Working on user module

admin/requirements.txt

@@ -9,3 +9,5 @@ html2text
 pytz
 #mypy
 stripe
+passlib
+argon2_cffi

app/db_sql.py

@@ -13,7 +13,7 @@ from sqlalchemy.exc import IntegrityError, OperationalError
 db_uri = settings.SQLALCHEMY_DATABASE_URI
 
 connection_string = db_uri
-engine = create_engine(name_or_url=connection_string, pool_size=25, pool_recycle=60, pool_pre_ping=True, echo=False, echo_pool=True, isolation_level='READ COMMITTED')
+engine = create_engine(url=connection_string, pool_size=25, pool_recycle=60, pool_pre_ping=True, echo=False, echo_pool=True, isolation_level='READ COMMITTED')
 # NOTE: The default isolation_level is 'REPEATABLE READ'. This can sometimes not show updated data.
 # NOTE: The "echo" set to True option shows the SQL queries.
 
@@ -284,7 +284,7 @@ def sql_select(
         as_dict=True,
         as_list=None
         ):
-    log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    #log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
     log.debug(locals())
 
     if table_name and not (record_id or record_id_random or field_name or field_value or sql or data):

app/lib_general.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 import datetime, pytz, redis
+from passlib.hash import argon2
 
 #from datetime import datetime, time, timedelta
 from fastapi import APIRouter, Depends, Header, HTTPException, status
@@ -238,3 +239,16 @@ def lookup_id_random_pop(obj_data:dict):
 
     return obj_data
 # ### END ### API Lib General ### lookup_id_random_pop() ###
+
+
+def secure_hash_string(string:str):
+    string_hash = argon2.using(rounds=14, memory_cost=1536, parallelism=2).hash(string)
+
+    return string_hash
+
+
+def verify_secure_hash_string(string:str, string_hash:str):
+    if argon2.verify(string, string_hash):
+        return True
+    else:
+        return False

app/main.py

@@ -254,6 +254,7 @@ origins = [
     'http://localhost',
     'http://localhost:5000',
     'http://fastapi.localhost:5000',
+    'http://demo.localhost:5000',
     'https://oneskyit.com',
 ]
 

app/models/response_model.py

@@ -48,7 +48,10 @@ def mk_resp(
     resp_body['meta'] = {}
     resp_body['meta']['details'] = details
     resp_body['meta']['status_code'] = status_code
-    resp_body['meta']['status_message'] = settings.HTTP_STATUS_LI[status_code]['message']
+    if status_message:
+        resp_body['meta']['status_message'] = status_message
+    else:
+        resp_body['meta']['status_message'] = settings.HTTP_STATUS_LI[status_code]['message']
     resp_body['meta']['status_name'] = settings.HTTP_STATUS_LI[status_code]['name']
     resp_body['meta']['success'] = success
 

app/models/user_methods.py

@@ -0,0 +1,49 @@
+from __future__ import annotations
+import datetime
+
+from typing import Dict, List, Optional, Set, Union
+from pydantic import BaseModel, EmailStr, Field, PrivateAttr, ValidationError, validator
+
+from ..lib_general import *
+from ..db_sql import sql_select
+
+from .user_model import User_Base, User_Out_Base, User_New_Base
+
+
+# ### BEGIN ### API User Methods ### load_user_obj() ###
+def load_user_obj(user_id:int|str, inc_contact:bool=False, inc_organization:bool=False, inc_person:bool=False) -> User_Base:
+    log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    log.debug(locals())
+
+    if user_id := redis_lookup_id_random(record_id_random=user_id, table_name='user'): pass
+    else: return False
+
+    if user_rec := sql_select(table_name='v_user', record_id=user_id):
+        #log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+        log.debug(user_rec)
+
+        if inc_contact:
+            if contact_rec := sql_select(table_name='v_contact', field_name='contact_id', field_value=user_rec.get('contact_id', None)):
+                user_rec['contact'] = contact_rec
+
+        if inc_organization:
+            if organization_rec := sql_select(table_name='v_organization', field_name='organization_id', field_value=user_rec.get('organization_id', None)):
+                user_rec['organization'] = organization_rec
+
+        if inc_person:
+            if person_rec := sql_select(table_name='v_person', field_name='person_id', field_value=user_rec.get('person_id', None)):
+                user_rec['person'] = person_rec
+
+        log.debug(user_rec)
+    else:
+        return False
+
+    try:
+        user_obj = User_Out_Base(**user_rec)
+        log.debug(user_obj)
+    except ValidationError as e:
+        log.error(e.json())
+        return False
+
+    return user_obj
+# ### END ### API User Methods ### load_user_obj() ###

