k)i1pdZddlZddlmZmZmZddlmZmZmZm Z ddl m Z m Z ddl mZddlmZmZmZddlmZdd lmZdd lmZdd lmZmZmZmZmZmZm Z m!Z!dd l"m#Z#dd l$m%Z%ddl&m'Z'ddl(m)Z)ddl*m+Z+dedede,deefdZ- d,dede.de,de,dededee,dee,dee,deefdZ/dede.de.fdZ0dede,de1fd Z2dede.fd!Z3 d-ded"edee,dee,deeee,ff d#Z4ded$edeeee,ffd%Z5dededeefd&Z6d'ede!fd(Z7ded)edeeee,ffd*Z8d.dedee.dee e,ffd+Z9y)/zE Authentication controller for handling auth-related business logic. N)datetime timedeltatimezone)DictOptionalTupleUnion) HTTPExceptionstatus)Session)selectand_update)EmailStr)User) AuthSession)LoginRequestSchemaLoginResponseSchemaRegisterRequestSchemaRegisterResponseSchemaRefreshTokenRequestSchemaAuthTokenSchemaLogoutResponseSchemaUserProfileSchema)UserCreateSchema) create_user) jwt_manager)verify_password)settingsdbemailpasswordreturncRttjtj|k(}t tdr.|jtj j d}|j|j}|syt||jsy|S)z Authenticate user by email and password. Args: db: Database session email: User's email address password: Plain text password Returns: User model if authentication successful, None otherwise deleted_atN) r rwherer!hasattrr%is_executescalar_one_or_nonerhashed_password)r r!r"stmtusers T/var/www/html/hwPaymentPortal-be-dev/hw-payment-portal-api/src/apps/auth/services.pyauthenticate_userr/ s $<  djjE1 2Dt\"zz$//--d34 ::d  . . 0D  8T%9%9 : Kuser_id access_token refresh_tokenaccess_token_expires_atrefresh_token_expires_at ip_address user_agent device_infoc  t||||||||dd } |j| |j|j| | S#t$r} |j Yd} ~ yd} ~ wwxYw)z$Create a new authentication session.TF) r1r2r3r4r5r6r7r8 is_active is_revokedN)raddcommitrefresh Exceptionrollback) r r1r2r3r4r5r6r7r8 auth_sessiones r.create_auth_sessionrC<st"%'$;%=!!#   |  <   sAA A.A))A.c tjtj}t t j tt j|k(t jdk(t jdk(jdd||}|j|}|j|jS#t$r|j!YywxYw)z&Revoke all active sessions for a user.TFr:r; revoked_at updated_atr)rnowrutcrrr&rr1r:r;valuesr)r=rowcountr?r@)r r1rHr,results r.revoke_all_user_sessionsrM`sll8<<( ;  U''72))T1**e3V  "D!   sB>CCCc tjtj}t t j tt j|k(t jdk(t jdk(jdd||}|j|}|j|jdkDS#t$r|j!YywxYw)z Revoke a specific session by access token. Args: db: Database session access_token: The access token to revoke Returns: True if session was revoked, False otherwise TFrEr)rrHrrIrrr&rr2r:r;rJr)r=rKr?r@)r r2rHr,rLs r.revoke_session_by_tokenrOsll8<<( ;  U,, <))T1**e3V  "D! ""  sCCC C c tjtj}t t j tt j|kt jdk(jd|}|j|}|j|jS#t$r|jYywxYw)z)Clean up expired authentication sessions.TF)r:rGr)rrHrrIrrr&rr4r:rJr)r=rKr?r@)r rHr,rLs r.cleanup_expired_sessionsrQsll8<<( ;  U77#=))T1 V D!   sB*B--C C  login_datac t||j|j}|sy|jsy|j|jt |dd|j |jt |dd|j|jt |ddd }d |i}d |i}ttj }ttj } tj||} tj || } t#j$t&j(|z} t#j$t&j(| z} t+||j| | | | || t#j$t&j(|_|j/t1d |j|j|j|j| | dtjdz }|dfS)a Login user with email and password. Args: db: Database session login_data: Login request data ip_address: Client IP address user_agent: Client user agent Returns: Tuple of login response and message )NzIncorrect email or password)Nz Inactive userusernameNphone is_superuserF r1r!rT first_name last_namerUr: is_verifiedrVr-minutes)days)r