Merge pull request 'feature/oauth' (#54) from feature/oauth into master

Reviewed-on: #54

app/dependencies/users_token.py

@@ -10,13 +10,76 @@ from passlib.context import CryptContext
 from ..models import users, token
 from ..dependencies import database, cookie
 
+from authlib.integrations.starlette_client import OAuth
+import httpx, os 
+
 SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
 ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 30
 
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
+oauth = OAuth()
+oauth.register(
+    name="google",
+    client_id=os.environ["GOOGLE_CLIENT_ID"],
+    client_secret=os.environ["GOOGLE_CLIENT_SECRET"],
+    authorize_url="https://accounts.google.com/o/oauth2/auth",
+    access_token_url="https://oauth2.googleapis.com/token",
+    client_kwargs={"scope": "openid email profile"},
+)
+
+oauth.register(
+    name="facebook",
+    client_id=os.environ["FACEBOOK_CLIENT_ID"],
+    client_secret=os.environ["FACEBOOK_CLIENT_SECRET"],
+    authorize_url="https://www.facebook.com/v12.0/dialog/oauth",
+    access_token_url="https://graph.facebook.com/v12.0/oauth/access_token",
+    client_kwargs={"scope": "email public_profile"},
+)
+
 oauth2_scheme = cookie.OAuth2PasswordBearerWithCookie(tokenUrl="token")
 
+def create_access_token(data: dict, expires_delta: timedelta | None = None):
+    to_encode = data.copy()
+    expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
+    to_encode.update({"exp": expire})
+    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    return encoded_jwt
+
+async def authenticate_oauth(provider: str, token: str):
+    """Validate OAuth token and get user info."""
+    if provider == "google":
+        url = f"https://www.googleapis.com/oauth2/v3/userinfo?access_token={token}"
+    elif provider == "facebook":
+        url = f"https://graph.facebook.com/me?fields=id,name,email,picture&access_token={token}"
+    else:
+        raise HTTPException(status_code=400, detail="Unsupported provider")
+
+    async with httpx.AsyncClient() as client:
+        response = await client.get(url)
+        if response.status_code != 200:
+            raise HTTPException(status_code=400, detail="Invalid OAuth token")
+
+    user_info = response.json()
+    email = user_info.get("email")
+    if not email:
+        raise HTTPException(status_code=400, detail="Email not provided by provider")
+
+    user_repository = users.UserRepository(database=database.database)
+    user = user_repository.find_one_by({'email': email})
+
+    if not user:
+        user = users.User(
+            username=email,
+            email=email,
+            profile_picture=user_info.get("picture", {}).get("data", {}).get("url", ""),
+            status=1,
+        )
+        user_repository.save(user)
+
+    return user
+
 def verify_password(plain_password, hashed_password):
     return pwd_context.verify(plain_password, hashed_password)
 

app/main.py

@@ -1,7 +1,7 @@
 from fastapi import FastAPI
 from fastapi.middleware.cors import CORSMiddleware
 
-from .routers import users, token, mail, events, tags
+from .routers import users, token, mail, events, tags, password
 from .dependencies import user_add
 
 import os
@@ -30,7 +30,7 @@ app.include_router(token.router)
 app.include_router(mail.router)
 app.include_router(events.router)
 app.include_router(tags.router)
-
+app.include_router(password.router)
 
 @app.on_event("startup")
 async def startup_event():

app/models/users.py

@@ -46,6 +46,9 @@ class UserCreate(BaseModel):
     firstName: str
     name: str
 
+class UserForgotPassword(BaseModel):
+    email: EmailStr
+
 class UserInDB(User):
     password: str
 

app/routers/mail.py

@@ -1,12 +1,18 @@
-from fastapi import APIRouter, HTTPException, status
+from fastapi import APIRouter, HTTPException, status, Request
+from fastapi.templating import Jinja2Templates
 from ..dependencies import users_token, database, mail
 from ..models import users, email
-from fastapi.responses import JSONResponse
+from fastapi.responses import JSONResponse, HTMLResponse
 from fastapi_mail import  MessageSchema, MessageType, FastMail
-import random
+import random, os 
 router = APIRouter()
 
