async def user_password_reset_request(db_session: Session,
payload: ResetPasswordRequest):
user_email = payload.email
user = get_user_by_email(db_session, user_email)
# we don't tell the submitter if the account doesn't exist
if user is None:
logger.info(f"User {email} does not exist. Password reset fail.")
return True
# raise AccountException(detail="User does not exist.")
if not user.active:
# user isn't active
logger.info(f"User {email} is inactive. Password reset fail.")
return True
if user.city:
logger.info(f"User {email} is City user. Password reset fail.")
raise AccountException(
detail="sandiego.gov passwords cannot be reset here.")
# okay, let's build the token and send the email
user.password_set_reset_secret = secrets.token_hex(16)
now = datetime.datetime.now(tz=pytz.utc)
access_token_expires = datetime.timedelta(
minutes=PASSWORD_RESET_EXPIRE_MINS)
user.password_set_reset_expire = now + access_token_expires
data = {
"sub": user.email,
"email_code": user.password_set_reset_secret,
"endpoint": FRONTEND_ROUTES["user_set_password"]
}
access_token = create_access_token(
data=data, expires_delta=access_token_expires).decode('UTF-8')
print(access_token)
url = (APP_HOST + FRONTEND_ROUTES["user_set_password"] +
f"?token={access_token}")
# get message template
template = EMAIL_TEMPLATES["password_set_reset_email"]
recipients = [user.email]
data = {"url": url}
await send_templated_email_disk(
db_session=db_session,
data=data,
template_name=template,
message_type="password_set_reset_email",
subject="[eFile San Diego] Password Reset",
sender=EFILE_EMAIL,
recipients=recipients,
to_id=user.id,
)
return True
async def create_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
user = utils.authenticate_user(username=form_data.username,
password=form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="USER_CREDENTIALS_INVALID",
headers={"WWW-Authenticate": "Bearer"},
)
data_refresh_token = {"sub": user["username"],
"role": user["role"],
"first_name": user["first_name"],
}
refresh_token_expires = timedelta(
minutes=config.REFRESH_TOKEN_EXPIRE_MINUTES)
refresh_token = utils.create_refresh_token(
data=data_refresh_token, expires_delta=refresh_token_expires)
data_access_token = {"sub": user["username"],
"role": user["role"],
"first_name": user["first_name"],
"user_id": user["_id"],
"refresh_token": refresh_token}
access_token_expires = timedelta(
minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = utils.create_access_token(
data=data_access_token, expires_delta=access_token_expires
)
log_user_login(user=user['first_name'], bucket="user-data")
return {"access_token": access_token}
async def refresh_token(user: User = Depends(utils.is_refresh_token_valid)):
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="USER_CREDENTIALS_INVALID",
headers={"WWW-Authenticate": "Bearer"},
)
data_refresh_token = {"sub": user["username"],
"role": user["role"],
"first_name": user["first_name"]}
refresh_token_expires = timedelta(
minutes=config.REFRESH_TOKEN_EXPIRE_MINUTES)
refresh_token = utils.create_refresh_token(
data=data_refresh_token, expires_delta=refresh_token_expires)
data_access_token = {"sub": user["username"],
"role": user["role"],
"first_name": user["first_name"],
"user_id": user["_id"],
"refresh_token": refresh_token}
access_token_expires = timedelta(
minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = utils.create_access_token(
data=data_access_token, expires_delta=access_token_expires
)
return {"access_token": access_token}
def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends(),
sql: Session = Depends(db_session)) -> Any:
"""Authenticate user data"""
user = authenticate_user(sql, form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(
minutes=int(getenv("ACCESS_TOKEN_VALIDITY")))
access_token = create_access_token(data={"sub": user.Username},
expires_time=access_token_expires)
return {"access_token": access_token, "token_type": "bearer"}
def get_access_token(db_session: Session, form):
user = authenticate_user(db_session, form.username, form.password)
if not user:
logging.info("Unregistered user attempted login: '******'", form.username)
raise CREDENTIALS_EXCEPTION
access_token_expires = datetime.timedelta(
minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"sub": user.username},
expires_delta=access_token_expires)
if access_token:
try:
user.last_login = datetime.datetime.now(tz=pytz.utc)
db_session.add(user)
db_session.commit()
except Exception as inst:
logging.error("Exception: e = %s", inst)
db_session.rollback()
logging.info("Access token granted to user '%s'", form.username)
return access_token
async def review_new_lobbyist(db_session: Session, form: ReviewNewLobbyist,
user: User):
# get lobbyist
entity = await get_lobbying_entity_by_id(db_session,
str(form.lobbying_entity_id))
# get task
task = await get_task_by_ref(db_session, form.task_ref)
if task.complete:
# someone else has done it already, we just happily return 200
return True
# get the associated filing user
filer_user = entity.filers[0].user
if form.action == 'activate':
entity.active = True
entity.reviewed = True
task.complete = True
task.completed_by_user_id = user.id
# email code
filer_user.password_set_reset_secret = secrets.token_hex(16)
now = datetime.datetime.now(tz=pytz.utc)
access_token_expires = datetime.timedelta(
minutes=NEW_LOBBYIST_PASSWORD_SET_EXPIRE_MINS)
filer_user.password_set_reset_expire = now + access_token_expires
data = {
"sub": filer_user.email,
"filer": True,
"entity_id": entity.entity_id,
"email_code": filer_user.password_set_reset_secret,
"endpoint": FRONTEND_ROUTES["filer_set_password"]
}
access_token = create_access_token(
data=data, expires_delta=access_token_expires).decode('UTF-8')
# send email verification email
url = (APP_HOST + FRONTEND_ROUTES["filer_set_password"] +
f"?token={access_token}")
# get message template
template = await get_message_template_by_message_type(
db_session, "lobbyist_new_welcome")
# set up data
lobbyist_types = jsonable_encoder(entity.lobbyist_types)
form_names = []
for xt in lobbyist_types:
reg_form = LOBBYIST_FORMS[xt['lobbyist_type']].get(
'register', None)
qt_form = LOBBYIST_FORMS[xt['lobbyist_type']].get(
'quarterly', None)
if reg_form is not None:
form_names.append(reg_form)
elif qt_form is not None:
form_names.append(qt_form)
form_name = ", ".join(form_names)
if len(form_name) > 0:
form_name += "."
