github/plane
0
0
Fork 1
mirror of https://github.com/makeplane/plane synced 2024-06-14 14:31:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

dev: error codes for authentication

Browse Source
This commit is contained in:
pablohashescobar 2024-05-07 17:38:06 +05:30
parent 6c09e6dbde
commit 61f47258ee
18 changed files with 728 additions and 520 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
apiserver/plane/authentication/adapter/base.py
View File

@ -3,7 +3,6 @@ import os
import uuid
# Django imports
from django.core.exceptions import ImproperlyConfigured
from django.utils import timezone
# Third party imports
@ -16,16 +15,7 @@ from plane.db.models import (
WorkspaceMemberInvite,
)
from plane.license.utils.instance_value import get_configuration_value
class AuthenticationException(Exception):
error_code = None
error_message = None
def __init__(self, error_code, error_message):
self.error_code = error_code
self.error_message = error_message
from .error import AuthenticationException, AUTHENTICATION_ERROR_CODES
class Adapter:
@ -75,8 +65,10 @@ class Adapter:
email=email,
).exists()
):
raise ImproperlyConfigured(
"Account creation is disabled for this instance please contact your admin"
raise AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["SIGNUP_DISABLED"],
error_message="SIGNUP_DISABLED",
payload={"email": email},
)
user = User(email=email, username=uuid.uuid4().hex)
@ -89,8 +81,11 @@ class Adapter:
results = zxcvbn(self.code)
if results["score"] < 3:
raise AuthenticationException(
error_message="The password is not a valid password",
error_code="INVALID_PASSWORD",
error_code=AUTHENTICATION_ERROR_CODES[
"INVALID_PASSWORD"
],
error_message="INVALID_PASSWORD",
payload={"email": email},
)
user.set_password(self.code)

58
apiserver/plane/authentication/adapter/error.py Normal file
View File

@ -0,0 +1,58 @@
AUTHENTICATION_ERROR_CODES = {
"INSTANCE_NOT_CONFIGURED": 5000,
"SIGNUP_DISABLED": 5001,
"INVALID_PASSWORD": 5002,
"USER_ALREADY_EXIST": 5003,
"USER_DOES_NOT_EXIST": 5004,
"AUTHENTICATION_FAILED_SIGN_IN": 5005,
"AUTHENTICATION_FAILED_SIGN_UP": 5006,
"SMTP_NOT_CONFIGURED": 5007,
"INVALID_MAGIC_CODE": 5008,
"EXPIRED_MAGIC_CODE": 5009,
"GOOGLE_NOT_CONFIGURED": 5010,
"GITHUB_NOT_CONFIGURED": 5011,
"INVALID_EMAIL": 5012,
"EMAIL_REQUIRED": 5013,
"REQUIRED_EMAIL_PASSWORD_SIGN_IN": 5014,
"INVALID_EMAIL_SIGN_IN": 5015,
"INVALID_EMAIL_SIGN_UP": 5016,
"INVALID_EMAIL_MAGIC_SIGN_IN": 5017,
"INVALID_EMAIL_MAGIC_SIGN_UP": 5018,
"GITHUB_OAUTH_PROVIDER_ERROR": 5019,
"GOOGLE_OAUTH_PROVIDER_ERROR": 5020,
"MAGIC_SIGN_IN_EMAIL_CODE_REQUIRED": 5021,
"MAGIC_SIGN_UP_EMAIL_CODE_REQUIRED": 5022,
"INVALID_PASSWORD_TOKEN": 5023,
"EXPIRED_PASSWORD_TOKEN": 5024,
"INCORRECT_OLD_PASSWORD": 5025,
"INVALID_NEW_PASSWORD": 5026,
"PASSWORD_ALREADY_SET": 5027,
"ADMIN_ALREADY_EXIST": 5028,
"REQUIRED_ADMIN_EMAIL_PASSWORD_FIRST_NAME": 5029,
"INVALID_ADMIN_EMAIL": 5030,
"INVALID_ADMIN_PASSWORD": 5031,
"REQUIRED_ADMIN_EMAIL_PASSWORD": 5032,
"ADMIN_AUTHENTICATION_FAILED": 5034,
}
class AuthenticationException(Exception):
error_code = None
error_message = None
payload = {}
def __init__(self, error_code, error_message, payload={}):
self.error_code = error_code
self.error_message = error_message
self.payload = payload
def get_error_dict(self):
error = {
"error_code": self.error_code,
"error_message": self.error_message,
}
for key in self.payload:
error[key] = self.payload[key]
return error

