def verify_phone_number(request):
request_data = get_request_data(request.body)
if request_data is None:
return error_response("missing or invalid data")
current_time = get_current_utc_time()
active_codes = get_active_verification_codes_for_phone_number(
request_data.phone_number, current_time
)
is_valid_code = request_data.verification_code in active_codes
if not is_valid_code:
return error_response("invalid verification code")
current_time = get_current_utc_time()
user, created = get_or_create_user(phone_number=request_data.phone_number)
if not created:
return error_response("phone number has already been verified")
refresh_token = generate_and_record_refresh_token(user, current_time)
access_token, token_payload = generate_access_token_for_user(
user.user_id, current_time
)
expiry_time = from_timestamp(token_payload["exp"])
response_data = ResponseData(
refresh_token=refresh_token, access_token=access_token, expiry_time=expiry_time
)
return success_response(response_data)
def verify_phone_number(request):
"""
Given a phone number (e.164 format) and an active verification code, this endpoint
generates a new user account capable of owning access and refresh tokens.
An initial set of refresh and access tokens for the new account are returned on
success.
"""
request_data = get_request_data(request.body)
if request_data is None:
return error_response("Missing or invalid data")
current_time = get_current_utc_time()
active_codes = get_active_verification_codes_for_phone_number(
request_data.phone_number, current_time)
is_valid_code = request_data.verification_code in active_codes
if not is_valid_code:
return error_response("Invalid verification code")
invalidate_verification_code(request_data.verification_code)
user, created = get_or_create_user(phone_number=request_data.phone_number)
if not created:
logger.info(
f"Generating refresh token for existing user {user.user_id}")
refresh_token = generate_and_record_refresh_token(user, current_time)
access_token, token_payload = generate_access_token_for_user(
user.user_id, current_time)
expiry_time = from_timestamp(token_payload["exp"])
response_data = ResponseData(refresh_token=refresh_token,
access_token=access_token,
expiry_time=expiry_time)
return success_response(response_data)
def test_verify_phone_number_existing_user(settings, verification_code):
settings.AUTH_ACCESS_TOKEN_AUDIENCE = "audience-url"
settings.AUTH_ACCESS_TOKEN_ISSUER = "gatekeeper-url"
user, _ = get_or_create_user("+447000000000")
response = make_request(
{"phone_number": "+447000000000", "verification_code": "abcd"}
)
assert 200 == response.status_code
response_data = json.loads(response.content)
assert {"refresh_token", "access_token", "expiry_time"} == response_data.keys()
verification_code.refresh_from_db()
assert False is verification_code.is_active
def user():
user, _ = get_or_create_user("+447000000000")
return user
def test_user_model():
db_user, _ = get_or_create_user("+447000000000")
user = User.from_db_model(db_user)
assert db_user.user_id == user.user_id
assert "+447000000000" == user.phone_number