5ccc226498
* dev: remove auto script for registration * dev: make all of the instance admins as owners when adding a instance admin * dev: remove sign out endpoint * dev: update takeoff script to register the instance * dev: reapply instance model * dev: check none for instance configuration encryptions * dev: encrypting secrets configuration * dev: user workflow for registration in instances * dev: add email automation configuration * dev: remove unused imports * dev: reallign migrations * dev: reconfigure license engine registrations * dev: move email check to background worker * dev: add sign up * chore: signup error message * dev: updated onboarding workflows and instance setting * dev: updated template for magic login * chore: page migration changed * dev: updated migrations and authentication for license and update template for workspace invite --------- Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
421 lines
14 KiB
Python
421 lines
14 KiB
Python
# Python imports
|
|
import os
|
|
import uuid
|
|
import random
|
|
import string
|
|
import json
|
|
|
|
# Django imports
|
|
from django.utils import timezone
|
|
from django.core.exceptions import ValidationError
|
|
from django.core.validators import validate_email
|
|
from django.conf import settings
|
|
from django.contrib.auth.hashers import make_password
|
|
|
|
# Third party imports
|
|
from rest_framework.response import Response
|
|
from rest_framework.permissions import AllowAny
|
|
from rest_framework import status
|
|
from rest_framework_simplejwt.tokens import RefreshToken
|
|
|
|
from sentry_sdk import capture_message
|
|
|
|
# Module imports
|
|
from . import BaseAPIView
|
|
from plane.db.models import (
|
|
User,
|
|
WorkspaceMemberInvite,
|
|
WorkspaceMember,
|
|
ProjectMemberInvite,
|
|
ProjectMember,
|
|
)
|
|
from plane.settings.redis import redis_instance
|
|
from plane.license.models import InstanceConfiguration, Instance
|
|
from plane.license.utils.instance_value import get_configuration_value
|
|
from plane.bgtasks.event_tracking_task import auth_events
|
|
from plane.bgtasks.magic_link_code_task import magic_link
|
|
from plane.bgtasks.user_count_task import update_user_instance_user_count
|
|
|
|
|
|
def get_tokens_for_user(user):
|
|
refresh = RefreshToken.for_user(user)
|
|
return (
|
|
str(refresh.access_token),
|
|
str(refresh),
|
|
)
|
|
|
|
|
|
class SignUpEndpoint(BaseAPIView):
|
|
permission_classes = (AllowAny,)
|
|
|
|
def post(self, request):
|
|
instance_configuration = InstanceConfiguration.objects.values("key", "value")
|
|
|
|
email = request.data.get("email", False)
|
|
password = request.data.get("password", False)
|
|
|
|
## Raise exception if any of the above are missing
|
|
if not email or not password:
|
|
return Response(
|
|
{"error": "Both email and password are required"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
email = email.strip().lower()
|
|
|
|
try:
|
|
validate_email(email)
|
|
except ValidationError as e:
|
|
return Response(
|
|
{"error": "Please provide a valid email address."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
if (
|
|
get_configuration_value(
|
|
instance_configuration,
|
|
"ENABLE_SIGNUP",
|
|
os.environ.get("ENABLE_SIGNUP", "0"),
|
|
)
|
|
== "0"
|
|
and not WorkspaceMemberInvite.objects.filter(
|
|
email=email,
|
|
).exists()
|
|
):
|
|
return Response(
|
|
{
|
|
"error": "New account creation is disabled. Please contact your site administrator"
|
|
},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
# Check if the user already exists
|
|
if User.objects.filter(email=email).exists():
|
|
return Response(
|
|
{"error": "User with this email already exists"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
user = User.objects.create(email=email, username=uuid.uuid4().hex)
|
|
user.set_password(password)
|
|
|
|
# settings last actives for the user
|
|
user.last_active = timezone.now()
|
|
user.last_login_time = timezone.now()
|
|
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
|
user.last_login_uagent = request.META.get("HTTP_USER_AGENT")
|
|
user.token_updated_at = timezone.now()
|
|
user.save()
|
|
|
|
access_token, refresh_token = get_tokens_for_user(user)
|
|
|
|
data = {
|
|
"access_token": access_token,
|
|
"refresh_token": refresh_token,
|
|
}
|
|
|
|
# Update instance user count
|
|
update_user_instance_user_count.delay()
|
|
|
|
return Response(data, status=status.HTTP_200_OK)
|
|
|
|
|
|
class SignInEndpoint(BaseAPIView):
|
|
permission_classes = (AllowAny,)
|
|
|
|
def post(self, request):
|
|
email = request.data.get("email", False)
|
|
password = request.data.get("password", False)
|
|
|
|
## Raise exception if any of the above are missing
|
|
if not email or not password:
|
|
return Response(
|
|
{"error": "Both email and password are required"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
email = email.strip().lower()
|
|
|
|
try:
|
|
validate_email(email)
|
|
except ValidationError as e:
|
|
return Response(
|
|
{"error": "Please provide a valid email address."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
# Check if the instance setup is done or not
|
|
instance = Instance.objects.first()
|
|
if instance is None or not instance.is_setup_done:
|
|
return Response(
|
|
{"error": "Instance is not configured"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
# Get the user
|
|
user = User.objects.filter(email=email).first()
|
|
|
|
# User is not present in db
|
|
if user is None:
|
|
return Response(
|
|
{
|
|
"error": "Sorry, we could not find a user with the provided credentials. Please try again."
