def initialize_users():
if settings.ADMIN_EMAIL is None or settings.ADMIN_PASSWORD is None:
logger.info("Skipping creating admin as missing email and/or password")
try:
user = User.get(email=settings.ADMIN_EMAIL)
except InstanceNotFound:
user = User.create(email=settings.ADMIN_EMAIL,
password=settings.ADMIN_PASSWORD,
username="******")
roles = Role.list()
logger.info(f"Roles = {roles!r}")
admin_role = Role.get(name="admin")
if admin_role not in user.roles:
user.roles += [admin_role]
user.save()
def set_tokens(response: Response,
user: User,
extra_scopes: List[str] = None) -> dict:
if extra_scopes is None:
extra_scopes = []
access_token = user.create_token(
extra_scopes=extra_scopes, expires_delta=settings.ACCESS_TOKEN_EXPIRES)
refresh_token = user.create_token(
expires_delta=settings.REFRESH_TOKEN_EXPIRES, refresh=True)
response.set_cookie(
"refresh_token",
value=refresh_token,
max_age=int(settings.REFRESH_TOKEN_EXPIRES.total_seconds()),
httponly=True,
path="/api/v1/auth/refresh",
)
return {"success": True, "access_token": access_token}
def guest_login(response: Response):
guest_id = token_hex(6)
username = f"Guest-{guest_id}"
user: User = User.create(username=username,
email=f"guest{guest_id}@guest",
verified=False)
guest_role = Role.get(name="guest")
user.update(roles=[guest_role])
return set_tokens(response, user, extra_scopes=["fresh"])
def login(response: Response,
form_data: OAuth2PasswordRequestForm = Depends()):
try:
user = User.get(email=form_data.username)
except InstanceNotFound:
logging.info("Login with incorrect email: %s", form_data.username)
return {"success": False, "message": "Incorrect email or password"}
if user.guest or not user.check_password(password=form_data.password):
logging.info("Login with incorrect password: %s", form_data.username)
return {"success": False, "message": "Incorrect email or password"}
if not user.verified:
return {"success": False, "message": "User not activated"}
return set_tokens(response, user, extra_scopes=["fresh"])
def register(response: Response, registration: RegisterSchema):
try:
user = User.create(username=registration.username,
email=registration.email,
password=registration.password)
except UniqueContstraintViolation as e:
logging.error(f"Registration failed with email {registration.email}")
logging.error(e)
return {
"success": False,
"message": "Email or username already in use"
}
if user.verified:
return set_tokens(response, user, extra_scopes=["fresh"])
return {"success": True, "message": "User created, awaiting approval"}
def refresh(response: Response, refresh_token: Optional[str] = Cookie(None)):
if refresh_token is None:
logger.debug("No refresh token")
return {"success": False}
try:
claims = jwt.decode(refresh_token,
settings.SECRET_KEY,
algorithms=[settings.TOKEN_ALGORITHM])
if claims["type"] != "refresh":
logger.warning("Attempted refresh with not refresh token")
return {"success": False}
try:
user = User.get(claims["sub"])
return set_tokens(response, user)
except InstanceNotFound:
logger.warning(
f"User from refresh token not found: {claims['sub']}")
return {"success": False}
except JWTError as e:
logger.warning(f"JWT Error in refresh token: {e!r}")
return {"success": False}
def me(user_id: UserId = Security(get_user_id)):
return User.get(user_id)