diff --git a/auth/authenticate.py b/auth/authenticate.py index 84591a16..e4e1048d 100644 --- a/auth/authenticate.py +++ b/auth/authenticate.py @@ -11,6 +11,7 @@ from auth.token import Token from auth.authorize import Authorize from exceptions import InvalidToken, OperationNotAllowed from orm import User +from orm.base import local_session from redis import redis from settings import JWT_AUTH_HEADER, EMAIL_TOKEN_LIFE_SPAN @@ -83,11 +84,15 @@ class EmailAuthenticate: async def authenticate(token): payload = await _Authenticate.verify(token) if payload is None: - return + raise InvalidToken("invalid token") if payload.device != "email": - return; - auth_token = Authorize.authorize(payload.user) - return (auth_token, payload.user) + raise InvalidToken("invalid token") + with local_session() as session: + user = session.query(User).filter_by(id=payload.user_id).first() + if not user: + raise Exception("user not exist") + auth_token = await Authorize.authorize(user) + return (auth_token, user) def login_required(func): @wraps(func) diff --git a/auth/email.py b/auth/email.py index d314e06c..6ed0b1c5 100644 --- a/auth/email.py +++ b/auth/email.py @@ -1,4 +1,6 @@ import requests +from starlette.responses import PlainTextResponse +from starlette.exceptions import HTTPException from auth.authenticate import EmailAuthenticate @@ -7,13 +9,13 @@ from settings import MAILGUN_API_KEY, MAILGUN_DOMAIN MAILGUN_API_URL = "https://api.mailgun.net/v3/%s/messages" % (MAILGUN_DOMAIN) MAILGUN_FROM = "postmaster " % (MAILGUN_DOMAIN) -AUTH_URL = "https://localhost:8080/auth" +AUTH_URL = "https://localhost:8080/email_authorize" async def send_auth_email(user): token = await EmailAuthenticate.get_email_token(user) to = "%s <%s>" % (user.username, user.email) - text = "%s&token=%s" % (AUTH_URL, token) + text = "%s?token=%s" % (AUTH_URL, token) response = requests.post( MAILGUN_API_URL, auth = ("api", MAILGUN_API_KEY), @@ -25,3 +27,10 @@ async def send_auth_email(user): } ) response.raise_for_status() + +async def email_authorize(request): + token = request.query_params.get('token') + if not token: + raise HTTPException(500, "invalid url") + auth_token, user = await EmailAuthenticate.authenticate(token) + return PlainTextResponse(auth_token) diff --git a/main.py b/main.py index 37a5c5b4..3ef0979b 100644 --- a/main.py +++ b/main.py @@ -10,6 +10,7 @@ from starlette.routing import Route from auth.authenticate import JWTAuthenticate from auth.oauth import oauth_login, oauth_authorize +from auth.email import email_authorize from redis import redis from resolvers.base import resolvers from resolvers.zine import GitTask @@ -34,7 +35,8 @@ async def shutdown(): routes = [ Route("/oauth/{provider}", endpoint=oauth_login), - Route("/authorize", endpoint=oauth_authorize) + Route("/oauth_authorize", endpoint=oauth_authorize), + Route("/email_authorize", endpoint=email_authorize) ] app = Starlette(debug=True, on_startup=[start_up], on_shutdown=[shutdown], middleware=middleware, routes=routes)