Add email confirmation feature and endpoints

2018-10-10 20:54:38 +02:00 · 2018-10-10 20:54:38 +02:00 · bf681f4568
parent 79b4a23c4c
commit bf681f4568
13 changed files with 135 additions and 12 deletions
--- a/.env
+++ b/.env
@ -3,3 +3,6 @@ REDIS_URL=redis://localhost:6379
 CELERY_TASK_SERIALIZER=json
 DEBUG=True
 MQTT_CLIENT=local
 APP_MAIL_USERNAME=final.iot.backend.mailer@gmail.com
 APP_MAIL_PASSWORD=FinalIoT1234
 FLASK_ENV=development
--- a/app/accounts/api.py
+++ b/app/accounts/api.py
@ -1,5 +1,7 @@
 import datetime
 from app.core import bcrypt
 from .models import Account, Role
 from .emailtoken import generate_confirmation_token, confirm_token
 def create_account(username, email, password):
@ -12,19 +14,36 @@ def create_account(username, email, password):
    :type username: string
    :type email: string
    :type password: string
-    :returns: True if account is successfully created
+    :returns: Email confirmation token if creation was successful
-    :rtype: Boolean
+    :rtype: string
    :raises: ValueError if account already exists
    """
    if not Account.exists_with_any_of(username=username, email=email):
        pw_hash = bcrypt.generate_password_hash(password).decode('utf-8')
        account = Account(username, pw_hash, email)
        account.save()
-        return True
+
        emailtoken = generate_confirmation_token(account.email)
        return emailtoken
    raise ValueError("Account with given parameters already exists")
 def confirm_email_token(token):
    try:
        email = confirm_token(token)
    except Exception:
        return False
    user = Account.query.filter_by(email=email).first_or_404()
    if user.confirmed:
        return True
    else:
        user.confirmed = True
        user.confirmed_on = datetime.datetime.now()
        user.save()
        return True
 def update_account_role(account_id, role_id):
    """
    Tries to update account role
@ -99,6 +118,10 @@ def create_token(username, password):
    if not bcrypt.check_password_hash(account.password, password):
        raise ValueError("Invalid credentials")
    if not account.confirmed:
        print('ACCOUNT NOT CONFIRMED?')
        raise ValueError("Email not confirmed")
    return account.create_auth_token()
--- a/app/accounts/email.py
+++ b/app/accounts/email.py
@ -0,0 +1,10 @@
 from flask_mail import Message
 def send_email(mailmanager, to, subject, template):
    msg = Message(
        subject,
        recipients=[to],
        html=template
    )
    mailmanager.send(msg)
--- a/app/accounts/emailtoken.py
+++ b/app/accounts/emailtoken.py
@ -0,0 +1,21 @@
 from itsdangerous import URLSafeTimedSerializer
 from app.core import app
 def generate_confirmation_token(email):
    serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])
    return serializer.dumps(email, salt=app.config['SECURITY_PASSWORD_SALT'])
 def confirm_token(token, expiration=3600):
    serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])
    try:
        email = serializer.loads(
            token,
            salt=app.config['SECURITY_PASSWORD_SALT'],
            max_age=expiration
        )
    except Exception:
        return False
    return email
--- a/app/accounts/tasks.py
+++ b/app/accounts/tasks.py
@ -0,0 +1,10 @@
 from app.celery_builder import task_builder
 from app.accounts.email import send_email
 from flask import current_app as app
 from flask_mail import Mail
@task_builder.task()
 def send_email_task(to, subject, template):
    mailmanager = Mail(app)
    send_email(mailmanager, to, subject, template)
--- a/app/api/blueprint.py
+++ b/app/api/blueprint.py
@ -12,7 +12,9 @@ def add_resources():
                                    AccountListResource,
                                    AccountRoleResource,
                                    RoleResource,
-                                    RolesResource)
+                                    RolesResource,
                                    AccountEmailTokenResource,
                                    AccountEmailTokenResendResource)
    from .resources.token import TokenResource, ValidateTokenResource
    from .resources.device import (DeviceResource,
                                   DeviceRecordingResource,
@ -25,6 +27,10 @@ def add_resources():
    api.add_resource(AccountResource, '/v1/accounts/<int:account_id>')
    api.add_resource(AccountListResource, '/v1/accounts')
    api.add_resource(AccountRoleResource, '/v1/accounts/<int:account_id>/role')
    api.add_resource(AccountEmailTokenResource,
                     '/v1/email/confirm/<string:token>')
    api.add_resource(AccountEmailTokenResendResource,
                     '/v1/email/resend')
    api.add_resource(RoleResource, '/v1/roles/<int:role_id>')
    api.add_resource(RolesResource, '/v1/roles')
    api.add_resource(TokenResource, '/v1/token')
--- a/app/api/resources/account.py
+++ b/app/api/resources/account.py
@ -1,9 +1,11 @@
 from flask_restful import Resource, abort
-from flask import g
+from flask import g, render_template