|
|
},
|
|
status=status.HTTP_403_FORBIDDEN,
|
|
)
|
|
|
|
# Check user password
|
|
if not user.check_password(password):
|
|
return Response(
|
|
{
|
|
"error": "Sorry, we could not find a user with the provided credentials. Please try again."
|
|
},
|
|
status=status.HTTP_403_FORBIDDEN,
|
|
)
|
|
|
|
# settings last active for the user
|
|
user.is_active = True
|
|
user.last_active = timezone.now()
|
|
user.last_login_time = timezone.now()
|
|
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
|
user.last_login_uagent = request.META.get("HTTP_USER_AGENT")
|
|
user.token_updated_at = timezone.now()
|
|
user.save()
|
|
|
|
# Check if user has any accepted invites for workspace and add them to workspace
|
|
workspace_member_invites = WorkspaceMemberInvite.objects.filter(
|
|
email=user.email, accepted=True
|
|
)
|
|
|
|
WorkspaceMember.objects.bulk_create(
|
|
[
|
|
WorkspaceMember(
|
|
workspace_id=workspace_member_invite.workspace_id,
|
|
member=user,
|
|
role=workspace_member_invite.role,
|
|
)
|
|
for workspace_member_invite in workspace_member_invites
|
|
],
|
|
ignore_conflicts=True,
|
|
)
|
|
|
|
# Check if user has any project invites
|
|
project_member_invites = ProjectMemberInvite.objects.filter(
|
|
email=user.email, accepted=True
|
|
)
|
|
|
|
# Add user to workspace
|
|
WorkspaceMember.objects.bulk_create(
|
|
[
|
|
WorkspaceMember(
|
|
workspace_id=project_member_invite.workspace_id,
|
|
role=project_member_invite.role
|
|
if project_member_invite.role in [5, 10, 15]
|
|
else 15,
|
|
member=user,
|
|
created_by_id=project_member_invite.created_by_id,
|
|
)
|
|
for project_member_invite in project_member_invites
|
|
],
|
|
ignore_conflicts=True,
|
|
)
|
|
|
|
# Now add the users to project
|
|
ProjectMember.objects.bulk_create(
|
|
[
|
|
ProjectMember(
|
|
workspace_id=project_member_invite.workspace_id,
|
|
role=project_member_invite.role
|
|
if project_member_invite.role in [5, 10, 15]
|
|
else 15,
|
|
member=user,
|
|
created_by_id=project_member_invite.created_by_id,
|
|
)
|
|
for project_member_invite in project_member_invites
|
|
],
|
|
ignore_conflicts=True,
|
|
)
|
|
|
|
# Delete all the invites
|
|
workspace_member_invites.delete()
|
|
project_member_invites.delete()
|
|
# Send event
|
|
if settings.POSTHOG_API_KEY and settings.POSTHOG_HOST:
|
|
auth_events.delay(
|
|
user=user.id,
|
|
email=email,
|
|
user_agent=request.META.get("HTTP_USER_AGENT"),
|
|
ip=request.META.get("REMOTE_ADDR"),
|
|
event_name="SIGN_IN",
|
|
medium="EMAIL",
|
|
first_time=False,
|
|
)
|
|
|
|
access_token, refresh_token = get_tokens_for_user(user)
|
|
data = {
|
|
"access_token": access_token,
|
|
"refresh_token": refresh_token,
|
|
}
|
|
return Response(data, status=status.HTTP_200_OK)
|
|
|
|
|
|
class SignOutEndpoint(BaseAPIView):
|
|
def post(self, request):
|
|
refresh_token = request.data.get("refresh_token", False)
|
|
|
|
if not refresh_token:
|
|
capture_message("No refresh token provided")
|
|
return Response(
|
|
{"error": "No refresh token provided"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
user = User.objects.get(pk=request.user.id)
|
|
|
|
user.last_logout_time = timezone.now()
|
|
user.last_logout_ip = request.META.get("REMOTE_ADDR")
|
|
|
|
user.save()
|
|
|
|
token = RefreshToken(refresh_token)
|
|
token.blacklist()
|
|
return Response({"message": "success"}, status=status.HTTP_200_OK)
|
|
|
|
|
|
class MagicSignInEndpoint(BaseAPIView):
|
|
permission_classes = [
|
|
AllowAny,
|
|
]
|
|
|
|
def post(self, request):
|
|
instance = Instance.objects.first()
|
|
if instance is None or not instance.is_setup_done:
|
|
return Response(
|
|
{"error": "Instance is not configured"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
user_token = request.data.get("token", "").strip()
|
|
key = request.data.get("key", False).strip().lower()
|
|
|
|
if not key or user_token == "":
|
|
return Response(
|
|
{"error": "User token and key are required"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
ri = redis_instance()
|
|
|
|
if ri.exists(key):
|
|
data = json.loads(ri.get(key))
|
|
|
|
token = data["token"]
|
|
email = data["email"]
|
|
|
|
if str(token) == str(user_token):
|
|
user = User.objects.get(email=email)
|
|
if not user.is_active:
|
|
return Response(
|
|
{
|
|
"error": "Your account has been deactivated. Please contact your site administrator."
