSION_TOKEN_LIFE_SPAN
+from validations.auth import AuthInput


 async def save(token_key, life_span, auto_delete=True):
@@ -35,7 +35,7 @@ class SessionToken:
 class TokenStorage:
    @staticmethod
    async def get(token_key):
-        print('[tokenstorage.get] ' + token_key)
+        print("[tokenstorage.get] " + token_key)
        # 2041-user@domain.zn-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoyMDQxLCJ1c2VybmFtZSI6ImFudG9uLnJld2luK3Rlc3QtbG9hZGNoYXRAZ21haWwuY29tIiwiZXhwIjoxNjcxNzgwNjE2LCJpYXQiOjE2NjkxODg2MTYsImlzcyI6ImRpc2NvdXJzIn0.Nml4oV6iMjMmc6xwM7lTKEZJKBXvJFEIZ-Up1C1rITQ
        return await redis.execute("GET", token_key)