sergio/saladeaula.digital
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add reset password endpoint

Browse Source
This commit is contained in:
Sérgio Rafael Siqueira
2025-12-04 19:46:26 -03:00
parent d29ad3ceb6
commit b929c492c0
9 changed files with 129 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/id.saladeaula.digital/app/routes.ts
View File

@@ -8,11 +8,12 @@ import {
export default [
layout('routes/layout.tsx', [
index('routes/index.tsx'),
route('/reset/:code', 'routes/reset.tsx'),
route('/forgot', 'routes/forgot.tsx'),
route('/deny', 'routes/deny.tsx'),
layout('routes/register/layout.tsx', [
route('/register', 'routes/register/index.tsx')
]),
route('/forgot', 'routes/forgot.tsx'),
route('/deny', 'routes/deny.tsx')
])
]),
route('/authorize', 'routes/authorize.ts'),
route('/*', 'routes/upstream.ts')

15
id.saladeaula.digital/app/events/send_forgot_email.py
View File

@@ -1,3 +1,6 @@
import base64
import json
from aws_lambda_powertools import Logger
from aws_lambda_powertools.utilities.data_classes import (
EventBridgeEvent,
@@ -17,7 +20,7 @@ Oi {first_name}, tudo bem?<br/><br/>
Recebemos sua solicitação para redefinir sua senha na EDUSEG®.<br/>
Para continuar, é só clicar no link abaixo:<br/><br/>
<a href="https://id.saladeaula.digital/reset/{code}">
<a href="https://id.saladeaula.digital/reset/{token}">
👉 Clique aqui para redefinir sua senha
</a>
<br/><br/>
@@ -40,6 +43,14 @@ def lambda_handler(event: EventBridgeEvent, context: LambdaContext) -> bool:
first_name = first_word(new_image['name'])
# Key pattern `CODE#{code}`
*_, code = new_image['sk'].split('#')
token = base64.urlsafe_b64encode(
json.dumps(
{
'user_id': new_image['user_id'],
'code': code,
}
).encode()
).decode()
emailmsg = Message(
from_=EMAIL_SENDER,
@@ -51,7 +62,7 @@ def lambda_handler(event: EventBridgeEvent, context: LambdaContext) -> bool:
emailmsg.add_alternative(
MESSAGE.format(
first_name=first_name,
code=code,
token=token,
)
)

24
id.saladeaula.digital/app/routes/authentication.py
View File

@@ -2,9 +2,7 @@ from http import HTTPStatus
from typing import Annotated
from uuid import uuid4
from aws_lambda_powertools.event_handler import (
Response,
)
from aws_lambda_powertools.event_handler import Response
from aws_lambda_powertools.event_handler.api_gateway import Router
from aws_lambda_powertools.event_handler.exceptions import (
NotFoundError,
@@ -59,18 +57,22 @@ def authentication(
return Response(
status_code=HTTPStatus.OK,
cookies=[
Cookie(
name='SID',
value=new_session(user_id),
http_only=True,
secure=True,
same_site=None,
max_age=SESSION_EXPIRES_IN,
)
cookie(user_id),
],
)
def cookie(user_id: str) -> Cookie:
return Cookie(
name='SID',
value=new_session(user_id),
http_only=True,
secure=True,
same_site=None,
max_age=SESSION_EXPIRES_IN,
)
def _get_user(username: str) -> tuple[str, str | None]:
sk = SortKey(username, path_spec='user_id')
user = dyn.collection.get_items(

19
id.saladeaula.digital/app/routes/register.py
View File

@@ -16,9 +16,9 @@ from passlib.hash import pbkdf2_sha256
from pydantic import UUID4, EmailStr
from boto3clients import dynamodb_client
from config import SESSION_EXPIRES_IN, USER_TABLE
from config import USER_TABLE
from .authentication import new_session
from .authentication import cookie
router = Router()
dyn = DynamoDBPersistenceLayer(USER_TABLE, dynamodb_client)
@@ -74,7 +74,7 @@ def register(
compress=True,
body=asdict(new_user),
cookies=[
_cookie(existing['id']),
cookie(existing['id']),
],
)
@@ -86,22 +86,11 @@ def register(
compress=True,
body=asdict(new_user),
cookies=[
_cookie(new_user.id),
cookie(new_user.id),
],
)
def _cookie(user_id: str) -> Cookie:
return Cookie(
name='SID',
value=new_session(user_id),
http_only=True,
secure=True,
same_site=None,
max_age=SESSION_EXPIRES_IN,
)
def _create_user(*, user: User, password: str):
now_ = now()

