Merge branch 'main' into refac/auth-middleware

2023-12-29 12:45:46 -05:00 · 2023-12-29 12:45:46 -05:00 · 39b8e4430e
commit 39b8e4430e
parent a01b112f7f 3ae1a5b14d
13 changed files with 383 additions and 30 deletions
--- a/backend/apps/web/models/auths.py
+++ b/backend/apps/web/models/auths.py
@ -64,6 +64,11 @@ class SigninForm(BaseModel):
    password: str


+class UpdatePasswordForm(BaseModel):
+    password: str
+    new_password: str
+
+
 class SignupForm(BaseModel):
    name: str
    email: str
@ -109,5 +114,30 @@ class AuthsTable:
        except:
            return None

+    def update_user_password_by_id(self, id: str, new_password: str) -> bool:
+        try:
+            query = Auth.update(password=new_password).where(Auth.id == id)
+            result = query.execute()
+
+            return True if result == 1 else False
+        except:
+            return False
+
+    def delete_auth_by_id(self, id: str) -> bool:
+        try:
+            # Delete User
+            result = Users.delete_user_by_id(id)
+
+            if result:
+                # Delete Auth
+                query = Auth.delete().where(Auth.id == id)
+                query.execute()  # Remove the rows, return number of rows removed.
+
+                return True
+            else:
+                return False
+        except:
+            return False
+

 Auths = AuthsTable(DB)
--- a/backend/apps/web/models/chats.py
+++ b/backend/apps/web/models/chats.py
@ -153,5 +153,14 @@ class ChatTable:
        except:
            return False

+    def delete_chats_by_user_id(self, user_id: str) -> bool:
+        try:
+            query = Chat.delete().where(Chat.user_id == user_id)
+            query.execute()  # Remove the rows, return number of rows removed.
+
+            return True
+        except:
+            return False
+

 Chats = ChatTable(DB)
--- a/backend/apps/web/models/users.py
+++ b/backend/apps/web/models/users.py
@ -8,6 +8,8 @@ from utils.utils import decode_token
 from utils.misc import get_gravatar_url

 from apps.web.internal.db import DB
+from apps.web.models.chats import Chats
+

 ####################
 # User DB Schema
@ -110,5 +112,21 @@ class UsersTable:
        except:
            return None

+    def delete_user_by_id(self, id: str) -> bool:
+        try:
+            # Delete User Chats
+            result = Chats.delete_chats_by_user_id(id)
+
+            if result:
+                # Delete User
+                query = User.delete().where(User.id == id)
+                query.execute()  # Remove the rows, return number of rows removed.
+
+                return True
+            else:
+                return False
+        except:
+            return False
+

 Users = UsersTable(DB)
--- a/backend/apps/web/routers/auths.py
+++ b/backend/apps/web/routers/auths.py
@ -11,6 +11,7 @@ import uuid
 from apps.web.models.auths import (
    SigninForm,
    SignupForm,
+    UpdatePasswordForm,
    UserResponse,
    SigninResponse,
    Auths,
@ -53,6 +54,28 @@ async def get_session_user(cred=Depends(bearer_scheme)):
        )


+############################
+# Update Password
+############################
+
+
+@router.post("/update/password", response_model=bool)
+async def update_password(form_data: UpdatePasswordForm, cred=Depends(bearer_scheme)):
+    token = cred.credentials
+    session_user = Users.get_user_by_token(token)
+
+    if session_user:
+        user = Auths.authenticate_user(session_user.email, form_data.password)
+
+        if user:
+            hashed = get_password_hash(form_data.new_password)
+            return Auths.update_user_password_by_id(user.id, hashed)
+        else:
+            raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_PASSWORD)
+    else:
+        raise HTTPException(400, detail=ERROR_MESSAGES.INVALID_CRED)
+
+
 ############################
 # SignIn
 ############################
--- a/backend/apps/web/routers/users.py
+++ b/backend/apps/web/routers/users.py
@ -9,6 +9,8 @@ import time
 import uuid

 from apps.web.models.users import UserModel, UserRoleUpdateForm, Users
+from apps.web.models.auths import Auths
+

 from utils.utils import (
    get_password_hash,
@ -73,3 +75,42 @@ async def update_user_role(form_data: UserRoleUpdateForm, cred=Depends(bearer_sc
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=ERROR_MESSAGES.INVALID_TOKEN,
        )
+
+
+############################
+# DeleteUserById
+############################
+
+
+@router.delete("/{user_id}", response_model=bool)
+async def delete_user_by_id(user_id: str, cred=Depends(bearer_scheme)):
+    token = cred.credentials
+    user = Users.get_user_by_token(token)
+
+    if user:
+        if user.role == "admin":
+            if user.id != user_id:
+                result = Auths.delete_auth_by_id(user_id)
+
+                if result:
+                    return True
+                else:
+                    raise HTTPException(
+                        status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                        detail=ERROR_MESSAGES.DELETE_USER_ERROR,
+                    )
+            else:
+                raise HTTPException(
+                    status_code=status.HTTP_403_FORBIDDEN,
+                    detail=ERROR_MESSAGES.ACTION_PROHIBITED,
+                )
+        else:
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=ERROR_MESSAGES.ACCESS_PROHIBITED,
+            )
+    else:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail=ERROR_MESSAGES.INVALID_TOKEN,
+        )