async def authorize_github(request: Request, Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): try: token = await oauth.github.authorize_access_token(request) except OAuthError as error: return HTMLResponse(f'<h1>{error.error}</h1>') resp = await oauth.github.get('user', token=token) user = resp.json() email_to_use = user['email'] or user['login'] + '@fakegithubemail.com' account = db.query(Account).filter_by(email=email_to_use).first() if account is None: new_account = Account(email=email_to_use, username=user['login'], first_name=user['name'], last_name='no last name', oauth='github', profile_pic=user['avatar_url'], city=None if user['location'] is None else user['location'].split(', ')[0], state=None if user['location'] is None else user['location'].split(', ')[1], is_verified=True) db.add(new_account) db.commit() db.refresh(new_account) create_account_settings(new_account.uuid, db) account = new_account return create_token_for_user(Authorize, str(account.uuid))
def delete_account(uuid: UUID, db: Session): acct_to_delete = db.query(Account).filter_by(uuid=uuid).first() if acct_to_delete is None: raise HTTPException(status_code=400, detail=f"Account with UUID {uuid} not found") db.delete(acct_to_delete) db.commit()
async def authorize_google(request: Request, Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): try: token = await oauth.google.authorize_access_token(request) except OAuthError as error: return HTMLResponse(f'<h1>{error.error}</h1>') user = await oauth.google.parse_id_token(request, token) account = db.query(Account).filter_by(email=user.email).first() if account is None: logging.warning('Creating a new user object for first-time login') new_account = Account( email=user.email, username=user.email.split('@')[0], first_name=user.given_name, last_name=user.family_name, oauth='google', profile_pic=user.picture, is_verified=True, ) db.add(new_account) db.commit() db.refresh(new_account) create_account_settings(new_account.uuid, db) account = new_account return create_token_for_user(Authorize, str(account.uuid))
def delete_settings(uuid: UUID, db: Session): settings_to_delete = db.query(AccountSettings).filter_by(uuid=uuid).first() if settings_to_delete is None: raise HTTPException(status_code=400, detail=f"Settings with UUID {uuid} not found") db.delete(settings_to_delete) db.commit()
def isValidUser(username, password, cookie): session = Session() user_query = session.query(User).filter_by(Username=username) if user_query.count() != 0 and (user_query.first().Password == password): user_query.update({"Cookie": (cookie)}) session.commit() return True return False
def update_settings(uuid, settings: AccountSettingsSchema, Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): Authorize.jwt_required() check_matching_user(uuid, Authorize) updated_settings = AccountSettings(**settings.dict()) db.merge(updated_settings) db.commit() return updated_settings
def update_account(uuid, account: AccountBaseSchema, Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): Authorize.jwt_required() check_matching_user(uuid, Authorize) check_for_diff_user_with_same_username(uuid, account, db) updated_acct = Account(uuid=uuid, **account.dict()) db.merge(updated_acct) db.commit() return updated_acct
def create_account(account: AccountCreateRequestSchema, Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): check_for_existing_username_or_email(account, db) if account.password is not None: check_valid_password(account.password) account.password = encrypt_password(account.password) account = Account(**account.dict()) db.add(account) db.commit() create_account_settings(account.uuid, db) create_access_and_refresh_tokens(str(account.uuid), Authorize) return account
def modifyBalance(cookie, amount, spins): session = Session() user_query = session.query(User).filter_by(Cookie=cookie) queried_user = user_query.first() spinsLeft = int(queried_user.Spinsleft); if(spinsLeft > 0): bal = float(queried_user.Balance) spinsLeft = spinsLeft - 1 + spins bal += amount user_query.update({'Spinsleft' : spinsLeft}) user_query.update({'Balance' : bal}) if spinsLeft == 0: user_query.update({'TimeLeft' : (datetime.now() + timedelta(hours=2))}) session.commit()
