AssetManager-V1.0-Not Reviewed

> Forgot password, reset password, change password API updated to include new and confirm password.
> Logger file updated

.env

@@ -25,5 +25,5 @@ CLIENT_ID=1060631831358-a21djaa3hm165a8976fnmo1lerujs5p6.apps.googleusercontent.
 
 LOG_PATH=log
 LOG_LEVEL=INFO
-BACKUP_COUNT=100
-MAX_BYTES=5
+BACKUP_COUNT=5
+MAX_BYTES=10000000

log/AssetManager.log

-2023-04-05 11:00:52 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671
+2023-04-05 19:15:09 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671
+2023-04-05 19:15:29 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

log/AssetManager.log.1

-2023-04-05 10:58:48 - ERROR  - [MainThread:reset_user_password(): 258] - Services Failed with error from reset user password 'ResetPassword' object has no attribute 'password'

log/AssetManager.log.2

-2023-04-05 10:54:36 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

log/AssetManager.log.3

-2023-04-05 10:14:04 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

log/AssetManager.log.4

-2023-04-04 20:12:33 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

log/AssetManager.log.5

-2023-04-04 20:08:30 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

log/AssetManager.log.6

-2023-04-04 20:07:39 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

log/AssetManager.log.7

-2023-04-04 20:06:55 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

log/AssetManager.log.8

-2023-04-04 20:06:23 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

log/AssetManager.log.9

-2023-04-04 20:06:10 - INFO   - [MainThread:<module>(): 37] - App Starting at 0.0.0.0:8671

scripts/core/handlers/login_handler.py

@@ -234,7 +234,13 @@ class LoginHandlers:
                         content=DefaultFailureResponse(status="failed",
                                                        message=ErrorMessages.ERROR_USER_ID_DOESNT_EXIST).dict(),
                         status_code=status.HTTP_200_OK)
-                password_encrypted = EncryptDecryptPassword().password_encrypt(reset_data.new_password)
+                response, password_encrypted = EncryptDecryptPassword().check_password_mismatch(
+                    reset_data.new_password, reset_data.confirm_password)
+                if not response:
+                    return JSONResponse(
+                        content=DefaultFailureResponse(status="failed",
+                                                       message=password_encrypted).dict(),
+                        status_code=status.HTTP_200_OK)
                 if not password_encrypted:
                     return JSONResponse(
                         content=DefaultFailureResponse(status="failed",

scripts/core/handlers/user_management_handler.py

@@ -12,12 +12,14 @@ from fastapi import status
 from scripts.schemas.default_responses import DefaultResponse, DefaultFailureResponse, DefaultSuccessResponse
 from scripts.utils.mongo_utils import MongoStageCreator
 from scripts.utils.response_utils import ResponseData
+from scripts.utils.security.authorize_access import AuthorizeAccess
 from scripts.utils.security.password_util import EncryptDecryptPassword
 from scripts.utils.validations_util import UserDataValidations
 
 obj_mongo_user = MongoUser()
 obj_response_data = ResponseData()
 obj_stage = MongoStageCreator()
+obj_authorize = AuthorizeAccess()
 
 
 # user management
@@ -34,7 +36,7 @@ class UserManagement:
             if not response:
                 return JSONResponse(
                     content=DefaultFailureResponse(status="failed",
-                                                   message=message["message"]).dict(),
+                                                   message=message).dict(),
                     status_code=status.HTTP_200_OK)
             # fetching the data based on the username
             db_user_data = obj_mongo_user.fetch_one_user_details({"email": user_data.email})
@@ -149,15 +151,8 @@ class UserManagement:
                         status_code=status.HTTP_404_NOT_FOUND)
             # creating the filter data
             filter_data_updated = {"user_id": update_data.user_id}
-            encrypted = EncryptDecryptPassword().password_encrypt(update_data.password)
-            if encrypted is None:
-                return JSONResponse(
-                    content=DefaultFailureResponse(status="failed",
-                                                   message=ErrorMessages.ERROR_INVALID_PASSWORD).dict(),
-                    status_code=status.HTTP_200_OK)
             # encrypting the password
-            update_data_removed = {key: (encrypted
-                                         if key == "password" else value) for key, value in update_data if
+            update_data_removed = {key: value for key, value in update_data if
                                    key != 'action' and value is not None}
             # validating the data
             response, message = UserDataValidations.update_data_validation(update_data)
@@ -233,7 +228,6 @@ class UserManagement:
         try:
             # defining the filter values
             filter_data = {'_id': 0,
-                           "login_type": 0,
                            "is_alive": 0,
                            "password": 0,
                            "created_at": 0,
@@ -265,8 +259,14 @@ class UserManagement:
                 status_code=status.HTTP_200_OK)
 
