174 lines
5.6 KiB
Python
174 lines
5.6 KiB
Python
from datetime import datetime, timedelta
|
|
from typing import Any, Dict, Optional, Union
|
|
|
|
from sqlalchemy.orm import Session
|
|
|
|
from app.core.config import settings
|
|
from app.core.security import (
|
|
generate_password_reset_token,
|
|
generate_verification_token,
|
|
get_password_hash,
|
|
verify_password,
|
|
)
|
|
from app.crud.base import CRUDBase
|
|
from app.models.user import User
|
|
from app.schemas.user import UserCreate, UserUpdate
|
|
|
|
|
|
class CRUDUser(CRUDBase[User, UserCreate, UserUpdate]):
|
|
"""
|
|
CRUD operations for User model.
|
|
"""
|
|
def get_by_email(self, db: Session, *, email: str) -> Optional[User]:
|
|
"""
|
|
Get a user by email.
|
|
"""
|
|
return db.query(User).filter(User.email == email).first()
|
|
|
|
def get_by_verification_token(self, db: Session, *, token: str) -> Optional[User]:
|
|
"""
|
|
Get a user by verification token.
|
|
"""
|
|
return db.query(User).filter(
|
|
User.verification_token == token,
|
|
User.verification_token_expires > datetime.utcnow()
|
|
).first()
|
|
|
|
def get_by_password_reset_token(self, db: Session, *, token: str) -> Optional[User]:
|
|
"""
|
|
Get a user by password reset token.
|
|
"""
|
|
return db.query(User).filter(
|
|
User.password_reset_token == token,
|
|
User.password_reset_token_expires > datetime.utcnow()
|
|
).first()
|
|
|
|
def create(self, db: Session, *, obj_in: UserCreate) -> User:
|
|
"""
|
|
Create a new user.
|
|
"""
|
|
# Create verification token that expires in 48 hours
|
|
verification_token = generate_verification_token()
|
|
verification_token_expires = datetime.utcnow() + timedelta(
|
|
hours=settings.VERIFICATION_TOKEN_EXPIRE_HOURS
|
|
)
|
|
|
|
# Create the user
|
|
db_obj = User(
|
|
email=obj_in.email,
|
|
hashed_password=get_password_hash(obj_in.password),
|
|
full_name=obj_in.full_name,
|
|
is_superuser=obj_in.is_superuser,
|
|
is_active=obj_in.is_active,
|
|
is_verified=False, # New users are not verified by default
|
|
verification_token=verification_token,
|
|
verification_token_expires=verification_token_expires,
|
|
)
|
|
db.add(db_obj)
|
|
db.commit()
|
|
db.refresh(db_obj)
|
|
return db_obj
|
|
|
|
def update(
|
|
self, db: Session, *, db_obj: User, obj_in: Union[UserUpdate, Dict[str, Any]]
|
|
) -> User:
|
|
"""
|
|
Update a user.
|
|
"""
|
|
if isinstance(obj_in, dict):
|
|
update_data = obj_in
|
|
else:
|
|
update_data = obj_in.model_dump(exclude_unset=True)
|
|
|
|
if update_data.get("password"):
|
|
hashed_password = get_password_hash(update_data["password"])
|
|
del update_data["password"]
|
|
update_data["hashed_password"] = hashed_password
|
|
|
|
return super().update(db, db_obj=db_obj, obj_in=update_data)
|
|
|
|
def authenticate(self, db: Session, *, email: str, password: str) -> Optional[User]:
|
|
"""
|
|
Authenticate a user.
|
|
"""
|
|
user = self.get_by_email(db, email=email)
|
|
if not user:
|
|
return None
|
|
if not verify_password(password, user.hashed_password):
|
|
return None
|
|
return user
|
|
|
|
def is_active(self, user: User) -> bool:
|
|
"""
|
|
Check if a user is active.
|
|
"""
|
|
return user.is_active
|
|
|
|
def is_superuser(self, user: User) -> bool:
|
|
"""
|
|
Check if a user is a superuser.
|
|
"""
|
|
return user.is_superuser
|
|
|
|
def is_verified(self, user: User) -> bool:
|
|
"""
|
|
Check if a user has verified their email.
|
|
"""
|
|
return user.is_verified
|
|
|
|
def verify_email(self, db: Session, *, token: str) -> Optional[User]:
|
|
"""
|
|
Verify a user's email with the provided token.
|
|
"""
|
|
user = self.get_by_verification_token(db, token=token)
|
|
if not user:
|
|
return None
|
|
|
|
# Mark the user as verified and clear the token
|
|
user_data = {"is_verified": True, "verification_token": None, "verification_token_expires": None}
|
|
user_updated = super().update(db, db_obj=user, obj_in=user_data)
|
|
return user_updated
|
|
|
|
def create_password_reset_token(self, db: Session, *, email: str) -> Optional[str]:
|
|
"""
|
|
Create a password reset token for a user.
|
|
"""
|
|
user = self.get_by_email(db, email=email)
|
|
if not user:
|
|
return None
|
|
|
|
# Create a token that expires in 24 hours
|
|
reset_token = generate_password_reset_token()
|
|
reset_token_expires = datetime.utcnow() + timedelta(
|
|
hours=settings.PASSWORD_RESET_TOKEN_EXPIRE_HOURS
|
|
)
|
|
|
|
# Update the user with the reset token
|
|
user_data = {
|
|
"password_reset_token": reset_token,
|
|
"password_reset_token_expires": reset_token_expires
|
|
}
|
|
self.update(db, db_obj=user, obj_in=user_data)
|
|
|
|
return reset_token
|
|
|
|
def reset_password(self, db: Session, *, token: str, new_password: str) -> Optional[User]:
|
|
"""
|
|
Reset a user's password using a valid reset token.
|
|
"""
|
|
user = self.get_by_password_reset_token(db, token=token)
|
|
if not user:
|
|
return None
|
|
|
|
# Update the password and clear the token
|
|
user_data = {
|
|
"password": new_password,
|
|
"password_reset_token": None,
|
|
"password_reset_token_expires": None
|
|
}
|
|
user_updated = self.update(db, db_obj=user, obj_in=user_data)
|
|
return user_updated
|
|
|
|
|
|
# Create a singleton instance
|
|
user = CRUDUser(User) |