From 121dcd58c3f31a7ae49921a143432d609d8bb461 Mon Sep 17 00:00:00 2001 From: "Mr. Paul" Date: Thu, 20 Jul 2023 19:10:58 +0700 Subject: [PATCH] feat(api): Add endpoint to allow user to resend confirmation email A new API endpoint has been added to allow a user to resend a registration confirmation to a user with the provided email. Limitations: For the MVP, this commit causes the API to rely on the Cognito service to rate limit the requests rather than keep track of the requests itself. closes #542 --- api/openapi_server/_spec/openapi.yaml | 31 +++++++++++++++ .../controllers/auth_controller.py | 38 +++++++++++++++++++ api/openapi_server/openapi/openapi.yaml | 6 ++- .../auth/authResendConfirmationCode.yaml | 29 ++++++++++++++ 4 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 api/openapi_server/openapi/paths/auth/authResendConfirmationCode.yaml diff --git a/api/openapi_server/_spec/openapi.yaml b/api/openapi_server/_spec/openapi.yaml index cef9adae..412eb590 100644 --- a/api/openapi_server/_spec/openapi.yaml +++ b/api/openapi_server/_spec/openapi.yaml @@ -256,6 +256,37 @@ paths: tags: - auth x-openapi-router-controller: openapi_server.controllers.auth_controller + /auth/resend_confirmation_code: + post: + description: Resends the registration confirmation code to the specified user (identified by email). + operationId: resend_confirmation_code + requestBody: + content: + application/json: + schema: + type: object + properties: + email: + type: string + required: + - email + responses: + '200': + description: successful operation + content: + application/json: + schema: + $ref: '#/components/schemas/ApiResponse' + '400': + description: The email parameter was not sent or the user with the given email was not found. + '429': + description: Too many requests to resend the registration confirmation code were made to this user. + tags: + - auth + x-openapi-router-controller: openapi_server.controllers.auth_controller + security: + - jwt: + - secret /auth/confirm: get: description: Confirm or deny verification of users email diff --git a/api/openapi_server/controllers/auth_controller.py b/api/openapi_server/controllers/auth_controller.py index b5576551..b8a83592 100644 --- a/api/openapi_server/controllers/auth_controller.py +++ b/api/openapi_server/controllers/auth_controller.py @@ -1,5 +1,6 @@ import connexion import boto3 +import botocore import hmac import base64 import requests @@ -214,6 +215,43 @@ def signin(): } +def resend_confirmation_code(): + ''' + Resends the registration confirmation code to the specified user (identified by email). + ''' + + if connexion.request.is_json: + body = connexion.request.get_json() + + if "email" not in body: + raise AuthError({"message": "email invalid"}, 400) + + secret_hash = get_secret_hash(body['email']) + + try: + email = body['email'] + response = userClient.resend_confirmation_code( + ClientId=COGNITO_CLIENT_ID, + SecretHash=secret_hash, + Username=email, + ) + return response + except botocore.exceptions.ClientError as error: + match error.response['Error']['Code']: + case 'UserNotFoundException': + msg = "User not found. Confirmation not sent." + raise AuthError({"message": msg}, 400) + case 'TooManyRequestsException': + msg = "Too many attempts to resend confirmation in a short amount of time." + raise AuthError({"message": msg}, 429) + case _: + msg = error.response['Error']['Message'] + raise AuthError({"message": msg}, 500) + except botocore.exceptions.ParamValidationError as error: + msg = f"The parameters you provided are incorrect: {error}" + raise AuthError({"message": msg}, 500) + + def confirm(): # Validate request data if connexion.request.is_json: diff --git a/api/openapi_server/openapi/openapi.yaml b/api/openapi_server/openapi/openapi.yaml index e958b4e5..9287ec53 100644 --- a/api/openapi_server/openapi/openapi.yaml +++ b/api/openapi_server/openapi/openapi.yaml @@ -16,11 +16,13 @@ paths: /host: $ref: "./paths/host.yaml" /auth/signup/host: - $ref: "./paths/auth/authSignupHost.yaml" + $ref: "./paths/auth/authSignUpHost.yaml" /auth/signup/coordinator: - $ref: "./paths/auth/authSignupCoordinator.yaml" + $ref: "./paths/auth/authSignUpCoordinator.yaml" /auth/signin: $ref: "./paths/auth/authSignin.yaml" + /auth/resend_confirmation_code: + $ref: "./paths/auth/authResendConfirmationCode.yaml" /auth/confirm: $ref: "./paths/auth/authConfirm.yaml" /auth/signout: diff --git a/api/openapi_server/openapi/paths/auth/authResendConfirmationCode.yaml b/api/openapi_server/openapi/paths/auth/authResendConfirmationCode.yaml new file mode 100644 index 00000000..24c976c9 --- /dev/null +++ b/api/openapi_server/openapi/paths/auth/authResendConfirmationCode.yaml @@ -0,0 +1,29 @@ +post: + description: Resends the registration confirmation code to the specified user (identified by email). + operationId: resend_confirmation_code + requestBody: + content: + application/json: + schema: + type: object + properties: + email: + type: string + required: + - email + responses: + '200': + description: successful operation + content: + application/json: + schema: + $ref: '../../openapi.yaml#/components/schemas/ApiResponse' + '400': + description: The email parameter was not sent or the user with the given email was not found. + '429': + description: Too many requests to resend the registration confirmation code were made to this user. + tags: + - auth + x-openapi-router-controller: openapi_server.controllers.auth_controller + security: + - jwt: ["secret"]