add user management

Author: thebino

core/addons/api/__init__.py

@@ -4,13 +4,12 @@
 import os
 import pathlib
 from datetime import datetime
-from typing import Optional
 
 from aiohttp import web
+
 from core.addons.api.dto.details import Details
 from core.addons.api.dto.location import Location
-from core.addons.api.dto.photo import (PhotoDetailsResponse, PhotoEncoder,
-                                       PhotoResponse)
+from core.addons.api.dto.photo import PhotoDetailsResponse, PhotoEncoder, PhotoResponse
 from core.addons.api.dto.photo_response import PhotosResponse
 from core.base import Session
 from core.core import ApplicationCore
@@ -63,7 +62,7 @@ class PhotosView(RequestView):
 
     async def get(self, core: ApplicationCore, request: web.Request) -> web.Response:
         """Get a list of all photo resources."""
-        _LOGGER.debug(f"GET /v1/photos")
+        _LOGGER.debug("GET /v1/photos")
         await core.authentication.check_permission(request, "library:read")
 
         user_id = await core.http.get_user_id(request)
@@ -79,7 +78,9 @@ async def get(self, core: ApplicationCore, request: web.Request) -> web.Response
         if "offset" in request.query:
             offset = int(request.query["offset"])
 
-        _LOGGER.debug(f"read {limit} photos for user_id {user_id} beginning with {offset}")
+        _LOGGER.debug(
+            f"read {limit} photos for user_id {user_id} beginning with {offset}"
+        )
         user_photos = await core.storage.read_photos(user_id, offset, limit)
 
         results = []
@@ -89,12 +90,16 @@ async def get(self, core: ApplicationCore, request: web.Request) -> web.Response
                 PhotoResponse(
                     id=photo.uuid,
                     name=photo.filename,
-                    image_url=f"{core.config.external_url}/v1/file/{photo.uuid}"
+                    image_url=f"{core.config.external_url}/v1/file/{photo.uuid}",
                 )
             )
 
-        response = PhotosResponse(offset=offset, limit=limit, size=len(results), results=results)
-        return web.Response(text=json.dumps(response, cls=PhotoEncoder), content_type="application/json")
+        response = PhotosResponse(
+            offset=offset, limit=limit, size=len(results), results=results
+        )
+        return web.Response(
+            text=json.dumps(response, cls=PhotoEncoder), content_type="application/json"
+        )
 
 
 class PhotoDetailsView(RequestView):
@@ -103,7 +108,9 @@ class PhotoDetailsView(RequestView):
     url = "/v1/photo/{entity_id}"
     name = "v1:photo"
 
-    async def get(self, core: ApplicationCore, request: web.Request, entity_id: str) -> web.Response:
+    async def get(
+        self, core: ApplicationCore, request: web.Request, entity_id: str
+    ) -> web.Response:
         """Return an entity."""
         _LOGGER.debug(f"GET /v1/photo/{entity_id}")
 
@@ -133,31 +140,38 @@ async def get(self, core: ApplicationCore, request: web.Request, entity_id: str)
         if latitude is not None and longitude is not None:
             altitude = await core.storage.read("altitude")
             if altitude is not None:
-                location = Location(latitude=latitude, longitude=longitude, altitude=altitude)
+                location = Location(
+                    latitude=latitude, longitude=longitude, altitude=altitude
+                )
             else:
-                location = Location(latitude=latitude, longitude=longitude, altitude="0.0")
+                location = Location(
+                    latitude=latitude, longitude=longitude, altitude="0.0"
+                )
 
