a AWe @sddlmZddlmZmZddlmZmZddlmZm Z m Z m Z ddl m Z mZmZmZmZmZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lm Z dd l!m"Z"edddZ#e de j$dddddde j$ddddeddZ%e dde j$dddiZ&e de j$d d!d"d#e j$d$dej'd%d&e j$d'd!d(d#e j$d)ddd#e j$d*ded#e j$d+ded#d,Z(e d-d.e j$d/dd0iZ)e%e#j*e%j+<e&e#j*e&j+<e(e#j*e(j+<e)e#j*e)j+<e#,d1Gd2d3d3e Z-e#,d4Gd5d6d6e Z.e#,d7Gd8d9d9e Z/e#,d:Gd;d<dd?d?e Z1e#,d@GdAdBdBe Z2e#,dCGdDdEdEe Z3e#,dFGdGdHdHe Z4e#,dIGdJdKdKe Z5dLS)M)datetime)url_forrender_template)ValidationErrorEXCLUDE) NamespaceResourcefieldsModel)create_access_tokencreate_refresh_token jwt_requiredget_jwt_identityget_jwt decode_token)example_password) LoginSchema) EmailSchema)RegisterSchema)RefreshTokenSchema) AuthService) TokenService) MailServiceauthzUser Authentication) description LoginInputz$Email Or Username for authenticationTzadmin@pige.com)rrequired min_length max_lengthexamplezPassword for authentication)emailpassword EmailInputr#zThe user's email address)rrRegistrationInputz"User company name for registrationFz Company Pige)rrr!z"User Company type for registrationzAnonymous Company)rrenumr!zUsername for registrationz admin@pigezEmail for registrationzPassword for registrationz&Password Confirmation for registration)Z company_nameZ company_typeusernamer#r$password_confirmRefreshTokenInputrefreshz.Refresh token for obtaining a new access token)rrz/loginc@s,eZdZejdddeeddZdS) LoginResourcezUser login endpointNsecurityc Csz"tj}t}z|j|td}Wn4tyV}zd|jidfWYd}~WSd}~00t|dstddidfWSt |d|d}|sdd idfWS|j sdd id fWS|j rdd id fWS|j d kr| |||j|j |j|jd}d|jt|j|dt|jddddfWSty}z`t|drl|jdurldt|i|jfWYd}~Sdt|ddfWYd}~SWYd}~n d}~00dS)a User Login Endpoint: Authenticate and obtain access & refresh tokens. This endpoint allows users to log in by providing their email and password. Upon successful authentication, it returns access and refresh tokens that can be used for authorized access to protected resources. :return: A JSON response containing access and refresh tokens if authentication is successful, or an error message if authentication fails. )unknownmsgNr#z3Access denied: User with this email does not exist.r$z"Access denied: Incorrect password.z/Access denied: Account disabled, contact admin.iz!Access denied: Account Forbidden.F) is_superuser is_activeis_staffis_adminzLogin successful)identityadditional_claimsr7)accessr+)r0Zuser_idtokencode0An error occurred while processing your request.r0error)auth_namespacepayloadrloadrrmessagesrget_user_by_email authenticater4Z is_blocked is_verifiedZupdate_last_loginZupdate_last_seensaver3r5r6Z public_idr r#r Exceptionhasattrr=str)selfdataZ login_schemavalidated_dataerruserr8erS/app/app/resources/v1/auth.pypost`sv     zLoginResource.post)__name__ __module__ __qualname__rBdocexpectrrUrSrSrSrTr,^s r,z /registerc@s,eZdZejdddeeddZdS)RegisterResourcezUser registration endpointNr-c Csdztj}t}z||}Wn4tyP}zd|jidfWYd}~WSd}~00d|vr`|d=t|ddurddidfWSt|}|durddidfWSt |j d }t d |d d }t jd |j td|dd dddidfWSty^}z`t|dr,|jdur,dt|i|jfWYd}~Sdt|ddfWYd}~SWYd}~n d}~00dS)a User Registration Endpoint: Create a new user account. This endpoint allows users to create a new account by providing their registration details, including username, first name, last name, email, and password. Upon successful registration, a user account is