add reset password endpoint

2025-12-04 19:46:26 -03:00
parent d29ad3ceb6
commit b929c492c0
9 changed files with 129 additions and 36 deletions
--- a/id.saladeaula.digital/app/routes/authentication.py
+++ b/id.saladeaula.digital/app/routes/authentication.py
@@ -2,9 +2,7 @@ from http import HTTPStatus
 from typing import Annotated
 from uuid import uuid4

-from aws_lambda_powertools.event_handler import (
-    Response,
-)
+from aws_lambda_powertools.event_handler import Response
 from aws_lambda_powertools.event_handler.api_gateway import Router
 from aws_lambda_powertools.event_handler.exceptions import (
    NotFoundError,
@@ -59,18 +57,22 @@ def authentication(
    return Response(
        status_code=HTTPStatus.OK,
        cookies=[
-            Cookie(
-                name='SID',
-                value=new_session(user_id),
-                http_only=True,
-                secure=True,
-                same_site=None,
-                max_age=SESSION_EXPIRES_IN,
-            )
+            cookie(user_id),
        ],
    )


+def cookie(user_id: str) -> Cookie:
+    return Cookie(
+        name='SID',
+        value=new_session(user_id),
+        http_only=True,
+        secure=True,
+        same_site=None,
+        max_age=SESSION_EXPIRES_IN,
+    )
+
+
 def _get_user(username: str) -> tuple[str, str | None]:
    sk = SortKey(username, path_spec='user_id')
    user = dyn.collection.get_items(
--- a/id.saladeaula.digital/app/routes/register.py
+++ b/id.saladeaula.digital/app/routes/register.py
@@ -16,9 +16,9 @@ from passlib.hash import pbkdf2_sha256
 from pydantic import UUID4, EmailStr

 from boto3clients import dynamodb_client
-from config import SESSION_EXPIRES_IN, USER_TABLE
+from config import USER_TABLE

-from .authentication import new_session
+from .authentication import cookie

 router = Router()
 dyn = DynamoDBPersistenceLayer(USER_TABLE, dynamodb_client)
@@ -74,7 +74,7 @@ def register(
            compress=True,
            body=asdict(new_user),
            cookies=[
-                _cookie(existing['id']),
+                cookie(existing['id']),
            ],
        )

@@ -86,22 +86,11 @@ def register(
        compress=True,
        body=asdict(new_user),
        cookies=[
-            _cookie(new_user.id),
+            cookie(new_user.id),
        ],
    )


-def _cookie(user_id: str) -> Cookie:
-    return Cookie(
-        name='SID',
-        value=new_session(user_id),
-        http_only=True,
-        secure=True,
-        same_site=None,
-        max_age=SESSION_EXPIRES_IN,
-    )
-
-
 def _create_user(*, user: User, password: str):
    now_ = now()

--- a/id.saladeaula.digital/app/routes/reset.py
+++ b/id.saladeaula.digital/app/routes/reset.py
@@ -1,14 +1,75 @@
+import base64
+import json
+from http import HTTPStatus
 from typing import Annotated

+from aws_lambda_powertools.event_handler import Response
 from aws_lambda_powertools.event_handler.api_gateway import Router
+from aws_lambda_powertools.event_handler.exceptions import (
+    BadRequestError,
+    ServiceError,
+)
 from aws_lambda_powertools.event_handler.openapi.params import Body, Path
+from layercake.dateutils import now
+from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
+from passlib.hash import pbkdf2_sha256
+
+from boto3clients import dynamodb_client
+from config import USER_TABLE
+
+from .authentication import UserNotFoundError, cookie

 router = Router()
+dyn = DynamoDBPersistenceLayer(USER_TABLE, dynamodb_client)


-@router.post('/reset')
+class GoneError(ServiceError):
+    def __init__(self, msg: str | dict):
+        super().__init__(HTTPStatus.GONE, msg)
+
+
+class InvalidCodeError(GoneError): ...
+
+
+@router.post('/reset/<token>')
 def reset(
    new_password: Annotated[str, Body(min_length=6, embed=True)],
-    code: Annotated[str, Path],
+    token: Annotated[str, Path],
 ):
-    return {}
+    try:
+        decoded_data = json.loads(base64.urlsafe_b64decode(token))
+        user_id, code = decoded_data['user_id'], decoded_data['code']
+    except Exception as exc:
+        raise BadRequestError(str(exc))
+
+    with dyn.transact_writer() as transact:
+        transact.condition(
+            key=KeyPair(user_id, '0'),
+            cond_expr='attribute_exists(sk)',
+            exc_cls=UserNotFoundError,
+        )
+        transact.delete(
+            key=KeyPair('PASSWORD_RESET', f'CODE#{code}'),
+            cond_expr='attribute_exists(sk)',
+            exc_cls=InvalidCodeError,
+        )
+        transact.delete(
+            key=KeyPair('PASSWORD_RESET', f'USER#{user_id}'),
+            cond_expr='attribute_exists(sk)',
+            exc_cls=InvalidCodeError,
+        )
+        transact.put(
+            item={
+                'id': user_id,
+                'sk': 'PASSWORD',
+                'hash': pbkdf2_sha256.hash(new_password),
+                'created_at': now(),
+            }
+        )
+
+    return Response(
+        status_code=HTTPStatus.OK,
+        cookies=[
+            cookie(user_id),
+        ],
+    )