app/models/user_model.py

@@ -13,6 +13,142 @@ from .contact_model import Contact_Base
 #from .person_model import Person_Base
 
 
+class User_New_Base(BaseModel):
+    log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    log.debug(locals())
+
+    id_random: Optional[str] = Field(
+        **base_fields['user_id_random'],
+        alias='user_id_random',
+        default_factory=lambda:secrets.token_urlsafe(default_num_bytes),
+    )
+    id: Optional[int] = Field(
+        #alias='user_id'
+    )
+    account_id_random: str
+    account_id: Optional[int]
+
+    username: str
+    name: str
+    email: str
+    new_password: str
+    password: Optional[str]
+
+    enable: Optional[bool] = False
+    enable_from: Optional[datetime.datetime]
+    enable_to: Optional[datetime.datetime] = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=365)
+
+    #super: Optional[bool] = False
+    #manager: Optional[bool] = False
+    administrator: Optional[bool] = False
+    public: Optional[bool] = False
+    verified: Optional[bool] = False
+
+    notes: Optional[str]
+
+    _processed_at: datetime.datetime = PrivateAttr(default_factory=datetime.datetime.now)
+
+    #@validator('user_id_random', always=True)
+    def user_id_random_copy(cls, v, values, **kwargs):
+        log.setLevel(logging.WARNING)
+        log.debug(locals())
+
+        if values['id_random']:
+            return values['id_random']
+        return None
+
+    @validator('id', always=True)
+    def user_id_lookup(cls, v, values, **kwargs):
+        log.setLevel(logging.WARNING)
+        log.debug(locals())
+
+        if values['id_random']:
+            log.debug(values['id_random'])
+            return redis_lookup_id_random(record_id_random=values['id_random'], table_name='user')
+        return None
+
+    @validator('account_id', always=True)
+    def account_id_lookup(cls, v, values, **kwargs):
+        log.setLevel(logging.WARNING)
+        log.debug(locals())
+
+        if values['account_id_random']:
+            return redis_lookup_id_random(record_id_random=values['account_id_random'], table_name='account')
+        return None
+
+    @validator('password', always=True)
+    def hash_new_password(cls, v, values, **kwargs):
+        log.setLevel(logging.WARNING)
+        log.debug(locals())
+
+        if values['new_password']:
+            return secure_hash_string(string=values['new_password'])
+        return None
+
+    class Config:
+        underscore_attrs_are_private = True
+        fields = base_fields
+
+
+class User_Out_Base(BaseModel):
+    log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    log.debug(locals())
+
+    id_random: Optional[str] = Field(
+        **base_fields['user_id_random'],
+        alias='user_id_random',
+    )
+    account_id_random: Optional[str]
+    #account_id: Optional[int]
+    contact_id_random: Optional[str]
+    #contact_id: Optional[int]
+    organization_id_random: Optional[str]
+    #organization_id: Optional[int]
+    person_id_random: Optional[str]
+    #person_id: Optional[int]
+
+    username: Optional[str]
+    name: Optional[str]
+    email: Optional[str]
+    email_verified: Optional[bool]
+    password: Optional[str]
+    auth_key: Optional[str]
+
+    enable: Optional[bool]
+    enable_from: Optional[datetime.datetime]
+    enable_to: Optional[datetime.datetime]
+
+    super: Optional[bool]
+    manager: Optional[bool]
+    administrator: Optional[bool]
+    public: Optional[bool]
+    verified: Optional[bool]
+    status_id: Optional[int]
+    status_name: Optional[str]
+
+    password_set_on: Optional[datetime.datetime]
+    password_reset_token: Optional[str]
+    password_reset_expire_on: Optional[datetime.datetime]
+    logged_in_on: Optional[datetime.datetime]
+    last_activity_on: Optional[datetime.datetime]
+
+    #account: Optional[Account_Base]# = Account_Base()
+    #contact: Optional[Contact_Base]# = Contact_Base()
+    #organization: Optional[Organization_Base]# = Organization_Base()
+    #person: Optional[Person_Base]# = Person_Base()
+
+    notes: Optional[str]
+    created_on: Optional[datetime.datetime]
+    updated_on: Optional[datetime.datetime]
+
+    _processed_at: datetime.datetime = PrivateAttr(default_factory=datetime.datetime.now)
+
+    class Config:
+        underscore_attrs_are_private = True
+        fields = base_fields
+
+
+
 class User_Base(BaseModel):
     log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
     log.debug(locals())