         # photo tags
         tags = await core.storage.read("tags")
 
         result = PhotoDetailsResponse(
             id=photo.uuid,
             name=photo.filename,
-            author=photo.owner,
+            owner=photo.owner,
             created_at=ctime.isoformat(),
+            modified_at=mtime.isoformat(),
             details=Details(
-                        camera="Nikon Z7",
-                        lens="Nikkor 200mm F1.8",
-                        focal_length="200",
-                        iso="400",
-                        shutter_speed="1/2000",
-                        aperture="4.0",
+                camera="Nikon Z7",
+                lens="Nikkor 200mm F1.8",
+                focal_length="200",
+                iso="400",
+                shutter_speed="1/2000",
+                aperture="4.0",
             ),
             tags=tags,
             location=location,
-            image_url=f"{core.config.external_url}/v1/file/{entity_id}"
+            image_url=f"{core.config.external_url}/v1/file/{entity_id}",
+        )
+        return web.Response(
+            text=json.dumps(result, cls=PhotoEncoder), content_type="application/json"
         )
-        return web.Response(text=json.dumps(result, cls=PhotoEncoder), content_type="application/json")
 
 
 class PhotoView(RequestView):
@@ -168,7 +182,9 @@ class PhotoView(RequestView):
     url = "/v1/file/{entity_id}"
     name = "v1:file"
 
-    async def get(self, core: ApplicationCore, request: web.Request, entity_id: str) -> web.Response:
+    async def get(
+        self, core: ApplicationCore, request: web.Request, entity_id: str
+    ) -> web.Response:
         """Return an entity."""
         _LOGGER.debug(f"GET /v1/file/{entity_id}")
 
@@ -224,7 +240,9 @@ async def post(self, core: ApplicationCore, request: web.Request) -> web.Respons
 
         status_code = HTTP_CREATED if new_entity_created else HTTP_OK
 
-        resp = self.json_message(f"File successfully added with ID: {new_entity_id}", status_code)
+        resp = self.json_message(
+            f"File successfully added with ID: {new_entity_id}", status_code
+        )
         resp.headers.add("Location", f"/api/photo/{new_entity_id}")
 
         return resp

core/addons/api/dto/photo.py

@@ -9,12 +9,11 @@ def default(self, o):
         """Encode all properties."""
         return o.__dict__
 
+
 class PhotoResponse:
     """Photo response object."""
 
-    def __init__(
-        self, id, name, image_url
-    ):
+    def __init__(self, id, name, image_url):
         """Initialize photo response object."""
         self.id = id
         self.name = name
@@ -25,13 +24,23 @@ class PhotoDetailsResponse:
     """Photo response object."""
 
     def __init__(
-        self, id, name, owner, created_at, details, tags, location, image_url
+        self,
+        id,
+        name,
+        owner,
+        created_at,
+        modified_at,
+        details,
+        tags,
+        location,
+        image_url,
     ):
         """Initialize photo response object."""
         self.id = id
         self.name = name
         self.owner = owner
         self.created_at = created_at
+        self.modified_at = modified_at
         self.details = details
         self.tags = tags
         self.location = location

core/authentication/__init__.py

@@ -11,7 +11,6 @@
 import aiohttp_jinja2
 from aiohttp import hdrs, web
 
-from ..authorization import Authorization
 from ..const import CONF_TOKEN_LIFETIME
 from .auth_client import AuthenticationClient
 from .auth_database import AuthDatabase
@@ -36,11 +35,17 @@ def __init__(
         self.auth_database = auth_database
 
         # Authorization Endpoint: obtain an authorization grant
-        self.app.router.add_get(path="/oauth/authorize", handler=self.authorization_endpoint_get)
-        self.app.router.add_post(path="/oauth/authorize", handler=self.authorization_endpoint_post)
+        self.app.router.add_get(
+            path="/oauth/authorize", handler=self.authorization_endpoint_get
+        )
+        self.app.router.add_post(
+            path="/oauth/authorize", handler=self.authorization_endpoint_post
+        )
 
         # Token Endpoint: obtain an access token by authorization grant or refresh token
-        self.app.router.add_post(path="/oauth/token", handler=self.token_endpoint_handler)
+        self.app.router.add_post(
+            path="/oauth/token", handler=self.token_endpoint_handler
+        )
 
         self.app.router.add_post("/revoke", self.revoke_token_handler, name="revoke")
         self.app.router.add_get("/protected", self.protected_handler, name="protected")
@@ -73,7 +78,9 @@ async def protected_handler(self, request: web.Request) -> web.StreamResponse:
         return response
 
     @aiohttp_jinja2.template("authorize.jinja2")
-    async def authorization_endpoint_get(self, request: web.Request) -> web.StreamResponse:
+    async def authorization_endpoint_get(
+        self, request: web.Request
+    ) -> web.StreamResponse:
         """
         Validate the request to ensure that all required parameters are present and valid.
 
