def post_credentials_recovery() -> Response:
email = request.json['email']
session = g.database_session
account = session.query(Account).filter_by(email=email).first()
if not account:
return error_response(
ErrorCode.EMAIL_MISSING,
'E-mail not associated with any account',
)
new_token = TokenFactory().create_token()
previous_reset_token = account.password_reset_token
if previous_reset_token:
previous_reset_token.token = new_token
else:
session.add(PasswordResetToken(account_id=account.id, token=new_token))
link_factory = LinkFactory(
current_app.config['EXTERNAL_HOST'],
current_app.config['FRONTEND_HOST'],
)
link = link_factory.create_frontend_link(
f'/authentication/password-reset/{new_token}')
message = (
'Having trouble logging into your aveslog.com account? Your username is '
f'{account.username}, and here\'s a password reset link if you need one: '
f'{link}')
g.mail_dispatcher.dispatch(email, 'Aveslog Credentials Recovery', message)
session.commit()
return make_response('', HTTPStatus.OK)
def post_registration_request() -> Response:
email = request.json['email']
locale = request.json.get('locale', 'en')
locale = load_locale(locale)
link_factory = LinkFactory(
current_app.config['EXTERNAL_HOST'],
current_app.config['FRONTEND_HOST'],
)
account_repository = AccountRepository(PasswordHasher(SaltFactory()))
token_factory = TokenFactory()
registration_controller = AccountRegistrationController(
account_repository, g.mail_dispatcher, link_factory, token_factory)
result = registration_controller.initiate_registration(email, locale)
if result == 'email taken':
return error_response(ErrorCode.EMAIL_TAKEN, 'Email taken')
elif result == 'email invalid':
return error_response(ErrorCode.EMAIL_INVALID, 'Email invalid')
return make_response('', HTTPStatus.CREATED)
def post_password() -> Response:
account = g.authenticated_account
old_password = request.json['oldPassword']
new_password = request.json['newPassword']
password_hasher = PasswordHasher(SaltFactory())
authenticator = Authenticator(password_hasher)
old_password_correct = authenticator.is_account_password_correct(
account, old_password)
if not old_password_correct:
return error_response(
ErrorCode.OLD_PASSWORD_INCORRECT,
'Old password incorrect',
status_code=HTTPStatus.UNAUTHORIZED,
)
if not is_valid_password(new_password):
return error_response(ErrorCode.PASSWORD_INVALID,
'New password invalid')
password_update_controller = PasswordUpdateController(password_hasher)
session = g.database_session
password_update_controller.update_password(account, new_password, session)
session.commit()
return make_response('', HTTPStatus.NO_CONTENT)
def delete_refresh_token(refresh_token_id: int) -> Response:
account = g.authenticated_account
session = g.database_session
refresh_token = session.query(RefreshToken).get(refresh_token_id)
if not refresh_token:
return refresh_token_deleted_response()
if refresh_token.account_id != account.id:
return error_response(
ErrorCode.AUTHORIZATION_REQUIRED,
'Authorization required',
status_code=HTTPStatus.UNAUTHORIZED,
)
session.delete(refresh_token)
session.commit()
return refresh_token_deleted_response()
def too_many_requests_handler(e):
return error_response(
ErrorCode.RATE_LIMIT_EXCEEDED,
f'Rate limit exceeded {e.description}',
status_code=HTTPStatus.TOO_MANY_REQUESTS,
)
def credentials_incorrect_response() -> Response:
return error_response(
ErrorCode.CREDENTIALS_INCORRECT,
'Credentials incorrect',
status_code=HTTPStatus.UNAUTHORIZED,
)
def username_taken_response():
return error_response(
ErrorCode.USERNAME_TAKEN,
'Username taken',
status_code=HTTPStatus.CONFLICT,
)
def registration_request_token_invalid_response():
return error_response(
ErrorCode.INVALID_ACCOUNT_REGISTRATION_TOKEN,
'Registration request token invalid',
status_code=HTTPStatus.BAD_REQUEST,
)