data = {'form_name': form_name, 'url': url}
await send_templated_email_db(db_session=db_session,
data=data,
template=template,
message_type="lobbyist_new_welcome",
subject="[eFile San Diego] Welcome!",
sender=EFILE_EMAIL,
recipients=[filer_user.email],
filing_type='lobbyist',
entity_id=entity.entity_id)
elif form.action == 'reject':
entity.active = False
entity.reviewed = True
entity.rejected = True
task.complete = True
task.completed_by_user_id = user.id
db_session.commit()
# get message template
template = await get_message_template_by_message_type(
db_session, "lobbyist_new_reject")
data = {}
await send_templated_email_db(
db_session=db_session,
data=data,
template=template,
message_type="lobbyist_new_reject",
subject="[eFile San Diego] Regarding your Lobbyist Registration",
sender=EFILE_EMAIL,
recipients=[filer_user.email],
filing_type='lobbyist',
entity_id=entity.entity_id)
else:
Http400(f"Action {form.action} is not supported.")
db_session.commit()
return True
async def register_new_lobbyist(
db_session: Session,
form: NewLobbyistRegistration,
):
# do we have the lobbying entity already?
res = await get_lobbying_entity_by_name(db_session, form.entity_name)
if res is not None:
Http400("Lobbyist name already registered.")
# create the entity
new_entity = await insert_lobbying_entity(db_session, form)
# create general entity assoc object
new_general_entity = await insert_entity(db_session, new_entity.entity_id,
"lobbying")
# create new human readable ID for this lobbyist
new_human_readable_id = await insert_human_readable_id(
db_session,
object_id=str(new_entity.entity_id),
object_type="lobbying_entity",
hr_id_prefix="lobbyist")
# check if we know the user
user = get_filer_user_by_email(db_session, form.filer_email)
if user is None:
# we have to make the user
new_user = UserBasic(email=form.filer_email,
account_type="filer",
city=False,
active=True,
first_name=form.filer_first_name,
middle_name=form.filer_middle_name,
last_name=form.filer_last_name)
user = await insert_new_user(db_session, new_user)
# now let's make a new filer
new_filer = FilerBasic(user_id=user.id,
first_name=form.filer_first_name,
middle_name=form.filer_middle_name,
last_name=form.filer_last_name)
filer = await insert_new_filer_basic(db_session, new_filer)
else:
# get the filer
filer = await get_filer_by_user_id(db_session, user.id)
if filer is None:
raise Http400("Filer user could not be found.")
# now associate the filer with the lobbying entity
lef = await assoc_filer_with_lobbying_entity(db_session, filer.filer_id,
new_entity.entity_id)
# email code
new_entity.filer_email_code = secrets.token_hex(16)
access_token_expires = datetime.timedelta(
minutes=NEW_LOBBYIST_EMAIL_VERIFY_EXPIRE_MINS)
data = {
"sub": user.email,
"filer": True,
"entity_id": new_entity.entity_id,
"email_code": new_entity.filer_email_code,
"endpoint": FRONTEND_ROUTES["lobbyist_new_registration_verify_email"]
}
access_token = create_access_token(
data=data, expires_delta=access_token_expires).decode('UTF-8')
# send email verification email
url = (APP_HOST +
FRONTEND_ROUTES["lobbyist_new_registration_verify_email"] +
f"?token={access_token}")
await send_templated_email_disk(
db_session=db_session,
data={'url': url},
template_name=EMAIL_TEMPLATES[
"lobbyist_new_registration_verify_email"],
message_type="lobbyist_email_confirmation",
subject="[eFile San Diego] Please Confirm your Email",
sender=EFILE_EMAIL,
recipients=[user.email],
to_id=user.id,
filing_type='lobbyist',
entity_id=new_entity.entity_id)
# add filing type to user
# save message in message db
db_session.commit()