Email confirmations added
This commit is contained in:
parent
6df2d274b1
commit
31d42f3ce7
@ -11,6 +11,30 @@
|
||||
"key_invalid": "Invalid API key",
|
||||
"key_valid": "Valid API key",
|
||||
"bad_request": "Bad request. Read the docs at photos.end-play.xyz/docs",
|
||||
"ip_blacklisted": "Your IP is blacklisted. Make sure you are using correct API address."
|
||||
"ip_blacklisted": "Your IP is blacklisted. Make sure you are using correct API address.",
|
||||
"credentials_invalid": "Incorrect user or password",
|
||||
"user_already_exists": "User with this username already exists.",
|
||||
"email_confirmed": "Email confirmed. You can now log in.",
|
||||
"email_code_invalid": "Confirmation code is invalid."
|
||||
},
|
||||
"external_address": "localhost",
|
||||
"registration_enabled": true,
|
||||
"registration_requires_confirmation": true,
|
||||
"mailer": {
|
||||
"smtp": {
|
||||
"host": "",
|
||||
"port": 0,
|
||||
"sender": "",
|
||||
"login": "",
|
||||
"password": "",
|
||||
"use_ssl": true,
|
||||
"use_tls": false
|
||||
},
|
||||
"messages": {
|
||||
"registration_confirmation": {
|
||||
"subject": "Email confirmation",
|
||||
"message": "To confirm your email please follow this link: {0}"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
@ -1,9 +1,16 @@
|
||||
from datetime import timedelta
|
||||
from modules.database import col_users
|
||||
from datetime import datetime, timedelta
|
||||
from modules.database import col_users, col_albums, col_photos, col_emails, col_videos, col_emails, col_tokens
|
||||
from modules.app import app
|
||||
from modules.utils import configGet, logWrite
|
||||
from modules.scheduler import scheduler
|
||||
from modules.mailer import mail_sender
|
||||
|
||||
from fastapi import Depends, HTTPException, Response
|
||||
from starlette.status import HTTP_204_NO_CONTENT
|
||||
from uuid import uuid1
|
||||
from email.mime.text import MIMEText
|
||||
from email.mime.multipart import MIMEMultipart
|
||||
from fastapi import Depends, HTTPException
|
||||
from fastapi.responses import Response, UJSONResponse
|
||||
from starlette.status import HTTP_204_NO_CONTENT, HTTP_400_BAD_REQUEST, HTTP_406_NOT_ACCEPTABLE
|
||||
from fastapi.security import (
|
||||
OAuth2PasswordRequestForm,
|
||||
)
|
||||
@ -15,15 +22,30 @@ from modules.security import (
|
||||
authenticate_user,
|
||||
create_access_token,
|
||||
get_current_active_user,
|
||||
get_password_hash
|
||||
get_password_hash,
|
||||
get_user,
|
||||
verify_password
|
||||
)
|
||||
|
||||
|
||||
async def send_confirmation(user: str, email: str):
|
||||
confirmation_code = str(uuid1())
|
||||
try:
|
||||
mail_sender.sendmail(
|
||||
from_addr=configGet("sender", "mailer", "smtp"),
|
||||
to_addrs=email,
|
||||
msg=f'From: {configGet("sender", "mailer", "smtp")}\nSubject: Email confirmation\n\n'+configGet("message", "mailer", "messages", "registration_confirmation").format(configGet("external_address")+f"/users/{user}/confirm?code={confirmation_code}")
|
||||
)
|
||||
col_emails.insert_one( {"user": user, "email": email, "used": False, "code": confirmation_code} )
|
||||
except Exception as exp:
|
||||
logWrite(f"Could not send confirmation email to '{email}' due to: {exp}")
|
||||
|
||||
|
||||
@app.post("/token", response_model=Token)
|
||||
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
|
||||
user = authenticate_user(form_data.username, form_data.password)
|
||||
if not user:
|
||||
raise HTTPException(status_code=400, detail="Incorrect user or password")
|
||||
raise HTTPException(status_code=400, detail=configGet("credentials_invalid", "messages"))
|
||||
access_token_expires = timedelta(days=ACCESS_TOKEN_EXPIRE_DAYS)
|
||||
access_token = create_access_token(
|
||||
data={"sub": user.user, "scopes": form_data.scopes},
|
||||
@ -37,19 +59,37 @@ async def read_users_me(current_user: User = Depends(get_current_active_user)):
|
||||
return current_user
|
||||
|
||||
|
||||
@app.post("/users", response_class=Response)
|
||||
if configGet("registration_requires_confirmation") is True:
|
||||
@app.get("/users/{user}/confirm")
|
||||
@app.patch("/users/{user}/confirm")
|
||||
async def confirm_users(user: str, code: str):
|
||||
confirm_record = col_emails.find_one( {"user": user, "code": code, "used": False} )
|
||||
if confirm_record is None:
|
||||
return HTTPException(HTTP_400_BAD_REQUEST, detail=configGet("email_code_invalid", "messages"))
|
||||
