add recover-password route

fga-eps-mds · Nov 26, 2023 · c535aa3 · c535aa3
1 parent e58b83f
commit c535aa3
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 1 deletion.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -24,6 +24,8 @@ services:
       DB_PASS: gestao
       DB_BASE: gestao
       RELOAD: "True"
+      EMAIL_ADDRESS: "YOUR EMAIL ADDRESS"
+      EMAIL_PASSWORD: "YOUR-EMAIL-PASSWORD"
     networks:
     - sindpol_network
 

diff --git a/gestao/web/api/login/schemas.py b/gestao/web/api/login/schemas.py
@@ -4,3 +4,7 @@
 class AuthUserDTO(BaseModel):
     registration: str
     password: str
+
+
+class RecoverPasswordDTO(BaseModel):
+    email: str
diff --git a/gestao/web/api/login/utils.py b/gestao/web/api/login/utils.py
@@ -0,0 +1,37 @@
+import os
+import smtplib
+import email.message
+import secrets
+import string
+
+
+def generate_password(length=8):
+    characters = string.ascii_letters + string.digits
+    password = "".join(secrets.choice(characters) for _ in range(length))
+    return password
+
+
+def send_email(user_name: str, user_email: str, user_message: str) -> None:
+
+    email_data = {
+        "email_address": os.getenv("EMAIL_ADDRESS"),
+        "email_password": os.getenv("EMAIL_PASSWORD"),
+        "email_subject": "recover-password SINDPOL-DF",
+        "email_body": """
+                        <p>recover-password<p>
+                        <p>name: {}<p>
+                        <p>new-password: {}<p>
+                    """,
+    }
+
+    msg = email.message.Message()
+    msg["Subject"] = email_data["email_subject"]
+    msg["From"] = email_data["email_address"]
+    msg["To"] = user_email
+    msg.add_header("Content-Type", "text/html")
+    msg.set_payload(email_data["email_body"].format(user_name, user_message))
+
+    s = smtplib.SMTP("smtp.gmail.com: 587")
+    s.starttls()
+    s.login(msg["From"], email_data["email_password"])
+    s.sendmail(msg["From"], [msg["To"]], msg.as_string().encode("utf-8"))
diff --git a/gestao/web/api/login/views.py b/gestao/web/api/login/views.py
@@ -3,7 +3,8 @@
 from fastapi import APIRouter, HTTPException
 
 from gestao.db.models.user import User
-from gestao.web.api.login.schemas import AuthUserDTO
+from gestao.web.api.login.schemas import AuthUserDTO, RecoverPasswordDTO
+from gestao.web.api.login.utils import generate_password, send_email
 
 router = APIRouter()
 
@@ -20,3 +21,15 @@ async def login_user(login_data: AuthUserDTO) -> User:
             status_code=404,
             detail="User not found",
         )
+
+
+@router.post("/recover_password")
+async def recover_password(recover_data: RecoverPasswordDTO) -> None:
+    try:
+        user = await User.objects.get(**recover_data.dict())
+        new_password = generate_password()
+        send_email(user.name, user.email, new_password)
+        await user.update(password=new_password)
+    except Exception:
+        logging.error("User not found", exc_info=True)
+        raise HTTPException(status_code=404, detail="User not found")