@@ -105,7 +112,9 @@ async def authorization_endpoint_get(self, request: web.Request) -> web.StreamRe
 
             # validate response_type
             if response_type != "code":
-                _LOGGER.warning(f"The request is using an invalid response_type: {response_type}")
+                _LOGGER.warning(
+                    f"The request is using an invalid response_type: {response_type}"
+                )
                 data = """{
                     "error":"unsupported_response_type",
                     "error_description":"The request is using an invalid response_type"
@@ -120,7 +129,9 @@ async def authorization_endpoint_get(self, request: web.Request) -> web.StreamRe
                 None,
             )
             # validate if redirect_uri is in registered_auth_client
-            if not any(uri == redirect_uri for uri in registered_auth_client.redirect_uris):
+            if not any(
+                uri == redirect_uri for uri in registered_auth_client.redirect_uris
+            ):
                 _LOGGER.error(f"redirect uri not found: {redirect_uri}")
                 data = """{
                     "error":"unauthorized_client",
@@ -153,7 +164,9 @@ async def authorization_endpoint_get(self, request: web.Request) -> web.StreamRe
             # check if the requested scope is registered
             for requested_scope in requested_scopes:
                 if requested_scope not in registered_scopes:
-                    _LOGGER.error(f"The requested scope '{requested_scope}' is invalid, unknown, or malformed.")
+                    _LOGGER.error(
+                        f"The requested scope '{requested_scope}' is invalid, unknown, or malformed."
+                    )
                     data = """{
                         "error":"invalid_scope",
                         "error_description":"The requested scope is invalid, unknown, or malformed."
@@ -227,7 +240,9 @@ async def authorization_endpoint_get(self, request: web.Request) -> web.StreamRe
                 }"""
             return web.json_response(json.loads(data))
 
-    async def authorization_endpoint_post(self, request: web.Request) -> web.StreamResponse:
+    async def authorization_endpoint_post(
+        self, request: web.Request
+    ) -> web.StreamResponse:
         """
         Validate the resource owners credentials.
 
@@ -252,7 +267,9 @@ async def authorization_endpoint_post(self, request: web.Request) -> web.StreamR
         if not any(client.client_id == client_id for client in self.auth_clients):
             _LOGGER.warning(f"unknown client_id {client_id}")
             if state is not None:
-                raise web.HTTPFound(f"{redirect_uri}?error=unauthorized_client&state={state}")
+                raise web.HTTPFound(
+                    f"{redirect_uri}?error=unauthorized_client&state={state}"
+                )
             else:
                 raise web.HTTPFound(f"{redirect_uri}?error=unauthorized_client")
 
@@ -265,41 +282,57 @@ async def authorization_endpoint_post(self, request: web.Request) -> web.StreamR
         if not any(uri == redirect_uri for uri in registered_auth_client.redirect_uris):
             _LOGGER.error(f"invalid redirect_uri {redirect_uri}")
             if state is not None:
-                raise web.HTTPFound(f"{redirect_uri}?error=unauthorized_client&state={state}")
+                raise web.HTTPFound(
+                    f"{redirect_uri}?error=unauthorized_client&state={state}"
+                )
             else:
                 raise web.HTTPFound(f"{redirect_uri}?error=unauthorized_client")
 
-        username = data["uname"]
+        email = data["email"]
         password = data["password"]
 