|
|
},
|
|
status=status.HTTP_403_FORBIDDEN,
|
|
)
|
|
# Send event
|
|
if settings.POSTHOG_API_KEY and settings.POSTHOG_HOST:
|
|
auth_events.delay(
|
|
user=user.id,
|
|
email=email,
|
|
user_agent=request.META.get("HTTP_USER_AGENT"),
|
|
ip=request.META.get("REMOTE_ADDR"),
|
|
event_name="SIGN_IN",
|
|
medium="MAGIC_LINK",
|
|
first_time=False,
|
|
)
|
|
|
|
user.is_active = True
|
|
user.is_email_verified = True
|
|
user.last_active = timezone.now()
|
|
user.last_login_time = timezone.now()
|
|
user.last_login_ip = request.META.get("REMOTE_ADDR")
|
|
user.last_login_uagent = request.META.get("HTTP_USER_AGENT")
|
|
user.token_updated_at = timezone.now()
|
|
user.save()
|
|
|
|
# Check if user has any accepted invites for workspace and add them to workspace
|
|
workspace_member_invites = WorkspaceMemberInvite.objects.filter(
|
|
email=user.email, accepted=True
|
|
)
|
|
|
|
WorkspaceMember.objects.bulk_create(
|
|
[
|
|
WorkspaceMember(
|
|
workspace_id=workspace_member_invite.workspace_id,
|
|
member=user,
|
|
role=workspace_member_invite.role,
|
|
)
|
|
for workspace_member_invite in workspace_member_invites
|
|
],
|
|
ignore_conflicts=True,
|
|
)
|
|
|
|
# Check if user has any project invites
|
|
project_member_invites = ProjectMemberInvite.objects.filter(
|
|
email=user.email, accepted=True
|
|
)
|
|
|
|
# Add user to workspace
|
|
WorkspaceMember.objects.bulk_create(
|
|
[
|
|
WorkspaceMember(
|
|
workspace_id=project_member_invite.workspace_id,
|
|
role=project_member_invite.role
|
|
if project_member_invite.role in [5, 10, 15]
|
|
else 15,
|
|
member=user,
|
|
created_by_id=project_member_invite.created_by_id,
|
|
)
|
|
for project_member_invite in project_member_invites
|
|
],
|
|
ignore_conflicts=True,
|
|
)
|
|
|
|
# Now add the users to project
|
|
ProjectMember.objects.bulk_create(
|
|
[
|
|
ProjectMember(
|
|
workspace_id=project_member_invite.workspace_id,
|
|
role=project_member_invite.role
|
|
if project_member_invite.role in [5, 10, 15]
|
|
else 15,
|
|
member=user,
|
|
created_by_id=project_member_invite.created_by_id,
|
|
)
|
|
for project_member_invite in project_member_invites
|
|
],
|
|
ignore_conflicts=True,
|
|
)
|
|
|
|
# Delete all the invites
|
|
workspace_member_invites.delete()
|
|
project_member_invites.delete()
|
|
|
|
access_token, refresh_token = get_tokens_for_user(user)
|
|
data = {
|
|
"access_token": access_token,
|
|
"refresh_token": refresh_token,
|
|
}
|
|
|
|
return Response(data, status=status.HTTP_200_OK)
|
|
|
|
else:
|
|
return Response(
|
|
{"error": "Your login code was incorrect. Please try again."},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|
|
|
|
else:
|
|
return Response(
|
|
{"error": "The magic code/link has expired please try again"},
|
|
status=status.HTTP_400_BAD_REQUEST,
|
|
)
|