def validateCookie(cookie): session = Session() user_query = session.query(User).filter_by(Cookie=cookie) if user_query.count() > 0: user = user_query.first() spinsLeft = user.Spinsleft if spinsLeft == 0: refreshTime = user.TimeLeft present = datetime.now() if refreshTime is not None and present > refreshTime: user_query.update({"Spinsleft": 3}) user_query.update({"TimeLeft": None}) session.commit() return user_query.first() return False
def update_password(uuid, partial_account: AccountNewPasswordSchema, Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): try: Authorize.jwt_required() check_matching_user(uuid, Authorize) account = db.query(Account).filter_by(uuid=uuid).first() if partial_account.password is None: raise HTTPException(status_code=400, detail=f"Password is missing") else: check_valid_password(partial_account.password) account.password = encrypt_password(partial_account.password) db.merge(account) db.commit() db.refresh(account) except Exception as e: logging.warning(e) raise e return account
def registerUser(username, password, firstName, lastName, address, email, cookie, referral): session = Session() user_query = session.query(User).filter_by(Username=username) email_query = session.query(User).filter_by(Email=email) if(user_query.count() > 0 or email_query.count() > 0): return False spinsLeft = 3 if len(referral) > 0: ref_user = session.query(User).filter_by(Username=referral) if ref_user.count > 0: ref_spins = ref_user.first().Spinsleft ref_spins += 10 ref_user.update({'Spinsleft' : ref_spins}) spinsLeft += 10 new_user = User(Username=username, Email = email, Password=password, firstName = firstName, lastName = lastName, AdIndex = 0, Spinsleft = spinsLeft, Balance = 0.0, Cookie = cookie) session.add(new_user) session.commit() return True
def get_settings_from_hash(pw_reset_hash: str, Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): existing_settings = db.query(AccountSettings).filter_by( password_reset_hash=pw_reset_hash).first() if existing_settings is not None: time_diff = minutes_difference(existing_settings.password_reset_time) if time_diff >= 15: existing_settings.password_reset_hash = None existing_settings.password_reset_time = None db.merge(existing_settings) db.commit() raise HTTPException( status_code=400, detail=f"Invalid or expired password reset URL!") else: create_access_and_refresh_tokens(str(existing_settings.uuid), Authorize) return existing_settings else: raise HTTPException(status_code=400, detail=f"Invalid or expired password reset URL!")
def complete_account_registration(verify_hash: str, Authorize: AuthJWT = Depends(), db: Session = Depends(get_db)): settings = db.query(AccountSettings).filter_by( verify_account_hash=verify_hash).first() if settings is not None: acct_uuid = settings.uuid settings.verify_account_hash = None settings.cancel_registration_hash = None db.merge(settings) db.commit() account = db.query(Account).filter_by(uuid=acct_uuid).first() if account is not None: account.is_verified = True db.merge(account) db.commit() create_access_and_refresh_tokens(str(acct_uuid), Authorize) user = row2dict(account) user.update(row2dict(settings)) return user else: raise HTTPException(status_code=400, detail=f"invalid hash or account does not exist")
def send_notification(recipient: str, message: str, channel: NotificationChannel, scheduled_send_date: datetime = None, subject=None): notification = Notification(recipient=recipient, subject=subject, message=message, channel=channel, scheduled_send_date=scheduled_send_date) db = Session() db.add(notification) if notification.channel is NotificationChannel.EMAIL: send_email_notification(notification) elif notification.channel is NotificationChannel.SMS: send_sms_notification(notification) elif notification.channel is NotificationChannel.SLACK: send_slack_notification(notification) else: raise ValueError() db.commit()