 
+# Assurer que le chemin vers "templates" est correct
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+templates = Jinja2Templates(directory=os.path.join(BASE_DIR, "templates"))
+
+
 @router.post("/mail",tags=["mail"])
 async def create_user(userSingle: users.UserCreate | None = None):
     if userSingle is None:
@@ -41,21 +47,26 @@ async def create_user(userSingle: users.UserCreate | None = None):
     database.connect_redis.set(userSingle.username, key_hashed)
     return JSONResponse(status_code=status.HTTP_200_OK, content={"message": "email has been sent"})
 
-@router.get("/mail",tags=["mail"])
+@router.get("/mail", tags=["mail"])
-async def confirm_user(key: str | None = None, username: str | None = None):
+async def confirm_user(request: Request, key: str | None = None, username: str | None = None):
     if key is None or username is None:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
             detail="Parameter key or/and username is empty"
         )
+
     user_repository = users.UserRepository(database=database.database)
     user = user_repository.find_one_by({"username": {'$eq': username}})
     key_hashed = database.connect_redis.get(username)
+
     if key_hashed != key:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
             detail="Key is invalid"
         )
+
     user.status = 1
     user_repository.save(user)
-    return JSONResponse(status_code=status.HTTP_200_OK, content={"message": "user account confirmed"})
+
+    # Rendre la page HTML avec Jinja2 et passer la variable username
+    return templates.TemplateResponse("confirm.html", {"request": request, "username": username})

app/routers/password.py

@@ -0,0 +1,137 @@
+from fastapi import APIRouter, HTTPException, status, Request, Form
+from fastapi.templating import Jinja2Templates
+from ..dependencies import users_token, database, mail
+from ..models import users, email
+from fastapi.responses import JSONResponse, HTMLResponse
+from fastapi_mail import MessageSchema, MessageType, FastMail
+import random, os, bcrypt
+
+router = APIRouter()
+
+# Assurer que le chemin vers "templates" est correct
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+templates = Jinja2Templates(directory=os.path.join(BASE_DIR, "templates"))
+
+@router.post("/password/forgot", tags=["password"])
+async def forgot_password(userSingle: users.UserForgotPassword):
+    if not userSingle.email:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Email is required"
+        )
+    
+    # Recherche de l'utilisateur dans la base de données
+    user_repository = users.UserRepository(database=database.database)
+    user = user_repository.find_one_by({"email": {"$eq": userSingle.email}})
+    
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found"
+        )
+    
+    # Génération d'un token temporaire pour réinitialisation
+    reset_token = str(random.randint(100000, 999999))
+    key_hashed = users_token.get_password_hash(reset_token)
+    
+    # Créer le lien de réinitialisation
+    reset_link = f"https://backend.valczeryba.ovh/password/reset?key={reset_token}&email={user.email}"
+    
+    # Préparer les données à envoyer au template
+    email_body = {
+        "username": user.username,
+        "reset_link": reset_link
+    }
+    
+    # Créer le message à envoyer
+    message = MessageSchema(
+        subject="Password Reset Request",
+        recipients=[user.email],
+        template_body=email_body,
+        subtype=MessageType.html,
+    )
+    
+    # Utilisation de FastMail pour envoyer l'email
+    fm = FastMail(mail.conf)
+    await fm.send_message(message, template_name="forgot_password_email.html")
+    
+    # Stockage du token temporaire dans Redis avec une expiration d'1 heure
+    database.connect_redis.setex(user.email, 3600, key_hashed)
+    
+    return JSONResponse(status_code=status.HTTP_200_OK, content={"message": "Password reset email has been sent"})
+
+@router.get("/password/reset", tags=["password"])
+async def reset_password(request: Request, key: str | None = None, email: str | None = None):
+    if not key or not email:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Parameters 'key' and 'email' are required"
+        )
+
+    # Récupérer la clé hachée depuis Redis
+    key_hashed = database.connect_redis.get(email)
+    
+    if key_hashed is None:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid or expired reset key"
+        )
+
+    # Redis stocke les valeurs en `bytes`, donc il faut décoder si nécessaire
+    if isinstance(key_hashed, bytes):
+        key_hashed = key_hashed.decode()
+
+
+    # Vérifier que la clé en clair correspond au hash stocké
+    if not bcrypt.checkpw(key.encode(), key_hashed.encode()):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid reset key"
+        )
+
+
+    # Afficher la page HTML de réinitialisation du mot de passe
+    return templates.TemplateResponse("reset_password.html", {"request": request, "email": email, "key": key})
+
+@router.post("/password/update", tags=["password"])
+async def update_password(request: Request, email: str = Form(...), key: str = Form(...), new_password: str = Form(...)):    # Vérification du token dans Redis
+    # Récupérer la clé hachée depuis Redis
+    key_hashed = database.connect_redis.get(email)
+    
+    if key_hashed is None:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid or expired reset key"
+        )
+
+    # Redis stocke les valeurs en `bytes`, donc il faut décoder si nécessaire
+    if isinstance(key_hashed, bytes):
+        key_hashed = key_hashed.decode()
+
+
+    # Vérifier que la clé en clair correspond au hash stocké
+    if not bcrypt.checkpw(key.encode(), key_hashed.encode()):
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid reset key"
+        )
+    
+    # Recherche de l'utilisateur dans la base de données
+    user_repository = users.UserRepository(database=database.database)
+    user = user_repository.find_one_by({"email": {"$eq": email}})
+    
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found"
+        )
+    
+    # Mise à jour du mot de passe de l'utilisateur
+    user.password = users_token.get_password_hash(new_password)
+    user_repository.save(user)
+    
+    # Suppression du token temporaire dans Redis
+    database.connect_redis.delete(email)
+    
+    # Afficher un message de succès dans une réponse HTML
+    return templates.TemplateResponse("password_update_success.html", {"request": request, "email": email})

