Feature/reset password (#289)

* WIP register - not finished

* register fixed errors

* register fixed flake-8

* register fixed tests flake8

* register fixed tests issues

* register flake8 fix

* register flake8 more fixes

* fixed CR suggestions

* first commit

* fixed check_jwt_token

* Not Finshed

* minor fix

* starting dependancy

* dependancies working

* redirectin and user messages

* async fixing

* exception handler

* quary parameters

* Documentation added

* fixed pep8

* pep8 more fixes

* pep8 config fix

* pep8 jwt fix

* pep8 jwt final fix

* pep8 final fix

* CR fixes, tests added

* flake8 fixes

* flake8 fixes2

* updating requirements

* test added

* flake8 fix

* CR fixing

* flake8 fixes

* flake8 fix2

* flake8 fixes3

* flake8 fixes4

* flake8 fixes5

* CR fix

* Revert "CR fix"

This reverts commit 8fbe36a.

* CR fixes

* works, before tests

* testing are not done

* tests not finished

* first push

* before pull from develop

* docstring added

* send_reset_password_mail function updated

* tests fixed

* CR and more fixes

* CR fixes

* upgraded security in dependencies

* CR and get_jwt_token function fixes

* CR fixes

* CR small fix

* html fix

Author: kobyfogel

app/config.py.example

@@ -67,6 +67,7 @@ email_conf = ConnectionConfig(
 JWT_KEY = "JWT_KEY_PLACEHOLDER"
 JWT_ALGORITHM = "HS256"
 JWT_MIN_EXP = 60 * 24 * 7
+
 templates = Jinja2Templates(directory=os.path.join("app", "templates"))
 
 # application name

app/database/schemas.py

@@ -75,6 +75,8 @@ def username_length(cls, username: str) -> Union[ValueError, str]:
         """Validating username length is legal"""
         if not (MIN_FIELD_LENGTH < len(username) < MAX_FIELD_LENGTH):
             raise ValueError("must contain between 3 to 20 charactars")
+        if username.startswith("@"):
+            raise ValueError("username can not start with '@'")
         return username
 
     @validator("password")

app/internal/email.py

@@ -7,16 +7,26 @@
 from pydantic.errors import EmailError
 from sqlalchemy.orm.session import Session
 
-from app.config import (CALENDAR_HOME_PAGE, CALENDAR_REGISTRATION_PAGE,
-                        CALENDAR_SITE_NAME, email_conf, templates)
+from app.config import (
+    CALENDAR_HOME_PAGE,
+    CALENDAR_REGISTRATION_PAGE,
+    CALENDAR_SITE_NAME,
+    DOMAIN,
+    email_conf,
+)
 from app.database.models import Event, User
+from app.dependencies import templates
+from app.internal.security.schema import ForgotPassword
 
 mail = FastMail(email_conf)
 
 
 def send(
-        session: Session, event_used: int, user_to_send: int,
-        title: str, background_tasks: BackgroundTasks = BackgroundTasks
+    session: Session,
+    event_used: int,
+    user_to_send: int,
+    title: str,
+    background_tasks: BackgroundTasks = BackgroundTasks,
 ) -> bool:
     """This function is being used to send emails in the background.
     It takes an event and a user and it sends the event to the user.
@@ -32,10 +42,8 @@ def send(
     Returns:
         bool: Returns True if the email was sent, else returns False.
     """
-    event_used = session.query(Event).filter(
-        Event.id == event_used).first()
-    user_to_send = session.query(User).filter(
-        User.id == user_to_send).first()
+    event_used = session.query(Event).filter(Event.id == event_used).first()
+    user_to_send = session.query(User).filter(User.id == user_to_send).first()
     if not user_to_send or not event_used:
         return False
     if not verify_email_pattern(user_to_send.email):
@@ -45,18 +53,21 @@ def send(
     recipients = {"email": [user_to_send.email]}.get("email")
     body = f"begins at:{event_used.start} : {event_used.content}"
 
-    background_tasks.add_task(send_internal,
-                              subject=subject,
-                              recipients=recipients,
-                              body=body)
+    background_tasks.add_task(
+        send_internal,
+        subject=subject,
+        recipients=recipients,
+        body=body,
+    )
     return True
 