created, and they can use it to log in. :return: A JSON response indicating successful registration or an error message if registration fails. r0r1Nr)r#zBUser with this email already exists. Please use a different email.zUser registration failedrAaccount_activationauth_verify_email_resourceTactivation_token _external&Account Activation: Email Verificationactivation_email.htmlactivation_linksubject recipientmessagehtmlzUser registered successfullyr=r>r?)rBrCrrDrrErrFZ create_userrgenerate_tokenr#rr send_emailrrJrKr=rL) rMrNZregister_schemarOrPrQr_rdrRrSrSrTrUs\   zRegisterResource.post)rVrWrXrBrYrZr&rUrSrSrSrTr[s r[z/logoutc@s0eZdZeeeejddddZdS)LogoutResourcejwtr-c Csztj}t}z||}Wn4tyR}zd|jidfWYd}~WSd}~00ttj }t |d d}|durt |krddidfWSt|t |ddrdd idfWSt|dd|t |ddd tdd |tdd dd id fWSty}z`t|drN|jdurNdt|i|jfWYd}~Sdt|ddfWYd}~SWYd}~n d}~00dS)aT User Logout Endpoint (POST): Revoke access and refresh tokens. This endpoint allows users to log out, revoking their access and refresh tokens. It checks the validity and expiration status of the refresh token before proceeding. :return: A response message indicating success or an error message. r0r1Nr+expzRefresh token has expired.r2jtiAccess denied: Bad Token.z User Logoutr:zUser logged out successfullyr<r=r>r?rA)rBrCrrDrrErrFridrgetrutcnow timestampris_blacklistedblacklist_tokenrrJrKr=rL)rMrNrefresh_token_schemarOrPcurrent_user_id refresh_exprRrSrSrTrUsN "zLogoutResource.postN) rVrWrXr rBrZr*rYrUrSrSrSrTrms rmz /token/verifyc@s@eZdZeejddddZeejddddZdS)VerifyTokenResourcernr-c CszFt}|durddidfWSt|dur:ddidfWSddidfWSty}z\t|dr|jdurdt|i|jfWYd}~Sd t|d d fWYd}~SWYd}~n d}~00dS aO Token Verification Endpoint: Verify the validity of an access token. This endpoint allows users to verify the validity of their access token. It checks if the token is valid and if the user associated with the token exists. :return: A response message indicating success or an error message. Nr0(Access denied: Invalid or expired token.r2rqzToken verified successfully.r<r=r>r?rArrrFrJrKr=rLrMryrRrSrSrTrsUs6 zVerifyTokenResource.getc CszFt}|durddidfWSt|dur:ddidfWSddidfWSty}z\t|dr|jdurdt|i|jfWYd}~Sd t|d d fWYd}~SWYd}~n d}~00dSr|r~rrSrSrTrUs6 zVerifyTokenResource.postN)rVrWrXr rBrYrsrUrSrSrSrTr{Ss   * r{z/token/refreshc@s&eZdZeejddddZdS)RefreshTokenResourcernr-c CszNt}|dur ddidfWStj}t}z||}Wn4tyn}zd|jidfWYd}~WSd}~00t|d}|d}|durt |krddidfWS||d krdd idfWSt |}|durdd idfWSt||d rdd idfWStd } | r2tdd |jtd dt|d} | |ddddfWSty} z`t| dr| jdurdt| i| jfWYd} ~ Sdt| ddfWYd} ~ SWYd} ~ n d} ~ 00dS)aP Token Refresh Endpoint: Refresh an access token using a valid refresh token. This endpoint allows users to refresh their access token using a valid refresh token. It validates the refresh token and issues a new access token. :return: A response message indicating success or an error message. Nr0r}r2r1r+roz)Access denied: Refresh token has expired.subz2Access denied: Invalid user for the refresh token.rqrpr:z Refresh tokenr9z#Access token refreshed successfully)r:r+r0r<r=r>r?rA)rrBrCrrDrrErrsrrtrurrFrrvrrwrrr rJrKr=rL) rMryrNrxrOrPZrefresh_decoderzrQZprevious_access_jtir:rRrSrSrTrUsx      zRefreshTokenResource.postN)rVrWrXr rBrYrUrSrSrSrTrs rz#/activate/c@s"eZdZejdddddZdS)VerifyEmailResourcez#Activate user account: verify emailNr-c