odapi/database/crud.py

from datetime import datetime

from fastapi import HTTPException
from passlib.context import CryptContext

from app.schemas import *
from constants import SHA1_SALT
from database import SessionLocal
from database.models import *

pwd_context = CryptContext(schemes=["bcrypt", "hex_sha1"], deprecated=["hex_sha1"])


def get_db():
    db = SessionLocal()
    try:
        yield db
    finally:
        db.close()


def instantiate_model(model, data):
    table = eval(model)
    instance = table(**data.dict())
    return instance


def insert_data(model, data, db):
    item = instantiate_model(model=model, data=data)
    db.add(item)
    db.commit()
    db.refresh(item)
    return item


# FIXME db.id has to be replaced with the table's UID
def delete_data(model, data, db):
    item = instantiate_model(model=model, data=data)
    result = db.query(item).filter(item.email == data.email).delete()
    return result


def fetch_user_by_key(data, db):
    return db.query(Users).filter(Users.access_key == data.access_key).first()


def fetch_user_by_email(data, db):
    return db.query(Users).filter(Users.email == data.email).first()


def create_user(data, db):
    data.password = pwd_context.hash(secret=data.password)
    user = insert_data(model="Users", data=data, db=db)
    return user


def update_otp(data, db):
    db.query(Users).filter(Users.email == data.email).update(
        {Users.otp: data.otp, Users.otp_valid_time: data.otp_valid_time}
    )
    db.commit()


def update_password_hash(user, password, db):
    new_hash = pwd_context.hash(secret=password)
    db.query(Users).filter(Users.email == user.email).update({Users.password: new_hash})
    db.commit()
    db.refresh(user)


def check_legacy_hash(db_hash):
    sha1_length = 40
    if len(db_hash) == sha1_length:
        return True
    return False


def construct_secret(db_hash, password):
    legacy_hash = check_legacy_hash(db_hash=db_hash)
    if legacy_hash:
        return SHA1_SALT + password, legacy_hash
    return password, legacy_hash


def verify_password(user, password, db):
    secret, legacy_hash = construct_secret(db_hash=user.password, password=password)
    correct_password = pwd_context.verify(secret=secret, hash=user.password)
    if correct_password:
        if legacy_hash:
            update_password_hash(user=user, password=password, db=db)
        return True
    return False


def authenticate_user(data: UserLogin, db):
    user = fetch_user_by_email(data=data, db=db)
    if not user:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    correct_password = verify_password(user=user, password=data.password, db=db)
    if not correct_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    valid_account = user.status
    if not valid_account:
        raise HTTPException(status_code=400, detail="Your account is not active")
    return user


def activate_account(user, db):
    db.query(Users).filter(Users.access_key == user.access_key).update(
        {Users.status: 1}
    )
    db.commit()
    db.refresh(user)


def deactivate_account(user, db):
    db.query(Users).filter(Users.email == user.email).update(
        {Users.status: 0, Users.forgot_password: 1}
    )
    db.commit()
    db.refresh(user)


def unset_forgot_password(user, db):
    db.query(Users).filter(Users.email == user.email).update({Users.forgot_password: 0})
    db.commit()
    db.refresh(user)


def verify_otp(data: OTPVerify, db):
    user = fetch_user_by_key(data=data, db=db)
    matching_otp = user.otp == data.otp
    valid_time = datetime.now() < user.otp_valid_time
    valid_otp = matching_otp and valid_time
    if valid_otp:
        activate_account(user=user, db=db)
        return user
    else:
        raise HTTPException(status_code=400, detail="The OTP is not correct")


def mark_password_reset(data, db):
    user = fetch_user_by_email(data=data, db=db)
    if user.social_id:
        raise HTTPException(
            status_code=400,
            detail="You logged in with Facebook/Google. You can't reset the password",
        )
    deactivate_account(user=user, db=db)


