o i@sddlmZddlZddlZddlZddlmZmZmZd.ddZd/d d Z d0d d Z d1ddZ d2ddZ d2ddZ d3ddZd4ddZd5ddZ d6d7d%d&Zd8d)d*Zd9d,d-ZdS):) annotationsN)datetimetimezone timedeltareturnstrcCstjddS)NTWM_AUTH_DB_PATHz./home/cpsweather/theweathermonitor.com/auth.db)osenvirongetr r auth_app/auth_repo.py_db_path srsqlite3.ConnectioncCstjtdd}tj|_|S)Ng@)timeout)sqlite3connectrRow row_factory)cxr r r _connectsrrcCs ttjSN)rnowrutcr r r r _utc_nows rvaluecCsL|pd}|dr|ddd}t|}|jdur$|jtjd}|S)NZz+00:00)tzinfo)stripendswithr fromisoformatrreplacerr)rsdtr r r _parse_iso_utcs    r&tokencC@d}t}|||fWdS1swYdSNaZ SELECT apt.id, apt.admin_account_id, apt.token, apt.purpose, apt.expires_ts, apt.used_ts, apt.created_by_user_id, apt.created_ts, aa.user_id, aa.username, aa.is_enabled, au.full_name, au.first_name, au.last_name, au.role, au.is_active, au.email, au.home_site FROM admin_password_tokens apt JOIN admin_accounts aa ON aa.id = apt.admin_account_id JOIN auth_users au ON au.id = aa.user_id WHERE apt.token = ? LIMIT 1 rexecutefetchoner'sqlrr r r get_setup_token_row%$r/cCr(r)r*r-r r r get_password_token_rowIr0r1expected_purposetuple[bool, str]cCs|sdSt|dp d|krdSt|dpdrdSt|dp$d}|s,dSzt|}Wn ty<Yd Sw|tkrDd St|d pJd d krPdSt|dpVd d kr\dSt|dpbd}|dvrldSdS)N)F invalid_tokenpurposer)F wrong_purposeused_ts)Ftoken_already_used expires_ts)Ftoken_missing_expiry)Ftoken_expiry_invalid)F token_expired is_enabledr)Fadmin_account_disabled is_active)Flinked_user_inactiverole>admin super_user)Frole_not_allowed)Tok)rr r& Exceptionrint) token_rowr2r9 expires_dtrBr r r is_password_token_usablems0   rKcCs t|dS)Nsetup)rK)rIr r r is_setup_token_usables rMusernamecCr()Na SELECT aa.id, aa.user_id, aa.username, aa.password_hash, aa.is_enabled, aa.last_login_ts, aa.created_ts, aa.updated_ts, au.full_name, au.first_name, au.last_name, au.role, au.is_active, au.email, au.home_site FROM admin_accounts aa JOIN auth_users au ON au.id = aa.user_id WHERE lower(aa.username) = lower(?) LIMIT 1 r*)rNr.rr r r get_admin_account_by_usernames$rOadmin_account_idrHr5 expires_hourscreated_by_user_id int | Nonec Csntd}tt|dd}d}t}|||||||f|Wd|S1s0wY|S)N )hoursz%Y-%m-%dT%H:%M:%S.%fZz INSERT INTO admin_password_tokens( admin_account_id, token, purpose, expires_ts, created_by_user_id, created_ts ) VALUES (?, ?, ?, ?, ?, strftime('%Y-%m-%dT%H:%M:%fZ','now')) )secrets token_urlsaferrstrftimerr+commit)rPr5rQrRr'r9r.rr r r create_password_tokens    rZ password_hashNonecCsHd}t}||||f|WddS1swYdS)Nz UPDATE admin_accounts SET password_hash = ?, updated_ts = strftime('%Y-%m-%dT%H:%M:%fZ','now') WHERE id = ? rr+rY)rPr[r.rr r r update_admin_passwords  "r^token_idcCsFd}t}|||f|WddS1swYdS)Nzr UPDATE admin_password_tokens SET used_ts = strftime('%Y-%m-%dT%H:%M:%fZ','now') WHERE id = ? r])r_r.rr r r mark_token_useds  "r`)rr)rr)rr)rrrr)r'r)r2rrr3)rr3)rNrr) rPrHr5rrQrHrRrSrr)rPrHr[rrr\)r_rHrr\) __future__rr rrVrrrrrrr&r/r1rKrMrOrZr^r`r r r r s$      $ $ # "