app/routers/token.py

@@ -11,6 +11,27 @@ from ..models import token, users
 router = APIRouter()
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
 
+@router.post("/oauth/{provider}", tags=["token"])
+async def oauth_login(provider: str, token: str):
+    """Handles OAuth login via Google/Facebook."""
+    user = await users_token.authenticate_oauth(provider, token)
+    if not user:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid authentication"
+        )
+
+    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    access_token = users_token.create_access_token(
+        data={"sub": user.username}, expires_delta=access_token_expires
+    )
+    
+    content = {"roles": user.roles, "message": "OAuth login successful"}
+    response = JSONResponse(content=content)
+    response.set_cookie(key="access_token", value=f"Bearer {access_token}", httponly=True)
+    return response
+
+
 @router.post("/token", tags=["token"])
 async def login_for_access_token(
     form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):

app/templates/confirm.html

@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>Votre compte est activé</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            background-color: #f4f4f4;
+            margin: 0;
+            padding: 0;
+        }
+        .container {
+            max-width: 600px;
+            margin: 20px auto;
+            background: #ffffff;
+            padding: 20px;
+            border-radius: 10px;
+            box-shadow: 0 2px 5px rgba(0,0,0,0.1);
+            text-align: center;
+        }
+        h2 {
+            color: #333;
+        }
+        p {
+            color: #666;
+            font-size: 16px;
+        }
+        .button {
+            display: inline-block;
+            background: #007BFF;
+            color: white;
+            padding: 12px 20px;
+            text-decoration: none;
+            border-radius: 5px;
+            font-size: 16px;
+            font-weight: bold;
+            margin-top: 20px;
+        }
+        .button:hover {
+            background: #0056b3;
+        }
+        .footer {
+            margin-top: 20px;
+            font-size: 12px;
+            color: #888;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h2>Félicitations, {{ username }} ! 🎉</h2>
+        <p>Votre compte a été activé avec succès.</p>
+        <p>Vous pouvez maintenant vous connecter et profiter pleinement de nos services.</p>
+        <p class="footer">Si vous avez des questions, n'hésitez pas à nous contacter.</p>
+    </div>
+</body>
+</html>

