bugout-dev
diff --git a/‎brood/actions.py‎
Lines changed: 74 additions & 40 deletions b/‎brood/actions.py‎
Lines changed: 74 additions & 40 deletions
diff --git a/‎brood/api.py‎
Lines changed: 57 additions & 39 deletions b/‎brood/api.py‎
Lines changed: 57 additions & 39 deletions
@@ -1,22 +1,26 @@
 """
 User-related Brood operations
 """
+import base64
+import json
 import logging
 import re
+import sys
 import uuid
 from datetime import datetime, timedelta
 from random import randint
 from typing import Any, Callable, Dict, List, Optional, Set, Tuple, cast
 
-import stripe  # type: ignore
 from passlib.context import CryptContext
 from sendgrid import SendGridAPIClient
 from sendgrid.helpers.mail import Mail
 from sqlalchemy import and_, func, or_
+from sqlalchemy.exc import IntegrityError
 from sqlalchemy.orm import Query
-from sqlalchemy.orm.base import PASSIVE_OFF
 from sqlalchemy.orm.exc import MultipleResultsFound
 from sqlalchemy.orm.session import Session
+from web3login.auth import MoonstreamRegistration, to_checksum_address, verify
+from web3login.exceptions import MoonstreamVerificationError
 
 from . import data, exceptions, subscriptions
 from .models import (
@@ -411,43 +415,80 @@ def password_confirm(
 def create_user(
     session: Session,
     username: str,
-    email: str,
-    password: str,
+    email: Optional[str] = None,
+    password: Optional[str] = None,
+    signature: Optional[str] = None,
     autogenerated_user: bool = False,
     first_name: Optional[str] = None,
     last_name: Optional[str] = None,
     application_id: Optional[uuid.UUID] = None,
+    is_verify: bool = False,
 ) -> User:
     """
-    Creates a new user in the given database session and
-    returns the created user object.
+    Creates a new user in the given database session and returns
+    the created user object.
 
-    According with autogenerated_user var it create bugout user for Slack/Github installation or
-    normal user.
+    According with autogenerated_user var it create bugout user for
+    Slack/Github installation or normal user.
 
     Sessions are expected to be sqlalchemy Session objects:
     https://docs.sqlalchemy.org/en/13/orm/session_api.html#sqlalchemy.orm.session.Session
     """
+    # Check username correctness
     assert username != ""
-    assert email != ""
-    assert password != ""
-
-    # Username and email should be stored as lowercase strings in the database.
     username = username.lower()
-    normalized_email = normalize_email(email)
-
     verify_username(username)
-    verify_password_strength(password)
 
-    password_context = get_password_context()
-    password_hash = password_context.hash(password)
+    is_creation_allowed = False
+
+    # Regular user with password and email creation
+    normalized_email = None
+    password_hash = None
+    if email is not None and password is not None:
+        assert email != ""
+        assert password != ""
+
+        # Email should be stored as lowercase strings in the database
+        normalized_email = normalize_email(email)
+        verify_password_strength(password)
+        password_context = get_password_context()
+        password_hash = password_context.hash(password)
+
+        is_creation_allowed = True
+
+    # Web3 user with blockchain address creation
+    web3_address = None
+    if signature is not None:
+        payload_json = base64.decodebytes(signature.encode()).decode("utf-8")
+        payload = json.loads(payload_json)
+        if not isinstance(MoonstreamRegistration, MoonstreamRegistration):
+            # Mypy hell
+            raise Exception()
+        verified = verify(authorization_payload=payload, schema=MoonstreamRegistration)
+        if not verified:
+            logger.info("Moonstream registration verification error")
+            raise MoonstreamVerificationError()
+        web3_address = payload.get("address")
+        if web3_address is None:
+            logger.error(
+                f"Web3 address in payload could not be None for user with username: {username}"
+            )
+            raise Exception()
+        web3_address = to_checksum_address(web3_address)
+
+        is_creation_allowed = True
+
+    if not is_creation_allowed:
+        logger.info("Signature or email with password should be specified")
+        raise UserInvalidParameters()
 