38
apiserver/plane/authentication/provider/credentials/email.py
View File

@ -1,7 +1,10 @@
# Module imports
from plane.authentication.adapter.base import AuthenticationException
from plane.authentication.adapter.credential import CredentialAdapter
from plane.db.models import User
from plane.authentication.adapter.error import (
AUTHENTICATION_ERROR_CODES,
AuthenticationException,
)
class EmailProvider(CredentialAdapter):
@ -25,8 +28,10 @@ class EmailProvider(CredentialAdapter):
# Check if the user already exists
if User.objects.filter(email=self.key).exists():
raise AuthenticationException(
error_message="User with this email already exists",
error_code="USER_ALREADY_EXIST",
error_message="USER_ALREADY_EXIST",
error_code=AUTHENTICATION_ERROR_CODES[
"USER_ALREADY_EXIST"
],
)
super().set_user_data(
@ -46,18 +51,35 @@ class EmailProvider(CredentialAdapter):
user = User.objects.filter(
email=self.key,
).first()
# Existing user
# User does not exists
if not user:
raise AuthenticationException(
error_message="Sorry, we could not find a user with the provided credentials. Please try again.",
error_code="AUTHENTICATION_FAILED",
error_message="USER_DOES_NOT_EXIST",
error_code=AUTHENTICATION_ERROR_CODES[
"USER_DOES_NOT_EXIST"
],
payload={
"email": self.key,
},
)
# Check user password
if not user.check_password(self.code):
raise AuthenticationException(
error_message="Sorry, we could not find a user with the provided credentials. Please try again.",
error_code="AUTHENTICATION_FAILED",
error_message=(
"AUTHENTICATION_FAILED_SIGN_UP"
if self.is_signup
else "AUTHENTICATION_FAILED_SIGN_IN"
),
error_code=AUTHENTICATION_ERROR_CODES[
(
"AUTHENTICATION_FAILED_SIGN_UP"
if self.is_signup
else "AUTHENTICATION_FAILED_SIGN_IN"
)
],
payload={"email": self.key},
)
super().set_user_data(

25
apiserver/plane/authentication/provider/credentials/magic_code.py
View File

@ -4,14 +4,15 @@ import os
import random
import string
# Django imports
from django.core.exceptions import ImproperlyConfigured
# Module imports
from plane.authentication.adapter.base import AuthenticationException
from plane.authentication.adapter.credential import CredentialAdapter
from plane.license.utils.instance_value import get_configuration_value
from plane.settings.redis import redis_instance
from plane.authentication.adapter.error import (
AUTHENTICATION_ERROR_CODES,
AuthenticationException,
)
class MagicCodeProvider(CredentialAdapter):
@ -45,8 +46,10 @@ class MagicCodeProvider(CredentialAdapter):
)
if not (EMAIL_HOST):
raise ImproperlyConfigured(
"SMTP is not configured. Please contact the support team."
raise AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["SMTP_NOT_CONFIGURED"],
error_message="SMTP_NOT_CONFIGURED",
payload={"email": str(self.key)},
)
super().__init__(request, self.provider)
@ -113,11 +116,15 @@ class MagicCodeProvider(CredentialAdapter):
return
else:
raise AuthenticationException(
error_message="The token is not valid.",
error_code="INVALID_TOKEN",
error_code=AUTHENTICATION_ERROR_CODES[
"INVALID_MAGIC_CODE"
],
error_message="INVALID_MAGIC_CODE",
payload={"email": str(self.key)},
)
else:
raise AuthenticationException(
error_message="The token has expired. Please regenerate the token and try again.",
error_code="EXPIRED_TOKEN",
error_code=AUTHENTICATION_ERROR_CODES["EXPIRED_MAGIC_CODE"],
error_message="EXPIRED_MAGIC_CODE",
payload={"email": str(self.key)},
)