def verify_password_reset(data, db):
    user = fetch_user_by_email(data=data, db=db)
    valid_account = user.status
    password_reset_request = user.forgot_password
    valid_request = valid_account and password_reset_request
    if valid_request:
        update_password_hash(user=user, password=data.password, db=db)
        unset_forgot_password(user=user, db=db)
        return user
    else:
        raise HTTPException(status_code=400, detail="The OTP is not correct")
Implement OTP verification 2020-09-28 18:19:59 +02:00			`from datetime import datetime`
Rewrite SHA1 verification using passlib primitives 2020-10-05 17:04:40 +02:00
Implement OTP verification 2020-09-28 18:19:59 +02:00			`from fastapi import HTTPException`
Store password as a hash 2020-09-30 11:27:48 +02:00			`from passlib.context import CryptContext`
Migrate to FastAPI with a focus on async code 2020-06-05 01:09:55 +02:00
			`from app.schemas import *`
Implement login with secure password rehashing 2020-10-05 15:35:13 +02:00			`from constants import SHA1_SALT`
Replace async SQL queries with standard ones 2020-08-01 19:04:35 +02:00			`from database import SessionLocal`
			`from database.models import *`
Migrate to FastAPI with a focus on async code 2020-06-05 01:09:55 +02:00
Rewrite SHA1 verification using passlib primitives 2020-10-05 17:04:40 +02:00			`pwd_context = CryptContext(schemes=["bcrypt", "hex_sha1"], deprecated=["hex_sha1"])`
Store password as a hash 2020-09-30 11:27:48 +02:00

Replace async SQL queries with standard ones 2020-08-01 19:04:35 +02:00			`def get_db():`
			`db = SessionLocal()`
			`try:`
			`yield db`
			`finally:`
			`db.close()`
Add user registration, with JSON validation 2020-04-15 00:29:59 +02:00
Add user login and replace pipenv with Nix 2020-05-28 00:53:23 +02:00
Move database dependency from crud to routes 2020-09-11 00:00:48 +02:00			`def instantiate_model(model, data):`
			`table = eval(model)`
			`instance = table(**data.dict())`
Add user login and replace pipenv with Nix 2020-05-28 00:53:23 +02:00			`return instance`


Move database dependency from crud to routes 2020-09-11 00:00:48 +02:00			`def insert_data(model, data, db):`
			`item = instantiate_model(model=model, data=data)`
Replace async SQL queries with standard ones 2020-08-01 19:04:35 +02:00			`db.add(item)`
			`db.commit()`
Move database dependency from crud to routes 2020-09-11 00:00:48 +02:00			`db.refresh(item)`
Craft proper response for user registration 2020-09-22 13:59:29 +02:00			`return item`
Migrate to FastAPI with a focus on async code 2020-06-05 01:09:55 +02:00

Replace async SQL queries with standard ones 2020-08-01 19:04:35 +02:00			`# FIXME db.id has to be replaced with the table's UID`
Craft proper response for user registration 2020-09-22 13:59:29 +02:00			`def delete_data(model, data, db):`
			`item = instantiate_model(model=model, data=data)`
			`result = db.query(item).filter(item.email == data.email).delete()`
Replace async SQL queries with standard ones 2020-08-01 19:04:35 +02:00			`return result`
Add user registration, with JSON validation 2020-04-15 00:29:59 +02:00

Implement OTP verification 2020-09-28 18:19:59 +02:00			`def fetch_user_by_key(data, db):`
			`return db.query(Users).filter(Users.access_key == data.access_key).first()`
Add user registration, with JSON validation 2020-04-15 00:29:59 +02:00

Implement OTP verification 2020-09-28 18:19:59 +02:00			`def fetch_user_by_email(data, db):`
			`return db.query(Users).filter(Users.email == data.email).first()`
Add OTP verification 2020-04-19 21:30:41 +02:00

Update OTP value and valid time before resend 2020-10-03 14:50:19 +02:00			`def create_user(data, db):`
Rewrite SHA1 verification using passlib primitives 2020-10-05 17:04:40 +02:00			`data.password = pwd_context.hash(secret=data.password)`
Store password as a hash 2020-09-30 11:27:48 +02:00			`user = insert_data(model="Users", data=data, db=db)`
			`return user`


Implement password reset 2020-10-08 21:23:19 +02:00			`def update_otp(data, db):`
Update OTP value and valid time before resend 2020-10-03 14:50:19 +02:00			`db.query(Users).filter(Users.email == data.email).update(`
			`{Users.otp: data.otp, Users.otp_valid_time: data.otp_valid_time}`
			`)`
			`db.commit()`


Implement login with secure password rehashing 2020-10-05 15:35:13 +02:00			`def update_password_hash(user, password, db):`
Rewrite SHA1 verification using passlib primitives 2020-10-05 17:04:40 +02:00			`new_hash = pwd_context.hash(secret=password)`
Implement login with secure password rehashing 2020-10-05 15:35:13 +02:00			`db.query(Users).filter(Users.email == user.email).update({Users.password: new_hash})`
			`db.commit()`
			`db.refresh(user)`