Cszht|\}}|s$d|ddfWSt|d}|durN|jrNddidfWSd |_|dd idfWSty}z\t|d r|jdurdt |i|jfWYd}~Sd t |dd fWYd}~SWYd}~n d}~00dS)a5 Email Verification Endpoint: Verify user's email address. This endpoint allows users to verify their email address by providing an activation token sent to their email. Upon successful verification, the user's email address is marked as verified, allowing them access to the application. :param activation_token: The activation token sent to the user's email address. :type activation_token: str :return: A JSON response indicating successful email verification or an error message if verification fails. zEmail verification failedr?r1r#Nr0zEmail is already verifiedr<TzEmail verified successfullyr=r>rA) rZ verify_tokenrrFrHrIrJrKr=rL)rMr_statusrNrQrRrSrSrTrss> zVerifyEmailResource.get)rVrWrXrBrYrsrSrSrSrTr s rz/resend-email-verifyc@s,eZdZeeejdddddZdS)ResendVerificationEmailResourcez"Resend Verification Email endpointNr-c Cs`ztj}t}z||}Wn4tyP}zd|jidfWYd}~WSd}~00t|d}|durvddidfWS|jrddidfWSt |j d }t d |d d }t jd |j td|dd d}|rddidfWSddidfWStyZ} z`t| dr(| jdur(dt| i| jfWYd} ~ Sdt| ddfWYd} ~ SWYd} ~ n d} ~ 00dS)af Resend Verification Email Endpoint: Resend a verification email to the user. This endpoint allows users to request the resending of a verification email. It checks if the user's email is already verified and sends a new verification email if not. :return: A response message indicating success or an error message. r0r1Nr#$User with this email does not exist.izEmail is already verified.r<r\r]Tr^rarbrcre$Failed to send password reset email.rAz0Verification email has been resent successfully.r=r>r?)rBrCrrDrrErrFrHrrkr#rrrlrrJrKr=rL) rMrN email_schemarOrPrQr_rdsend_mail_statusrRrSrSrTrUEsb  z$ResendVerificationEmailResource.postrVrWrXrBrZr%rYrUrSrSrSrTrCs rz/forgot-passwordc@s6eZdZeeejddddddddd Zd S) ForgotPasswordResourcezForgot Password EndpointzCInitiate the password reset process by providing your email addressz8Password reset instructions have been sent to your emailzUser does not existz/An error occurred while processing your request)r<r1rA)r responsesc CsLztj}t}z||}Wn4tyP}zd|jidfWYd}~WSd}~00t|d}|durvddidfWSt |j d}t d|dd }t j d |j td |d dd }|sddidfWSddidfWStyF} z`t| dr| jdurdt| i| jfWYd} ~ Sdt| ddfWYd} ~ SWYd} ~ n d} ~ 00dS)a Forgot Password Endpoint: Send a password reset email to the user. This endpoint allows users to request a password reset by providing their registered email address. :return: A response message indicating success or an error message. r0r<Nr#rZpassword_resetZauth_reset_password_resourceT)password_reset_tokenr`z#Password Reset: Reset Your Passwordzreset_password.html)password_reset_token_linkrerrAz#Password reset email has been sent.r=r>r?)rBrCrrDrrErrFrrkr#rrrlrrJrKr=rL) rMrNrrOrPrQrrrrRrSrSrTrUsX zForgotPasswordResource.postNrrSrSrSrTrs rz&/reset-password/c@seZdZddZdS)ResetPasswordResourcecCsdS)NrS)rMrrSrSrTrUszResetPasswordResource.postN)rVrWrXrUrSrSrSrTrsrN)6rflaskrrZ marshmallowrr flask_restxrrr r flask_jwt_extendedr r r rrrZapp.utils.password_generatorrZapp.schema.loginrZapp.schema.emailrZapp.schema.registerrZapp.schema.tokenrapp.services.authrapp.services.tokenrZapp.services.mailrrBStringrr%Zallowed_company_typesr&r*modelsnamerouter,r[rmr{rrrrrrSrSrSrTs           "    aOBZ]6IL