feat: Add change password and forgot my password (#299)

* feat: Add registration page

- Added a html template of the signup page
- Added a href button to the signup page from the login page
- Added the form of the signup to the backend and db

* feat: Add registration page

- Added confirmation email system
- Added some tests

* Fixed sourcey-ai issues

* fixed resend email confirmation

* Added translations

* Removed unused module

* Changed versions of requirements

* Changed versions of requirements

* Changed versions of requirements

* Changed versions of requirements

* Changed versions of requirements

* Changed versions of requirements

* Removed versions change

* Fixed tests

* Fixed a test

* Fixed test and updated client fixture

* Added tests for coverage

* Added a test for signature expired

* Removed unnecessary condition

* Added role attribute

* - Fixed babel translations
- Added few _('...') instead of some english phrases
- Moved out the auth logic into models/users
- Added MAIL_DEFAULT_SENDER variable to the config
- Changed the retrieve_salt method

* Fixed a test to check bad signature token

* Fixed a test

* Moved out the HASHED_PASSWORD in order to be global variable, and added an error message to the UnhashedPasswordError

* Added a configuration of registration open, and a test

* feat: Add change password page

- Added tests
- Added a ref link from user's page
- Added the form background
- Added the template and the css style

* Added a comma

* Added a comma

* - Moved the send mails methods into utils/mail.py
- Added _invalid_tries to session in order to limit the tries of invalid change password
- Added INVALID_TRIES variable to the config

* Added a test for invalid_tries change password

* Added a test for invalid_tries change password

* Added a test for invalid_tries change password

* - Added forgot my password template and css style
- Added a link from login page
- Added in the backend the forms
- Added mails to reset password
- Added tests

* Fixed some changes requested

* Fixed translations

* Fixed some issues

* Changed session token to be uuid

* Added a test and changed get_or_none to get

* fix: check test send mail

* Added skipif for sending mail test and split a test function

* Changed skipif condition and split a test

* fix: test mails

* Removed unused import

* Changed fixture to be session instead of class scope

* changed some code style and changed uuidfield

* Add migration

* feat: add migration

* fix: bool expression

* Changed html name files

* Removed unused imports and moved out to conftest some client.post's

* Removed TestResponse objects

Co-authored-by: Yam Mesicka <yammesicka@gmail.com>

Author: orronai

lms/lmsdb/bootstrap.py

@@ -1,4 +1,5 @@
 from typing import Any, Callable, Optional, Tuple, Type
+from uuid import uuid4
 
 from peewee import (
     Database, Entity, Expression, Field, Model, OP,
@@ -88,9 +89,7 @@ def get_details(table: Model, column: Field) -> Tuple[bool, str, str]:
     column_name = column.column_name
 
     cols = {col.name for col in db_config.database.get_columns(table_name)}
-    if column_name in cols:
-        return True, table_name, column_name
-    return False, table_name, column_name
+    return column_name in cols, table_name, column_name
 
 
 def _add_not_null_column(
@@ -227,22 +226,39 @@ def _add_api_keys_to_users_table(table: Model, _column: Field) -> None:
             user.save()
 
 
+def _add_uuid_to_users_table(table: Model, _column: Field) -> None:
+    log.info('Adding UUIDs for all users, might take some extra time...')
+    with db_config.database.transaction():
+        for user in table:
+            user.uuid = uuid4()
+            user.save()
+
+
 def _api_keys_migration() -> bool:
     User = models.User
     _add_not_null_column(User, User.api_key, _add_api_keys_to_users_table)
     return True
 
 
+def _uuid_migration() -> bool:
+    User = models.User
+    _add_not_null_column(User, User.uuid, _add_uuid_to_users_table)
+    return True
+
+
 def main():
     with models.database.connection_context():
+        if models.database.table_exists(models.User.__name__.lower()):
+            _api_keys_migration()
+            _uuid_migration()
+
         models.database.create_tables(models.ALL_MODELS, safe=True)
 
         if models.Role.select().count() == 0:
             models.create_basic_roles()
         if models.User.select().count() == 0:
             models.create_demo_users()
 