Rewrite SHA1 verification using passlib primitives 2020-10-05 17:04:40 +02:00			`def check_legacy_hash(db_hash):`
Implement login with secure password rehashing 2020-10-05 15:35:13 +02:00			`sha1_length = 40`
Rewrite SHA1 verification using passlib primitives 2020-10-05 17:04:40 +02:00			`if len(db_hash) == sha1_length:`
Implement login with secure password rehashing 2020-10-05 15:35:13 +02:00			`return True`
			`return False`


Rewrite SHA1 verification using passlib primitives 2020-10-05 17:04:40 +02:00			`def construct_secret(db_hash, password):`
			`legacy_hash = check_legacy_hash(db_hash=db_hash)`
			`if legacy_hash:`
			`return SHA1_SALT + password, legacy_hash`
			`return password, legacy_hash`
Implement login with secure password rehashing 2020-10-05 15:35:13 +02:00

			`def verify_password(user, password, db):`
Rewrite SHA1 verification using passlib primitives 2020-10-05 17:04:40 +02:00			`secret, legacy_hash = construct_secret(db_hash=user.password, password=password)`
			`correct_password = pwd_context.verify(secret=secret, hash=user.password)`
			`if correct_password:`
			`if legacy_hash:`
			`update_password_hash(user=user, password=password, db=db)`
			`return True`
			`return False`
Implement login with secure password rehashing 2020-10-05 15:35:13 +02:00

			`def authenticate_user(data: UserLogin, db):`
			`user = fetch_user_by_email(data=data, db=db)`
			`if not user:`
			`raise HTTPException(status_code=400, detail="Incorrect username or password")`
			`correct_password = verify_password(user=user, password=data.password, db=db)`
			`if not correct_password:`
			`raise HTTPException(status_code=400, detail="Incorrect username or password")`
			`valid_account = user.status`
			`if not valid_account:`
			`raise HTTPException(status_code=400, detail="Your account is not active")`
Implement OTP verification 2020-09-28 18:19:59 +02:00			`return user`
Add OTP verification 2020-04-19 21:30:41 +02:00

Remove redundant DB query on account activation 2020-10-04 16:42:18 +02:00			`def activate_account(user, db):`
			`db.query(Users).filter(Users.access_key == user.access_key).update(`
			`{Users.status: 1}`
			`)`
			`db.commit()`
			`db.refresh(user)`


Implement forgot password 2020-10-08 20:47:10 +02:00			`def deactivate_account(user, db):`
			`db.query(Users).filter(Users.email == user.email).update(`
			`{Users.status: 0, Users.forgot_password: 1}`
			`)`
			`db.commit()`
			`db.refresh(user)`


Implement password reset 2020-10-08 21:23:19 +02:00			`def unset_forgot_password(user, db):`
			`db.query(Users).filter(Users.email == user.email).update({Users.forgot_password: 0})`
			`db.commit()`
			`db.refresh(user)`


Move database dependency from crud to routes 2020-09-11 00:00:48 +02:00			`def verify_otp(data: OTPVerify, db):`
Implement OTP verification 2020-09-28 18:19:59 +02:00			`user = fetch_user_by_key(data=data, db=db)`
			`matching_otp = user.otp == data.otp`
			`valid_time = datetime.now() < user.otp_valid_time`
			`valid_otp = matching_otp and valid_time`
Move database dependency from crud to routes 2020-09-11 00:00:48 +02:00			`if valid_otp:`
Remove redundant DB query on account activation 2020-10-04 16:42:18 +02:00			`activate_account(user=user, db=db)`
			`return user`
Implement OTP verification 2020-09-28 18:19:59 +02:00			`else:`
			`raise HTTPException(status_code=400, detail="The OTP is not correct")`
Implement forgot password 2020-10-08 20:47:10 +02:00

			`def mark_password_reset(data, db):`
			`user = fetch_user_by_email(data=data, db=db)`
			`if user.social_id:`
			`raise HTTPException(`
			`status_code=400,`
			`detail="You logged in with Facebook/Google. You can't reset the password",`
			`)`
			`deactivate_account(user=user, db=db)`


Implement password reset 2020-10-08 21:23:19 +02:00			`def verify_password_reset(data, db):`
			`user = fetch_user_by_email(data=data, db=db)`
			`valid_account = user.status`
			`password_reset_request = user.forgot_password`
			`valid_request = valid_account and password_reset_request`
			`if valid_request:`
			`update_password_hash(user=user, password=data.password, db=db)`
			`unset_forgot_password(user=user, db=db)`
			`return user`
			`else:`
			`raise HTTPException(status_code=400, detail="The OTP is not correct")`