12
apiserver/plane/authentication/provider/oauth/github.py
View File

@ -6,12 +6,13 @@ from urllib.parse import urlencode
import pytz
import requests
# Django imports
from django.core.exceptions import ImproperlyConfigured
# Module imports
from plane.authentication.adapter.oauth import OauthAdapter
from plane.license.utils.instance_value import get_configuration_value
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class GitHubOAuthProvider(OauthAdapter):
@ -37,8 +38,9 @@ class GitHubOAuthProvider(OauthAdapter):
)
if not (GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET):
raise ImproperlyConfigured(
"Google is not configured. Please contact the support team."
raise AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["GITHUB_NOT_CONFIGURED"],
error_message="GITHUB_NOT_CONFIGURED",
)
client_id = GITHUB_CLIENT_ID

12
apiserver/plane/authentication/provider/oauth/google.py
View File

@ -5,12 +5,13 @@ from urllib.parse import urlencode
import pytz
# Django imports
from django.core.exceptions import ImproperlyConfigured
# Module imports
from plane.authentication.adapter.oauth import OauthAdapter
from plane.license.utils.instance_value import get_configuration_value
from plane.authentication.adapter.error import (
AUTHENTICATION_ERROR_CODES,
AuthenticationException,
)
class GoogleOAuthProvider(OauthAdapter):
@ -34,8 +35,9 @@ class GoogleOAuthProvider(OauthAdapter):
)
if not (GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET):
raise ImproperlyConfigured(
"Google is not configured. Please contact the support team."
raise AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["GOOGLE_NOT_CONFIGURED"],
error_message="GOOGLE_NOT_CONFIGURED",
)
client_id = GOOGLE_CLIENT_ID

72
apiserver/plane/authentication/views/app/check.py
View File

@ -11,6 +11,10 @@ from rest_framework.views import APIView
## Module imports
from plane.db.models import User
from plane.license.models import Instance
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class EmailCheckSignUpEndpoint(APIView):
@ -23,11 +27,14 @@ class EmailCheckSignUpEndpoint(APIView):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
return Response(
{
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -35,8 +42,12 @@ class EmailCheckSignUpEndpoint(APIView):
# Return error if email is not present
if not email:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["EMAIL_REQUIRED"],
error_message="EMAIL_REQUIRED",
)
return Response(
{"error": "Email is required"},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -44,21 +55,24 @@ class EmailCheckSignUpEndpoint(APIView):
try:
validate_email(email)
except ValidationError:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL"],
error_message="INVALID_EMAIL",
)
return Response(
{
"error": "Email is invalid please provide a valid email address"
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
existing_user = User.objects.filter(email=email).first()
if existing_user:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXIST"],
error_message="USER_ALREADY_EXIST",
)
return Response(
{
"error_code": "USER_ALREADY_EXIST",
"error_message": "User already exists with the email.",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
return Response(
@ -77,11 +91,14 @@ class EmailCheckSignInEndpoint(APIView):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
return Response(
{
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -89,8 +106,12 @@ class EmailCheckSignInEndpoint(APIView):
# Return error if email is not present
if not email:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["EMAIL_REQUIRED"],
error_message="EMAIL_REQUIRED",
)
return Response(
{"error": "Email is required"},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -98,10 +119,12 @@ class EmailCheckSignInEndpoint(APIView):
try:
validate_email(email)
except ValidationError:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL"],
error_message="INVALID_EMAIL",
)
return Response(
{
"error": "Email is invalid please provide a valid email address"
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -115,10 +138,11 @@ class EmailCheckSignInEndpoint(APIView):
},
status=status.HTTP_200_OK,
)
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
error_message="USER_DOES_NOT_EXIST",
)
return Response(
{
"error_code": "USER_DOES_NOT_EXIST",
"error_message": "User could not be found with the given email.",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)

