def update_settings(uuid,
settings: AccountSettingsSchema,
Authorize: AuthJWT = Depends(),
db: Session = Depends(get_db)):
Authorize.jwt_required()
check_matching_user(uuid, Authorize)
updated_settings = AccountSettings(**settings.dict())
db.merge(updated_settings)
db.commit()
return updated_settings
def update_account(uuid,
account: AccountBaseSchema,
Authorize: AuthJWT = Depends(),
db: Session = Depends(get_db)):
Authorize.jwt_required()
check_matching_user(uuid, Authorize)
check_for_diff_user_with_same_username(uuid, account, db)
updated_acct = Account(uuid=uuid, **account.dict())
db.merge(updated_acct)
db.commit()
return updated_acct
def update_password(uuid,
partial_account: AccountNewPasswordSchema,
Authorize: AuthJWT = Depends(),
db: Session = Depends(get_db)):
try:
Authorize.jwt_required()
check_matching_user(uuid, Authorize)
account = db.query(Account).filter_by(uuid=uuid).first()
if partial_account.password is None:
raise HTTPException(status_code=400, detail=f"Password is missing")
else:
check_valid_password(partial_account.password)
account.password = encrypt_password(partial_account.password)
db.merge(account)
db.commit()
db.refresh(account)
except Exception as e:
logging.warning(e)
raise e
return account
def get_settings_from_hash(pw_reset_hash: str,
Authorize: AuthJWT = Depends(),
db: Session = Depends(get_db)):
existing_settings = db.query(AccountSettings).filter_by(
password_reset_hash=pw_reset_hash).first()
if existing_settings is not None:
time_diff = minutes_difference(existing_settings.password_reset_time)
if time_diff >= 15:
existing_settings.password_reset_hash = None
existing_settings.password_reset_time = None
db.merge(existing_settings)
db.commit()
raise HTTPException(
status_code=400,
detail=f"Invalid or expired password reset URL!")
else:
create_access_and_refresh_tokens(str(existing_settings.uuid),
Authorize)
return existing_settings
else:
raise HTTPException(status_code=400,
detail=f"Invalid or expired password reset URL!")
def complete_account_registration(verify_hash: str,
Authorize: AuthJWT = Depends(),
db: Session = Depends(get_db)):
settings = db.query(AccountSettings).filter_by(
verify_account_hash=verify_hash).first()
if settings is not None:
acct_uuid = settings.uuid
settings.verify_account_hash = None
settings.cancel_registration_hash = None
db.merge(settings)
db.commit()
account = db.query(Account).filter_by(uuid=acct_uuid).first()
if account is not None:
account.is_verified = True
db.merge(account)
db.commit()
create_access_and_refresh_tokens(str(acct_uuid), Authorize)
user = row2dict(account)
user.update(row2dict(settings))
return user
else:
raise HTTPException(status_code=400,
detail=f"invalid hash or account does not exist")
def create_and_send_email(notification_payload: AccountNotificationSchema,
existing_acct: Account, db: Session):
email_message = None
if existing_acct is not None:
if notification_payload.notification_type == 'password_reset':
email_message = f'<p>Dear {existing_acct.first_name},</p>'
if existing_acct.oauth is None:
base_url = Config['routes']['client']
acct_settings = db.query(AccountSettings).filter_by(
uuid=existing_acct.uuid).first()
curr_time = datetime.now()
password_reset_hash = generate_str_for_hash(
existing_acct.username, curr_time)
acct_settings.password_reset_hash = password_reset_hash
acct_settings.password_reset_time = curr_time
db.merge(acct_settings)
db.commit()
reset_url = f'{base_url}/reset_password?hash={password_reset_hash}'
message_body = CreateParagraph(
f"""We have received a request to reset your password. To reset your password,
please click the following""")
message_body += CreateButton("Reset Password", reset_url)
message_body += CreateParagraph(
"This link will expire in 15 minutes")
else:
oauth_type = existing_acct.oauth.capitalize()
message_body = CreateParagraph(
f"""We have received a request to reset your password.
Your account was created with {oauth_type} OAuth; therefore,
you cannot set or reset a password.
Please try signing in with {oauth_type}.""")
message_body += CreateParagraph(
'<b>If this action was not performed by you, please ignore this message.</b>'
)
email_message = BASE_EMAIL_TEMPLATE.format(body_text=message_body)
nm.send_notification(recipient=existing_acct.email,
message=email_message,
channel=NotificationChannel.EMAIL,
scheduled_send_date=datetime.now(),
subject='HF Volunteer Portal Password Reset')
elif notification_payload.notification_type == 'verify_registration':
base_url = Config['routes']['client']
acct_settings = db.query(AccountSettings).filter_by(
uuid=existing_acct.uuid).first()
curr_time = datetime.now()
verify_account_hash = generate_str_for_hash(
existing_acct.username, curr_time)
acct_settings.verify_account_hash = verify_account_hash
cancel_registration_hash = generate_str_for_hash(
existing_acct.username, curr_time)
acct_settings.cancel_registration_hash = cancel_registration_hash
db.merge(acct_settings)
db.commit()
verify_url = f'{base_url}/verify_account?hash={verify_account_hash}'
cancel_url = f'{base_url}/cancel_registration?hash={cancel_registration_hash}'
message_body = CreateParagraph(f'Hi {existing_acct.first_name},')
message_body += CreateParagraph(
f"""We have received a request to create an account associated with this email.
Please click below to verify your account""")
message_body += CreateButton("Verify My Account", verify_url)
message_body += CreateParagraph(
f"""If this action was not performed by you or performed by accident,
you may click the following to undo account creation""")
message_body += CreateButton("Undo Account Registration",
cancel_url)
email_message = BASE_EMAIL_TEMPLATE.format(body_text=message_body)
nm.send_notification(
recipient=existing_acct.email,
message=email_message,
channel=NotificationChannel.EMAIL,
scheduled_send_date=datetime.now(),
subject='HF Volunteer Portal Account Registration')
