def mutate(_, info, auth_token, provider, push_token):
authorized = False
session_jwt = ''
success = False
if provider == 'google':
try:
user_info = id_token.verify_oauth2_token(
auth_token, requests.Request())
if user_info['iss'] not in [
'accounts.google.com', 'https://accounts.google.com'
]:
rollbar.report_message('Error: Invalid oauth2 issuer',
'error', info.context,
user_info['iss'])
raise GraphQLError('INVALID_AUTH_TOKEN')
if user_info['aud'] not in [
FI_GOOGLE_OAUTH2_KEY_ANDROID, FI_GOOGLE_OAUTH2_KEY_IOS
]:
rollbar.report_message('Error: Invalid oauth2 audience',
'error', info.context,
user_info['aud'])
raise GraphQLError('INVALID_AUTH_TOKEN')
email = user_info['email']
authorized = user_domain.is_registered(email)
if push_token:
user_dal.update(email,
{'devices_to_notify': set(push_token)})
session_jwt = jwt.encode(
{
'user_email':
email,
'user_role':
user_domain.get_data(email, 'role'),
'company':
user_domain.get_data(email, 'company'),
'first_name':
user_info['given_name'],
'last_name':
user_info['family_name'],
'exp':
datetime.utcnow() +
timedelta(seconds=settings.SESSION_COOKIE_AGE)
},
algorithm='HS512',
key=settings.JWT_SECRET,
)
success = True
except ValueError:
util.cloudwatch_log(
info.context,
'Security: Sign in attempt using invalid Google token')
raise GraphQLError('INVALID_AUTH_TOKEN')
else:
rollbar.report_message('Error: Unknown auth provider' + provider,
'error')
raise GraphQLError('UNKNOWN_AUTH_PROVIDER')
return SignIn(authorized, session_jwt, success)
def update_access_token(email: str, token_data: Dict[str, str]) -> bool:
""" Update access token """
access_token = {
'iat': int(datetime.utcnow().timestamp()),
'jti': token_data['jti_hashed'],
'salt': token_data['salt']
}
return user_dal.update(email, {'access_token': access_token})
def register(email: str) -> bool:
return user_dal.update(email, {'registered': True})
def assign_role(email: str, role: str) -> bool:
if role not in ('analyst', 'customer', 'admin', 'customeradmin'):
resp = False
else:
resp = user_dal.update(email, {'role': role})
return resp
def update(email: str, data_attr: str, name_attr: str) -> bool:
return user_dal.update(email, {name_attr: data_attr})
def update_multiple_user_attributes(email: str, data_dict: UserType) -> bool:
return user_dal.update(email, data_dict)
def update_last_login(email: str) -> bool:
return user_dal.update(str(email), {'last_login': get_current_date()})
def add_phone_to_user(email: str, phone: str) -> bool:
""" Update user phone number. """
return user_dal.update(email, {'phone': phone})
def update_legal_remember(email: str, remember: bool) -> bool:
""" Remember legal notice acceptance """
return user_dal.update(email, {'legal_remember': remember})