     # user change password
-    def reset_password(self, reset_data):
+    def reset_password(self, request, reset_data):
         try:
+            response = obj_authorize.login_authorize(request, reset_data)
+            if not response:
+                return JSONResponse(
+                    content=DefaultFailureResponse(status="failed",
+                                                   message=ErrorMessages.ERROR_UNAUTHORIZED_ACCESS).dict(),
+                    status_code=status.HTTP_200_OK)
             db_user_data = obj_mongo_user.fetch_one_user_details({"user_id": reset_data.user_id})
             # if the user is not available
             if db_user_data is None:
@@ -274,18 +274,31 @@ class UserManagement:
                     content=DefaultFailureResponse(status="failed",
                                                    message=ErrorMessages.ERROR_USER_ID_DOESNT_EXIST).dict(),
                     status_code=status.HTTP_404_NOT_FOUND)
+            if not self.pwd_context.verify(self.pass_decrypt.password_decrypt(reset_data.old_password).split("\"")[1],
+                                           db_user_data["password"]):
+                return JSONResponse(
+                    content=DefaultFailureResponse(status="failed",
+                                                   message=ErrorMessages.ERROR_PASSWORD_MISMATCH).dict(),
+                    status_code=status.HTTP_200_OK)
             try:
-                decrypted_password = self.pass_decrypt.password_decrypt(reset_data.new_password)
+                response, password_encrypted = self.pass_decrypt.check_password_mismatch(reset_data.new_password,
+                                                                                         reset_data.confirm_password,
+                                                                                         reset_data.old_password)
+                if not response:
+                    return JSONResponse(
+                        content=DefaultFailureResponse(status="failed",
+                                                       message=password_encrypted).dict(),
+                        status_code=status.HTTP_200_OK)
+                if not password_encrypted:
+                    return JSONResponse(
+                        content=DefaultFailureResponse(status="failed",
+                                                       message=ErrorMessages.ERROR_AUTH_FAILED).dict(),
+                        status_code=status.HTTP_200_OK)
             except TypeError:
                 return JSONResponse(
                     content=DefaultFailureResponse(status="failed",
                                                    message=ErrorMessages.ERROR_INVALID_PASSWORD).dict(),
                     status_code=status.HTTP_200_OK)
-            if not self.pwd_context.verify(decrypted_password.split("\"")[1], db_user_data["password"]):
-                return JSONResponse(
-                            content=DefaultFailureResponse(status="failed",
-                                                           message=ErrorMessages.ERROR_PASSWORD_MISMATCH).dict(),
-                            status_code=status.HTTP_200_OK)
             response = EncryptDecryptPassword().password_encrypt(reset_data.new_password)
             if not response:
                 return JSONResponse(

scripts/errors/__init__.py

@@ -25,6 +25,7 @@ class ErrorMessages:
     ERROR_IN_DELETING = "User Deletion Error"
     ERROR_IN_FETCHING_HEADER = "Header Fetch Failed"
     ERROR_IN_LOGOUT = "Logout Failed"
+    ERROR_PASSWORD_FAILED = "Password Validation Failed"
 
     # Data Validation
     ERROR_INVALID_PASSWORD = "Invalid Password"
@@ -36,3 +37,5 @@ class ErrorMessages:
     ERROR_USER_ID = "User Id Not Required"
     ERROR_INVALID_TOKEN = "Invalid Token"
     ERROR_IN_VALIDATION = "Validation Failed"
+    ERROR_MISMATCH_CONFIRM = "New Password and Confirm Password Must Be Same"
+    ERROR_PASSWORD_EMPTY = "Password Cannot be Empty"

scripts/schemas/project_schema.py

@@ -25,7 +25,7 @@ class UserActions(BaseModel):
     user_id: Optional[str] = None
     name: Optional[str] = None
     email: Optional[str] = None
-    password: Optional[str]
+    password: Optional[str] = None
     phone_number: Optional[str] = None
     login_type: Optional[str] = None
     user_role: Optional[str] = None
@@ -41,6 +41,7 @@ class ResetPassword(BaseModel):
     user_id: str
     old_password: Optional[str] = None
     new_password: str
+    confirm_password: str
 
 
 class UserIDValidation(BaseModel):

scripts/services/v1/iot_manager_services.py

@@ -226,7 +226,7 @@ async def user_change_password(
                 content=DefaultFailureResponse(status="failed",
                                                message=ErrorMessages.ERROR_UNAUTHORIZED_ACCESS).dict(),
                 status_code=status.HTTP_200_OK)
-        response = obj_user_handler.reset_password(reset_data)
+        response = obj_user_handler.reset_password(request, reset_data)
         if not response:
             return HTTPException(
                 status_code=status.HTTP_403_FORBIDDEN,

scripts/utils/security/jwt_util.py

@@ -20,11 +20,7 @@ class JWT:
 
     # decoding the payload
     def decode(self, token):
-        try:
-            return jwt.decode(token, self.key, algorithms=self.alg)
-        except Exception as e:
-            logging.exception(f"Exception while encoding JWT: {str(e)}")
-            raise
+        return jwt.decode(token, self.key, algorithms=self.alg)
 
     # validate the payload
     def validate(self, token):

scripts/utils/security/password_util.py

 import base64
+from typing import Optional
+
 from Cryptodome.Cipher import AES
 from passlib.context import CryptContext
 
 from scripts.config import Secrets, Services
+from scripts.errors import ErrorMessages
 from scripts.logging.logger import logger
 
 
@@ -52,3 +55,21 @@ class EncryptDecryptPassword:
         except Exception as e:
             logger.error(f'Services Failed with error from password util password encrypt {e}')
             return None
+
+    def check_password_mismatch(self, new_password, confirm_password, old_password: Optional[str] = None):
+        try:
+            # decrypting the UI password
+            password_decrypted = self.password_decrypt(new_password)
+            confirm_decrypted = self.password_decrypt(confirm_password)
+            if password_decrypted != confirm_decrypted:
+                return None, ErrorMessages.ERROR_MISMATCH_CONFIRM
+            # hashing the decrypted password
+            if confirm_decrypted is None:
+                return None, ErrorMessages.ERROR_PASSWORD_EMPTY
+            if old_password is not None:
+                return True, confirm_decrypted
+            hashed_password = self.pwd_context.hash(confirm_decrypted.split("\"")[1])
+            return True, hashed_password
+        except Exception as e:
+            logger.error(f'Services Failed with error from password util check password mismatch {e}')
+            return None, ErrorMessages.ERROR_PASSWORD_FAILED