r1r2r3r4r5r6r7zAuthentication successfulbearer<) messager1r!r:rZr2r3 token_type expires_inzLogin successful)r/r!r"is_user_activeidgetattrrXrYr:rZrrjwt_expires_minutesjwt_refresh_expires_daysrcreate_access_tokencreate_refresh_tokenrrHrrIrC last_loginr=r)r rRr6r7r- user_data token_datarefresh_token_dataaccess_token_expiresrefresh_token_expiresr2r3access_expires_atrefresh_expires_atlogin_responses r. login_userrss& R!1!1:3F3F GD 2   $77D*d3oo^^w-^^''ne< I  J   %X-I-IJ%8+L+LM22:?STL445GI^_M! X\\25II!hll36KK !# 1!3 ll8<<0DOIIK)+jj..$$!#//"4 N - --r0 register_datac Bt|j|j|j|j|j dd}t |||j\}}|d|fStd|j|j|j|j}||fS)z Register a new user. Args: db: Database session register_data: Registration request data Returns: Tuple of registration response and message TF)r!rX middle_namerYrUr:rZNzRegistration successful)r`r1r!r:rZ) rr!rXrvrYrUrr"rrdr:rZ)r rtuser_create_datar-r`register_responses r. register_userry!s(!! ++!--))!! $4m6L6LMMD' |W}/)jj..$$  g %%r0cttjtj|k(}t tdr.|jtj j d}|j|jS)z Get user by email address. Args: db: Database session email: User's email address Returns: User model if found, None otherwise r%N) r rr&r!r'r%r(r)r*)r r!r,s r.get_user_by_emailr{Ls` $<  djjE1 2Dt\"zz$//--d34 ::d  . . 00r0r-c,tj|S)z Get current user profile information. Args: user: Current authenticated user Returns: User profile schema )rmodel_validate)r-s r.get_current_user_profiler~^s  + +D 11r0refresh_requestc  tj|j}|sy|jddk7ry|jd}|sy|jd}t t j t j|k(}|j|j}|r |jsy|j|jt|dd |j|jt|d d |j|j t|d d d }d|i}t#t$j&} tj(|| } t+| |jdt$j&dz} | dfS)z Refresh access token using refresh token. Args: db: Database session refresh_request: Refresh token request data Returns: Tuple of new tokens and message )NzInvalid refresh tokentyper>)NzInvalid token typer-r1)NzUser not found or inactiverTNrUrVFrWr[r^r_)r2r3rarbzToken refreshed successfully)r verify_tokenr3getr rr&rdr)r*rcr!rerXrYr:rZrrrfrhr) r rpayloadrkr1 user_stmtr-updated_user_datarlrnnew_access_tokentoken_responses r.refresh_access_tokenrksc&&'D'DEG ,{{6i') F#I ,mmI&Gt ""477g#56I ::i 3 3 5D t**177D*d3oo^^w-^^''ne<  !J%X-I-IJ"66zCWX%%%33//"4 N 9 99r0cLd}|r t||}td|}|d|dfS)z Logout user by revoking session(s). Args: db: Database session user_id: User ID to revoke all sessions Returns: Tuple of logout response and message rzLogout successful)r`logged_out_sessionsz Logged out z session(s))rMr)r r1sessions_revokedlogout_responses r. logout_userrsB3B@*#,O k*:);;G GGr0)NNN)NN)N):__doc__uuidrrrtypingrrrr fastapir r sqlalchemy.ormr sqlalchemyr rrpydantic.networksrsrc.apps.users.models.userr!src.apps.auth.models.auth_sessionr!src.apps.auth.schemas.auth_commonrrrrrrrr"src.apps.users.schemas.user_commonrsrc.apps.users.servicesrsrc.apps.auth.utils.jwtrsrc.core.utils.passwordrsrc.core.configrstrr/intrCrMboolrOrQrsryr{r~rrr0r.rs` 22//)"++&+9   @//3$'(chtnF!% $!%!! !! ! & ! ' ! ! !#!k!H33@&&s&t&RS@!% $ X.X."X. X. X.  8' (# -. X.v(&(&((& 8* +S 01(&V1'1(1x~1$ 24 2,= 2@:@:.@: 8O $c )*@:FHGHhsmHuEY[^E^?_Hr0