PhotosAPI/extensions/users.py

import logging
from datetime import datetime, timedelta
from uuid import uuid1

from fastapi import Depends, Form
from fastapi.responses import Response, UJSONResponse
from starlette.status import HTTP_204_NO_CONTENT

from classes.exceptions import (
    UserAlreadyExists,
    UserCredentialsInvalid,
    UserEmailCodeInvalid,
)
from modules.app import app
from modules.database import col_albums, col_emails, col_photos, col_users, col_videos
from modules.mailer import mail_sender
from modules.scheduler import scheduler
from modules.security import (
    User,
    get_current_active_user,
    get_password_hash,
    get_user,
    verify_password,
)
from modules.utils import configGet

logger = logging.getLogger(__name__)


async def send_confirmation(user: str, email: str):
    confirmation_code = str(uuid1())
    try:
        mail_sender.sendmail(
            from_addr=configGet("sender", "mailer", "smtp"),
            to_addrs=email,
            msg=f'From: {configGet("sender", "mailer", "smtp")}\nSubject: Email confirmation\n\n'
            + configGet(
                "message", "mailer", "messages", "registration_confirmation"
            ).format(
                configGet("external_address")
                + f"/users/{user}/confirm?code={confirmation_code}"
            ),
        )
        await col_emails.insert_one(
            {"user": user, "email": email, "used": False, "code": confirmation_code}
        )
        logger.info(
            "Sent confirmation email to '%s' with code %s", email, confirmation_code
        )
    except Exception as exc:
        logger.error("Could not send confirmation email to '%s' due to: %s", email, exc)


@app.get("/users/me/", response_model=User)
async def user_me(current_user: User = Depends(get_current_active_user)):
    return current_user


user_confirm_responses = {
    200: {
        "description": "Successful Response",
        "content": {
            "application/json": {
                "example": {"detail": configGet("email_confirmed", "messages")}
            }
        },
    },
    400: UserEmailCodeInvalid().openapi,
}
if configGet("registration_requires_confirmation") is True:

    @app.get(
        "/users/{user}/confirm",
        response_class=UJSONResponse,
        responses=user_confirm_responses,
    )
    @app.patch(
        "/users/{user}/confirm",
        response_class=UJSONResponse,
        responses=user_confirm_responses,
    )
    async def user_confirm(user: str, code: str):
        confirm_record = await col_emails.find_one(
            {"user": user, "code": code, "used": False}
        )
        if confirm_record is None:
            raise UserEmailCodeInvalid()
        await col_emails.find_one_and_update(
            {"_id": confirm_record["_id"]}, {"$set": {"used": True}}
        )
        await col_users.find_one_and_update(
            {"user": confirm_record["user"]}, {"$set": {"disabled": False}}
        )
        return UJSONResponse({"detail": configGet("email_confirmed", "messages")})


user_create_responses = {409: UserAlreadyExists().openapi}
if configGet("registration_enabled") is True:

    @app.post(
        "/users", status_code=HTTP_204_NO_CONTENT, responses=user_create_responses
    )
    async def user_create(
        user: str = Form(), email: str = Form(), password: str = Form()
    ):
        if (await col_users.find_one({"user": user})) is not None:
            raise UserAlreadyExists()
        await col_users.insert_one(
            {
                "user": user,
                "email": email,
                "quota": None,
                "hash": get_password_hash(password),
                "disabled": configGet("registration_requires_confirmation"),
            }
        )
        if configGet("registration_requires_confirmation") is True:
            scheduler.add_job(
                send_confirmation,
                trigger="date",
                run_date=datetime.now() + timedelta(seconds=1),
                kwargs={"user": user, "email": email},
            )
        return Response(status_code=HTTP_204_NO_CONTENT)


user_delete_responses = {401: UserCredentialsInvalid().openapi}


@app.delete(
    "/users/me/", status_code=HTTP_204_NO_CONTENT, responses=user_delete_responses
)
async def user_delete(
    password: str = Form(), current_user: User = Depends(get_current_active_user)
):
    user = await get_user(current_user.user)
    if not user:
        return False
    if not verify_password(password, user.hash):
        raise UserCredentialsInvalid()
    await col_users.delete_many({"user": current_user.user})
    await col_emails.delete_many({"user": current_user.user})
    await col_photos.delete_many({"user": current_user.user})
    await col_videos.delete_many({"user": current_user.user})
    await col_albums.delete_many({"user": current_user.user})
    return Response(status_code=HTTP_204_NO_CONTENT)
logWrite replaced with logging module 2023-06-23 12:25:27 +03:00			`import logging`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`from datetime import datetime, timedelta`
Sorted imports with isort 2023-06-22 14:17:53 +03:00			`from uuid import uuid1`

			`from fastapi import Depends, Form`
			`from fastapi.responses import Response, UJSONResponse`
			`from starlette.status import HTTP_204_NO_CONTENT`

Formatted everything with black 2023-03-12 15:59:13 +02:00			`from classes.exceptions import (`
			`UserAlreadyExists,`
			`UserCredentialsInvalid,`
			`UserEmailCodeInvalid,`
			`)`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`from modules.app import app`
Sorted imports with isort 2023-06-22 14:17:53 +03:00			`from modules.database import col_albums, col_emails, col_photos, col_users, col_videos`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`from modules.mailer import mail_sender`
Sorted imports with isort 2023-06-22 14:17:53 +03:00			`from modules.scheduler import scheduler`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`from modules.security import (`
			`User,`
			`get_current_active_user,`
			`get_password_hash,`
			`get_user,`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`verify_password,`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`)`
logWrite replaced with logging module 2023-06-23 12:25:27 +03:00			`from modules.utils import configGet`

