forked from sr2/cloud-api
59 lines
1.5 KiB
Python
59 lines
1.5 KiB
Python
from lettermint import Lettermint, ValidationError
|
|
from datetime import datetime, timezone
|
|
from joserfc import jwt, jwk, errors
|
|
|
|
from src.config import settings
|
|
from src.exceptions import ForbiddenException, UnauthorizedException
|
|
|
|
KEY = jwk.import_key(settings.SECRET_KEY.get_secret_value(), "oct")
|
|
|
|
|
|
async def generate_jwt(claims):
|
|
jwt_token = jwt.encode(header={"alg": "HS256"}, key=KEY, claims=claims)
|
|
|
|
return jwt_token
|
|
|
|
|
|
async def decode_jwt(encoded):
|
|
try:
|
|
token = jwt.decode(encoded, key=KEY)
|
|
return token.claims
|
|
except errors.DecodeError:
|
|
raise UnauthorizedException("Invalid JWS")
|
|
|
|
|
|
async def verify_email_token(user_model, token):
|
|
email_claims = await decode_jwt(token)
|
|
|
|
claimed_email = email_claims["email"]
|
|
|
|
expiry = datetime.fromtimestamp(email_claims["exp"], timezone.utc)
|
|
|
|
if expiry < datetime.now(timezone.utc):
|
|
raise UnauthorizedException("Invitation expired.")
|
|
|
|
if user_model.email != claimed_email:
|
|
raise ForbiddenException("The logged in user and email do not match.")
|
|
|
|
return email_claims
|
|
|
|
|
|
async def send_email(recipient: str, subject: str, body: str):
|
|
lettermint = Lettermint(api_token=settings.LETTERMINT_API_TOKEN.get_secret_value())
|
|
|
|
if settings.ENVIRONMENT.is_testing or settings.ENVIRONMENT == "local":
|
|
recipient = "ok@testing.lettermint.co"
|
|
|
|
try:
|
|
response = (
|
|
lettermint.email.from_("noreply@sr2.uk")
|
|
.to(recipient)
|
|
.subject(subject)
|
|
.text(body)
|
|
.send()
|
|
)
|
|
|
|
print(response.status_code)
|
|
except ValidationError:
|
|
# Error thrown if domain not approved for project
|
|
print("Lettermint validation error")
|