confirm email fix attempt

2022-10-21 20:21:24 +02:00 · 2022-10-21 20:21:24 +02:00 · 79044cb21f
commit 79044cb21f
parent efe60cb0c8
3 changed files with 10 additions and 7 deletions
--- a/resolvers/auth.py
+++ b/resolvers/auth.py
@ -7,6 +7,7 @@ from graphql.type import GraphQLResolveInfo
 from transliterate import translit
 from starlette.responses import RedirectResponse

+from auth.jwtcodec import JWTCodec
 from auth.tokenstorage import TokenStorage
 from auth.authenticate import login_required
 from auth.email import send_auth_email
@ -41,13 +42,15 @@ async def get_current_user(_, info):


@mutation.field("confirmEmail")
-async def confirm_email(_, _info, confirm_token):
+async def confirm_email(_, _info, code):
    """confirm owning email address"""
    try:
-        user_id = await TokenStorage.get(confirm_token)
+        payload = JWTCodec.decode(code)
+        user_id = payload.user_id
+        await TokenStorage.get(f"{user_id}-{code}")
        with local_session() as session:
            user = session.query(User).where(User.id == user_id).first()
-            session_token = TokenStorage.create_session(user)
+            session_token = await TokenStorage.create_session(user)
            user.emailConfirmed = True
            user.lastSeen = datetime.now()
            session.add(user)
--- a/resolvers/profile.py
+++ b/resolvers/profile.py
@ -21,9 +21,9 @@ from services.zine.shoutauthor import ShoutAuthorStorage
 async def get_user_subscriptions(slug):
    return {
        "unread": await get_unread_counter(slug),       # unread inbox messages counter
-        "topics": [t.slug for t in get_followed_topics(0, slug)],  # followed topics slugs
-        "authors": [a.slug for a in get_followed_authors(0, slug)],  # followed authors slugs
-        "reactions": [r.shout for r in get_reactions_for_shouts(0, [slug, ])],  # followed reacted shout
+        "topics": [t.slug for t in await get_followed_topics(0, slug)],  # followed topics slugs
+        "authors": [a.slug for a in await get_followed_authors(0, slug)],  # followed authors slugs
+        "reactions": [r.shout for r in await get_reactions_for_shouts(0, [slug, ])],  # followed reacted shout
        "communities": [c.slug for c in get_followed_communities(0, slug)],  # followed communities slugs
    }

--- a/server.py
+++ b/server.py
@ -13,7 +13,7 @@ if __name__ == "__main__":
            ("Access-Control-Allow-Origin", "http://localhost:3000"),
            (
                "Access-Control-Allow-Headers",
-                "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range",
+                "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,auth",
            ),
            ("Access-Control-Expose-Headers", "Content-Length,Content-Range"),
            ("Access-Control-Allow-Credentials", "true"),