Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| f56eb9db92 | |||
| 15062c029f | |||
| 6c51c7469b | |||
| 952b0211ba | |||
| ece35338da | |||
| 221bd1e244 | |||
| de60dee3eb | |||
| 4669774cc3 | |||
| a094b56d44 | |||
| 3e514acb19 | |||
| a34ba04f78 | |||
| 8f3f2d0f98 | |||
| 9ed5a41d32 | |||
| b26dcc8777 | |||
| 6a21fd010d | |||
| e9c558abe1 | |||
| 2bac1f4d39 |
@@ -12,11 +12,20 @@ from ..dependencies import database, cookie
|
||||
|
||||
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
|
||||
ALGORITHM = "HS256"
|
||||
ACCESS_TOKEN_EXPIRE_MINUTES = 30
|
||||
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
|
||||
oauth2_scheme = cookie.OAuth2PasswordBearerWithCookie(tokenUrl="token")
|
||||
|
||||
def create_access_token(data: dict, expires_delta: timedelta | None = None):
|
||||
to_encode = data.copy()
|
||||
expire = datetime.utcnow() + (expires_delta or timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES))
|
||||
to_encode.update({"exp": expire})
|
||||
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
|
||||
return encoded_jwt
|
||||
|
||||
|
||||
def verify_password(plain_password, hashed_password):
|
||||
return pwd_context.verify(plain_password, hashed_password)
|
||||
|
||||
|
||||
@@ -4,7 +4,7 @@ from ..dependencies import users_token, database, mail
|
||||
from ..models import users, email
|
||||
from fastapi.responses import JSONResponse, HTMLResponse
|
||||
from fastapi_mail import MessageSchema, MessageType, FastMail
|
||||
import random, os
|
||||
import random, os, bcrypt
|
||||
|
||||
router = APIRouter()
|
||||
|
||||
@@ -68,26 +68,52 @@ async def reset_password(request: Request, key: str | None = None, email: str |
|
||||
detail="Parameters 'key' and 'email' are required"
|
||||
)
|
||||
|
||||
# Vérifier que la clé correspond à celle stockée dans Redis
|
||||
# Récupérer la clé hachée depuis Redis
|
||||
key_hashed = database.connect_redis.get(email)
|
||||
|
||||
if key_hashed is None or key_hashed.decode() != key:
|
||||
if key_hashed is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Key is invalid or expired"
|
||||
detail="Invalid or expired reset key"
|
||||
)
|
||||
|
||||
# Redis stocke les valeurs en `bytes`, donc il faut décoder si nécessaire
|
||||
if isinstance(key_hashed, bytes):
|
||||
key_hashed = key_hashed.decode()
|
||||
|
||||
|
||||
# Vérifier que la clé en clair correspond au hash stocké
|
||||
if not bcrypt.checkpw(key.encode(), key_hashed.encode()):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Invalid reset key"
|
||||
)
|
||||
|
||||
|
||||
# Afficher la page HTML de réinitialisation du mot de passe
|
||||
return templates.TemplateResponse("reset_password.html", {"request": request, "email": email, "key": key})
|
||||
|
||||
@router.post("/password/update", tags=["password"])
|
||||
async def update_password(request: Request, email: str = Form(...), key: str = Form(...), new_password: str = Form(...)): # Vérification du token dans Redis
|
||||
# Récupérer la clé hachée depuis Redis
|
||||
key_hashed = database.connect_redis.get(email)
|
||||
|
||||
if key_hashed is None or key_hashed.decode() != key:
|
||||
if key_hashed is None:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Key is invalid or expired"
|
||||
detail="Invalid or expired reset key"
|
||||
)
|
||||
|
||||
# Redis stocke les valeurs en `bytes`, donc il faut décoder si nécessaire
|
||||
if isinstance(key_hashed, bytes):
|
||||
key_hashed = key_hashed.decode()
|
||||
|
||||
|
||||
# Vérifier que la clé en clair correspond au hash stocké
|
||||
if not bcrypt.checkpw(key.encode(), key_hashed.encode()):
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_400_BAD_REQUEST,
|
||||
detail="Invalid reset key"
|
||||
)
|
||||
|
||||
# Recherche de l'utilisateur dans la base de données
|
||||
|
||||
@@ -15,13 +15,16 @@ ACCESS_TOKEN_EXPIRE_MINUTES = 30
|
||||
async def login_for_access_token(
|
||||
form_data: Annotated[OAuth2PasswordRequestForm, Depends()]):
|
||||
user = users_token.authenticate_user(form_data.username, form_data.password)
|
||||
expires_access_token_time = ACCESS_TOKEN_EXPIRE_MINUTES
|
||||
if form_data.remember_me.lower() in ["true", "1", "yes"]:
|
||||
expires_access_token_time=120
|
||||
if not user:
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Incorrect username or password",
|
||||
headers={"WWW-Authenticate": "Bearer"},
|
||||
)
|
||||
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
|
||||
access_token_expires = timedelta(minutes=expires_access_token_time)
|
||||
access_token = users_token.create_access_token(
|
||||
data={"sub": user.username}, expires_delta=access_token_expires
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user