/i'@ddlmZddlZddlZddlZddlmZddlmZddl m Z m Z ddl m Z mZmZddlmZddlmZdd lmZmZmZmZmZdd lmZdd lmZdd lmZej@e!Z"dd Z#ddZ$ddZ%ddZ&ddZ'ddZ(ddZ)ddZ*ddZ+d dZ,d!dZ-d"dZ.y)#) annotationsN timedelta) EmailMessage) HTTPExceptionstatus)selectupdatedelete) AsyncSession)settings) create_token hash_passwordhash_refresh_tokenutcnowverify_password) RefreshToken)PasswordResetToken)Userc6ttjS)Nminutes)rr ACCESS_TOKEN_EXPIRE_MINUTES?/var/www/html/marco-python-backend/app/services/auth_service.py_access_expiresrs XAA BBrc6ttjS)N)days)rr REFRESH_TOKEN_EXPIRE_DAYSrrr_refresh_expiresr! s (<< ==rctdS)N rrrrr_reset_expiresr$$s R  rc:t|dkr tddy)Nz&Password must be at least 8 characters status_codedetail)lenr)passwords r_validate_password_complexityr-)s# 8}q4\]]rctj}tj}tj}tj}tj }|r|r|s t dt}d|d<||d<||d<|jdj|tj||5}|j|j|j|r@|r>|j|j|j!dd j|j#|dddy#1swYyxYw) NzSMTP configuration incompletezPassword Reset LinkSubjectFromTozA request was received to reset your password. Reset link: {link} This link will expire in 10 minutes. If you did not request this, you can ignore this email. )link )r SMTP_HOST SMTP_PORT SMTP_USER SMTP_PASS SMTP_FROM RuntimeErrorr set_contentformatsmtplibSMTPehlostarttlsloginstripreplace send_message) recipient reset_linkhostport smtp_user smtp_passsendermsgsmtps r_send_reset_emailrN0s    D   D""I""I   F t6:;; .C*C NCKCIOO   F F dD !T    JJy()*;*;C*D*J*J*L M #s 2BD??EcK||k7r tdd|jttj tj |k(d{}|j r tddt|t|}|j||jd{|j|d{|S7{7!7 w)Nr'Passwords do not matchr(izEmail already registered)email password_hash) rexecuter rwhererQscalar_one_or_noneraddcommitrefresh)dbrQr,confirm_passwordexistingusers rsignupr]Ss##4LMMZZt 2 24::3F GHHH""$4NOO e=+B CDFF4L ))+ **T  KIs7ACCAC2C3C C CCCcLKt}|jttj tj |kd{}|j d{ |j}tjd|y7@7*#t$rd}Y(wxYww)aNDelete tokens that are expired or have already been used. This is invoked on each password-reset flow invocation to keep the table tidy and ensure tokens older than the configured expiry (10 minutes) do not linger indefinitely. We commit immediately because callers usually perform their own commits afterwards. Nz2Cleanup removed %s expired password-reset token(s)) rrSr rrT expires_atrWrowcountAttributeErrorloggerdebug)rYnowresultcounts r_cleanup_reset_tokensrgds (C::!"(();)F)F#)MNF ))+ LLEuM sHA B$BB$&B'B$, B8B$B$ B!B$ B!!B$crK|j}t|d{|jttj tj |k(d{}|j}|r |jstjd|ytjd}t|}t|j|t!t#zd}|j%||j'd{t(j*xsdj-d}|d|} t/||tjd |d |fS7G77\#t0$r;} tj3d || tjd ||Yd} ~ d |fSd} ~ wwxYww) Nz8Password reset requested for email=%s (generic response))FN0)user_id token_hashr_used_atr4/z/reset-password?token=)rErFz#Password reset email sent. email=%sz6Failed to send password reset email. email=%s error=%sz4Password reset link (fallback log). email=%s link=%sT)rBrgrSr rrTrQrU is_activerbinfosecrets token_urlsaferridrr$rVrWr FRONTEND_URLrstriprN Exceptionwarning) rYrQrer\ raw_tokenrkprtfrontendrFexcs rforgot_passwordr{{sz KKME  ###::fTl00u1DEF FF  $ $ &D t~~ NPUV%%b)I#I.J 8n..  C FF3K ))+%%+33C8H:3I;?J_EjA 95A ?E$ F* _OQVX[\ JES]^^ ?_s_F7E(AF7'E+(B)F7E..F7#E0$F7+F7.F70 F49.F/'F7/F44F7cJKt|d{||k7r tddt|t|}|j t t jt j|k(d{}|j}|s tddt}|j|kr tdd|j tdd|j t tjtj|jk(d{}|j} | r | j s tddt#|| j$r tddt'|| _||_ |j t)t*jt*j| jk(j-d d{|| _|j1d{y7777,7w) Nr'rPr(zInvalid or Expired LinkzReset link has expiredzThis link has already been usedz1New password must not match the previous passwordTrevoked)rgrr-rrSr rrTrkrUrr_rlrrrrjrnrrRrr rvaluestokens_invalid_beforerW) rYtoken new_passwordrZrkrestoredrd user_resultr\s rreset_passwordrs  ###''4LMM!,/#E*J::f%78>>?Q?\?\`j?jkl lF  & & (F 4MNN (C C4LMM ~~!4UVV 6$<#5#5dgg6O#PQQK  ) ) +D t~~4MNN|T%7%784ghh&|4DFN **VL)// 0D0D0OPWW`dWe fff!$D ))+ G$mRgsZH#HA-H#?HB-H#-H.CH#2H3H#H!H#H#H#H#!H#cK|jttjtj|k(d{}|j }|r |j sttjdt||jsttjdtt|j|jdt}tt|j|jdt!}t#|jt%|t't!zd}|j)||j+d{||fS797 w)NzInvalid credentialsr(accesssubrQ token_type expires_deltarXFrjrkr_r~)rSr rrTrQrUrnrrHTTP_401_UNAUTHORIZEDrrRrstrrrrr!rrrrVrW)rYrQr,rer\ access_token refresh_tokenrts rrArAs::fTl00u1DEF FF  $ $ &D t~~(D(DMbcc 8T%7%7 8(D(DMbccCL xgvgxyL S\PYiyi{|M %m48.00  B FF2J ))+  &&)G$s%AFE=D/F4F5 FFcKddlm} ||}|j ddk7rttj dt|}|jttjtj|k(d{}|j}|r#|js|jt!krttj d|jtt"jt"j$|j&k(d{}|j}|r |j(sttj dd|_t+t-|j$|j.dt1 } t+t-|j$|j.dt3 } t|j$t| t!t3zd } |j5| |j7d{| | fS#t$rttj dwxYw77:76w) Nr) decode_tokenz Invalid tokenr(typerXTrrFr)app.core.securityr ValueErrorrrrgetrrSr rrTrkrUr~r_rrrrrjrnrrrQrr!rVrW) rYrrpayloadrkrerrr\ new_access new_refresh new_storeds rrXrXs.^}-{{6i'(D(D_]]#M2J::|""<#:#:j#HIF & & (F V^^v'8'8FH'D(D(D_]] 6$<#5#5dgg6O#PQQK  ) ) +D t~~(D(D_]]FN#dgg,djjXetevwJ3twwrs"&)--/$2>   8 $C>! ^ F"N.%P$ N'0)#Xr