From 7682c7d08095124c54bced82a9a85fc128c0792a Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Thu, 18 Mar 2021 22:34:35 +0000 Subject: [PATCH] Working on user module --- admin/requirements.txt | 2 + app/db_sql.py | 4 +- app/lib_general.py | 14 +++ app/main.py | 1 + app/models/response_model.py | 5 +- app/models/user_methods.py | 49 ++++++++++ app/models/user_model.py | 136 ++++++++++++++++++++++++++++ app/routers/user.py | 171 ++++++++++++++++++++++++++++++++++- 8 files changed, 378 insertions(+), 4 deletions(-) create mode 100644 app/models/user_methods.py diff --git a/admin/requirements.txt b/admin/requirements.txt index 1cd12ad..a0e595b 100644 --- a/admin/requirements.txt +++ b/admin/requirements.txt @@ -9,3 +9,5 @@ html2text pytz #mypy stripe +passlib +argon2_cffi diff --git a/app/db_sql.py b/app/db_sql.py index 9e1ed7f..c7c3fc2 100644 --- a/app/db_sql.py +++ b/app/db_sql.py @@ -13,7 +13,7 @@ from sqlalchemy.exc import IntegrityError, OperationalError db_uri = settings.SQLALCHEMY_DATABASE_URI connection_string = db_uri -engine = create_engine(name_or_url=connection_string, pool_size=25, pool_recycle=60, pool_pre_ping=True, echo=False, echo_pool=True, isolation_level='READ COMMITTED') +engine = create_engine(url=connection_string, pool_size=25, pool_recycle=60, pool_pre_ping=True, echo=False, echo_pool=True, isolation_level='READ COMMITTED') # NOTE: The default isolation_level is 'REPEATABLE READ'. This can sometimes not show updated data. # NOTE: The "echo" set to True option shows the SQL queries. @@ -284,7 +284,7 @@ def sql_select( as_dict=True, as_list=None ): - log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + #log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL log.debug(locals()) if table_name and not (record_id or record_id_random or field_name or field_value or sql or data): diff --git a/app/lib_general.py b/app/lib_general.py index 56ff913..27d0d09 100644 --- a/app/lib_general.py +++ b/app/lib_general.py @@ -1,5 +1,6 @@ from __future__ import annotations import datetime, pytz, redis +from passlib.hash import argon2 #from datetime import datetime, time, timedelta from fastapi import APIRouter, Depends, Header, HTTPException, status @@ -238,3 +239,16 @@ def lookup_id_random_pop(obj_data:dict): return obj_data # ### END ### API Lib General ### lookup_id_random_pop() ### + + +def secure_hash_string(string:str): + string_hash = argon2.using(rounds=14, memory_cost=1536, parallelism=2).hash(string) + + return string_hash + + +def verify_secure_hash_string(string:str, string_hash:str): + if argon2.verify(string, string_hash): + return True + else: + return False \ No newline at end of file diff --git a/app/main.py b/app/main.py index 15644ff..497096c 100644 --- a/app/main.py +++ b/app/main.py @@ -254,6 +254,7 @@ origins = [ 'http://localhost', 'http://localhost:5000', 'http://fastapi.localhost:5000', + 'http://demo.localhost:5000', 'https://oneskyit.com', ] diff --git a/app/models/response_model.py b/app/models/response_model.py index 00d3c6b..6911699 100644 --- a/app/models/response_model.py +++ b/app/models/response_model.py @@ -48,7 +48,10 @@ def mk_resp( resp_body['meta'] = {} resp_body['meta']['details'] = details resp_body['meta']['status_code'] = status_code - resp_body['meta']['status_message'] = settings.HTTP_STATUS_LI[status_code]['message'] + if status_message: + resp_body['meta']['status_message'] = status_message + else: + resp_body['meta']['status_message'] = settings.HTTP_STATUS_LI[status_code]['message'] resp_body['meta']['status_name'] = settings.HTTP_STATUS_LI[status_code]['name'] resp_body['meta']['success'] = success diff --git a/app/models/user_methods.py b/app/models/user_methods.py new file mode 100644 index 0000000..4468712 --- /dev/null +++ b/app/models/user_methods.py @@ -0,0 +1,49 @@ +from __future__ import annotations +import datetime + +from typing import Dict, List, Optional, Set, Union +from pydantic import BaseModel, EmailStr, Field, PrivateAttr, ValidationError, validator + +from ..lib_general import * +from ..db_sql