async def update_email_user_password(self, request):
user_info: UserClaim = get_bearer_token(self.jwt_secret, request)
request_body: UpdateUserPasswordRequest = convert_request(
UpdateUserPasswordRequest, await request.json())
user: User = await self.user_repository.find_user_by_id(user_info.id)
if not user:
return json_response(reason=f"user not found", status=404)
if user.type != UserType.EMAIL:
return json_response(reason=f"only email user can update password",
status=404)
if not is_valid_password(request_body.new_password):
return json_response(reason="password policy is not satisfied",
status=400)
if not bcrypt.checkpw(request_body.original_password.encode(),
user.hashed_password.encode()):
return json_response(reason="Invalid password", status=403)
hashed_password = bcrypt.hashpw(request_body.new_password.encode(),
bcrypt.gensalt()).decode()
affected_rows = await self.user_repository.update_user(
user_id=user_info.id,
hashed_password=hashed_password,
)
return json_response(result=affected_rows > 0)
async def create_email_user(self, request):
request_body: CreateEmailUserRequest = convert_request(
CreateEmailUserRequest, await request.json())
user = await find_user_by_account(request_body.account)
if user:
return json_response(
reason=f'account[{request_body.account}] already exists',
status=409)
if not is_valid_account(request_body.account):
return json_response(
reason=f'{request_body.account} is invalid account format',
status=400)
if not is_valid_email(request_body.email):
return json_response(
reason=f'{request_body.email} is invalid email format',
status=400)
if not is_valid_password(request_body.password):
return json_response(reason='password policy is not satisfied',
status=400)
hashed_password = bcrypt.hashpw(request_body.password.encode(),
bcrypt.gensalt()).decode()
user = await create_user(
user_type=UserType.EMAIL,
account=request_body.account,
hashed_password=hashed_password,
email=request_body.email,
extra=request_body.extra,
)
return json_response(result=user_model_to_dict(user))
async def reset_email_user_password(self, request):
request_body: ResetPasswordRequest = convert_request(
ResetPasswordRequest, await request.json())
user_info: ResetPasswordClaim = ResetPasswordClaim.from_jwt(
request_body.temp_token, self.jwt_secret)
if user_info.type != UserType.EMAIL:
return json_response(reason=f"only email user can reset password",
status=400)
if not is_valid_password(request_body.new_password):
return json_response(reason="password policy is not satisfied",
status=400)
hashed_password = bcrypt.hashpw(request_body.new_password.encode(),
bcrypt.gensalt()).decode()
affected_rows = await self.user_repository.update_user(
user_id=user_info.id,
hashed_password=hashed_password,
)
return json_response(result=affected_rows > 0)