105
apiserver/plane/authentication/views/app/email.py
View File

@ -8,7 +8,6 @@ from django.http import HttpResponseRedirect
from django.views import View
# Module imports
from plane.authentication.adapter.base import AuthenticationException
from plane.authentication.provider.credentials.email import EmailProvider
from plane.authentication.utils.login import user_login
from plane.license.models import Instance
@ -18,6 +17,10 @@ from plane.authentication.utils.workspace_project_join import (
process_workspace_project_invitations,
)
from plane.db.models import User
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class SignInAuthEndpoint(View):
@ -28,10 +31,13 @@ class SignInAuthEndpoint(View):
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
# Redirection params
params = {
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
# Base URL join
@ -48,10 +54,14 @@ class SignInAuthEndpoint(View):
## Raise exception if any of the above are missing
if not email or not password:
# Redirection params
params = {
"error_code": "REQUIRED_EMAIL_PASSWORD",
"error_message": "Both email and password are required",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"REQUIRED_EMAIL_PASSWORD_SIGN_IN"
],
error_message="REQUIRED_EMAIL_PASSWORD_SIGN_IN",
payload={"email": str(email)},
)
params = exc.get_error_dict()
# Next path
if next_path:
params["next_path"] = str(next_path)
@ -66,10 +76,12 @@ class SignInAuthEndpoint(View):
try:
validate_email(email)
except ValidationError:
params = {
"error_code": "INVALID_EMAIL",
"error_message": "Please provide a valid email address.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL_SIGN_IN"],
error_message="INVALID_EMAIL_SIGN_IN",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -79,10 +91,12 @@ class SignInAuthEndpoint(View):
return HttpResponseRedirect(url)
if not User.objects.filter(email=email).exists():
params = {
"error_code": "USER_DOES_NOT_EXIST",
"error_message": "User could not be found with the given email.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
error_message="USER_DOES_NOT_EXIST",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -110,11 +124,7 @@ class SignInAuthEndpoint(View):
url = urljoin(base_host(request=request), path)
return HttpResponseRedirect(url)
except AuthenticationException as e:
params = {
"email": email,
"error_code": str(e.error_code),
"error_message": str(e.error_message),
}
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -131,10 +141,14 @@ class SignUpAuthEndpoint(View):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
params = {
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
# Redirection params
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -147,10 +161,15 @@ class SignUpAuthEndpoint(View):
password = request.POST.get("password", False)
## Raise exception if any of the above are missing
if not email or not password:
params = {
"error_code": "REQUIRED_EMAIL_PASSWORD",
"error_message": "Both email and password are required",
}
# Redirection params
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"REQUIRED_EMAIL_PASSWORD_SIGN_UP"
],
error_message="REQUIRED_EMAIL_PASSWORD_SIGN_UP",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -163,10 +182,13 @@ class SignUpAuthEndpoint(View):
try:
validate_email(email)
except ValidationError:
params = {
"error_code": "INVALID_EMAIL",
"error_message": "Please provide a valid email address.",
}
# Redirection params
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL_SIGN_UP"],
error_message="INVALID_EMAIL_SIGN_UP",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -176,10 +198,12 @@ class SignUpAuthEndpoint(View):
return HttpResponseRedirect(url)
if User.objects.filter(email=email).exists():
params = {
"error_code": "USER_ALREADY_EXIST",
"error_message": "User already exists with the email.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXIST"],
error_message="USER_ALREADY_EXIST",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -206,10 +230,7 @@ class SignUpAuthEndpoint(View):
url = urljoin(base_host(request=request), path)
return HttpResponseRedirect(url)
except AuthenticationException as e:
params = {
"error_code": str(e.error_code),
"error_message": str(e.error_message),
}
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(