app/routers/user.py

@@ -11,7 +11,8 @@ from app.db_sql import *
 
 from .api_crud import delete_obj_template, get_obj_template, get_obj_li_template, patch_obj_template, post_obj_template
 
-from ..models.user_model import User_Base
+from ..models.user_model import User_Base, User_New_Base, User_Out_Base
+from ..models.user_methods import load_user_obj
 from ..models.response_model import *
 
 
@@ -41,6 +42,41 @@ async def post_user_obj(
     return result
 
 
+@router.post('/new', response_model=Resp_Body_Base)
+async def post_user_new_obj(
+        user_obj: User_New_Base,
+        x_account_id: str = Header(...),
+        return_obj: bool = True,
+        by_alias: bool = True,
+        exclude_unset: bool = True,
+        ):
+    log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    log.debug(locals())
+
+    user_data = user_obj.dict(by_alias=False, exclude_unset=False, exclude={'new_password', 'account_id_random'})
+
+    log.info('Checking if the username is already in use for the account...')
+    sql_select_user = f"""
+        SELECT *
+        FROM `user` AS user
+        WHERE user.account_id = :account_id and user.username = :username
+        """
+
+    if sql_select_result := sql_select(sql=sql_select_user, data=user_data):
+        return mk_resp(data=False, status_message='The user account was not created. This is likely because of a duplicate username.')
+
+    log.info('Adding new user account...')
+    if sql_insert_result := sql_insert(table_name='user', data=user_data):
+        log.info('Selecting new user account to return as an object...')
+        sql_select_user_result = sql_select(table_name='v_user', record_id=sql_insert_result)
+
+        user_obj_new = User_Out_Base(**sql_select_user_result)
+
+        return mk_resp(data=user_obj_new.dict(by_alias=True, exclude_unset=True))
+    else:
+        return mk_resp(data=False, status_message='The user account was not created. Something seems to have gone wrong on insert.')
+
+
 @router.patch('/{obj_id}', response_model=Resp_Body_Base)
 async def patch_user_obj(
         obj_id: str = Query(..., min_length=1, max_length=22),
@@ -158,6 +194,139 @@ async def get_user_obj_li(
     return result
 