import sql_select + +from .user_model import User_Base, User_Out_Base, User_New_Base + + +# ### BEGIN ### API User Methods ### load_user_obj() ### +def load_user_obj(user_id:int|str, inc_contact:bool=False, inc_organization:bool=False, inc_person:bool=False) -> User_Base: + log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.debug(locals()) + + if user_id := redis_lookup_id_random(record_id_random=user_id, table_name='user'): pass + else: return False + + if user_rec := sql_select(table_name='v_user', record_id=user_id): + #log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.debug(user_rec) + + if inc_contact: + if contact_rec := sql_select(table_name='v_contact', field_name='contact_id', field_value=user_rec.get('contact_id', None)): + user_rec['contact'] = contact_rec + + if inc_organization: + if organization_rec := sql_select(table_name='v_organization', field_name='organization_id', field_value=user_rec.get('organization_id', None)): + user_rec['organization'] = organization_rec + + if inc_person: + if person_rec := sql_select(table_name='v_person', field_name='person_id', field_value=user_rec.get('person_id', None)): + user_rec['person'] = person_rec + + log.debug(user_rec) + else: + return False + + try: + user_obj = User_Out_Base(**user_rec) + log.debug(user_obj) + except ValidationError as e: + log.error(e.json()) + return False + + return user_obj +# ### END ### API User Methods ### load_user_obj() ### diff --git a/app/models/user_model.py b/app/models/user_model.py index 45ec8ba..949f1f5 100644 --- a/app/models/user_model.py +++ b/app/models/user_model.py @@ -13,6 +13,142 @@ from .contact_model import Contact_Base #from .person_model import Person_Base +class User_New_Base(BaseModel): + log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.debug(locals()) + + id_random: Optional[str] = Field( + **base_fields['user_id_random'], + alias='user_id_random', + default_factory=lambda:secrets.token_urlsafe(default_num_bytes), + ) + id: Optional[int] = Field( + #alias='user_id' + ) + account_id_random: str + account_id: Optional[int] + + username: str + name: str + email: str + new_password: str + password: Optional[str] + + enable: Optional[bool] = False + enable_from: Optional[datetime.datetime] + enable_to: Optional[datetime.datetime] = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=365) + + #super: Optional[bool] = False + #manager: Optional[bool] = False + administrator: Optional[bool] = False + public: Optional[bool] = False + verified: Optional[bool] = False + + notes: Optional[str] + + _processed_at: datetime.datetime = PrivateAttr(default_factory=datetime.datetime.now) + + #@validator('user_id_random', always=True) + def user_id_random_copy(cls, v, values, **kwargs): + log.setLevel(logging.WARNING) + log.debug(locals()) + + if values['id_random']: + return values['id_random'] + return None + + @validator('id', always=True) + def user_id_lookup(cls, v, values, **kwargs): + log.setLevel(logging.WARNING) + log.debug(locals()) + + if values['id_random']: + log.debug(values['id_random']) + return redis_lookup_id_random(record_id_random=values['id_random'], table_name='user') + return None + + @validator('account_id', always=True) + def account_id_lookup(cls, v, values, **kwargs): + log.setLevel(logging.WARNING) + log.debug(locals()) + + if values['account_id_random']: + return redis_lookup_id_random(record_id_random=values['account_id_random'], table_name='account') + return None + + @validator('password', always=True) + def hash_new_password(cls, v, values, **kwargs): + log.setLevel(logging.WARNING) + log.debug(locals()) + + if values['new_password']: + return secure_hash_string(string=values['new_password']) + return None + + class Config: + underscore_attrs_are_private = True + fields = base_fields + + +class User_Out_Base(BaseModel): + log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.debug(locals()) + + id_random: Optional[str] = Field( + **base_fields['user_id_random'], + alias='user_id_random', + ) + account_id_random: