backend/app/api/routes/login.py

from datetime import timedelta
from typing import Annotated, Any

from fastapi import APIRouter, Depends, HTTPException
from fastapi.security import OAuth2PasswordRequestForm

from app import crud
from app.api.deps import CurrentUser, SessionDep
from app.core import security
from app.core.config import settings
from app.core.security import get_password_hash
from app.models import Message, NewPassword, Token, User, UserOut
from app.utils import (
    generate_password_reset_token,
    generate_reset_password_email,
    send_email,
    verify_password_reset_token,
)

router = APIRouter()


@router.post("/login/access-token")
def login_access_token(
    session: SessionDep, form_data: Annotated[OAuth2PasswordRequestForm, Depends()]
) -> Token:
    """
    OAuth2 compatible token login, get an access token for future requests
    """
    user = crud.authenticate(
        session=session, email=form_data.username, password=form_data.password
    )
    if not user:
        raise HTTPException(status_code=400, detail="Incorrect email or password")
    elif not user.is_active:
        raise HTTPException(status_code=400, detail="Inactive user")
    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
    return Token(
        access_token=security.create_access_token(
            user.id, expires_delta=access_token_expires
        )
    )


@router.post("/login/test-token", response_model=UserOut)
def test_token(current_user: CurrentUser) -> Any:
    """
    Test access token
    """
    return current_user


@router.post("/password-recovery/{email}")
def recover_password(email: str, session: SessionDep) -> Message:
    """
    Password Recovery
    """
    user = crud.get_user_by_email(session=session, email=email)

    if not user:
        raise HTTPException(
            status_code=404,
            detail="The user with this username does not exist in the system.",
        )
    password_reset_token = generate_password_reset_token(email=email)
    email_data = generate_reset_password_email(
        email_to=user.email, email=email, token=password_reset_token
    )
    send_email(
        email_to=user.email,
        subject=email_data.subject,
        html_content=email_data.html_content,
    )
    return Message(message="Password recovery email sent")


@router.post("/reset-password/")
def reset_password(session: SessionDep, body: NewPassword) -> Message:
    """
    Reset password
    """
    user_id = verify_password_reset_token(token=body.token)
    if not user_id:
        raise HTTPException(status_code=400, detail="Invalid token")
    user = session.get(User, int(user_id))
    if not user:
        raise HTTPException(
            status_code=404,
            detail="The user with this username does not exist in the system.",
        )
    elif not user.is_active:
        raise HTTPException(status_code=400, detail="Inactive user")
    hashed_password = get_password_hash(password=body.new_password)
    user.hashed_password = hashed_password
    session.add(user)
    session.commit()
    return Message(message="Password updated successfully")
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`from datetime import timedelta`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`from typing import Annotated, Any`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`from fastapi import APIRouter, Depends, HTTPException`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`from fastapi.security import OAuth2PasswordRequestForm`

✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`from app import crud`
			`from app.api.deps import CurrentUser, SessionDep`
♻️ Refactor backend, settings, DB sessions, types, configs, plugins (#158 ) 2020-04-20 19:03:13 +02:00			`from app.core import security`
✨ Use Pydantic BaseSettings for config settings (#87 ) 2020-04-16 23:56:10 -06:00			`from app.core.config import settings`
✨ Update all for Postgres and new techniques 2019-02-23 18:44:29 +04:00			`from app.core.security import get_password_hash`
✅ Add tests to raise coverage to at least 90% and fix recover password logic (#632 ) 2024-03-07 18:21:46 -05:00			`from app.models import Message, NewPassword, Token, User, UserOut`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`from app.utils import (`
			`generate_password_reset_token,`
♻️ Refactor email logic to allow re-using util functions for testing and development (#663 ) 2024-03-10 00:02:36 +01:00			`generate_reset_password_email,`
			`send_email,`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`verify_password_reset_token,`
			`)`