 
-def send_email_invitation(sender_name: str,
-                          recipient_name: str,
-                          recipient_mail: str,
-                          background_tasks: BackgroundTasks = BackgroundTasks
-                          ) -> bool:
+def send_email_invitation(
+    sender_name: str,
+    recipient_name: str,
+    recipient_mail: str,
+    background_tasks: BackgroundTasks = BackgroundTasks,
+) -> bool:
     """
     This function takes as parameters the sender's name,
     the recipient's name and his email address, configuration, and
@@ -81,28 +92,35 @@ def send_email_invitation(sender_name: str,
         return False
 
     template = templates.get_template("invite_mail.html")
-    html = template.render(recipient=recipient_name, sender=sender_name,
-                           site_name=CALENDAR_SITE_NAME,
-                           registration_link=CALENDAR_REGISTRATION_PAGE,
-                           home_link=CALENDAR_HOME_PAGE,
-                           addr_to=recipient_mail)
+    html = template.render(
+        recipient=recipient_name,
+        sender=sender_name,
+        site_name=CALENDAR_SITE_NAME,
+        registration_link=CALENDAR_REGISTRATION_PAGE,
+        home_link=CALENDAR_HOME_PAGE,
+        addr_to=recipient_mail,
+    )
 
     subject = "Invitation"
     recipients = [recipient_mail]
     body = html
     subtype = "html"
 
-    background_tasks.add_task(send_internal,
-                              subject=subject,
-                              recipients=recipients,
-                              body=body,
-                              subtype=subtype)
+    background_tasks.add_task(
+        send_internal,
+        subject=subject,
+        recipients=recipients,
+        body=body,
+        subtype=subtype,
+    )
     return True
 
 
-def send_email_file(file_path: str,
-                    recipient_mail: str,
-                    background_tasks: BackgroundTasks = BackgroundTasks):
+def send_email_file(
+    file_path: str,
+    recipient_mail: str,
+    background_tasks: BackgroundTasks = BackgroundTasks,
+):
     """
     his function takes as parameters the file's path,
     the recipient's email address, configuration, and
@@ -126,19 +144,23 @@ def send_email_file(file_path: str,
     body = "file"
     file_attachments = [file_path]
 
-    background_tasks.add_task(send_internal,
-                              subject=subject,
-                              recipients=recipients,
-                              body=body,
-                              file_attachments=file_attachments)
+    background_tasks.add_task(
+        send_internal,
+        subject=subject,
+        recipients=recipients,
+        body=body,
+        file_attachments=file_attachments,
+    )
     return True
 
 
-async def send_internal(subject: str,
-                        recipients: List[str],
-                        body: str,
-                        subtype: Optional[str] = None,
-                        file_attachments: Optional[List[str]] = None):
+async def send_internal(
+    subject: str,
+    recipients: List[str],
+    body: str,
+    subtype: Optional[str] = None,
+    file_attachments: Optional[List[str]] = None,
+):
     if file_attachments is None:
         file_attachments = []
 
@@ -147,8 +169,10 @@ async def send_internal(subject: str,
         recipients=[EmailStr(recipient) for recipient in recipients],
         body=body,
         subtype=subtype,
-        attachments=[UploadFile(file_attachment)
-                     for file_attachment in file_attachments])
+        attachments=[
+            UploadFile(file_attachment) for file_attachment in file_attachments
+        ],
+    )
 
     return await send_internal_internal(message)
 
@@ -177,3 +201,32 @@ def verify_email_pattern(email: str) -> bool:
         return True
     except EmailError:
         return False
+
+
+async def send_reset_password_mail(
+    user: ForgotPassword,
+    background_tasks: BackgroundTasks,
+) -> bool:
+    """
+    This function sends a reset password email to user.
+    :param user: ForgotPassword schema.
+        Contains user's email address, jwt verifying token.
+    :param background_tasks: (BackgroundTasks): Function from fastapi that lets
+            you apply tasks in the background.
+    returns True
+    """
+    params = f"?email_verification_token={user.email_verification_token}"
+    template = templates.get_template("reset_password_mail.html")
+    html = template.render(
+        recipient=user.username.lstrip("@"),
+        link=f"{DOMAIN}/reset-password{params}",
+        email=user.email,
+    )
+    background_tasks.add_task(
+        send_internal,
+        subject="Calendar reset password",
+        recipients=[user.email],
+        body=html,
+        subtype="html",
+    )
+    return True

app/internal/security/dependencies.py

@@ -20,7 +20,13 @@ async def is_logged_in(
     """
     A dependency function protecting routes for only logged in user
     """
-    await get_jwt_token(db, jwt)
+    jwt_payload = get_jwt_token(jwt)
+    user_id = jwt_payload.get("user_id")
+    if not user_id:
+        raise HTTPException(
+            status_code=HTTP_401_UNAUTHORIZED,
+            detail="Your token is not valid. Please log in again",
+        )
     return True
 