     user_object = User(
         username=username,
         email=email,
         normalized_email=normalized_email,
         password_hash=password_hash,
-        verified=True if autogenerated_user else False,
+        web3_address=web3_address,
+        verified=True if autogenerated_user else is_verify,
         autogenerated=True if autogenerated_user else False,
         first_name=first_name,
         last_name=last_name,
@@ -460,9 +501,16 @@ def create_user(
         session.add(user_object)
         session.add(user_group_limit)
         session.commit()
-    except Exception as e:
-        logger.error(e)
-        raise UserAlreadyExists("This user already exists")
+    except IntegrityError:
+        logger.info(
+            f"User already exists with username: {username}, email: {email}, address: {web3_address if signature is not None else None}"
+        )
+        raise UserAlreadyExists()
+    except Exception:
+        logger.error(
+            f"Unable to add user with username: {username}, email: {email}, address: {web3_address if signature is not None else None}"
+        )
+        raise Exception()
 
     return user_object
 
@@ -511,7 +559,7 @@ def get_user(
     user_id: Optional[uuid.UUID] = None,
     application_id: Optional[uuid.UUID] = None,
     web3_address: Optional[uuid.UUID] = None,
-) -> data.UserResponse:
+) -> User:
     """
     Get a user by username, email, user_id or web3_address.
     If more than one of those fields is provided, will look for a user having ALL the given parameters.
@@ -635,9 +683,7 @@ def get_user_with_groups(
     )
 
 
-def get_current_user_by_token(
-    session: Session, token: uuid.UUID
-) -> Tuple[bool, data.UserResponse]:
+def get_current_user_by_token(session: Session, token: uuid.UUID) -> Tuple[bool, User]:
     """
     Get user by its active token for authentication middleware.
     """
@@ -656,19 +702,7 @@ def get_current_user_by_token(
     is_token_active = objects[0][0]
     user = objects[0][1]
 
-    return is_token_active, data.UserResponse(
-        user_id=user.id,
-        username=user.username,
-        first_name=user.first_name,
-        last_name=user.last_name,
-        email=user.email,
-        normalized_email=user.normalized_email,
-        verified=user.verified,
-        created_at=user.created_at,
-        updated_at=user.updated_at,
-        autogenerated=user.autogenerated,
-        application_id=user.application_id,
-    )
+    return is_token_active, user
 
 
 def get_current_user_with_groups_by_token(
@@ -859,8 +893,8 @@ def send_welcome_email(user: User, application_id: Optional[uuid.UUID] = None) -
         logger.info(
             f"Welcome email successfully submitted to Sendgrid for user with id={user_id}"
         )
-    except Exception as e:
-        logger.error(f"Error sending welcome email {e}")
+    except Exception:
+        logger.error(f"Error sending welcome email to {user.email}")
         pass
 
 
 
@@ -2,9 +2,10 @@
 The Brood HTTP API
 """
 import logging
-from typing import Any, Dict, List, Optional, Tuple
 import uuid
+from typing import Any, Dict, List, Optional, Tuple
 
+import stripe  # type: ignore
 from fastapi import (
     BackgroundTasks,
     Depends,
@@ -19,33 +20,29 @@
 )
 from fastapi.middleware.cors import CORSMiddleware
 from fastapi.security import OAuth2PasswordRequestForm
-import stripe  # type: ignore
+from fastapi.security.utils import get_authorization_scheme_param
+from web3login.exceptions import MoonstreamVerificationError
 
-from . import actions
-from . import data
-from . import exceptions
-from . import subscriptions
-from . import models
+from . import actions, data, exceptions, models, subscriptions
+from .db import yield_db_session_from_env
 from .middleware import (
-    oauth2_scheme,
     autogenerated_user_token_check,
     get_current_user,
     get_current_user_with_groups,
     is_token_restricted,
     is_token_restricted_or_installation,
-    get_current_user_or_installation,
+    oauth2_scheme,
 )
-from .db import yield_db_session_from_env
-from .version import BROOD_VERSION
+from .resources.api import app as resources_api
 from .settings import (
-    group_invite_link_from_env,
+    DOCS_TARGET_PATH,
     ORIGINS,
-    STRIPE_SIGNING_SECRET,
     REQUIRE_EMAIL_VERIFICATION,
     SEND_EMAIL_WELCOME,
-    DOCS_TARGET_PATH,
+    STRIPE_SIGNING_SECRET,
+    group_invite_link_from_env,
 )
-from .resources.api import app as resources_api
+from .version import BROOD_VERSION
 
 logging.basicConfig(level=logging.INFO)
 logger = logging.getLogger(__name__)
@@ -95,8 +92,9 @@ async def create_user_handler(
     request: Request,
     background_tasks: BackgroundTasks,
     username: str = Form(...),
-    email: str = Form(...),
-    password: str = Form(...),
+    email: str = Form(None),
+    password: str = Form(None),
+    signature: str = Form(None),
     first_name: Optional[str] = Form(None),
     last_name: Optional[str] = Form(None),
     application_id: Optional[uuid.UUID] = Form(None),
@@ -106,26 +104,46 @@ async def create_user_handler(
     Create new user.
 