 from marshmallow import Schema, fields
 from webargs.flaskparser import use_args
 from flasgger import swag_from
 from app.api.blueprint import api
 import app.accounts.api as accounts
 from app.accounts.tasks import send_email_task
 from app.api.auth_protection import ProtectedResource
 from app.api.permission_protection import (requires_permission,
                                           valid_permissions)
@ -85,11 +87,34 @@ class AccountListResource(Resource):
    @swag_from('swagger/create_account_spec.yaml')
    def post(self, args):
        try:
-            success = accounts.create_account(
+            emailtoken = accounts.create_account(
                    args['username'],
                    args['email'],
                    args['password'])
-            if success:
+            confirm_url = api.url_for(
                    AccountEmailTokenResource,
                    token=emailtoken, _external=True)
            html = render_template(
                    'activate_mail.html',
                    confirm_url=confirm_url)
            send_email_task.delay(
                    args['email'],
                    'Please confirm your email',
                    html)
            return '', 201
        except ValueError:
            abort(422, message='Account already exists', status='error')
 class AccountEmailTokenResource(Resource):
    def get(self, token):
        success = accounts.confirm_email_token(token)
        if success:
            return '{"status": "success", \
                     "message": "Successfully confirmed email"}', 200
 class AccountEmailTokenResendResource(Resource):
    @use_args(UserSchema(), locations=('json',))
    def post(self, args):
        return '', 201
--- a/app/api/resources/token.py
+++ b/app/api/resources/token.py
@ -23,8 +23,8 @@ class TokenResource(Resource):
                    args['password'])
            if token:
                return {'status': 'success', 'token': token}, 200
-        except ValueError:
+        except ValueError, e:
-            abort(401, message='Invalid credentials', status='error')
+            abort(401, message=str(e), status='error')
 class ValidateTokenResource(ProtectedResource):
--- a/app/celery_builder.py
+++ b/app/celery_builder.py
@ -1,10 +1,10 @@
 # App initialization
 from flask import Flask
-from .tasks.celery_configurator import make_celery
+from app.tasks.celery_configurator import make_celery
 app = Flask(__name__, instance_relative_config=True)
 app.config.from_object('config')
 app.config.from_pyfile('config.py', silent=True)
 app.config['MQTT_CLIENT_ID'] = app.config['MQTT_CLIENT_ID'] + '-worker'
 task_builder = make_celery(app)
-task_builder.autodiscover_tasks(['app.devices'])
+task_builder.autodiscover_tasks(['app.devices', 'app.accounts'])
--- a/app/core.py
+++ b/app/core.py
@ -2,6 +2,7 @@
 from flask_api import FlaskAPI
 from flask_sqlalchemy import SQLAlchemy
 from flask_bcrypt import Bcrypt
 from flask_mail import Mail
 from flasgger import Swagger
 from flask_cors import CORS
 from .tasks import celery_configurator
@ -11,6 +12,7 @@ app.config.from_object('config')
 app.config.from_pyfile('config.py', silent=True)
 db = SQLAlchemy(app)
 bcrypt = Bcrypt(app)
 mail = Mail(app)
 swagger = Swagger(app, template_file='swagger/template.yaml')
 swagger.template['info']['version'] = app.config['APP_VERSION']
 CORS(app)
--- a/app/templates/activate_mail.html
+++ b/app/templates/activate_mail.html
@ -0,0 +1,4 @@
 <p>Welcome! Thanks for signing up. Please follow this link to activate your account:</p>
 <p><a href="{{ confirm_url }}">{{ confirm_url }}</a></p>
 <br>
 <p>Cheers!</p>
--- a/config.py
+++ b/config.py
@ -27,6 +27,7 @@ CSRF_SESSION_KEY = "secret"
 # Secret key for signing cookies
 SECRET_KEY = "?['Z(Z\x83Y \x06T\x12\x96<\xff\x12\xe0\x1b\xd1J\xe0\xd9ld"
 SECURITY_PASSWORD_SALT = "IyoZvOJb4feT3xKlYXyOJveHSIY4GDg6"
 # MQTT configuration
 MQTT_CLIENT_ID = 'final-iot-backend-server-' + os.environ['MQTT_CLIENT']
@ -40,6 +41,20 @@ MQTT_REFRESH_TIME = 1.0  # refresh time in seconds
 CELERY_BROKER_URL = os.environ['REDIS_URL']
 CELERY_RESULT_BACKEND = os.environ['REDIS_URL']
 # Mailer config
 MAIL_SERVER = 'smtp.googlemail.com'
 MAIL_PORT = 465
 MAIL_USE_TLS = False
 MAIL_USE_SSL = True
 MAIL_DEBUG = False
 # gmail authentication
 MAIL_USERNAME = os.environ['APP_MAIL_USERNAME']
 MAIL_PASSWORD = os.environ['APP_MAIL_PASSWORD']
 # mail accounts
 MAIL_DEFAULT_SENDER = 'final.iot.backend.mailer@gmail.com'
 # Flasgger config
 SWAGGER = {
    'uiversion': 3
--- a/requirements.txt
+++ b/requirements.txt
@ -1,8 +1,10 @@
 alembic==0.9.9
 amqp==2.3.2
 aniso8601==3.0.0
 apispec==0.39.0
 bcrypt==3.1.4
 billiard==3.5.0.4
 blinker==1.4
 celery==4.2.0
 cffi==1.11.5
 click==6.7
@ -11,11 +13,13 @@ Flask==1.0.2
 Flask-API==1.0
 Flask-Bcrypt==0.7.1
 Flask-Cors==3.0.4
 Flask-Mail==0.9.1
 Flask-Migrate==2.1.1
 Flask-MQTT==1.0.3
 Flask-RESTful==0.3.6
 Flask-Script==2.0.6
 Flask-SQLAlchemy==2.3.2
 functools32==3.2.3.post2
 gunicorn==19.8.1
 itsdangerous==0.24
 Jinja2==2.10