 
@@ -32,8 +38,9 @@ async def is_manager(
     """
     A dependency function protecting routes for only logged in manager
     """
-    jwt_payload = await get_jwt_token(db, jwt)
-    if jwt_payload.get("is_manager"):
+    jwt_payload = get_jwt_token(jwt)
+    user_id = jwt_payload.get("user_id")
+    if jwt_payload.get("is_manager") and user_id:
         return True
     raise HTTPException(
         status_code=HTTP_401_UNAUTHORIZED,
@@ -51,7 +58,7 @@ async def current_user_from_db(
     Returns logged in User object.
     A dependency function protecting routes for only logged in user.
     """
-    jwt_payload = await get_jwt_token(db, jwt)
+    jwt_payload = get_jwt_token(jwt)
     username = jwt_payload.get("sub")
     user_id = jwt_payload.get("user_id")
     db_user = await User.get_by_username(db, username=username)
@@ -74,7 +81,12 @@ async def current_user(
     Returns logged in User object.
     A dependency function protecting routes for only logged in user.
     """
-    jwt_payload = await get_jwt_token(db, jwt)
+    jwt_payload = get_jwt_token(jwt)
     username = jwt_payload.get("sub")
     user_id = jwt_payload.get("user_id")
+    if not user_id:
+        raise HTTPException(
+            status_code=HTTP_401_UNAUTHORIZED,
+            detail="Your token is not valid. Please log in again",
+        )
     return schema.CurrentUser(user_id=user_id, username=username)

app/internal/security/ouath2.py

@@ -9,7 +9,7 @@
 from sqlalchemy.orm import Session
 from starlette.requests import Request
 from starlette.responses import RedirectResponse
-from starlette.status import HTTP_401_UNAUTHORIZED
+from starlette.status import HTTP_302_FOUND, HTTP_401_UNAUTHORIZED
 
 from app.config import JWT_ALGORITHM, JWT_KEY, JWT_MIN_EXP
 from app.database.models import User
@@ -20,7 +20,20 @@
 oauth_schema = OAuth2PasswordBearer(tokenUrl="/login")
 
 
-def get_hashed_password(password: bytes) -> str:
+async def update_password(
+    db: Session,
+    username: str,
+    user_password: str,
+) -> None:
+    """Updating User password in database"""
+    db_user = await User.get_by_username(db=db, username=username)
+    hashed_password = get_hashed_password(user_password)
+    db_user.password = hashed_password
+    db.commit()
+    return
+
+
+def get_hashed_password(password: str) -> str:
     """Hashing user password"""
     return pwd_context.hash(password)
 
@@ -30,17 +43,47 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
     return pwd_context.verify(plain_password, hashed_password)
 
 
+async def is_email_compatible_to_username(
+    db: Session,
+    user: schema.ForgotPassword,
+    email: bool = False,
+) -> Union[schema.ForgotPassword, bool]:
+    """
+    Verifying database record by username.
+    Comparing given email to database record,
+    """
+    db_user = await User.get_by_username(
+        db=db,
+        username=user.username.lstrip("@"),
+    )
+    if not db_user:
+        return False
+    if db_user.email == user.email:
+        return schema.ForgotPassword(
+            username=user.username,
+            user_id=db_user.id,
+            email=db_user.email,
+        )
+    return False
+
+
 async def authenticate_user(
     db: Session,
-    new_user: schema.LoginUser,
+    user: schema.LoginUser,
 ) -> Union[schema.LoginUser, bool]:
-    """Verifying user is in database and password is correct"""
-    db_user = await User.get_by_username(db=db, username=new_user.username)
-    if db_user and verify_password(new_user.password, db_user.password):
+    """
+    Verifying database record by username.
+    Comparing given password to database record,
+    varies with which function called this action.
+    """
+    db_user = await User.get_by_username(db=db, username=user.username)
+    if not db_user:
+        return False
+    elif verify_password(user.password, db_user.password):
         return schema.LoginUser(
             user_id=db_user.id,
             is_manager=db_user.is_manager,
-            username=new_user.username,
+            username=user.username,
             password=db_user.password,
         )
     return False
@@ -63,8 +106,7 @@ def create_jwt_token(
     return jwt_token
 
 
-async def get_jwt_token(
-    db: Session,
+def get_jwt_token(
     token: str = Depends(oauth_schema),
     path: Union[bool, str] = None,
 ) -> User:
@@ -121,6 +163,6 @@ async def auth_exception_handler(
     """
     paramas = f"?next={exc.headers}&message={exc.detail}"
     url = f"/login{paramas}"
-    response = RedirectResponse(url=url)
+    response = RedirectResponse(url=url, status_code=HTTP_302_FOUND)
     response.delete_cookie("Authorization")
     return response