col_emails.find_one_and_update( {"_id": confirm_record["_id"]}, {"$set": {"used": True}} )
|
||||
col_users.find_one_and_update( {"user": confirm_record["user"]}, {"$set": {"disabled": False}} )
|
||||
return UJSONResponse( {"detail": configGet("email_confirmed", "messages")} )
|
||||
|
||||
if configGet("registration_enabled") is True:
|
||||
@app.post("/users")
|
||||
async def create_users(user: str, email: str, password: str):
|
||||
col_users.insert_one( {"user": user, "email": email, "hash": get_password_hash(password), "disabled": True} )
|
||||
if col_users.find_one( {"user": user} ) is not None:
|
||||
return HTTPException(HTTP_406_NOT_ACCEPTABLE, detail=configGet("user_already_exists", "messages"))
|
||||
col_users.insert_one( {"user": user, "email": email, "hash": get_password_hash(password), "disabled": configGet("registration_requires_confirmation")} )
|
||||
if configGet("registration_requires_confirmation") is True:
|
||||
scheduler.add_job( send_confirmation, trigger="date", run_date=datetime.now()+timedelta(seconds=1), kwargs={"user": user, "email": email} )
|
||||
return Response(status_code=HTTP_204_NO_CONTENT)
|
||||
|
||||
|
||||
# @app.get("/users/me/items/")
|
||||
# async def read_own_items(
|
||||
# current_user: User = Security(get_current_active_user, scopes=["items"])
|
||||
# ):
|
||||
# return [{"item_id": "Foo", "owner": current_user.user}]
|
||||
|
||||
|
||||
# @app.get("/status/")
|
||||
# async def read_system_status(current_user: User = Depends(get_current_user)):
|
||||
# return {"status": "ok"}
|
||||
@app.delete("/users/me/")
|
||||
async def delete_users(password: str, current_user: User = Depends(get_current_active_user)):
|
||||
user = get_user(current_user.user)
|
||||
if not user:
|
||||
return False
|
||||
if not verify_password(password, user.hash):
|
||||
return HTTPException(HTTP_400_BAD_REQUEST, detail=configGet("credentials_invalid", "messages"))
|
||||
col_users.delete_many( {"user": current_user.user} )
|
||||
col_emails.delete_many( {"user": current_user.user} )
|
||||
col_photos.delete_many( {"user": current_user.user} )
|
||||
col_videos.delete_many( {"user": current_user.user} )
|
||||
col_albums.delete_many( {"user": current_user.user} )
|
@ -24,7 +24,7 @@ db = db_client.get_database(name=db_config["name"])
|
||||
|
||||
collections = db.list_collection_names()
|
||||
|
||||
for collection in ["users", "albums", "photos", "videos", "tokens"]:
|
||||
for collection in ["users", "albums", "photos", "videos", "tokens", "emails"]:
|
||||
if not collection in collections:
|
||||
db.create_collection(collection)
|
||||
|
||||
@ -33,5 +33,6 @@ col_albums = db.get_collection("albums")
|
||||
col_photos = db.get_collection("photos")
|
||||
col_videos = db.get_collection("videos")
|
||||
col_tokens = db.get_collection("tokens")
|
||||
col_emails = db.get_collection("emails")
|
||||
|
||||
col_photos.create_index([("location", GEOSPHERE)])
|
39
modules/mailer.py
Normal file
39
modules/mailer.py
Normal file
@ -0,0 +1,39 @@
|
||||
from smtplib import SMTP, SMTP_SSL
|
||||
from traceback import print_exc
|
||||
from ssl import create_default_context
|
||||
from modules.utils import configGet, logWrite
|
||||
|
||||
try:
|
||||
if configGet("use_ssl", "mailer", "smtp") is True:
|
||||
mail_sender = SMTP_SSL(
|
||||
configGet("host", "mailer", "smtp"),
|
||||
configGet("port", "mailer", "smtp"),
|
||||
)
|
||||
logWrite(f"Initialized SMTP SSL connection")
|
||||
elif configGet("use_tls", "mailer", "smtp") is True:
|
||||
mail_sender = SMTP(
|
||||
configGet("host", "mailer", "smtp"),
|
||||
configGet("port", "mailer", "smtp"),
|
||||
)
|
||||
mail_sender.starttls(context=create_default_context())
|
||||
mail_sender.ehlo()
|
||||
logWrite(f"Initialized SMTP TLS connection")
|
||||
else:
|
||||
mail_sender = SMTP(
|
||||
configGet("host", "mailer", "smtp"),
|
||||
configGet("port", "mailer", "smtp")
|
||||
)
|
||||
mail_sender.ehlo()
|
||||
logWrite(f"Initialized SMTP connection")
|
||||
except Exception as exp:
|
||||
logWrite(f"Could not initialize SMTP connection to: {exp}")
|
||||
print_exc()
|
||||
|
||||
try:
|
||||
mail_sender.login(
|
||||
configGet("login", "mailer", "smtp"),
|
||||
configGet("password", "mailer", "smtp")
|
||||
)
|
||||
logWrite(f"Successfully initialized mailer")
|
||||
except Exception as exp:
|
||||
logWrite(f"Could not login into provided SMTP account due to: {exp}")
|
Loading…
Reference in New Issue
Block a user