diff --git a/apps/id.saladeaula.digital/app/routes.ts b/apps/id.saladeaula.digital/app/routes.ts
index d537c36..cedc2be 100644
--- a/apps/id.saladeaula.digital/app/routes.ts
+++ b/apps/id.saladeaula.digital/app/routes.ts
@@ -8,11 +8,12 @@ import {
export default [
layout('routes/layout.tsx', [
index('routes/index.tsx'),
+ route('/reset/:code', 'routes/reset.tsx'),
+ route('/forgot', 'routes/forgot.tsx'),
+ route('/deny', 'routes/deny.tsx'),
layout('routes/register/layout.tsx', [
route('/register', 'routes/register/index.tsx')
- ]),
- route('/forgot', 'routes/forgot.tsx'),
- route('/deny', 'routes/deny.tsx')
+ ])
]),
route('/authorize', 'routes/authorize.ts'),
route('/*', 'routes/upstream.ts')
diff --git a/id.saladeaula.digital/app/events/send_forgot_email.py b/id.saladeaula.digital/app/events/send_forgot_email.py
index 650bf08..18c4ee0 100644
--- a/id.saladeaula.digital/app/events/send_forgot_email.py
+++ b/id.saladeaula.digital/app/events/send_forgot_email.py
@@ -1,3 +1,6 @@
+import base64
+import json
+
from aws_lambda_powertools import Logger
from aws_lambda_powertools.utilities.data_classes import (
EventBridgeEvent,
@@ -17,7 +20,7 @@ Oi {first_name}, tudo bem?
Recebemos sua solicitação para redefinir sua senha na EDUSEG®.
Para continuar, é só clicar no link abaixo:
-
+
👉 Clique aqui para redefinir sua senha
@@ -40,6 +43,14 @@ def lambda_handler(event: EventBridgeEvent, context: LambdaContext) -> bool:
first_name = first_word(new_image['name'])
# Key pattern `CODE#{code}`
*_, code = new_image['sk'].split('#')
+ token = base64.urlsafe_b64encode(
+ json.dumps(
+ {
+ 'user_id': new_image['user_id'],
+ 'code': code,
+ }
+ ).encode()
+ ).decode()
emailmsg = Message(
from_=EMAIL_SENDER,
@@ -51,7 +62,7 @@ def lambda_handler(event: EventBridgeEvent, context: LambdaContext) -> bool:
emailmsg.add_alternative(
MESSAGE.format(
first_name=first_name,
- code=code,
+ token=token,
)
)
diff --git a/id.saladeaula.digital/app/routes/authentication.py b/id.saladeaula.digital/app/routes/authentication.py
index b633d61..bd62c85 100644
--- a/id.saladeaula.digital/app/routes/authentication.py
+++ b/id.saladeaula.digital/app/routes/authentication.py
@@ -2,9 +2,7 @@ from http import HTTPStatus
from typing import Annotated
from uuid import uuid4
-from aws_lambda_powertools.event_handler import (
- Response,
-)
+from aws_lambda_powertools.event_handler import Response
from aws_lambda_powertools.event_handler.api_gateway import Router
from aws_lambda_powertools.event_handler.exceptions import (
NotFoundError,
@@ -59,18 +57,22 @@ def authentication(
return Response(
status_code=HTTPStatus.OK,
cookies=[
- Cookie(
- name='SID',
- value=new_session(user_id),
- http_only=True,
- secure=True,
- same_site=None,
- max_age=SESSION_EXPIRES_IN,
- )
+ cookie(user_id),
],
)
+def cookie(user_id: str) -> Cookie:
+ return Cookie(
+ name='SID',
+ value=new_session(user_id),
+ http_only=True,
+ secure=True,
+ same_site=None,
+ max_age=SESSION_EXPIRES_IN,
+ )
+
+
def _get_user(username: str) -> tuple[str, str | None]:
sk = SortKey(username, path_spec='user_id')
user = dyn.collection.get_items(
diff --git a/id.saladeaula.digital/app/routes/register.py b/id.saladeaula.digital/app/routes/register.py
index 09adcac..6212d4f 100644
--- a/id.saladeaula.digital/app/routes/register.py
+++ b/id.saladeaula.digital/app/routes/register.py
@@ -16,9 +16,9 @@ from passlib.hash import pbkdf2_sha256
from pydantic import UUID4, EmailStr
from boto3clients import dynamodb_client
-from config import SESSION_EXPIRES_IN, USER_TABLE
+from config import USER_TABLE
-from .authentication import new_session
+from .authentication import cookie
router = Router()
dyn = DynamoDBPersistenceLayer(USER_TABLE, dynamodb_client)
@@ -74,7 +74,7 @@ def register(
compress=True,
body=asdict(new_user),
cookies=[
- _cookie(existing['id']),
+ cookie(existing['id']),
],
)
@@ -86,22 +86,11 @@ def register(
compress=True,
body=asdict(new_user),
cookies=[
- _cookie(new_user.id),
+ cookie(new_user.id),
],
)
-def _cookie(user_id: str) -> Cookie:
- return Cookie(
- name='SID',
- value=new_session(user_id),
- http_only=True,
- secure=True,
- same_site=None,
- max_age=SESSION_EXPIRES_IN,
- )
-
-
def _create_user(*, user: User, password: str):
now_ = now()
diff --git a/id.saladeaula.digital/app/routes/reset.py b/id.saladeaula.digital/app/routes/reset.py
index 7d7dbec..49c5279 100644
--- a/id.saladeaula.digital/app/routes/reset.py
+++ b/id.saladeaula.digital/app/routes/reset.py
@@ -1,14 +1,75 @@
+import base64
+import json
+from http import HTTPStatus
from typing import Annotated
+from aws_lambda_powertools.event_handler import Response
from aws_lambda_powertools.event_handler.api_gateway import Router
+from aws_lambda_powertools.event_handler.exceptions import (
+ BadRequestError,
+ ServiceError,
+)
from aws_lambda_powertools.event_handler.openapi.params import Body, Path
+from layercake.dateutils import now
+from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
+from passlib.hash import pbkdf2_sha256
+
+from boto3clients import dynamodb_client
+from config import USER_TABLE
+
+from .authentication import UserNotFoundError, cookie
router = Router()
+dyn = DynamoDBPersistenceLayer(USER_TABLE, dynamodb_client)
-@router.post('/reset')
+class GoneError(ServiceError):
+ def __init__(self, msg: str | dict):
+ super().__init__(HTTPStatus.GONE, msg)
+
+
+class InvalidCodeError(GoneError): ...
+
+
+@router.post('/reset/')
def reset(
new_password: Annotated[str, Body(min_length=6, embed=True)],
- code: Annotated[str, Path],
+ token: Annotated[str, Path],
):
- return {}
+ try:
+ decoded_data = json.loads(base64.urlsafe_b64decode(token))
+ user_id, code = decoded_data['user_id'], decoded_data['code']
+ except Exception as exc:
+ raise BadRequestError(str(exc))
+
+ with dyn.transact_writer() as transact:
+ transact.condition(
+ key=KeyPair(user_id, '0'),
+ cond_expr='attribute_exists(sk)',
+ exc_cls=UserNotFoundError,
+ )
+ transact.delete(
+ key=KeyPair('PASSWORD_RESET', f'CODE#{code}'),
+ cond_expr='attribute_exists(sk)',
+ exc_cls=InvalidCodeError,
+ )
+ transact.delete(
