feat: Add registration page

- Added confirmation email system
- Added some tests

Author: orronai

lms/lmsdb/models.py

@@ -34,6 +34,7 @@
 
 class RoleOptions(enum.Enum):
     BANNED = 'Banned'
+    NOT_CONFIRMED = 'Not_Confirmed'
     STUDENT = 'Student'
     STAFF = 'Staff'
     VIEWER = 'Viewer'
@@ -67,6 +68,7 @@ class Role(BaseModel):
         (RoleOptions.STAFF.value, RoleOptions.STAFF.value),
         (RoleOptions.VIEWER.value, RoleOptions.VIEWER.value),
         (RoleOptions.STUDENT.value, RoleOptions.STUDENT.value),
+        (RoleOptions.NOT_CONFIRMED.value, RoleOptions.NOT_CONFIRMED.value),
         (RoleOptions.BANNED.value, RoleOptions.BANNED.value),
     ))
 
@@ -77,6 +79,10 @@ def __str__(self):
     def get_banned_role(cls) -> 'Role':
         return cls.get(Role.name == RoleOptions.BANNED.value)
 
+    @classmethod
+    def get_not_confirmed_role(cls) -> 'Role':
+        return cls.get(Role.name == RoleOptions.NOT_CONFIRMED.value)
+
     @classmethod
     def get_student_role(cls) -> 'Role':
         return cls.get(Role.name == RoleOptions.STUDENT.value)
@@ -100,6 +106,10 @@ def by_name(cls, name) -> 'Role':
     def is_banned(self) -> bool:
         return self.name == RoleOptions.BANNED.value
 
+    @property
+    def is_not_confirmed(self) -> bool:
+        return self.name == RoleOptions.NOT_CONFIRMED.value
+
     @property
     def is_student(self) -> bool:
         return self.name == RoleOptions.STUDENT.value

lms/lmsweb/__init__.py

@@ -5,6 +5,7 @@
 from flask_babel import Babel  # type: ignore
 from flask_limiter import Limiter  # type: ignore
 from flask_limiter.util import get_remote_address  # type: ignore
+from flask_mail import Mail  # type: ignore
 from flask_wtf.csrf import CSRFProtect  # type: ignore
 
 from lms.utils import config_migrator, debug
@@ -41,6 +42,8 @@
 # Localizing configurations
 babel = Babel(webapp)
 
+webmail = Mail(webapp)
+
 
 # Must import files after app's creation
 from lms.lmsdb import models  # NOQA: F401, E402, I202

lms/lmsweb/config.py.example

@@ -9,6 +9,14 @@ MAILGUN_API_KEY = os.getenv('MAILGUN_API_KEY')
 MAILGUN_DOMAIN = os.getenv('MAILGUN_DOMAIN', 'mail.pythonic.guru')
 SERVER_ADDRESS = os.getenv('SERVER_ADDRESS', '127.0.0.1:5000')
 
+# MAIL CONFIGURATION
+MAIL_SERVER = 'smtp.gmail.com'
+MAIL_PORT = 465
+MAIL_USE_SSL = True
+MAIL_USE_TLS = False
+MAIL_USERNAME = 'username@gmail.com'
+MAIL_PASSWORD = 'password'
+
 # SESSION_COOKIE_SECURE = True
 SESSION_COOKIE_HTTPONLY = True
 SESSION_COOKIE_SAMESITE = 'Lax'

lms/lmsweb/tools/registration.py

@@ -5,18 +5,24 @@
 import os
 import typing
 
+from flask import url_for
 from flask_babel import gettext as _  # type: ignore
+from flask_mail import Message  # type: ignore
 from flask_wtf import FlaskForm
+from itsdangerous import URLSafeTimedSerializer
 from wtforms import PasswordField, StringField
 from wtforms.validators import Email, EqualTo, InputRequired, Length
 
 from lms.lmsdb import models
-from lms.lmsweb import config
+from lms.lmsweb import config, webmail
 from lms.utils.log import log
 
 import requests
 
 
+SERIALIZER = URLSafeTimedSerializer(config.SECRET_KEY)
+
+
 class RegisterForm(FlaskForm):
     email = StringField(
         'Email', validators=[
@@ -38,7 +44,7 @@ class RegisterForm(FlaskForm):
     confirm = PasswordField(
         'Password Confirmation', validators=[
             InputRequired(),
-            EqualTo('password', message=_('הסיסמה שהוקלדה אינה זהה')),
+            EqualTo('password', message=_('הסיסמאות שהוקלדו אינן זהות')),
         ],
     )
 
@@ -161,6 +167,21 @@ def _build_user_text(user: UserToCreate) -> str:
         return msg
 