53
apiserver/plane/authentication/views/app/github.py
View File

@ -15,6 +15,10 @@ from plane.authentication.utils.workspace_project_join import (
)
from plane.license.models import Instance
from plane.authentication.utils.host import base_host
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class GitHubOauthInitiateEndpoint(View):
@ -29,10 +33,15 @@ class GitHubOauthInitiateEndpoint(View):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
params = {
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
base_host(request=request),
"?" + urlencode(params),
@ -44,11 +53,8 @@ class GitHubOauthInitiateEndpoint(View):
request.session["state"] = state
auth_url = provider.get_auth_url()
return HttpResponseRedirect(auth_url)
except ImproperlyConfigured as e:
params = {
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
}
except AuthenticationException as e:
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -67,10 +73,13 @@ class GitHubCallbackEndpoint(View):
next_path = request.session.get("next_path")
if state != request.session.get("state", ""):
params = {
"error_code": "OAUTH_PROVIDER_ERROR",
"error_message": "State does not match",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"GITHUB_OAUTH_PROVIDER_ERROR"
],
error_message="GITHUB_OAUTH_PROVIDER_ERROR",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -80,10 +89,13 @@ class GitHubCallbackEndpoint(View):
return HttpResponseRedirect(url)
if not code:
params = {
"error_code": "OAUTH_PROVIDER_ERROR",
"error_message": "Something went wrong while fetching data from OAuth provider. Please try again after sometime.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"GITHUB_OAUTH_PROVIDER_ERROR"
],
error_message="GITHUB_OAUTH_PROVIDER_ERROR",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -110,11 +122,8 @@ class GitHubCallbackEndpoint(View):
# redirect to referer path
url = urljoin(base_host, path)
return HttpResponseRedirect(url)
except ImproperlyConfigured as e:
params = {
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
}
except AuthenticationException as e:
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(

51
apiserver/plane/authentication/views/app/google.py
View File

@ -17,6 +17,10 @@ from plane.authentication.utils.workspace_project_join import (
# Module imports
from plane.license.models import Instance
from plane.authentication.utils.host import base_host
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class GoogleOauthInitiateEndpoint(View):
@ -29,10 +33,13 @@ class GoogleOauthInitiateEndpoint(View):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
params = {
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -47,11 +54,8 @@ class GoogleOauthInitiateEndpoint(View):
request.session["state"] = state
auth_url = provider.get_auth_url()
return HttpResponseRedirect(auth_url)
except ImproperlyConfigured as e:
params = {
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
}
except AuthenticationException as e:
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -69,10 +73,13 @@ class GoogleCallbackEndpoint(View):
next_path = request.session.get("next_path")
if state != request.session.get("state", ""):
params = {
"error_code": "OAUTH_PROVIDER_ERROR",
"error_message": "State does not match",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"GOOGLE_OAUTH_PROVIDER_ERROR"
],
error_message="GOOGLE_OAUTH_PROVIDER_ERROR",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -81,10 +88,13 @@ class GoogleCallbackEndpoint(View):
)
return HttpResponseRedirect(url)
if not code:
params = {
"error_code": "OAUTH_PROVIDER_ERROR",
"error_message": "Something went wrong while fetching data from OAuth provider. Please try again after sometime.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"GOOGLE_OAUTH_PROVIDER_ERROR"
],
error_message="GOOGLE_OAUTH_PROVIDER_ERROR",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = next_path
url = urljoin(
@ -107,11 +117,8 @@ class GoogleCallbackEndpoint(View):
# redirect to referer path
url = urljoin(base_host, str(next_path) if next_path else path)
return HttpResponseRedirect(url)
except ImproperlyConfigured as e:
params = {
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
}
except AuthenticationException as e:
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(