67
id.saladeaula.digital/app/routes/reset.py
View File

@@ -1,14 +1,75 @@
import base64
import json
from http import HTTPStatus
from typing import Annotated
from aws_lambda_powertools.event_handler import Response
from aws_lambda_powertools.event_handler.api_gateway import Router
from aws_lambda_powertools.event_handler.exceptions import (
BadRequestError,
ServiceError,
)
from aws_lambda_powertools.event_handler.openapi.params import Body, Path
from layercake.dateutils import now
from layercake.dynamodb import DynamoDBPersistenceLayer, KeyPair
from passlib.hash import pbkdf2_sha256
from boto3clients import dynamodb_client
from config import USER_TABLE
from .authentication import UserNotFoundError, cookie
router = Router()
dyn = DynamoDBPersistenceLayer(USER_TABLE, dynamodb_client)
@router.post('/reset')
class GoneError(ServiceError):
def __init__(self, msg: str | dict):
super().__init__(HTTPStatus.GONE, msg)
class InvalidCodeError(GoneError): ...
@router.post('/reset/<token>')
def reset(
new_password: Annotated[str, Body(min_length=6, embed=True)],
code: Annotated[str, Path],
token: Annotated[str, Path],
):
return {}
try:
decoded_data = json.loads(base64.urlsafe_b64decode(token))
user_id, code = decoded_data['user_id'], decoded_data['code']
except Exception as exc:
raise BadRequestError(str(exc))
with dyn.transact_writer() as transact:
transact.condition(
key=KeyPair(user_id, '0'),
cond_expr='attribute_exists(sk)',
exc_cls=UserNotFoundError,
)
transact.delete(
key=KeyPair('PASSWORD_RESET', f'CODE#{code}'),
cond_expr='attribute_exists(sk)',
exc_cls=InvalidCodeError,
)
transact.delete(
key=KeyPair('PASSWORD_RESET', f'USER#{user_id}'),
cond_expr='attribute_exists(sk)',
exc_cls=InvalidCodeError,
)
transact.put(
item={
'id': user_id,
'sk': 'PASSWORD',
'hash': pbkdf2_sha256.hash(new_password),
'created_at': now(),
}
)
return Response(
status_code=HTTPStatus.OK,
cookies=[
cookie(user_id),
],
)

2
id.saladeaula.digital/template.yaml
View File

@@ -53,7 +53,7 @@ Resources:
LogGroup: !Ref HttpLog
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref OAuth2Table
TableName: !Ref UserTable
- Version: 2012-10-17
Statement:
- Effect: Allow

3
id.saladeaula.digital/tests/events/test_send_forgot_email.py
View File

@@ -10,9 +10,10 @@ def test_send_forgot_email(monkeypatch, lambda_context: LambdaContext):
'detail': {
'new_image': {
'id': 'PASSWORD_RESET',
'sk': 'CODE#123',
'sk': 'CODE#820b3cbc-e2e2-440e-9cec-7958725e8f52',
'name': 'Sérgio R Siqueira',
'email': 'sergio@somosbeta.com.br',
'user_id': '6c992e55-f483-44ce-a940-5394c3e00645',
}
}
}

24
id.saladeaula.digital/tests/routes/test_reset.py Normal file
View File

@@ -0,0 +1,24 @@
from http import HTTPMethod, HTTPStatus
from layercake.dynamodb import DynamoDBPersistenceLayer
from ..conftest import HttpApiProxy, LambdaContext
def test_reset(
app,
seeds,
dynamodb_persistence_layer: DynamoDBPersistenceLayer,
http_api_proxy: HttpApiProxy,
lambda_context: LambdaContext,
):
r = app.lambda_handler(
http_api_proxy(
raw_path='/reset/eyJ1c2VyX2lkIjogIjZjOTkyZTU1LWY0ODMtNDRjZS1hOTQwLTUzOTRjM2UwMDY0NSIsICJjb2RlIjogIjgyMGIzY2JjLWUyZTItNDQwZS05Y2VjLTc5NTg3MjVlOGY1MiJ9',
method=HTTPMethod.POST,
body={'new_password': '123@56'},
),
lambda_context,
)
assert r['statusCode'] == HTTPStatus.OK

4
id.saladeaula.digital/tests/seeds.jsonl
View File

@@ -28,3 +28,7 @@
{"id": "email", "sk": "sergio@somosbeta.com.br", "user_id": "357db1c5-7442-4075-98a3-fbe5c938a419"}
{"id": "email", "sk": "osergiosiqueira@gmail.com", "user_id": "357db1c5-7442-4075-98a3-fbe5c938a419"}
{"id": "cpf", "sk": "07879819908", "user_id": "357db1c5-7442-4075-98a3-fbe5c938a419"}
{"id": "6c992e55-f483-44ce-a940-5394c3e00645", "sk": "0", "name": "Sérgio R Siqueira"}
{"id": "PASSWORD_RESET", "sk": "USER#6c992e55-f483-44ce-a940-5394c3e00645"}
{"id": "PASSWORD_RESET", "sk": "CODE#820b3cbc-e2e2-440e-9cec-7958725e8f52"}