-    _api_keys_migration()
     text_fixer.fix_texts()
     import_tests.load_tests_from_path('/app_dir/notebooks-tests')
 

lms/lmsdb/models.py

@@ -1,19 +1,20 @@
-from collections import Counter
 import enum
 import html
 import secrets
 import string
+from collections import Counter
 from datetime import datetime
 from typing import (
     Any, Dict, Iterable, List, Optional, TYPE_CHECKING, Tuple,
     Type, Union, cast,
 )
+from uuid import uuid4
 
 from flask_babel import gettext as _  # type: ignore
 from flask_login import UserMixin, current_user  # type: ignore
 from peewee import (  # type: ignore
     BooleanField, Case, CharField, Check, DateTimeField, ForeignKeyField,
-    IntegerField, JOIN, ManyToManyField, TextField, fn,
+    IntegerField, JOIN, ManyToManyField, TextField, UUIDField, fn,
 )
 from playhouse.signals import Model, post_save, pre_save  # type: ignore
 from werkzeug.security import (
@@ -138,6 +139,10 @@ class User(UserMixin, BaseModel):
     password = CharField()
     role = ForeignKeyField(Role, backref='users')
     api_key = CharField()
+    uuid = UUIDField(default=uuid4, unique=True)
+
+    def get_id(self):
+        return str(self.uuid)
 
     def is_password_valid(self, password):
         return check_password_hash(self.password, password)
@@ -201,6 +206,7 @@ def on_save_handler(model_class, instance, created):
     is_password_changed = not instance.password.startswith('pbkdf2:sha256')
     if created or is_password_changed:
         instance.password = generate_password_hash(instance.password)
+        instance.uuid = uuid4()
 
     is_api_key_changed = not instance.api_key.startswith('pbkdf2:sha256')
     if created or is_api_key_changed:

lms/lmsweb/config.py.example

@@ -63,3 +63,6 @@ LOCALE = 'en'
 # Limiter settings
 LIMITS_PER_MINUTE = 5
 LIMITS_PER_HOUR = 50
+
+# Change password settings
+MAX_INVALID_PASSWORD_TRIES = 5

lms/lmsweb/forms/change_password.py

@@ -0,0 +1,33 @@
+from flask import session
+from flask_babel import gettext as _  # type: ignore
+from flask_wtf import FlaskForm
+from wtforms import PasswordField
+from wtforms.validators import EqualTo, InputRequired, Length, ValidationError
+
+from lms.lmsweb.config import MAX_INVALID_PASSWORD_TRIES
+
+
+class ChangePasswordForm(FlaskForm):
+    current_password = PasswordField(
+        'Password', validators=[InputRequired(), Length(min=8)], id='password',
+    )
+    password = PasswordField(
+        'Password', validators=[InputRequired(), Length(min=8)], id='password',
+    )
+    confirm = PasswordField(
+        'Password Confirmation', validators=[
+            InputRequired(),
+            EqualTo('password', message=_('הסיסמאות שהוקלדו אינן זהות')),
+        ],
+    )
+
+    def __init__(self, user, *args, **kwargs):
+        super(ChangePasswordForm, self).__init__(*args, **kwargs)
+        self.user = user
+
+    def validate_current_password(self, field):
+        if session['_invalid_password_tries'] >= MAX_INVALID_PASSWORD_TRIES:
+            raise ValidationError(_('הזנת סיסמה שגויה מספר רב מדי של פעמים'))
+        if not self.user.is_password_valid(field.data):
+            session['_invalid_password_tries'] += 1
+            raise ValidationError(_('הסיסמה הנוכחית שהוזנה שגויה'))

lms/lmsweb/forms/reset_password.py

@@ -0,0 +1,27 @@
+from lms.lmsweb.tools.validators import EmailNotExists
+from flask_babel import gettext as _  # type: ignore
+from flask_wtf import FlaskForm
+from wtforms import StringField
+from wtforms.fields.simple import PasswordField
+from wtforms.validators import Email, EqualTo, InputRequired, Length
+
+
+class ResetPassForm(FlaskForm):
+    email = StringField(
+        'Email', validators=[
+            InputRequired(), Email(message=_('אימייל לא תקין')),
+            EmailNotExists,
+        ],
+    )
+
+
+class RecoverPassForm(FlaskForm):
+    password = PasswordField(
+        'Password', validators=[InputRequired(), Length(min=8)], id='password',
+    )
+    confirm = PasswordField(
+        'Password Confirmation', validators=[
+            InputRequired(),
+            EqualTo('password', message=_('הסיסמאות שהוקלדו אינן זהות')),
+        ],
+    )

lms/lmsweb/tools/validators.py

@@ -19,3 +19,11 @@ def UniqueEmailRequired(
     email_exists = User.get_or_none(User.mail_address == field.data)
     if email_exists:
         raise ValidationError(_('האימייל כבר נמצא בשימוש'))
+
+
+def EmailNotExists(
+    _form: 'ResetPassForm', field: StringField,  # type: ignore # NOQA: F821
+) -> None:
+    email_exists = User.get_or_none(User.mail_address == field.data)
+    if not email_exists:
+        raise ValidationError(_('האימייל לא רשום במערכת'))