     - **username** (string): Username
-    - **email** (string): New user email
-    - **password** (string): New user password
+    - **email** (string, null): New user email
+    - **password** (string, null): New user password
+    - **signature** (string, null): User web3 signature in base64 format
     - **first_name** (string, null): User first name
     - **last_name** (string, null): User last name
     - **application_id** (uuid, null): External application user belongs to
     """
     # If correct BOT_INSTALLATION_TOKEN_HEADER is provided with request it triggers
     # autogenerated user creation.
     autogenerated_user = autogenerated_user_token_check(request)
+    if autogenerated_user and signature is not None:
+        raise HTTPException(
+            status_code=400,
+            detail="Autogenerated user could not be created with web3 signature authorization",
+        )
+
+    if signature is None:
+        if email is None or password is None:
+            raise HTTPException(
+                status_code=422,
+                detail="Signature or email with password should be specified",
+            )
 
     try:
         user = actions.create_user(
-            db_session,
+            session=db_session,
             username=username,
             email=email,
             password=password,
+            signature=signature,
             autogenerated_user=autogenerated_user,
             first_name=first_name,
             last_name=last_name,
             application_id=application_id,
+            is_verify=True if not REQUIRE_EMAIL_VERIFICATION else False,
+        )
+    except actions.UserInvalidParameters:
+        raise HTTPException(
+            status_code=422,
+            detail="Provided wrong parameters for user creation",
         )
     except actions.UserAlreadyExists:
         raise HTTPException(
@@ -142,28 +160,27 @@ async def create_user_handler(
             status_code=422,
             detail=invalid_password_error.generic_error_message,
         )
-    except Exception as e:
-        logger.error(e)
+    except MoonstreamVerificationError:
+        raise HTTPException(status_code=400, detail="Invalid user signature")
+    except Exception:
         raise HTTPException(status_code=500)
 
     if autogenerated_user:
         return user
 
-    if SEND_EMAIL_WELCOME:
-        background_tasks.add_task(
-            actions.send_welcome_email,
-            user=user,
-            application_id=application_id,
-        )
+    if email is not None:
+        if SEND_EMAIL_WELCOME:
+            background_tasks.add_task(
+                actions.send_welcome_email,
+                user=user,
+                application_id=application_id,
+            )
 
-    if not REQUIRE_EMAIL_VERIFICATION:
-        user.verified = True
-        db_session.commit()
-        return user
+        if REQUIRE_EMAIL_VERIFICATION:
+            background_tasks.add_task(
+                actions.send_verification_email, session=db_session, user_id=user.id
+            )
 
-    background_tasks.add_task(
-        actions.send_verification_email, session=db_session, user_id=user.id
-    )
     return user
 
 
@@ -240,7 +257,8 @@ async def create_token_restricted_handler(
 
 @app.delete("/token", tags=["tokens"])
 async def delete_token_handler(
-    oauth2: Tuple[uuid.UUID, str] = Depends(oauth2_scheme),
+    request: Request,
+    access_token: uuid.UUID = Depends(oauth2_scheme),
     target_token: Optional[uuid.UUID] = Form(None),
     db_session=Depends(yield_db_session_from_env),
 ) -> uuid.UUID:
@@ -249,8 +267,9 @@ async def delete_token_handler(
 
     - **target_token** (uuid, null): Token ID to revoke
     """
-    access_token = oauth2[0]
-    scheme = oauth2[1]
+    authorization: str = request.headers.get("Authorization")
+    scheme_raw, _ = get_authorization_scheme_param(authorization)
+    scheme = scheme_raw.lower()
     if scheme != "bearer":
         raise HTTPException(status_code=400, detail="Unaccepted scheme")
     try:
@@ -395,7 +414,6 @@ async def get_user_handler(
 @app.get("/user/find", tags=["users"], response_model=data.UserResponse)
 async def find_user_handler(
     token_restricted: bool = Depends(is_token_restricted_or_installation),
-    _: Optional[models.User] = Depends(get_current_user_or_installation),
     username: Optional[str] = Query(None),
     email: Optional[str] = Query(None),
     user_id: Optional[uuid.UUID] = Query(None),