def get_user_by(field, value):
client = cognito.create_client()
value_quoted = value.replace('"', '\\"')
filter_string = f'{field} = "{value_quoted}"'
resp, msg = cognito.idp_list_users(client, filter_string)
if msg is not None:
return {"message": msg, "error": True, "success": False, "data": None}
if len(resp["Users"]) == 0:
return {
"message": "success",
"error": False,
"success": True,
"data": None
}
return {
"message": "success",
"error": False,
"success": True,
"data": resp["Users"][0],
}
def reset_password(username):
client = cognito.create_client()
# pylint:disable=unused-variable
resp, msg = cognito.idp_forgot_password(client, username)
if msg is not None:
return {"message": msg, "error": True, "success": False, "data": None}
return {
"message": "success",
"error": False,
"success": True,
"data": None,
}
def resend_confirmation(username):
client = cognito.create_client()
# pylint:disable=unused-variable
resp, msg = cognito.idp_resend_confirmation_code(client, username)
if msg is not None:
return {"message": msg, "error": True, "success": False, "data": None}
return {
"message": "success",
"error": False,
"success": True,
"data": None,
}
def reset_password_confirm(username, confirmation_code, new_password):
client = cognito.create_client()
# pylint:disable=unused-variable
resp, msg = cognito.idp_confirm_forgot_password(
client, username, confirmation_code, new_password
)
if msg is not None:
return {"message": msg, "error": True, "success": False, "data": None}
user = User.objects.get(username=username)
user.is_active = True
user.set_password(new_password)
user.save()
return {
"message": "success",
"error": False,
"success": True,
"data": None,
}
def change_password(access_token, previous_password, proposed_password):
user_jwt = decode_token(access_token)
client = cognito.create_client()
# pylint:disable=unused-variable
resp, msg = cognito.idp_change_password(client, access_token,
previous_password,
proposed_password)
if msg is not None:
return {"message": msg, "error": True, "success": False, "data": None}
user = User.objects.get(username=user_jwt["username"])
user.set_password(proposed_password)
user.save()
return {
"message": "success",
"error": False,
"success": True,
"data": None,
}
def signup_confirm(username, confirmation_code):
client = cognito.create_client()
# pylint:disable=unused-variable
resp, msg = cognito.idp_confirm_sign_up(client, username,
confirmation_code)
if msg is not None:
return {"message": msg, "error": True, "success": False, "data": None}
user = User.objects.get(username=username)
user.is_active = True
slug = slugify(f"{user.first_name} {user.last_name}")
# profile =
user.profiles.create(
slug=slug,
first_name=user.first_name,
last_name=user.last_name,
gender=user.gender,
birthdate=user.birthdate,
email=user.email,
phone=user.phone,
profile_picture_uri=user.profile_picture_uri,
# timezone="Europe/Berlin",
)
user.save()
return {
"message": "success",
"error": False,
"success": True,
"data": None,
}
def login(username, password):
client = cognito.create_client()
resp, msg = cognito.idp_admin_initiate_auth(client, username, password)
if msg is not None:
return {"message": msg, "error": True, "success": False, "data": None}
if resp.get("AuthenticationResult"):
return {
"message": "success",
"error": False,
"success": True,
"data": {
"id_token": resp["AuthenticationResult"]["IdToken"],
"refresh_token": resp["AuthenticationResult"]["RefreshToken"],
"access_token": resp["AuthenticationResult"]["AccessToken"],
"expires_in": resp["AuthenticationResult"]["ExpiresIn"],
"token_type": resp["AuthenticationResult"]["TokenType"],
},
}
# this code block is relevant only when MFA is enabled
return {"error": True, "success": False, "data": None, "message": None}
def signup(
login,
password,
first_name=None,
last_name=None,
gender=None,
birthdate=None,
email=None,
phone=None,
profile_picture_uri=None,
locale=None,
):
login_is_email = strings.check_if_email(login)
email_sanitized = strings.sanitize_email(login if login_is_email else email)
phone_sanitized = strings.sanitize_phone(phone if login_is_email else login)
login_sanitized = email_sanitized if login_is_email else phone_sanitized
profile_picture_uri_sanitized = strings.sanitize_url(profile_picture_uri)
if login_is_email:
if "email" not in settings.LOGIN_OPTIONS:
return {
"message": "login by e-mail is disabled",
"error": True,
"success": False,
"data": None,
}
if email is not None:
return {
"message": f"both {login_sanitized} and {email_sanitized} is specified as e-mail",
"error": True,
"success": False,
"data": None,
}
else:
if "phone" not in settings.LOGIN_OPTIONS:
return {
"message": "login by phone is disabled",
"error": True,
"success": False,
"data": None,
}
if phone is not None:
return {
"message": f"both {login_sanitized} and {phone_sanitized} is specified as phone number",
"error": True,
"success": False,
"data": None,
}
# now = time()
client = cognito.create_client()
user_attributes = dicts.create_dict_for_attributes(
given_name=first_name,
family_name=last_name,
gender=gender,
birthdate=birthdate,
email=email_sanitized,
phone_number=phone_sanitized,
picture=profile_picture_uri_sanitized,
locale=locale,
# TODO re-enable later
# updated_at=now,
)
resp, msg = cognito.idp_sign_up(client, login_sanitized, password, user_attributes)
if msg is not None:
return {"message": msg, "error": True, "success": False, "data": None}
if not resp.get("CodeDeliveryDetails"):
# this code block is relevant only when MFA is enabled
return {"error": True, "success": False, "data": None, "message": None}
user_uuid = resp["UserSub"]
# created_user =
User.objects.create_user(
user_uuid,
password=password,
is_active=False,
username=user_uuid,
first_name=first_name,
last_name=last_name,
gender=gender,
birthdate=birthdate,
email=login_sanitized,
phone=phone_sanitized,
profile_picture_uri=profile_picture_uri_sanitized,
locale=locale,
)
return {
"message": "success",
"error": False,
"success": True,
"data": {
"code_delivery_details": {
"attribute_name": resp["CodeDeliveryDetails"]["AttributeName"],
"delivery_medium": resp["CodeDeliveryDetails"]["DeliveryMedium"],
"destination": resp["CodeDeliveryDetails"]["Destination"],
},
"user_confirmed": resp["UserConfirmed"],
"user_sub": resp["UserSub"],
},
}