 
+def generate_confirmation_token(email: str) -> str:
+    return SERIALIZER.dumps(email, salt='email-confirmation')
+
+
+def send_confirmation_mail(email: str, fullname: str) -> None:
+    token = generate_confirmation_token(email)
+    msg = Message(
+        'Confirmation Email - Learn Python',
+        sender=f'lms@{config.MAILGUN_DOMAIN}', recipients=[email],
+    )
+    link = url_for('confirm_email', token=token, _external=True)
+    msg.body = f'Hey {fullname},\nYour confirmation link is: {link}'
+    webmail.send(msg)
+
+
 if __name__ == '__main__':
     registration = UserRegistrationCreator.from_csv_file(config.USERS_CSV)
     print(registration.users_to_create)  # noqa: T001

lms/lmsweb/views.py

@@ -5,10 +5,12 @@
     jsonify, make_response, render_template,
     request, send_from_directory, url_for,
 )
+from flask_babel import gettext as _  # type: ignore
 from flask_limiter.util import get_remote_address  # type: ignore
 from flask_login import (  # type: ignore
     current_user, login_required, login_user, logout_user,
 )
+from itsdangerous import BadSignature, BadTimeSignature, SignatureExpired
 from werkzeug.datastructures import FileStorage
 from werkzeug.utils import redirect
 
@@ -27,7 +29,9 @@
 from lms.lmsweb.redirections import (
     PERMISSIVE_CORS, get_next_url, login_manager,
 )
-from lms.lmsweb.tools.registration import RegisterForm
+from lms.lmsweb.tools.registration import (
+    RegisterForm, SERIALIZER, send_confirmation_mail,
+)
 from lms.models import (
     comments, notes, notifications, share_link, solutions, upload,
 )
@@ -96,11 +100,19 @@ def login(login_message: Optional[str] = None):
     user = User.get_or_none(username=username)
 
     if request.method == 'POST':
-        if user is not None and user.is_password_valid(password):
+        if (
+            user is not None and user.is_password_valid(password)
+            and not user.role.is_not_confirmed
+        ):
             login_user(user)
             return get_next_url(next_page)
-        elif user is None or not user.is_password_valid(password):
-            login_message = 'Invalid username or password'
+        elif (
+            user is None or not user.is_password_valid(password)
+            or user.role.is_not_confirmed
+        ):
+            login_message = _('שם המשתמש או הסיסמה שהוזנו לא תקינים')
+            if user is not None and user.role.is_not_confirmed:
+                login_message = _('עליך לאשר את המייל')
             error_details = {'next': next_page, 'login_message': login_message}
             return redirect(url_for('login', **error_details))
 
@@ -110,25 +122,59 @@ def login(login_message: Optional[str] = None):
 @webapp.route('/signup', methods=['GET', 'POST'])
 def signup():
     form = RegisterForm()
-
     if form.validate_on_submit():
         User.get_or_create(**{
             User.mail_address.name: form.email.data,
             User.username.name: form.username.data,
         }, defaults={
             User.fullname.name: form.fullname.data,
-            User.role.name: Role.get_student_role(),
+            User.role.name: Role.get_not_confirmed_role(),
             User.password.name: form.password.data,
             User.api_key.name: User.random_password(),
         })
 
+        send_confirmation_mail(form.email.data, form.fullname.data)
+
         return redirect(url_for(
-            'login', login_message='Registration Successfully',
+            'login', login_message=_('ההרשמה בוצעה בהצלחה'),
         ))
 
     return render_template('signup.html', form=form)
 
 
+@webapp.route('/confirm-email/<token>')
+def confirm_email(token: str):
+    try:
+        email = SERIALIZER.loads(
+            token, salt='email-confirmation', max_age=3600,
+        )
+        user = User.get_or_none(User.mail_address == email)
+        if user is None:
+            return fail(404, f'No such user with email {email}.')
+        if not user.role.is_not_confirmed:
+            return fail(
+                403, f'User has been already confirmed {user.username}',
+            )
+        update = User.update(
+            role=Role.get_student_role(),
+        ).where(User.username == user.username)
+        update.execute()
+
+        return redirect(url_for(
+            'login', login_message=(
+                _('המשתמש שלך אומת בהצלחה, כעת הינך יכול להתחבר למערכת'),
+            ),
+        ))
+    except SignatureExpired:
+        return redirect(url_for(
+            'login', login_message=(
+                _('קישור האימות פג תוקף, קישור חדש נשלח אל תיבת המייל שלך'),
+            ),
+        ))
+    except (BadSignature, BadTimeSignature):
+        return fail(404, 'No such signature')
+
+
 @webapp.route('/logout')
 @login_required
 def logout():

lms/templates/login.html

@@ -35,7 +35,7 @@ <h1 id="main-title" class="h3 font-weight-normal">{{ _('התחברות') }}</h1>
           <button class="btn btn-primary btn-lg btn-block">{{ _('התחבר') }}</button>
         </form>
         <hr class="mt-3 mb-3"/>
-        <a href="/signup" class="btn btn-success btn-sm" role="button">{{ _('הרשם') }}</a>
+        <a href="/signup" class="btn btn-success btn-sm" role="button">{{ _('הירשם') }}</a>
       </div>
     </div>
   </div>

requirements.txt

@@ -42,7 +42,8 @@ flake8==3.8.3
 Flask-Admin==1.5.6
 Flask-Babel==2.0.0
 Flask-Limiter==1.4
-git+git://github.com/maxcountryman/flask-login@e3d8079#egg=flask-login
+Flask-Login==0.5.0
+Flask-Mail==0.9.1
 Flask-WTF==0.14.3
 Flask==1.1.2
 future==0.18.2
@@ -56,7 +57,7 @@ ipykernel==5.3.4
 ipython-genutils==0.2.0
 ipython==7.18.1
 ipywidgets==7.5.1
-itsdangerous==1.1.0
+itsdangerous==2.0.1
 jedi==0.17.2
 jinja2-pluralize==0.3.0
 Jinja2==2.11.3

tests/conftest.py

@@ -118,6 +118,10 @@ def create_banned_user(index: int = 0) -> User:
     return create_user(RoleOptions.BANNED.value, index)
 