app/templates/forgot_password_email.html

@@ -0,0 +1,69 @@
+<!-- forgot_password_email.html -->
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Réinitialisation de votre mot de passe</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            background-color: #f4f4f9;
+            color: #333;
+            margin: 0;
+            padding: 0;
+        }
+        .container {
+            width: 100%;
+            max-width: 600px;
+            margin: 50px auto;
+            padding: 20px;
+            background-color: white;
+            box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
+            border-radius: 8px;
+        }
+        h1 {
+            color: #4CAF50;
+            text-align: center;
+        }
+        p {
+            font-size: 16px;
+            line-height: 1.5;
+            text-align: center;
+        }
+        .cta-button {
+            display: inline-block;
+            background-color: #4CAF50;
+            color: white;
+            padding: 10px 20px;
+            text-decoration: none;
+            border-radius: 4px;
+            font-weight: bold;
+            text-align: center;
+        }
+        .cta-button:hover {
+            background-color: #45a049;
+        }
+        .footer {
+            margin-top: 20px;
+            font-size: 14px;
+            color: #888;
+            text-align: center;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Demande de réinitialisation du mot de passe</h1>
+        <p>Bonjour {{ username }},</p>
+        <p>Nous avons reçu une demande pour réinitialiser votre mot de passe sur notre site. Si vous n'êtes pas à l'origine de cette demande, vous pouvez ignorer cet email.</p>
+        <p>Pour réinitialiser votre mot de passe, cliquez sur le lien ci-dessous :</p>
+        <p><a href="{{ reset_link }}" class="cta-button">Réinitialiser mon mot de passe</a></p>
+        <p>Le lien est valable pendant une heure. Si vous ne pouvez pas cliquer dessus, copiez et collez-le dans votre navigateur.</p>
+    </div>
+
+    <div class="footer">
+        <p>&copy; Covas - Tous droits réservés.</p>
+    </div>
+</body>
+</html>

app/templates/mailer.html

@@ -1,6 +1,59 @@
+<!DOCTYPE html>
 <html>
-<head><title>Email</title></head>
+<head>
-<body><p>Voici un lien https://localhost:8080/api/mail?key={{ key }}&username={{ username }}
+    <meta charset="UTF-8">
-</p></body>
+    <title>Confirmation de votre compte</title>
-
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            background-color: #f4f4f4;
+            margin: 0;
+            padding: 0;
+        }
+        .container {
+            max-width: 600px;
+            margin: 20px auto;
+            background: #ffffff;
+            padding: 20px;
+            border-radius: 10px;
+            box-shadow: 0 2px 5px rgba(0,0,0,0.1);
+            text-align: center;
+        }
+        h2 {
+            color: #333;
+        }
+        p {
+            color: #666;
+            font-size: 16px;
+        }
+        .button {
+            display: inline-block;
+            background: #28a745;
+            color: white;
+            padding: 12px 20px;
+            text-decoration: none;
+            border-radius: 5px;
+            font-size: 16px;
+            font-weight: bold;
+            margin-top: 20px;
+        }
+        .button:hover {
+            background: #218838;
+        }
+        .footer {
+            margin-top: 20px;
+            font-size: 12px;
+            color: #888;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h2>Bienvenue, {{ username }} ! 🎉</h2>
+        <p>Merci de vous être inscrit sur notre plateforme.</p>
+        <p>Pour finaliser votre inscription, veuillez confirmer votre compte en cliquant sur le bouton ci-dessous :</p>
+        <a href="https://backend.valczeryba.ovh/mail?key={{ key }}&username={{ username }}" class="button">Confirmer mon compte</a>
+        <p class="footer">Si vous n'êtes pas à l'origine de cette inscription, ignorez simplement cet email.</p>
+    </div>
+</body>
 </html>