			`router = APIRouter()`


✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`@router.post("/login/access-token")`
✨ Update all for Postgres and new techniques 2019-02-23 18:44:29 +04:00			`def login_access_token(`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`session: SessionDep, form_data: Annotated[OAuth2PasswordRequestForm, Depends()]`
			`) -> Token:`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`"""`
			`OAuth2 compatible token login, get an access token for future requests`
			`"""`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`user = crud.authenticate(`
			`session=session, email=form_data.username, password=form_data.password`
✨ Update all for Postgres and new techniques 2019-02-23 18:44:29 +04:00			`)`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`if not user:`
			`raise HTTPException(status_code=400, detail="Incorrect email or password")`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`elif not user.is_active:`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`raise HTTPException(status_code=400, detail="Inactive user")`
✨ Use Pydantic BaseSettings for config settings (#87 ) 2020-04-16 23:56:10 -06:00			`access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`return Token(`
			`access_token=security.create_access_token(`
♻️ Refactor backend, settings, DB sessions, types, configs, plugins (#158 ) 2020-04-20 19:03:13 +02:00			`user.id, expires_delta=access_token_expires`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`)`
			`)`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00

✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`@router.post("/login/test-token", response_model=UserOut)`
			`def test_token(current_user: CurrentUser) -> Any:`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`"""`
			`Test access token`
			`"""`
			`return current_user`


✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`@router.post("/password-recovery/{email}")`
			`def recover_password(email: str, session: SessionDep) -> Message:`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`"""`
			`Password Recovery`
			`"""`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`user = crud.get_user_by_email(session=session, email=email)`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00
			`if not user:`
			`raise HTTPException(`
			`status_code=404,`
			`detail="The user with this username does not exist in the system.",`
			`)`
✨ Update all for Postgres and new techniques 2019-02-23 18:44:29 +04:00			`password_reset_token = generate_password_reset_token(email=email)`
♻️ Refactor email logic to allow re-using util functions for testing and development (#663 ) 2024-03-10 00:02:36 +01:00			`email_data = generate_reset_password_email(`
✨ Update all for Postgres and new techniques 2019-02-23 18:44:29 +04:00			`email_to=user.email, email=email, token=password_reset_token`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`)`
♻️ Refactor email logic to allow re-using util functions for testing and development (#663 ) 2024-03-10 00:02:36 +01:00			`send_email(`
			`email_to=user.email,`
			`subject=email_data.subject,`
			`html_content=email_data.html_content,`
			`)`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`return Message(message="Password recovery email sent")`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00

✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`@router.post("/reset-password/")`
♻️ Remove type ignores and add `response_model` (#572 ) 2023-12-27 13:37:05 -05:00			`def reset_password(session: SessionDep, body: NewPassword) -> Message:`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`"""`
			`Reset password`
			`"""`
✅ Add tests to raise coverage to at least 90% and fix recover password logic (#632 ) 2024-03-07 18:21:46 -05:00			`user_id = verify_password_reset_token(token=body.token)`
			`if not user_id:`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`raise HTTPException(status_code=400, detail="Invalid token")`
✅ Add tests to raise coverage to at least 90% and fix recover password logic (#632 ) 2024-03-07 18:21:46 -05:00			`user = session.get(User, int(user_id))`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`if not user:`
			`raise HTTPException(`
			`status_code=404,`
			`detail="The user with this username does not exist in the system.",`
			`)`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`elif not user.is_active:`
🎉 First commit, from couchbase generator, basic changes 2019-02-09 19:42:36 +04:00			`raise HTTPException(status_code=400, detail="Inactive user")`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`hashed_password = get_password_hash(password=body.new_password)`
✨ Update all for Postgres and new techniques 2019-02-23 18:44:29 +04:00			`user.hashed_password = hashed_password`
✨ Update code for login API (#571 ) 2023-12-27 19:06:47 +01:00			`session.add(user)`
			`session.commit()`
			`return Message(message="Password updated successfully")`