From 068cea801964a0efacc26c67ed6feaae6068e688 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Sun, 19 Apr 2020 21:30:41 +0200
Subject: [PATCH] Add OTP verification

---
 src/app/routes.py      | 14 +++++++++++---
 src/database/crud.py   | 28 +++++++++++++++++++++++++---
 src/external/twilio.py |  4 +++-
 3 files changed, 39 insertions(+), 7 deletions(-)

diff --git a/src/app/routes.py b/src/app/routes.py
index bff5ac1..01cc1bc 100644
--- a/src/app/routes.py
+++ b/src/app/routes.py
@@ -1,5 +1,5 @@
-from flask import request, jsonify
-from database.crud import insert_data
+from flask import request, jsonify, make_response
+from database.crud import insert_data, verify_otp
 from external.twilio import send_otp
 from app import app
 
@@ -9,4 +9,12 @@ def create_user():
     data = request.get_json()
     insert_data(schema="Users", data=data)
     send_otp(receiver=data["mobile"])
-    return jsonify("User created, pending OTP verification")
+    return make_response(jsonify("User created, pending OTP verification"))
+
+
+@app.route("/verifyotp", methods=["POST"])
+def validate_otp():
+    data = request.get_json()
+    if verify_otp(mobile=data["mobile"], otp=data["otp"]):
+        return make_response(jsonify("The OTP has been verified successfully"))
+    return make_response(jsonify("The OTP is not correct"))
diff --git a/src/database/crud.py b/src/database/crud.py
index 9d7b86a..a735280 100644
--- a/src/database/crud.py
+++ b/src/database/crud.py
@@ -2,6 +2,7 @@ from app import db
 from database.models import *
 from database.schema import *
 from marshmallow import ValidationError
+from datetime import datetime
 
 
 def insert_data(schema, data):
@@ -10,13 +11,13 @@ def insert_data(schema, data):
     db.session.commit()
 
 
-def delete_data(id):
+def delete_data(data):
     db.session.delete(data)
     db.session.commit()
 
 
-def update_otp(user_id, otp):
-    db.session.query(table="Users").filter_by(id=user_id).update(dict(otp=otp))
+def save_otp(mobile, otp):
+    db.session.query(table="Users").filter_by(mobile=mobile).update(dict(otp=otp))
     db.session.commit()
 
 
@@ -28,3 +29,24 @@ def validate_data(schema, data):
         return output
     except ValidationError as err:
         print(err.messages)
+
+
+def fetch_stored_otp(mobile):
+    user = db.session.query(table="Users").filter_by(mobile=mobile)
+    otp = user.otp
+    return otp
+
+
+def validate_otp(mobile):
+    timestamp = datetime.now()
+    db.session.query(table="Users").filter_by(mobile=mobile).update(
+        dict(otp_valid_time=timestamp)
+    )
+
+
+def verify_otp(mobile, otp):
+    stored_otp = fetch_stored_otp(mobile=mobile)
+    if stored_otp == otp:
+        validate_otp(mobile=mobile)
+        return True
+    return False
diff --git a/src/external/twilio.py b/src/external/twilio.py
index 9ca5ac5..fac4ee7 100644
--- a/src/external/twilio.py
+++ b/src/external/twilio.py
@@ -1,6 +1,7 @@
 from twilio.rest import Client
 from secrets import randbits
 from constants import account_id, token, sms_sender
+from database.crud import save_otp
 
 
 def connect_api():
@@ -20,4 +21,5 @@ def send_otp(receiver):
     client = connect_api()
     code = generate_code()
     message = "Your OTP code is {0}".format(code)
-    sms = client.messages.create(to=receiver, from_=sms_sender, body=message)
+    client.messages.create(to=receiver, from_=sms_sender, body=message)
+    save_otp(receiver, code)