         # validate credentials
-        credentials_are_valid = await self.auth_database.check_credentials(username, password)
+        credentials_are_valid = await self.auth_database.check_credentials(
+            email, password
+        )
 
         if credentials_are_valid:
             # create an authorization code
-            authorization_code = self.auth_database.create_authorization_code(username, client_id, request.remote)
+            authorization_code = self.auth_database.create_authorization_code(
+                email, client_id, request.remote
+            )
             _LOGGER.debug(f"authorization_code: {authorization_code}")
             if authorization_code is None:
                 _LOGGER.warning("could not create auth code for client!")
                 error_reason = "access_denied"
                 if state is not None:
-                    raise web.HTTPFound(f"{redirect_uri}?error={error_reason}&state={state}")
+                    raise web.HTTPFound(
+                        f"{redirect_uri}?error={error_reason}&state={state}"
+                    )
                 else:
                     raise web.HTTPFound(f"{redirect_uri}?error={error_reason}")
 
             if state is not None:
-                _LOGGER.debug(f"HTTPFound: {redirect_uri}?code={authorization_code}&state={state}")
-                redirect_response = web.HTTPFound(f"{redirect_uri}?code={authorization_code}&state={state}")
+                _LOGGER.debug(
+                    f"HTTPFound: {redirect_uri}?code={authorization_code}&state={state}"
+                )
+                redirect_response = web.HTTPFound(
+                    f"{redirect_uri}?code={authorization_code}&state={state}"
+                )
             else:
                 _LOGGER.debug(f"HTTPFound: {redirect_uri}?code={authorization_code}")
-                redirect_response = web.HTTPFound(f"{redirect_uri}?code={authorization_code}")
+                redirect_response = web.HTTPFound(
+                    f"{redirect_uri}?code={authorization_code}"
+                )
 
             raise redirect_response
         else:
             error_reason = "access_denied"
             _LOGGER.warning(f"redirect with error {error_reason}")
             if state is not None:
-                raise web.HTTPFound(f"{redirect_uri}?error={error_reason}&state={state}")
+                raise web.HTTPFound(
+                    f"{redirect_uri}?error={error_reason}&state={state}"
+                )
             else:
                 raise web.HTTPFound(f"{redirect_uri}?error={error_reason}")
 
@@ -358,13 +391,17 @@ async def _handle_authorization_code_request(self, data) -> web.StreamResponse:
             return web.json_response(status=400, data=data)
         client_id = data["client_id"]
 
-        client_code_valid = await self.auth_database.validate_authorization_code(code, client_id)
+        client_code_valid = await self.auth_database.validate_authorization_code(
+            code, client_id
+        )
         if not client_code_valid:
             _LOGGER.error("authorization_code invalid!")
             payload = {"error": "invalid_grant"}
             return web.json_response(status=400, data=payload)
 
-        access_token, refresh_token = await self.auth_database.create_tokens(code, client_id)
+        access_token, refresh_token = await self.auth_database.create_tokens(
+            code, client_id
+        )
 
         payload = {
             "access_token": access_token,
@@ -374,7 +411,9 @@ async def _handle_authorization_code_request(self, data) -> web.StreamResponse:
         }
         return web.json_response(status=200, data=payload)
 
-    async def _handle_refresh_token_request(self, request: web.Request, data) -> web.StreamResponse:
+    async def _handle_refresh_token_request(
+        self, request: web.Request, data
+    ) -> web.StreamResponse:
         """
         See Section 6: https://tools.ietf.org/html/rfc6749#section-6
         """
@@ -414,7 +453,9 @@ async def _handle_refresh_token_request(self, request: web.Request, data) -> web
             data = {"error": "invalid_client"}
             return web.json_response(data)
 
-        access_token, refresh_token = await self.auth_database.renew_tokens(client_id, refresh_token)
+        access_token, refresh_token = await self.auth_database.renew_tokens(
+            client_id, refresh_token
+        )
 
         if access_token is None:
             raise web.HTTPForbidden()
@@ -436,11 +477,13 @@ def create_client(self):
         _LOGGER.info(f"generated client_secret: {client_secret}")
 
     async def check_authorized(self, request: web.Request) -> Optional[str]:
-        """Check if authorization header and returns username if valid"""
+        """Check if authorization header and returns user ID if valid"""
 
         if hdrs.AUTHORIZATION in request.headers:
             try:
-                auth_type, auth_val = request.headers.get(hdrs.AUTHORIZATION).split(" ", 1)
+                auth_type, auth_val = request.headers.get(hdrs.AUTHORIZATION).split(
+                    " ", 1
+                )
                 if not await self.auth_database.validate_access_token(auth_val):
                     raise web.HTTPForbidden()