app/templates/password_update_success.html

@@ -0,0 +1,65 @@
+<!-- password_update_success.html -->
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Mot de Passe Mis à Jour</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            background-color: #f4f4f9;
+            color: #333;
+            margin: 0;
+            padding: 0;
+        }
+        .container {
+            width: 100%;
+            max-width: 600px;
+            margin: 50px auto;
+            padding: 20px;
+            background-color: white;
+            box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
+            border-radius: 8px;
+        }
+        h1 {
+            color: #4CAF50;
+            text-align: center;
+        }
+        p {
+            font-size: 16px;
+            line-height: 1.5;
+            text-align: center;
+        }
+        .cta-button {
+            display: inline-block;
+            background-color: #4CAF50;
+            color: white;
+            padding: 10px 20px;
+            text-decoration: none;
+            border-radius: 4px;
+            font-weight: bold;
+            text-align: center;
+        }
+        .cta-button:hover {
+            background-color: #45a049;
+        }
+        .footer {
+            margin-top: 20px;
+            font-size: 14px;
+            color: #888;
+            text-align: center;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Votre mot de passe a été mis à jour avec succès</h1>
+        <p>Votre mot de passe a été réinitialisé avec succès. Vous pouvez maintenant utiliser votre nouveau mot de passe pour vous connecter.</p>
+    </div>
+
+    <div class="footer">
+        <p>&copy; {{ current_year }} Covas - Tous droits réservés.</p>
+    </div>
+</body>
+</html>

app/templates/reset_password.html

@@ -0,0 +1,87 @@
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Réinitialisation du mot de passe</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            margin: 0;
+            padding: 0;
+            background-color: #f4f7fc;
+            color: #333;
+        }
+        .container {
+            width: 100%;
+            max-width: 600px;
+            margin: 50px auto;
+            padding: 20px;
+            background-color: #ffffff;
+            border-radius: 8px;
+            box-shadow: 0 2px 5px rgba(0, 0, 0, 0.1);
+        }
+        h2 {
+            text-align: center;
+            color: #2a9d8f;
+        }
+        .form-group {
+            margin-bottom: 20px;
+        }
+        label {
+            font-weight: bold;
+            display: block;
+            margin-bottom: 5px;
+        }
+        input[type="password"], input[type="email"] {
+            width: 100%;
+            padding: 10px;
+            margin: 5px 0 10px 0;
+            border: 1px solid #ddd;
+            border-radius: 4px;
+        }
+        input[type="submit"] {
+            background-color: #2a9d8f;
+            color: white;
+            border: none;
+            padding: 10px 20px;
+            font-size: 16px;
+            cursor: pointer;
+            border-radius: 4px;
+            width: 100%;
+        }
+        input[type="submit"]:hover {
+            background-color: #1e7c68;
+        }
+        .message {
+            text-align: center;
+            margin-top: 20px;
+        }
+        .message a {
+            color: #2a9d8f;
+            text-decoration: none;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h2>Réinitialisation du mot de passe</h2>
+        
+        <form method="post" action="/password/update">
+            <input type="hidden" name="email" value="{{ email }}">
+            <input type="hidden" name="key" value="{{ key }}">
+            
+            <div class="form-group">
+                <label for="new_password">Nouveau mot de passe :</label>
+                <input type="password" id="new_password" name="new_password" required>
+            </div>
+
+            <input type="submit" value="Mettre à jour le mot de passe">
+        </form>
+        
+        <div class="message">
+            <p>Vous avez des questions ? <a href="mailto:support@votresite.com">Contactez-nous</a></p>
+        </div>
+    </div>
+</body>
+</html>

requierements.txt

@@ -5,4 +5,6 @@ python-jose[cryptography]
 passlib[bcrypt]
 python-multipart
 fastapi-mail
-redis
+redis
+authlib
+httpx