From ffe9e7104ba83b73d78d66de2d29ad4ace6de2da Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Thu, 30 May 2024 16:13:04 -0500 Subject: Provide endpoint for verification and do verification --- gn_auth/auth/authorisation/users/views.py | 54 ++++++++++++++++++++++++++++-- gn_auth/auth/errors.py | 3 ++ gn_auth/templates/emails/verify-email.html | 27 +++------------ gn_auth/templates/emails/verify-email.txt | 2 +- 4 files changed, 60 insertions(+), 26 deletions(-) (limited to 'gn_auth') diff --git a/gn_auth/auth/authorisation/users/views.py b/gn_auth/auth/authorisation/users/views.py index 8919a6d..638f0df 100644 --- a/gn_auth/auth/authorisation/users/views.py +++ b/gn_auth/auth/authorisation/users/views.py @@ -25,11 +25,16 @@ from gn_auth.auth.authorisation.resources.models import ( user_resources as _user_resources) from gn_auth.auth.authorisation.roles.models import ( assign_default_roles, user_roles as _user_roles) -from gn_auth.auth.errors import ( - NotFoundError, UsernameError, PasswordError, UserRegistrationError) from gn_auth.auth.authorisation.resources.groups.models import ( user_group as _user_group) +from gn_auth.auth.errors import ( + NotFoundError, + UsernameError, + PasswordError, + UserVerificationError, + UserRegistrationError) + from gn_auth.auth.authentication.oauth2.resource_server import require_oauth from gn_auth.auth.authentication.users import User, save_user, set_user_password from gn_auth.auth.authentication.oauth2.models.oauth2token import ( @@ -169,6 +174,51 @@ def register_user() -> Response: raise Exception( "unknown_error", "The system experienced an unexpected error.") +def delete_verification_code(cursor, code: str): + """Delete verification code from db.""" + cursor.execute("DELETE FROM user_verification_codes " + "WHERE code=:code", + {"code": code}) + +@users.route("/verify", methods=["GET", "POST"]) +def verify_user(): + """Verify users are not bots.""" + code = request.args.get("verificationcode", + request.form.get("verificationcode", + "nosuchcode")) + with (db.connection(current_app.config["AUTH_DB"]) as conn, + db.cursor(conn) as cursor): + cursor.execute("SELECT * FROM user_verification_codes " + "WHERE code=:code", + {"code": code}) + results = tuple(dict(row) for row in cursor.fetchall()) + + if not bool(results): + raise UserVerificationError( + "Invalid verification code: code not found.") + + if len(results) > 1: + delete_verification_code(cursor, code) + raise UserVerificationError( + "Invalid verification code: code is duplicated.") + + results = results[0] + if (datetime.datetime.fromtimestamp( + int(results["expires"])) < datetime.datetime.now()): + delete_verification_code(cursor, code) + raise UserVerificationError( + "Invalid verification code: code has expired.") + + # Code is good! + delete_verification_code(cursor, code) + cursor.execute("UPDATE users SET verified=1 WHERE user_id=:user_id", + {"user_id": results["user_id"]}) + return jsonify({ + "status": "success", + "message": "User verification successful!" + }) + + @users.route("/group", methods=["GET"]) @require_oauth("profile group") def user_group() -> Response: diff --git a/gn_auth/auth/errors.py b/gn_auth/auth/errors.py index 60d6a22..77b73aa 100644 --- a/gn_auth/auth/errors.py +++ b/gn_auth/auth/errors.py @@ -15,6 +15,9 @@ class ForbiddenAccess(AuthorisationError): class UserRegistrationError(AuthorisationError): """Raised whenever a user registration fails""" +class UserVerificationError(UserRegistrationError): + """Raised when verification of a user fails.""" + class NotFoundError(AuthorisationError): """Raised whenever we try fetching (a/an) object(s) that do(es) not exist.""" error_code: int = 404 diff --git a/gn_auth/templates/emails/verify-email.html b/gn_auth/templates/emails/verify-email.html index 08f1dfe..bc475c9 100644 --- a/gn_auth/templates/emails/verify-email.html +++ b/gn_auth/templates/emails/verify-email.html @@ -2,25 +2,6 @@ {{subject}} -

Thank you for registering an account with GeneNetwork.

@@ -28,8 +9,8 @@

To avoid bots, we need to verify that you are an actual human. To do so, please - + Click here .

@@ -38,10 +19,10 @@ If that does not work, please log in to GeneNetwork and copy the verification code below when requested:

- {{verification_code}} + {{verification_code}}

-

+

Please note that the verification code will expire in {{expiration_minutes}} minutes after it was generated.

diff --git a/gn_auth/templates/emails/verify-email.txt b/gn_auth/templates/emails/verify-email.txt index 92a6435..7a39fea 100644 --- a/gn_auth/templates/emails/verify-email.txt +++ b/gn_auth/templates/emails/verify-email.txt @@ -3,7 +3,7 @@ Thank you for registering an account with GeneNetwork. -To avoid bots, we need to verify that you are an actual human. To do so, please go to "{{verification_uri}}/{{verification_code}}". +To avoid bots, we need to verify that you are an actual human. To do so, please go to "{{verification_uri}}?verificationcode={{verification_code}}". If that does not work, please log in to GeneNetwork and copy the verification code below when requested: -- cgit v1.2.3