class UserMigration(Base): __tablename__ = 'usermigration' userMigrationUID = Column('userMigrationUID', String(100), nullable=False, primary_key=True) userIP = Column('userIP', String(45), nullable=True) originalServerIP = Column('originalServerIP', String(45), default=None) migratedServerIP = Column('migratedServerIP', String(45), default=None) migrationStartTime = Column('migrationStartTime', DateTime, default=None) migrationStopTime = Column('migrationStopTime', DateTime, default=None) class Users(Base): __tablename__ = 'users' userUID = Column('userID', String(100), nullable=False, primary_key=True) username = Column('username', String(100), default=None) ipAddressuserIP = Column('ipAddress', String(20), default=None) connectionStartTime = Column('connectionStartTime', DateTime, default=None) connectionStopTime = Column('connectionStopTime', DateTime, default=None) class Whitelist(Base): __tablename__ = 'whitelist' ipv4 = Column('ipv4', String(15), nullable=False, primary_key=True) session = Session() Base.metadata.create_all(engine) session.commit()
def create_and_send_email(notification_payload: AccountNotificationSchema, existing_acct: Account, db: Session): email_message = None if existing_acct is not None: if notification_payload.notification_type == 'password_reset': email_message = f'<p>Dear {existing_acct.first_name},</p>' if existing_acct.oauth is None: base_url = Config['routes']['client'] acct_settings = db.query(AccountSettings).filter_by( uuid=existing_acct.uuid).first() curr_time = datetime.now() password_reset_hash = generate_str_for_hash( existing_acct.username, curr_time) acct_settings.password_reset_hash = password_reset_hash acct_settings.password_reset_time = curr_time db.merge(acct_settings) db.commit() reset_url = f'{base_url}/reset_password?hash={password_reset_hash}' message_body = CreateParagraph( f"""We have received a request to reset your password. To reset your password, please click the following""") message_body += CreateButton("Reset Password", reset_url) message_body += CreateParagraph( "This link will expire in 15 minutes") else: oauth_type = existing_acct.oauth.capitalize() message_body = CreateParagraph( f"""We have received a request to reset your password. Your account was created with {oauth_type} OAuth; therefore, you cannot set or reset a password. Please try signing in with {oauth_type}.""") message_body += CreateParagraph( '<b>If this action was not performed by you, please ignore this message.</b>' ) email_message = BASE_EMAIL_TEMPLATE.format(body_text=message_body) nm.send_notification(recipient=existing_acct.email, message=email_message, channel=NotificationChannel.EMAIL, scheduled_send_date=datetime.now(), subject='HF Volunteer Portal Password Reset') elif notification_payload.notification_type == 'verify_registration': base_url = Config['routes']['client'] acct_settings = db.query(AccountSettings).filter_by( uuid=existing_acct.uuid).first() curr_time = datetime.now() verify_account_hash = generate_str_for_hash( existing_acct.username, curr_time) acct_settings.verify_account_hash = verify_account_hash cancel_registration_hash = generate_str_for_hash( existing_acct.username, curr_time) acct_settings.cancel_registration_hash = cancel_registration_hash db.merge(acct_settings) db.commit() verify_url = f'{base_url}/verify_account?hash={verify_account_hash}' cancel_url = f'{base_url}/cancel_registration?hash={cancel_registration_hash}' message_body = CreateParagraph(f'Hi {existing_acct.first_name},') message_body += CreateParagraph( f"""We have received a request to create an account associated with this email. Please click below to verify your account""") message_body += CreateButton("Verify My Account", verify_url) message_body += CreateParagraph( f"""If this action was not performed by you or performed by accident, you may click the following to undo account creation""") message_body += CreateButton("Undo Account Registration", cancel_url) email_message = BASE_EMAIL_TEMPLATE.format(body_text=message_body) nm.send_notification( recipient=existing_acct.email, message=email_message, channel=NotificationChannel.EMAIL, scheduled_send_date=datetime.now(), subject='HF Volunteer Portal Account Registration')
def logUserOut(cookie): session = Session() user_query = session.query(User).filter_by(Cookie=cookie) if user_query.count() > 0: user_query.update({"Cookie": ""}) session.commit()
def updateValueForUser(username, columnName, columnValue): session = Session() user_query = session.query(User).filter_by(Username=username) user_query.update({columnName : columnValue}) session.commit()
def setup(db): db = Session() yield # this is where the testing happens db.query(Account).delete() db.commit()