icecheng/freeleaps-service-hub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request 'fix: create apis for magicleaps password things avoiding calling code depot' (#87) from fix/magicleaps-password into dev

Browse Source 
Reviewed-on: freeleaps/freeleaps-service-hub#87
This commit is contained in:
icecheng 2025-10-20 07:07:42 +00:00
commit cd725c8ed1
6 changed files with 111 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/authentication/backend/application/signin_hub.py
View File

@ -95,6 +95,12 @@ class SignInHub:
user_id=user_id, password=password user_id=user_id, password=password
) )
@log_entry_exit_async
async def update_user_password_no_depot(self, user_id: str, password: str) -> dict[str, any]:
return await self.signin_manager.update_user_password_no_depot(
user_id=user_id, password=password
)
@log_entry_exit_async @log_entry_exit_async
async def send_email_code(self, sender_id: str, email: str) -> dict[str, any]: async def send_email_code(self, sender_id: str, email: str) -> dict[str, any]:
result = await self.signin_manager.send_email_code(sender_id, email) result = await self.signin_manager.send_email_code(sender_id, email)

17
apps/authentication/backend/business/signin_manager.py
View File

@ -368,6 +368,23 @@ class SignInManager:
) )
return {"succeeded": True} return {"succeeded": True}
async def update_user_password_no_depot(self, user_id: str, password: str) -> dict[str, any]:
error_message = """
Password does not pass complexity requirements:
- At least one lowercase character
- At least one uppercase character
- At least one digit
- At least one special character (punctuation, brackets, quotes, etc.)
"""
if not check_password_complexity(password):
raise InvalidDataError(error_message)
user_flid = await self.user_auth_service.get_user_flid(user_id)
await self.user_auth_service.save_password_auth_method_no_depot(
user_id, user_flid, password
)
return {"succeeded": True}
async def send_email_code(self, sender_id: str, email: str) -> bool: async def send_email_code(self, sender_id: str, email: str) -> bool:
mail_code = await self.user_auth_service.generate_auth_code_for_object( mail_code = await self.user_auth_service.generate_auth_code_for_object(
email, AuthType.EMAIL email, AuthType.EMAIL

24
apps/authentication/backend/infra/auth/user_auth_handler.py
View File

@ -235,6 +235,30 @@ class UserAuthHandler:
if not result: if not result:
raise Exception("Failed to update user password in code depot") raise Exception("Failed to update user password in code depot")
async def save_password_auth_method_no_depot(self, user_id: str, user_flid, password: str):
"""save password auth method to user_password doc without updating depot service
Args:
user_id (str): user id
password (str): user password
"""
password_hashed = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
user_password = await UserPasswordDoc.find(
UserPasswordDoc.user_id == user_id
).first_or_none()
if user_password is None:
new_user_password = UserPasswordDoc(
user_id=user_id, password=password_hashed
)
await new_user_password.create()
else:
user_password.password = password_hashed
await user_password.save()
# Skip depot service call - users don't exist in Gitea, so we don't update depot password
async def reset_password(self, user_id: str): async def reset_password(self, user_id: str):
"""clean password auth method from user_password doc """clean password auth method from user_password doc

7
apps/authentication/backend/services/auth/user_auth_service.py
View File

@ -51,3 +51,10 @@ class UserAuthService:
return await self.user_auth_handler.save_password_auth_method( return await self.user_auth_handler.save_password_auth_method(
user_id, user_flid, password user_id, user_flid, password
) )
async def save_password_auth_method_no_depot(
self, user_id: str, user_flid: str, password: str
):
return await self.user_auth_handler.save_password_auth_method_no_depot(
user_id, user_flid, password
)

2
apps/authentication/webapi/routes/signin/__init__.py
View File

@ -5,6 +5,7 @@ from .signin_with_email_and_password import router as se_router
from .signin_with_email_and_code import router as sw_router from .signin_with_email_and_code import router as sw_router
from .signin_with_magicleaps_email_and_code import router as swm_router from .signin_with_magicleaps_email_and_code import router as swm_router
from .update_user_password import router as up_router from .update_user_password import router as up_router
from .update_user_password_no_depot import router as upnd_router
from .update_new_user_flid import router as uu_router from .update_new_user_flid import router as uu_router
from .reset_password_through_email import router as rp_router from .reset_password_through_email import router as rp_router
from .sign_out import router as so_router from .sign_out import router as so_router
@ -17,6 +18,7 @@ router.include_router(tms_router, prefix="/signin", tags=["signin"])
router.include_router(sw_router, prefix="/signin", tags=["signin"]) router.include_router(sw_router, prefix="/signin", tags=["signin"])
router.include_router(swm_router, prefix="/signin", tags=["signin"]) router.include_router(swm_router, prefix="/signin", tags=["signin"])
router.include_router(up_router, prefix="/signin", tags=["signin"]) router.include_router(up_router, prefix="/signin", tags=["signin"])
router.include_router(upnd_router, prefix="/signin", tags=["signin"])
router.include_router(se_router, prefix="/signin", tags=["signin"]) router.include_router(se_router, prefix="/signin", tags=["signin"])
router.include_router(so_router, prefix="/signin", tags=["signin"]) router.include_router(so_router, prefix="/signin", tags=["signin"])
router.include_router(rp_router, prefix="/signin", tags=["signin"]) router.include_router(rp_router, prefix="/signin", tags=["signin"])

55
apps/authentication/webapi/routes/signin/update_user_password_no_depot.py Normal file
View File

@ -0,0 +1,55 @@
from backend.application.signin_hub import SignInHub
from pydantic import BaseModel
from fastapi import APIRouter, Security, HTTPException
from common.token.token_manager import TokenManager
from fastapi.encoders import jsonable_encoder
from fastapi.responses import JSONResponse
from starlette.status import HTTP_401_UNAUTHORIZED
from jose import jwt
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from common.config.app_settings import app_settings
router = APIRouter()
token_manager = TokenManager()
# Web API
# update_user_password_no_depot
#
class RequestIn(BaseModel):
password: str
password2: str
@router.post(
"/update-user-password-no-depot",
operation_id="user_update_user_password_no_depot",
summary="update user's sign-in password without depot service",
description="Update the user's sign-in password without updating code depot. If the password was not set yet, this will enable the user to log in using the password",
response_description="signin_type:0 meaning simplified(using email) signin, \
1 meaning standard(using FLID and passward) signin",
)
async def update_user_password_no_depot(
item: RequestIn,
credentials: HTTPAuthorizationCredentials = Security(HTTPBearer()),
):
payload = jwt.decode(
credentials.credentials,
app_settings.JWT_SECRET_KEY,
algorithms=[app_settings.JWT_ALGORITHM],
)
user_id = payload.get("subject").get("id")
if not user_id:
raise HTTPException(
status_code=HTTP_401_UNAUTHORIZED, detail="Could not validate credentials"
)
if item.password != item.password2:
return JSONResponse(
content=jsonable_encoder(
{"error": "password and password2 are not the same"}
)
)
else:
result = await SignInHub().update_user_password_no_depot(user_id, item.password)
return JSONResponse(content=jsonable_encoder(result))