			`logger = logging.getLogger(__name__)`
Divided users and security extensions 2023-01-09 16:01:30 +02:00

			`async def send_confirmation(user: str, email: str):`
			`confirmation_code = str(uuid1())`
			`try:`
			`mail_sender.sendmail(`
			`from_addr=configGet("sender", "mailer", "smtp"),`
			`to_addrs=email,`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`msg=f'From: {configGet("sender", "mailer", "smtp")}\nSubject: Email confirmation\n\n'`
			`+ configGet(`
			`"message", "mailer", "messages", "registration_confirmation"`
			`).format(`
			`configGet("external_address")`
			`+ f"/users/{user}/confirm?code={confirmation_code}"`
			`),`
			`)`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`await col_emails.insert_one(`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`{"user": user, "email": email, "used": False, "code": confirmation_code}`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`)`
logWrite replaced with logging module 2023-06-23 12:25:27 +03:00			`logger.info(`
			`"Sent confirmation email to '%s' with code %s", email, confirmation_code`
			`)`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`except Exception as exc:`
			`logger.error("Could not send confirmation email to '%s' due to: %s", email, exc)`
Divided users and security extensions 2023-01-09 16:01:30 +02:00

			`@app.get("/users/me/", response_model=User)`
			`async def user_me(current_user: User = Depends(get_current_active_user)):`
			`return current_user`


WIP: Better error handling 2023-02-16 15:55:03 +02:00			`user_confirm_responses = {`
WIP: Better exception handling 2023-02-16 16:04:28 +02:00			`200: {`
			`"description": "Successful Response",`
			`"content": {`
			`"application/json": {`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`"example": {"detail": configGet("email_confirmed", "messages")}`
WIP: Better exception handling 2023-02-16 16:04:28 +02:00			`}`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`},`
WIP: Better exception handling 2023-02-16 16:04:28 +02:00			`},`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`400: UserEmailCodeInvalid().openapi,`
WIP: Better error handling 2023-02-16 15:55:03 +02:00			`}`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`if configGet("registration_requires_confirmation") is True:`
Formatted everything with black 2023-03-12 15:59:13 +02:00
			`@app.get(`
			`"/users/{user}/confirm",`
			`response_class=UJSONResponse,`
			`responses=user_confirm_responses,`
			`)`
			`@app.patch(`
			`"/users/{user}/confirm",`
			`response_class=UJSONResponse,`
			`responses=user_confirm_responses,`
			`)`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`async def user_confirm(user: str, code: str):`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`confirm_record = await col_emails.find_one(`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`{"user": user, "code": code, "used": False}`
			`)`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`if confirm_record is None:`
WIP: Better error handling 2023-02-16 15:55:03 +02:00			`raise UserEmailCodeInvalid()`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`await col_emails.find_one_and_update(`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`{"_id": confirm_record["_id"]}, {"$set": {"used": True}}`
			`)`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`await col_users.find_one_and_update(`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`{"user": confirm_record["user"]}, {"$set": {"disabled": False}}`
			`)`
			`return UJSONResponse({"detail": configGet("email_confirmed", "messages")})`
Divided users and security extensions 2023-01-09 16:01:30 +02:00
Formatted everything with black 2023-03-12 15:59:13 +02:00
			`user_create_responses = {409: UserAlreadyExists().openapi}`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`if configGet("registration_enabled") is True:`
Formatted everything with black 2023-03-12 15:59:13 +02:00
			`@app.post(`
			`"/users", status_code=HTTP_204_NO_CONTENT, responses=user_create_responses`
			`)`
			`async def user_create(`
			`user: str = Form(), email: str = Form(), password: str = Form()`
			`):`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`if (await col_users.find_one({"user": user})) is not None:`
WIP: Better error handling 2023-02-16 15:55:03 +02:00			`raise UserAlreadyExists()`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`await col_users.insert_one(`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`{`
			`"user": user,`
			`"email": email,`
New secrets system and quotas (#35) 2023-11-25 18:50:09 +02:00			`"quota": None,`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`"hash": get_password_hash(password),`
			`"disabled": configGet("registration_requires_confirmation"),`
			`}`
			`)`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`if configGet("registration_requires_confirmation") is True:`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`scheduler.add_job(`
			`send_confirmation,`
			`trigger="date",`
			`run_date=datetime.now() + timedelta(seconds=1),`
			`kwargs={"user": user, "email": email},`
			`)`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`return Response(status_code=HTTP_204_NO_CONTENT)`

Formatted everything with black 2023-03-12 15:59:13 +02:00
			`user_delete_responses = {401: UserCredentialsInvalid().openapi}`


			`@app.delete(`
			`"/users/me/", status_code=HTTP_204_NO_CONTENT, responses=user_delete_responses`
			`)`
			`async def user_delete(`
			`password: str = Form(), current_user: User = Depends(get_current_active_user)`
			`):`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`user = await get_user(current_user.user)`
Divided users and security extensions 2023-01-09 16:01:30 +02:00			`if not user:`
			`return False`
			`if not verify_password(password, user.hash):`
WIP: Better error handling 2023-02-16 15:55:03 +02:00			`raise UserCredentialsInvalid()`
WIP: Migration to async_pymongo 2023-08-14 14:44:07 +03:00			`await col_users.delete_many({"user": current_user.user})`
			`await col_emails.delete_many({"user": current_user.user})`
			`await col_photos.delete_many({"user": current_user.user})`
			`await col_videos.delete_many({"user": current_user.user})`
			`await col_albums.delete_many({"user": current_user.user})`
Formatted everything with black 2023-03-12 15:59:13 +02:00			`return Response(status_code=HTTP_204_NO_CONTENT)`