python/fastapi-users
1
0
Fork 0
mirror of https://github.com/fastapi-users/fastapi-users.git synced 2025-08-14 18:58:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
fastapi-users/fastapi_users/router/verify.py
François Voron ef4a54c204 Allow lifetime_seconds to be None to get session cookies
2021-03-19 18:19:58 +01:00

128 lines
4.0 KiB
Python
Raw Blame History

from typing import Callable, Optional, Type, cast
import jwt
from fastapi import APIRouter, Body, HTTPException, Request, status
from pydantic import UUID4, EmailStr
from fastapi_users import models
from fastapi_users.router.common import ErrorCode, run_handler
from fastapi_users.user import (
GetUserProtocol,
UserAlreadyVerified,
UserNotExists,
VerifyUserProtocol,
)
from fastapi_users.utils import JWT_ALGORITHM, generate_jwt
VERIFY_USER_TOKEN_AUDIENCE = "fastapi-users:verify"
def get_verify_router(
verify_user: VerifyUserProtocol,
get_user: GetUserProtocol,
user_model: Type[models.BaseUser],
verification_token_secret: str,
verification_token_lifetime_seconds: int = 3600,
after_verification_request: Optional[
Callable[[models.UD, str, Request], None]
] = None,
after_verification: Optional[Callable[[models.UD, Request], None]] = None,
):
router = APIRouter()
@router.post("/request-verify-token", status_code=status.HTTP_202_ACCEPTED)
async def request_verify_token(
request: Request, email: EmailStr = Body(..., embed=True)
):
try:
user = await get_user(email)
if user.is_verified:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ErrorCode.VERIFY_USER_ALREADY_VERIFIED,
)
elif user.is_active:
token_data = {
"user_id": str(user.id),
"email": email,
"aud": VERIFY_USER_TOKEN_AUDIENCE,
}
token = generate_jwt(
token_data,
verification_token_secret,
verification_token_lifetime_seconds,
)
if after_verification_request:
await run_handler(after_verification_request, user, token, request)
except UserNotExists:
pass
return None
@router.post("/verify", response_model=user_model)
async def verify(request: Request, token: str = Body(..., embed=True)):
try:
data = jwt.decode(
token,
verification_token_secret,
audience=VERIFY_USER_TOKEN_AUDIENCE,
algorithms=[JWT_ALGORITHM],
)
except jwt.exceptions.ExpiredSignatureError:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ErrorCode.VERIFY_USER_TOKEN_EXPIRED,
)
except jwt.PyJWTError:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ErrorCode.VERIFY_USER_BAD_TOKEN,
)
user_id = data.get("user_id")
email = cast(EmailStr, data.get("email"))
if user_id is None:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ErrorCode.VERIFY_USER_BAD_TOKEN,
)
try:
user_check = await get_user(email)
except UserNotExists:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ErrorCode.VERIFY_USER_BAD_TOKEN,
)
try:
user_uuid = UUID4(user_id)
except ValueError:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ErrorCode.VERIFY_USER_BAD_TOKEN,
)
if user_check.id != user_uuid:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ErrorCode.VERIFY_USER_BAD_TOKEN,
)
try:
user = await verify_user(user_check)
except UserAlreadyVerified:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=ErrorCode.VERIFY_USER_ALREADY_VERIFIED,
)
if after_verification:
await run_handler(after_verification, user, request)
return user
return router
Reference in New Issue View Git Blame Copy Permalink