+ key=KeyPair('PASSWORD_RESET', f'USER#{user_id}'),
+ cond_expr='attribute_exists(sk)',
+ exc_cls=InvalidCodeError,
+ )
+ transact.put(
+ item={
+ 'id': user_id,
+ 'sk': 'PASSWORD',
+ 'hash': pbkdf2_sha256.hash(new_password),
+ 'created_at': now(),
+ }
+ )
+
+ return Response(
+ status_code=HTTPStatus.OK,
+ cookies=[
+ cookie(user_id),
+ ],
+ )
diff --git a/id.saladeaula.digital/template.yaml b/id.saladeaula.digital/template.yaml
index 5e363ad..fec01d4 100644
--- a/id.saladeaula.digital/template.yaml
+++ b/id.saladeaula.digital/template.yaml
@@ -53,7 +53,7 @@ Resources:
LogGroup: !Ref HttpLog
Policies:
- DynamoDBCrudPolicy:
- TableName: !Ref OAuth2Table
+ TableName: !Ref UserTable
- Version: 2012-10-17
Statement:
- Effect: Allow
diff --git a/id.saladeaula.digital/tests/events/test_send_forgot_email.py b/id.saladeaula.digital/tests/events/test_send_forgot_email.py
index 4782557..2d824f9 100644
--- a/id.saladeaula.digital/tests/events/test_send_forgot_email.py
+++ b/id.saladeaula.digital/tests/events/test_send_forgot_email.py
@@ -10,9 +10,10 @@ def test_send_forgot_email(monkeypatch, lambda_context: LambdaContext):
'detail': {
'new_image': {
'id': 'PASSWORD_RESET',
- 'sk': 'CODE#123',
+ 'sk': 'CODE#820b3cbc-e2e2-440e-9cec-7958725e8f52',
'name': 'Sérgio R Siqueira',
'email': 'sergio@somosbeta.com.br',
+ 'user_id': '6c992e55-f483-44ce-a940-5394c3e00645',
}
}
}
diff --git a/id.saladeaula.digital/tests/routes/test_reset.py b/id.saladeaula.digital/tests/routes/test_reset.py
new file mode 100644
index 0000000..5850b61
--- /dev/null
+++ b/id.saladeaula.digital/tests/routes/test_reset.py
@@ -0,0 +1,24 @@
+from http import HTTPMethod, HTTPStatus
+
+from layercake.dynamodb import DynamoDBPersistenceLayer
+
+from ..conftest import HttpApiProxy, LambdaContext
+
+
+def test_reset(
+ app,
+ seeds,
+ dynamodb_persistence_layer: DynamoDBPersistenceLayer,
+ http_api_proxy: HttpApiProxy,
+ lambda_context: LambdaContext,
+):
+ r = app.lambda_handler(
+ http_api_proxy(
+ raw_path='/reset/eyJ1c2VyX2lkIjogIjZjOTkyZTU1LWY0ODMtNDRjZS1hOTQwLTUzOTRjM2UwMDY0NSIsICJjb2RlIjogIjgyMGIzY2JjLWUyZTItNDQwZS05Y2VjLTc5NTg3MjVlOGY1MiJ9',
+ method=HTTPMethod.POST,
+ body={'new_password': '123@56'},
+ ),
+ lambda_context,
+ )
+
+ assert r['statusCode'] == HTTPStatus.OK
diff --git a/id.saladeaula.digital/tests/seeds.jsonl b/id.saladeaula.digital/tests/seeds.jsonl
index d7f32e5..5d138d1 100644
--- a/id.saladeaula.digital/tests/seeds.jsonl
+++ b/id.saladeaula.digital/tests/seeds.jsonl
@@ -28,3 +28,7 @@
{"id": "email", "sk": "sergio@somosbeta.com.br", "user_id": "357db1c5-7442-4075-98a3-fbe5c938a419"}
{"id": "email", "sk": "osergiosiqueira@gmail.com", "user_id": "357db1c5-7442-4075-98a3-fbe5c938a419"}
{"id": "cpf", "sk": "07879819908", "user_id": "357db1c5-7442-4075-98a3-fbe5c938a419"}
+
+{"id": "6c992e55-f483-44ce-a940-5394c3e00645", "sk": "0", "name": "Sérgio R Siqueira"}
+{"id": "PASSWORD_RESET", "sk": "USER#6c992e55-f483-44ce-a940-5394c3e00645"}
+{"id": "PASSWORD_RESET", "sk": "CODE#820b3cbc-e2e2-440e-9cec-7958725e8f52"}