89
apiserver/plane/authentication/views/app/magic.py
View File

@ -2,7 +2,6 @@
from urllib.parse import urlencode, urljoin
# Django imports
from django.core.exceptions import ImproperlyConfigured, ValidationError
from django.core.validators import validate_email
from django.http import HttpResponseRedirect
from django.views import View
@ -14,7 +13,6 @@ from rest_framework.response import Response
from rest_framework.views import APIView
# Module imports
from plane.authentication.adapter.base import AuthenticationException
from plane.authentication.provider.credentials.magic_code import (
MagicCodeProvider,
)
@ -27,6 +25,10 @@ from plane.bgtasks.magic_link_code_task import magic_link
from plane.license.models import Instance
from plane.authentication.utils.host import base_host
from plane.db.models import User, Profile
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class MagicGenerateEndpoint(APIView):
@ -39,11 +41,14 @@ class MagicGenerateEndpoint(APIView):
# Check if instance is configured
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
return Response(
{
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
exc.get_error_dict(), status=status.HTTP_400_BAD_REQUEST
)
origin = request.META.get("HTTP_ORIGIN", "/")
@ -57,28 +62,10 @@ class MagicGenerateEndpoint(APIView):
# If the smtp is configured send through here
magic_link.delay(email, key, token, origin)
return Response({"key": str(key)}, status=status.HTTP_200_OK)
except ImproperlyConfigured as e:
return Response(
{
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
},
status=status.HTTP_400_BAD_REQUEST,
)
except AuthenticationException as e:
params = e.get_error_dict()
return Response(
{
"error_code": str(e.error_code),
"error_message": str(e.error_message),
},
status=status.HTTP_400_BAD_REQUEST,
)
except ValidationError:
return Response(
{
"error_code": "INVALID_EMAIL",
"error_message": "Valid email is required for generating a magic code",
},
params,
status=status.HTTP_400_BAD_REQUEST,
)
@ -93,10 +80,13 @@ class MagicSignInEndpoint(View):
next_path = request.POST.get("next_path")
if code == "" or email == "":
params = {
"error_code": "EMAIL_CODE_REQUIRED",
"error_message": "Email and code are required",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"MAGIC_SIGN_IN_EMAIL_CODE_REQUIRED"
],
error_message="MAGIC_SIGN_IN_EMAIL_CODE_REQUIRED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -106,10 +96,11 @@ class MagicSignInEndpoint(View):
return HttpResponseRedirect(url)
if not User.objects.filter(email=email).exists():
params = {
"error_code": "USER_DOES_NOT_EXIST",
"error_message": "User could not be found with the given email.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
error_message="USER_DOES_NOT_EXIST",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -142,10 +133,7 @@ class MagicSignInEndpoint(View):
return HttpResponseRedirect(url)
except AuthenticationException as e:
params = {
"error_code": str(e.error_code),
"error_message": str(e.error_message),
}
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -165,10 +153,13 @@ class MagicSignUpEndpoint(View):
next_path = request.POST.get("next_path")
if code == "" or email == "":
params = {
"error_code": "EMAIL_CODE_REQUIRED",
"error_message": "Email and code are required",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"MAGIC_SIGN_UP_EMAIL_CODE_REQUIRED"
],
error_message="MAGIC_SIGN_UP_EMAIL_CODE_REQUIRED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -178,10 +169,11 @@ class MagicSignUpEndpoint(View):
return HttpResponseRedirect(url)
if User.objects.filter(email=email).exists():
params = {
"error_code": "USER_ALREADY_EXIST",
"error_message": "User already exists with the email.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXIST"],
error_message="USER_ALREADY_EXIST",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -209,10 +201,7 @@ class MagicSignUpEndpoint(View):
return HttpResponseRedirect(url)
except AuthenticationException as e:
params = {
"error_code": str(e.error_code),
"error_message": str(e.error_message),
}
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(

