async def user_password_reset_request(db_session: Session, payload: ResetPasswordRequest): user_email = payload.email user = get_user_by_email(db_session, user_email) # we don't tell the submitter if the account doesn't exist if user is None: logger.info(f"User {email} does not exist. Password reset fail.") return True # raise AccountException(detail="User does not exist.") if not user.active: # user isn't active logger.info(f"User {email} is inactive. Password reset fail.") return True if user.city: logger.info(f"User {email} is City user. Password reset fail.") raise AccountException( detail="sandiego.gov passwords cannot be reset here.") # okay, let's build the token and send the email user.password_set_reset_secret = secrets.token_hex(16) now = datetime.datetime.now(tz=pytz.utc) access_token_expires = datetime.timedelta( minutes=PASSWORD_RESET_EXPIRE_MINS) user.password_set_reset_expire = now + access_token_expires data = { "sub": user.email, "email_code": user.password_set_reset_secret, "endpoint": FRONTEND_ROUTES["user_set_password"] } access_token = create_access_token( data=data, expires_delta=access_token_expires).decode('UTF-8') print(access_token) url = (APP_HOST + FRONTEND_ROUTES["user_set_password"] + f"?token={access_token}") # get message template template = EMAIL_TEMPLATES["password_set_reset_email"] recipients = [user.email] data = {"url": url} await send_templated_email_disk( db_session=db_session, data=data, template_name=template, message_type="password_set_reset_email", subject="[eFile San Diego] Password Reset", sender=EFILE_EMAIL, recipients=recipients, to_id=user.id, ) return True
async def create_access_token(form_data: OAuth2PasswordRequestForm = Depends()): user = utils.authenticate_user(username=form_data.username, password=form_data.password) if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="USER_CREDENTIALS_INVALID", headers={"WWW-Authenticate": "Bearer"}, ) data_refresh_token = {"sub": user["username"], "role": user["role"], "first_name": user["first_name"], } refresh_token_expires = timedelta( minutes=config.REFRESH_TOKEN_EXPIRE_MINUTES) refresh_token = utils.create_refresh_token( data=data_refresh_token, expires_delta=refresh_token_expires) data_access_token = {"sub": user["username"], "role": user["role"], "first_name": user["first_name"], "user_id": user["_id"], "refresh_token": refresh_token} access_token_expires = timedelta( minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES) access_token = utils.create_access_token( data=data_access_token, expires_delta=access_token_expires ) log_user_login(user=user['first_name'], bucket="user-data") return {"access_token": access_token}
async def refresh_token(user: User = Depends(utils.is_refresh_token_valid)): if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="USER_CREDENTIALS_INVALID", headers={"WWW-Authenticate": "Bearer"}, ) data_refresh_token = {"sub": user["username"], "role": user["role"], "first_name": user["first_name"]} refresh_token_expires = timedelta( minutes=config.REFRESH_TOKEN_EXPIRE_MINUTES) refresh_token = utils.create_refresh_token( data=data_refresh_token, expires_delta=refresh_token_expires) data_access_token = {"sub": user["username"], "role": user["role"], "first_name": user["first_name"], "user_id": user["_id"], "refresh_token": refresh_token} access_token_expires = timedelta( minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES) access_token = utils.create_access_token( data=data_access_token, expires_delta=access_token_expires ) return {"access_token": access_token}
def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(), sql: Session = Depends(db_session)) -> Any: """Authenticate user data""" user = authenticate_user(sql, form_data.username, form_data.password) if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect username or password", headers={"WWW-Authenticate": "Bearer"}, ) access_token_expires = timedelta( minutes=int(getenv("ACCESS_TOKEN_VALIDITY"))) access_token = create_access_token(data={"sub": user.Username}, expires_time=access_token_expires) return {"access_token": access_token, "token_type": "bearer"}
def get_access_token(db_session: Session, form): user = authenticate_user(db_session, form.username, form.password) if not user: logging.info("Unregistered user attempted login: '******'", form.username) raise CREDENTIALS_EXCEPTION access_token_expires = datetime.timedelta( minutes=ACCESS_TOKEN_EXPIRE_MINUTES) access_token = create_access_token(data={"sub": user.username}, expires_delta=access_token_expires) if access_token: try: user.last_login = datetime.datetime.now(tz=pytz.utc) db_session.add(user) db_session.commit() except Exception as inst: logging.error("Exception: e = %s", inst) db_session.rollback() logging.info("Access token granted to user '%s'", form.username) return access_token
