dify/api/controllers/console/auth/activate.py

import base64
import datetime
import secrets

from flask_restful import Resource, reqparse

from constants.languages import supported_language
from controllers.console import api
from controllers.console.error import AlreadyActivateError
from extensions.ext_database import db
from libs.helper import StrLen, email, timezone
from libs.password import hash_password, valid_password
from models.account import AccountStatus
from services.account_service import RegisterService


class ActivateCheckApi(Resource):
    def get(self):
        parser = reqparse.RequestParser()
        parser.add_argument("workspace_id", type=str, required=False, nullable=True, location="args")
        parser.add_argument("email", type=email, required=False, nullable=True, location="args")
        parser.add_argument("token", type=str, required=True, nullable=False, location="args")
        args = parser.parse_args()

        workspaceId = args["workspace_id"]
        reg_email = args["email"]
        token = args["token"]

        invitation = RegisterService.get_invitation_if_token_valid(workspaceId, reg_email, token)

        return {"is_valid": invitation is not None, "workspace_name": invitation["tenant"].name if invitation else None}


class ActivateApi(Resource):
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument("workspace_id", type=str, required=False, nullable=True, location="json")
        parser.add_argument("email", type=email, required=False, nullable=True, location="json")
        parser.add_argument("token", type=str, required=True, nullable=False, location="json")
        parser.add_argument("name", type=StrLen(30), required=True, nullable=False, location="json")
        parser.add_argument("password", type=valid_password, required=True, nullable=False, location="json")
        parser.add_argument(
            "interface_language", type=supported_language, required=True, nullable=False, location="json"
        )
        parser.add_argument("timezone", type=timezone, required=True, nullable=False, location="json")
        args = parser.parse_args()

        invitation = RegisterService.get_invitation_if_token_valid(args["workspace_id"], args["email"], args["token"])
        if invitation is None:
            raise AlreadyActivateError()

        RegisterService.revoke_token(args["workspace_id"], args["email"], args["token"])

        account = invitation["account"]
        account.name = args["name"]

        # generate password salt
        salt = secrets.token_bytes(16)
        base64_salt = base64.b64encode(salt).decode()

        # encrypt password with salt
        password_hashed = hash_password(args["password"], salt)
        base64_password_hashed = base64.b64encode(password_hashed).decode()
        account.password = base64_password_hashed
        account.password_salt = base64_salt
        account.interface_language = args["interface_language"]
        account.timezone = args["timezone"]
        account.interface_theme = "light"
        account.status = AccountStatus.ACTIVE.value
        account.initialized_at = datetime.datetime.now(datetime.timezone.utc).replace(tzinfo=None)
        db.session.commit()

        return {"result": "success"}


api.add_resource(ActivateCheckApi, "/activate/check")
api.add_resource(ActivateApi, "/activate")
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`import base64`
feat: Deprecate datetime.utcnow() in favor of datetime.now(timezone.utc).replace(tzinfo=None) for better timezone handling (#3408) (#3416) 2024-04-12 16:22:24 +08:00			`import datetime`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`import secrets`

enhancement: introduce Ruff for Python linter for reordering and removing unused imports with automated pre-commit and sytle check (#2366) 2024-02-06 13:21:13 +08:00			`from flask_restful import Resource, reqparse`

bump version to 0.5.3 (#2306) 2024-02-01 18:11:57 +08:00			`from constants.languages import supported_language`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`from controllers.console import api`
			`from controllers.console.error import AlreadyActivateError`
			`from extensions.ext_database import db`
chore: apply pep8-naming rules for naming convention (#8261) 2024-09-11 16:40:52 +08:00			`from libs.helper import StrLen, email, timezone`
improve: introduce isort for linting Python imports (#1983) 2024-01-12 12:34:01 +08:00			`from libs.password import hash_password, valid_password`
enhancement: introduce Ruff for Python linter for reordering and removing unused imports with automated pre-commit and sytle check (#2366) 2024-02-06 13:21:13 +08:00			`from models.account import AccountStatus`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`from services.account_service import RegisterService`


			`class ActivateCheckApi(Resource):`
			`def get(self):`
			`parser = reqparse.RequestParser()`
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`parser.add_argument("workspace_id", type=str, required=False, nullable=True, location="args")`
			`parser.add_argument("email", type=email, required=False, nullable=True, location="args")`
			`parser.add_argument("token", type=str, required=True, nullable=False, location="args")`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`args = parser.parse_args()`

chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`workspaceId = args["workspace_id"]`
			`reg_email = args["email"]`
			`token = args["token"]`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00
fix: shortening invite url (#1100) Co-authored-by: MatriQi <matri@aifi.io> 2023-09-07 17:15:57 +08:00			`invitation = RegisterService.get_invitation_if_token_valid(workspaceId, reg_email, token)`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`return {"is_valid": invitation is not None, "workspace_name": invitation["tenant"].name if invitation else None}`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00

			`class ActivateApi(Resource):`
			`def post(self):`
			`parser = reqparse.RequestParser()`
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`parser.add_argument("workspace_id", type=str, required=False, nullable=True, location="json")`
			`parser.add_argument("email", type=email, required=False, nullable=True, location="json")`
			`parser.add_argument("token", type=str, required=True, nullable=False, location="json")`
chore: apply pep8-naming rules for naming convention (#8261) 2024-09-11 16:40:52 +08:00			`parser.add_argument("name", type=StrLen(30), required=True, nullable=False, location="json")`
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`parser.add_argument("password", type=valid_password, required=True, nullable=False, location="json")`
			`parser.add_argument(`
			`"interface_language", type=supported_language, required=True, nullable=False, location="json"`
			`)`
			`parser.add_argument("timezone", type=timezone, required=True, nullable=False, location="json")`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`args = parser.parse_args()`

chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`invitation = RegisterService.get_invitation_if_token_valid(args["workspace_id"], args["email"], args["token"])`
fix: shortening invite url (#1100) Co-authored-by: MatriQi <matri@aifi.io> 2023-09-07 17:15:57 +08:00			`if invitation is None:`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`raise AlreadyActivateError()`

chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`RegisterService.revoke_token(args["workspace_id"], args["email"], args["token"])`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`account = invitation["account"]`
			`account.name = args["name"]`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00
			`# generate password salt`
			`salt = secrets.token_bytes(16)`
			`base64_salt = base64.b64encode(salt).decode()`

			`# encrypt password with salt`
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`password_hashed = hash_password(args["password"], salt)`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`base64_password_hashed = base64.b64encode(password_hashed).decode()`
			`account.password = base64_password_hashed`
			`account.password_salt = base64_salt`
chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`account.interface_language = args["interface_language"]`
			`account.timezone = args["timezone"]`
			`account.interface_theme = "light"`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`account.status = AccountStatus.ACTIVE.value`
feat: Deprecate datetime.utcnow() in favor of datetime.now(timezone.utc).replace(tzinfo=None) for better timezone handling (#3408) (#3416) 2024-04-12 16:22:24 +08:00			`account.initialized_at = datetime.datetime.now(datetime.timezone.utc).replace(tzinfo=None)`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00			`db.session.commit()`

chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`return {"result": "success"}`
feat: member invitation and activation (#535) Co-authored-by: John Wang <takatost@gmail.com> 2023-07-14 11:19:26 +08:00

chore(api/controllers): Apply Ruff Formatter. (#7645) 2024-08-26 15:29:10 +08:00			`api.add_resource(ActivateCheckApi, "/activate/check")`
			`api.add_resource(ActivateApi, "/activate")`