146
apiserver/plane/authentication/views/common.py
View File

@ -34,6 +34,10 @@ from plane.db.models import User
from plane.license.models import Instance
from plane.license.utils.instance_value import get_configuration_value
from plane.authentication.utils.host import base_host
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class CSRFTokenEndpoint(APIView):
@ -69,11 +73,14 @@ class ForgotPasswordEndpoint(APIView):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
return Response(
{
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -97,22 +104,24 @@ class ForgotPasswordEndpoint(APIView):
)
if not (EMAIL_HOST):
exc = AuthenticationException(
error_message="SMTP_NOT_CONFIGURED",
error_code=AUTHENTICATION_ERROR_CODES["SMTP_NOT_CONFIGURED"],
)
return Response(
{
"error_code": "SMTP_NOT_CONFIGURED",
"error_message": "SMTP is not configured. Please contact your admin",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
try:
validate_email(email)
except ValidationError:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL"],
error_message="INVALID_EMAIL",
)
return Response(
{
"error_code": "INVALID_EMAIL",
"error_message": "Please enter a valid email",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -130,11 +139,12 @@ class ForgotPasswordEndpoint(APIView):
{"message": "Check your email to reset your password"},
status=status.HTTP_200_OK,
)
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
error_message="USER_DOES_NOT_EXIST",
)
return Response(
{
"error_code": "INVALID_EMAIL",
"error_message": "Please check the email",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -149,39 +159,43 @@ class ResetPasswordEndpoint(View):
# check if the token is valid for the user
if not PasswordResetTokenGenerator().check_token(user, token):
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INVALID_PASSWORD_TOKEN"
],
error_message="INVALID_PASSWORD_TOKEN",
)
params = exc.get_error_dict()
url = urljoin(
base_host(request=request),
"accounts/reset-password?"
+ urlencode(
{
"error_code": "INVALID_TOKEN",
"error_message": "Token is invalid",
}
),
"accounts/reset-password?" + urlencode(params),
)
return HttpResponseRedirect(url)
password = request.POST.get("password", False)
if not password:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_PASSWORD"],
error_message="INVALID_PASSWORD",
)
url = urljoin(
base_host(request=request),
"?" + urlencode({"error": "Password is required"}),
"?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
# Check the password complexity
results = zxcvbn(password)
if results["score"] < 3:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_PASSWORD"],
error_message="INVALID_PASSWORD",
)
url = urljoin(
base_host(request=request),
"accounts/reset-password?"
+ urlencode(
{
"error_code": "INVALID_PASSWORD",
"error_message": "The password is not a valid password",
}
),
+ urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -196,15 +210,15 @@ class ResetPasswordEndpoint(View):
)
return HttpResponseRedirect(url)
except DjangoUnicodeDecodeError:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"EXPIRED_PASSWORD_TOKEN"
],
error_message="EXPIRED_PASSWORD_TOKEN",
)
url = urljoin(
base_host(request=request),
"accounts/reset-password?"
+ urlencode(
{
"error_code": "INVALID_TOKEN",
"error_message": "The password token is not valid",
}
),
"accounts/reset-password?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -215,19 +229,29 @@ class ChangePasswordEndpoint(APIView):
user = User.objects.get(pk=request.user.id)
if serializer.is_valid():
if not user.check_password(serializer.data.get("old_password")):
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INCORRECT_OLD_PASSWORD"
],
error_message="INCORRECT_OLD_PASSWORD",
payload={"error": "Old password is not correct"},
)
return Response(
{"error": "Old password is not correct"},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
# check the password score
results = zxcvbn(serializer.data.get("new_password"))
if results["score"] < 3:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INVALID_NEW_PASSWORD"
],
error_message="INVALID_NEW_PASSWORD",
)
return Response(
{
"error_code": "INVALID_PASSWORD",
"error_message": "Invalid password.",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -240,11 +264,12 @@ class ChangePasswordEndpoint(APIView):
{"message": "Password updated successfully"},
status=status.HTTP_200_OK,
)
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_PASSWORD"],
error_message="INVALID_PASSWORD",
)
return Response(
{
"error_code": "INVALID_PASSWORD",
"error_message": "Invalid passwords provided",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -256,30 +281,37 @@ class SetUserPasswordEndpoint(APIView):
# If the user password is not autoset then return error
if not user.is_password_autoset:
return Response(
{
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["PASSWORD_ALREADY_SET"],
error_message="PASSWORD_ALREADY_SET",
payload={
"error": "Your password is already set please change your password from profile"
},
)
return Response(
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
# Check password validation
if not password and len(str(password)) < 8:
if not password:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_PASSWORD"],
error_message="INVALID_PASSWORD",
)
return Response(
{
"error_code": "INVALID_PASSWORD",
"error_message": "Invalid password.",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
results = zxcvbn(password)
if results["score"] < 3:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_PASSWORD"],
error_message="INVALID_PASSWORD",
)
return Response(
{
"error_code": "INVALID_PASSWORD",
"error_message": "Invalid password.",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)