async def review_new_lobbyist(db_session: Session, form: ReviewNewLobbyist, user: User): # get lobbyist entity = await get_lobbying_entity_by_id(db_session, str(form.lobbying_entity_id)) # get task task = await get_task_by_ref(db_session, form.task_ref) if task.complete: # someone else has done it already, we just happily return 200 return True # get the associated filing user filer_user = entity.filers[0].user if form.action == 'activate': entity.active = True entity.reviewed = True task.complete = True task.completed_by_user_id = user.id # email code filer_user.password_set_reset_secret = secrets.token_hex(16) now = datetime.datetime.now(tz=pytz.utc) access_token_expires = datetime.timedelta( minutes=NEW_LOBBYIST_PASSWORD_SET_EXPIRE_MINS) filer_user.password_set_reset_expire = now + access_token_expires data = { "sub": filer_user.email, "filer": True, "entity_id": entity.entity_id, "email_code": filer_user.password_set_reset_secret, "endpoint": FRONTEND_ROUTES["filer_set_password"] } access_token = create_access_token( data=data, expires_delta=access_token_expires).decode('UTF-8') # send email verification email url = (APP_HOST + FRONTEND_ROUTES["filer_set_password"] + f"?token={access_token}") # get message template template = await get_message_template_by_message_type( db_session, "lobbyist_new_welcome") # set up data lobbyist_types = jsonable_encoder(entity.lobbyist_types) form_names = [] for xt in lobbyist_types: reg_form = LOBBYIST_FORMS[xt['lobbyist_type']].get( 'register', None) qt_form = LOBBYIST_FORMS[xt['lobbyist_type']].get( 'quarterly', None) if reg_form is not None: form_names.append(reg_form) elif qt_form is not None: form_names.append(qt_form) form_name = ", ".join(form_names) if len(form_name) > 0: form_name += "." data = {'form_name': form_name, 'url': url} await send_templated_email_db(db_session=db_session, data=data, template=template, message_type="lobbyist_new_welcome", subject="[eFile San Diego] Welcome!", sender=EFILE_EMAIL, recipients=[filer_user.email], filing_type='lobbyist', entity_id=entity.entity_id) elif form.action == 'reject': entity.active = False entity.reviewed = True entity.rejected = True task.complete = True task.completed_by_user_id = user.id db_session.commit() # get message template template = await get_message_template_by_message_type( db_session, "lobbyist_new_reject") data = {} await send_templated_email_db( db_session=db_session, data=data, template=template, message_type="lobbyist_new_reject", subject="[eFile San Diego] Regarding your Lobbyist Registration", sender=EFILE_EMAIL, recipients=[filer_user.email], filing_type='lobbyist', entity_id=entity.entity_id) else: Http400(f"Action {form.action} is not supported.") db_session.commit() return True
async def register_new_lobbyist( db_session: Session, form: NewLobbyistRegistration, ): # do we have the lobbying entity already? res = await get_lobbying_entity_by_name(db_session, form.entity_name) if res is not None: Http400("Lobbyist name already registered.") # create the entity new_entity = await insert_lobbying_entity(db_session, form) # create general entity assoc object new_general_entity = await insert_entity(db_session, new_entity.entity_id, "lobbying") # create new human readable ID for this lobbyist new_human_readable_id = await insert_human_readable_id( db_session, object_id=str(new_entity.entity_id), object_type="lobbying_entity", hr_id_prefix="lobbyist") # check if we know the user user = get_filer_user_by_email(db_session, form.filer_email) if user is None: # we have to make the user new_user = UserBasic(email=form.filer_email, account_type="filer", city=False, active=True, first_name=form.filer_first_name, middle_name=form.filer_middle_name, last_name=form.filer_last_name) user = await insert_new_user(db_session, new_user) # now let's make a new filer new_filer = FilerBasic(user_id=user.id, first_name=form.filer_first_name, middle_name=form.filer_middle_name, last_name=form.filer_last_name) filer = await insert_new_filer_basic(db_session, new_filer) else: # get the filer filer = await get_filer_by_user_id(db_session, user.id) if filer is None: raise Http400("Filer user could not be found.") # now associate the filer with the lobbying entity lef = await assoc_filer_with_lobbying_entity(db_session, filer.filer_id, new_entity.entity_id) # email code new_entity.filer_email_code = secrets.token_hex(16) access_token_expires = datetime.timedelta( minutes=NEW_LOBBYIST_EMAIL_VERIFY_EXPIRE_MINS) data = { "sub": user.email, "filer": True, "entity_id": new_entity.entity_id, "email_code": new_entity.filer_email_code, "endpoint": FRONTEND_ROUTES["lobbyist_new_registration_verify_email"] } access_token = create_access_token( data=data, expires_delta=access_token_expires).decode('UTF-8') # send email verification email url = (APP_HOST + FRONTEND_ROUTES["lobbyist_new_registration_verify_email"] + f"?token={access_token}") await send_templated_email_disk( db_session=db_session, data={'url': url}, template_name=EMAIL_TEMPLATES[ "lobbyist_new_registration_verify_email"], message_type="lobbyist_email_confirmation", subject="[eFile San Diego] Please Confirm your Email", sender=EFILE_EMAIL, recipients=[user.email], to_id=user.id, filing_type='lobbyist', entity_id=new_entity.entity_id) # add filing type to user # save message in message db db_session.commit()