Optional[str] + #account_id: Optional[int] + contact_id_random: Optional[str] + #contact_id: Optional[int] + organization_id_random: Optional[str] + #organization_id: Optional[int] + person_id_random: Optional[str] + #person_id: Optional[int] + + username: Optional[str] + name: Optional[str] + email: Optional[str] + email_verified: Optional[bool] + password: Optional[str] + auth_key: Optional[str] + + enable: Optional[bool] + enable_from: Optional[datetime.datetime] + enable_to: Optional[datetime.datetime] + + super: Optional[bool] + manager: Optional[bool] + administrator: Optional[bool] + public: Optional[bool] + verified: Optional[bool] + status_id: Optional[int] + status_name: Optional[str] + + password_set_on: Optional[datetime.datetime] + password_reset_token: Optional[str] + password_reset_expire_on: Optional[datetime.datetime] + logged_in_on: Optional[datetime.datetime] + last_activity_on: Optional[datetime.datetime] + + #account: Optional[Account_Base]# = Account_Base() + #contact: Optional[Contact_Base]# = Contact_Base() + #organization: Optional[Organization_Base]# = Organization_Base() + #person: Optional[Person_Base]# = Person_Base() + + notes: Optional[str] + created_on: Optional[datetime.datetime] + updated_on: Optional[datetime.datetime] + + _processed_at: datetime.datetime = PrivateAttr(default_factory=datetime.datetime.now) + + class Config: + underscore_attrs_are_private = True + fields = base_fields + + + class User_Base(BaseModel): log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL log.debug(locals()) diff --git a/app/routers/user.py b/app/routers/user.py index c2c0c4a..534f523 100644 --- a/app/routers/user.py +++ b/app/routers/user.py @@ -11,7 +11,8 @@ from app.db_sql import * from .api_crud import delete_obj_template, get_obj_template, get_obj_li_template, patch_obj_template, post_obj_template -from ..models.user_model import User_Base +from ..models.user_model import User_Base, User_New_Base, User_Out_Base +from ..models.user_methods import load_user_obj from ..models.response_model import * @@ -41,6 +42,41 @@ async def post_user_obj( return result +@router.post('/new', response_model=Resp_Body_Base) +async def post_user_new_obj( + user_obj: User_New_Base, + x_account_id: str = Header(...), + return_obj: bool = True, + by_alias: bool = True, + exclude_unset: bool = True, + ): + log.setLevel(logging.WARNING) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.debug(locals()) + + user_data = user_obj.dict(by_alias=False, exclude_unset=False, exclude={'new_password', 'account_id_random'}) + + log.info('Checking if the username is already in use for the account...') + sql_select_user = f""" + SELECT * + FROM `user` AS user + WHERE user.account_id = :account_id and user.username = :username + """ + + if sql_select_result := sql_select(sql=sql_select_user, data=user_data): + return mk_resp(data=False, status_message='The user account was not created. This is likely because of a duplicate username.') + + log.info('Adding new user account...') + if sql_insert_result := sql_insert(table_name='user', data=user_data): + log.info('Selecting new user account to return as an object...') + sql_select_user_result = sql_select(table_name='v_user', record_id=sql_insert_result) + + user_obj_new = User_Out_Base(**sql_select_user_result) + + return mk_resp(data=user_obj_new.dict(by_alias=True, exclude_unset=True)) + else: + return mk_resp(data=False, status_message='The user account was not created. Something seems to have gone wrong on insert.') + + @router.patch('/{obj_id}', response_model=Resp_Body_Base) async def patch_user_obj( obj_id: str = Query(..., min_length=1, max_length=22), @@ -158,6 +194,139 @@ async def get_user_obj_li( return result +# Look up is only for account or person records +@router.get('/lookup', response_model=Resp_Body_Base) +async def lookup_user_obj( + for_obj_id: Union[int,str], + for_obj_type: str = Query(..., min_length=2, max_length=50), + x_account_id: str = Header(...), + inc_contact: bool = False, + inc_organization: bool = False, + inc_person: bool = False, + by_alias: bool = True, + exclude_unset: bool = True, + ): + log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.debug(locals()) + + obj_type = 'user' + base_name = User_Out_Base + + if for_obj_id := redis_lookup_id_random(record_id_random=for_obj_id, table_name=for_obj_type): pass + else: return mk_resp(data=False, status_code=404) # Not Found + log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + + data = {} + as_list = False + if for_obj_type == 'account' and for_obj_id: + data['account_id'] = for_obj_id + sql_where_for_obj_type = """`user`.account_id = :account_id""" + sql_limit = '' + as_list = True + elif for_obj_type == 'person' and for_obj_id: + data['person_id'] = for_obj_id + sql_where_for_obj_type = """`user`.person_id = :person_id""" + sql_limit = 'LIMIT 1' + else: + log.debug(f'Object type={for_obj_type}; Object ID={for_obj_id}') + return mk_resp(data=False, status_code=400) # Bad Request + + sql = f""" + SELECT id AS 'user_id', id_random AS 'user_id_random' + FROM `user` AS `user` + WHERE {sql_where_for_obj_type} + {sql_limit} + """ + + # This will return a list if selecting by account ID + user_obj_result = sql_select(data=data, sql=sql, as_list=as_list) + if isinstance(user_obj_result, dict): + user_id = user_obj_result.get('user_id', None) + user_obj = load_user_obj( + user_id=user_id, + inc_contact=inc_contact, + inc_organization=inc_organization, + inc_person=inc_person + ).dict(by_alias=by_alias, exclude_unset=exclude_unset) + data = user_obj + elif isinstance(user_obj_result, list): + user_obj_li = [] + for user_obj in user_obj_result: + user_id = user_obj.get('user_id', None) + user_obj_li.append( + load_user_obj( + user_id=user_id, + inc_contact=inc_contact, + inc_organization=inc_organization, + inc_person=inc_person, + ).dict(by_alias=by_alias, exclude_unset=exclude_unset) + ) + data = user_obj_li + else: + log.debug(user_obj_result) + return mk_resp(data=None, status_code=404) # Not Found + return mk_resp(data=data) + + +# Look up is only for account or person records +@router.get('/lookup_username', response_model=Resp_Body_Base) +async def lookup_username_obj( + account_id: Union[int,str], + username: str = Query(..., min_length=2, max_length=50), + x_account_id: str = Header(...), + inc_contact: bool = False, + inc_organization: bool = False, + inc_person: bool = False, + by_alias: bool = True, + exclude_unset: bool = True, + ): + log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + log.debug(locals()) + + if account_id := redis_lookup_id_random(record_id_random=account_id, table_name='account'): pass + else: return mk_resp(data=False, status_code=404) # Not Found + log.setLevel(logging.DEBUG) # DEBUG, INFO, WARNING, ERROR, EXCEPTION, CRITICAL + + data = {} + data['account_id'] = account_id + data['username'] = username + + sql = f""" + SELECT id AS 'user_id', id_random AS 'user_id_random' + FROM `user` AS `user` + WHERE `user`.account_id = :account_id AND `user`.username = :username + """ + + # This will return a list if selecting by account ID + user_obj_result = sql_select(data=data, sql=sql) + if isinstance(user_obj_result, dict): + user_id = user_obj_result.get('user_id', None) + user_obj = load_user_obj( + user_id=user_id, + inc_contact=inc_contact, + inc_organization=inc_organization, + inc_person=inc_person + ).dict(by_alias=by_alias, exclude_unset=exclude_unset) + data = user_obj + elif isinstance(user_obj_result, list): + user_obj_li = [] + for user_obj in user_obj_result: + user_id = user_obj.get('user_id', None) + user_obj_li.append( + load_user_obj( + user_id=user_id, + inc_contact=inc_contact, + inc_organization=inc_organization, + inc_person=inc_person, + ).dict(by_alias=by_alias, exclude_unset=exclude_unset) + ) + data = user_obj_li + else: + log.debug(user_obj_result) + return mk_resp(data=None, status_code=404) # Not Found + return mk_resp(data=data) + + @router.get('/{obj_id}', response_model=Resp_Body_Base) async def get_user_obj( obj_id: str = Query(..., min_length=1, max_length=22),