 
+def create_not_confirmed_user(index: int = 0) -> User:
+    return create_user(RoleOptions.NOT_CONFIRMED.value, index)
+
+
 def create_student_user(index: int = 0) -> User:
     return create_user(RoleOptions.STUDENT.value, index)
 
@@ -141,6 +145,11 @@ def staff_user(staff_password):
     return create_staff_user()
 
 
+@pytest.fixture()
+def not_confirmed_user():
+    return create_not_confirmed_user()
+
+
 @pytest.fixture()
 def student_user():
     return create_student_user()

tests/samples/config.py.example

@@ -13,6 +13,8 @@ FEATURE_FLAG_CHECK_IDENTICAL_CODE_ON = os.getenv(
     'FEATURE_FLAG_CHECK_IDENTICAL_CODE_ON', False,
 )
 
+TESTING = True
+
 
 MAIL_WELCOME_MESSAGE = 'welcome-email'
 USERS_CSV = 'users.csv'

tests/samples/config_copy.py

@@ -11,6 +11,8 @@
     'FEATURE_FLAG_CHECK_IDENTICAL_CODE_ON', False,
 )
 
+TESTING = True
+
 
 USERS_CSV = 'users.csv'
 

tests/test_login.py

@@ -23,6 +23,17 @@ def test_login_username_fail(student_user: User):
         fail_login_response = client.get('/exercises')
         assert fail_login_response.status_code == 302
 
+    @staticmethod
+    def test_login_not_confirmed_user(not_confirmed_user: User):
+        client = webapp.test_client()
+        login_response = client.post('/login', data={
+            'username': not_confirmed_user.username,
+            'password': 'fake pass',
+        }, follow_redirects=True)
+        assert login_response.request.path == '/login'
+        fail_login_response = client.get('/exercises')
+        assert fail_login_response.status_code == 302
+
     @staticmethod
     def test_login_success(student_user: User):
         client = webapp.test_client()

tests/test_registration.py

@@ -0,0 +1,71 @@
+from lms.lmsweb.tools.registration import generate_confirmation_token
+from lms.lmsdb.models import User
+from lms.lmsweb import webapp
+
+
+class TestRegistration:
+    @staticmethod
+    def test_invalid_username(student_user: User):
+        client = webapp.test_client()
+        response = client.post('/signup', data={
+            'email': 'some_name@mail.com',
+            'username': student_user.username,
+            'fullname': 'some_name',
+            'password': 'some_password',
+            'confirm': 'some_password',
+        }, follow_redirects=True)
+        assert response.request.path == '/signup'
+
+        client.post('/login', data={
+            'username': student_user.username,
+            'password': 'some_password',
+        }, follow_redirects=True)
+        fail_login_response = client.get('/exercises')
+        assert fail_login_response.status_code == 302
+
+    @staticmethod
+    def test_invalid_email(student_user: User):
+        client = webapp.test_client()
+        response = client.post('/signup', data={
+            'email': student_user.mail_address,
+            'username': 'some_user',
+            'fullname': 'some_name',
+            'password': 'some_password',
+            'confirm': 'some_password',
+        }, follow_redirects=True)
+        assert response.request.path == '/signup'
+
+        client.post('/login', data={
+            'username': 'some_user',
+            'password': 'some_password',
+        }, follow_redirects=True)
+        fail_login_response = client.get('/exercises')
+        assert fail_login_response.status_code == 302
+
+    @staticmethod
+    def test_successful_registration():
+        client = webapp.test_client()
+        response = client.post('/signup', data={
+            'email': 'some_user123@mail.com',
+            'username': 'some_user',
+            'fullname': 'some_name',
+            'password': 'some_password',
+            'confirm': 'some_password',
+        }, follow_redirects=True)
+        assert response.request.path == '/login'
+
+        client.post('/login', data={
+            'username': 'some_user',
+            'password': 'some_password',
+        }, follow_redirects=True)
+        fail_login_response = client.get('/exercises')
+        assert fail_login_response.status_code == 302
+
+        token = generate_confirmation_token('some_user123@mail.com')
+        client.get(f'/confirm-email/{token}', follow_redirects=True)
+        client.post('/login', data={
+            'username': 'some_user',
+            'password': 'some_password',
+        }, follow_redirects=True)
+        fail_login_response = client.get('/exercises')
+        assert fail_login_response.status_code == 200