 
+# Look up is only for account or person records
+@router.get('/lookup', response_model=Resp_Body_Base)
+async def lookup_user_obj(
+        for_obj_id: Union[int,str],
+        for_obj_type: str = Query(..., min_length=2, max_length=50),
+        x_account_id: str = Header(...),
+        inc_contact: bool = False,
+        inc_organization: bool = False,
+        inc_person: bool = False,
+        by_alias: bool = True,
+        exclude_unset: bool = True,
+        ):
+    log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    log.debug(locals())
+
+    obj_type = 'user'
+    base_name = User_Out_Base
+
+    if for_obj_id := redis_lookup_id_random(record_id_random=for_obj_id, table_name=for_obj_type): pass
+    else: return mk_resp(data=False, status_code=404) # Not Found
+    log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+
+    data = {}
+    as_list = False
+    if for_obj_type == 'account' and for_obj_id:
+        data['account_id'] = for_obj_id
+        sql_where_for_obj_type = """`user`.account_id = :account_id"""
+        sql_limit = ''
+        as_list = True
+    elif for_obj_type == 'person' and for_obj_id:
+        data['person_id'] = for_obj_id
+        sql_where_for_obj_type = """`user`.person_id = :person_id"""
+        sql_limit = 'LIMIT 1'
+    else:
+        log.debug(f'Object type={for_obj_type}; Object ID={for_obj_id}')
+        return mk_resp(data=False, status_code=400) # Bad Request
+
+    sql = f"""
+        SELECT id AS 'user_id', id_random AS 'user_id_random'
+        FROM `user` AS `user`
+        WHERE {sql_where_for_obj_type}
+        {sql_limit}
+        """
+
+    # This will return a list if selecting by account ID
+    user_obj_result = sql_select(data=data, sql=sql, as_list=as_list)
+    if isinstance(user_obj_result, dict):
+        user_id = user_obj_result.get('user_id', None)
+        user_obj = load_user_obj(
+            user_id=user_id,
+            inc_contact=inc_contact,
+            inc_organization=inc_organization,
+            inc_person=inc_person
+            ).dict(by_alias=by_alias, exclude_unset=exclude_unset)
+        data = user_obj
+    elif isinstance(user_obj_result, list):
+        user_obj_li = []
+        for user_obj in user_obj_result:
+            user_id = user_obj.get('user_id', None)
+            user_obj_li.append(
+                load_user_obj(
+                    user_id=user_id,
+                    inc_contact=inc_contact,
+                    inc_organization=inc_organization,
+                    inc_person=inc_person,
+                    ).dict(by_alias=by_alias, exclude_unset=exclude_unset)
+                )
+        data = user_obj_li
+    else:
+        log.debug(user_obj_result)
+        return mk_resp(data=None, status_code=404) # Not Found
+    return mk_resp(data=data)
+
+
+# Look up is only for account or person records
+@router.get('/lookup_username', response_model=Resp_Body_Base)
+async def lookup_username_obj(
+        account_id: Union[int,str],
+        username: str = Query(..., min_length=2, max_length=50),
+        x_account_id: str = Header(...),
+        inc_contact: bool = False,
+        inc_organization: bool = False,
+        inc_person: bool = False,
+        by_alias: bool = True,
+        exclude_unset: bool = True,
+        ):
+    log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+    log.debug(locals())
+
+    if account_id := redis_lookup_id_random(record_id_random=account_id, table_name='account'): pass
+    else: return mk_resp(data=False, status_code=404) # Not Found
+    log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL
+
+    data = {}
+    data['account_id'] = account_id
+    data['username'] = username
+
+    sql = f"""
+        SELECT id AS 'user_id', id_random AS 'user_id_random'
+        FROM `user` AS `user`
+        WHERE `user`.account_id = :account_id AND `user`.username = :username
+        """
+
+    # This will return a list if selecting by account ID
+    user_obj_result = sql_select(data=data, sql=sql)
+    if isinstance(user_obj_result, dict):
+        user_id = user_obj_result.get('user_id', None)
+        user_obj = load_user_obj(
+            user_id=user_id,
+            inc_contact=inc_contact,
+            inc_organization=inc_organization,
+            inc_person=inc_person
+            ).dict(by_alias=by_alias, exclude_unset=exclude_unset)
+        data = user_obj
+    elif isinstance(user_obj_result, list):
+        user_obj_li = []
+        for user_obj in user_obj_result:
+            user_id = user_obj.get('user_id', None)
+            user_obj_li.append(
+                load_user_obj(
+                    user_id=user_id,
+                    inc_contact=inc_contact,
+                    inc_organization=inc_organization,
+                    inc_person=inc_person,
+                    ).dict(by_alias=by_alias, exclude_unset=exclude_unset)
+                )
+        data = user_obj_li
+    else:
+        log.debug(user_obj_result)
+        return mk_resp(data=None, status_code=404) # Not Found
+    return mk_resp(data=data)
+
+
 @router.get('/{obj_id}', response_model=Resp_Body_Base)
 async def get_user_obj(
         obj_id: str = Query(..., min_length=1, max_length=22),