30
apiserver/plane/authentication/views/space/check.py
View File

@ -11,6 +11,10 @@ from rest_framework.views import APIView
## Module imports
from plane.db.models import User
from plane.license.models import Instance
from plane.authentication.adapter.error import (
AUTHENTICATION_ERROR_CODES,
AuthenticationException,
)
class EmailCheckEndpoint(APIView):
@ -23,11 +27,14 @@ class EmailCheckEndpoint(APIView):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
return Response(
{
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -35,8 +42,12 @@ class EmailCheckEndpoint(APIView):
# Return error if email is not present
if not email:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["EMAIL_REQUIRED"],
error_message="EMAIL_REQUIRED",
)
return Response(
{"error": "Email is required"},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -44,13 +55,14 @@ class EmailCheckEndpoint(APIView):
try:
validate_email(email)
except ValidationError:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL"],
error_message="INVALID_EMAIL",
)
return Response(
{
"error": "Email is invalid please provide a valid email address"
},
exc.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
# Check if a user already exists with the given email
existing_user = User.objects.filter(email=email).first()

105
apiserver/plane/authentication/views/space/email.py
View File

@ -8,12 +8,15 @@ from django.http import HttpResponseRedirect
from django.views import View
# Module imports
from plane.authentication.adapter.base import AuthenticationException
from plane.authentication.provider.credentials.email import EmailProvider
from plane.authentication.utils.login import user_login
from plane.license.models import Instance
from plane.authentication.utils.host import base_host
from plane.db.models import User
from plane.authentication.adapter.error import (
AUTHENTICATION_ERROR_CODES,
AuthenticationException,
)
class SignInAuthSpaceEndpoint(View):
@ -23,10 +26,14 @@ class SignInAuthSpaceEndpoint(View):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
params = {
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
# Redirection params
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -41,10 +48,14 @@ class SignInAuthSpaceEndpoint(View):
## Raise exception if any of the above are missing
if not email or not password:
params = {
"error_code": "REQUIRED_EMAIL_PASSWORD",
"error_message": "Both email and password are required",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"REQUIRED_EMAIL_PASSWORD_SIGN_IN"
],
error_message="REQUIRED_EMAIL_PASSWORD_SIGN_IN",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -58,10 +69,12 @@ class SignInAuthSpaceEndpoint(View):
try:
validate_email(email)
except ValidationError:
params = {
"error_code": "INVALID_EMAIL",
"error_message": "Please provide a valid email address.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL_SIGN_IN"],
error_message="INVALID_EMAIL_SIGN_IN",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -71,10 +84,12 @@ class SignInAuthSpaceEndpoint(View):
return HttpResponseRedirect(url)
if not User.objects.filter(email=email).exists():
params = {
"error_code": "USER_DOES_NOT_EXIST",
"error_message": "User could not be found with the given email.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
error_message="USER_DOES_NOT_EXIST",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -97,10 +112,7 @@ class SignInAuthSpaceEndpoint(View):
)
return HttpResponseRedirect(url)
except AuthenticationException as e:
params = {
"error_code": str(e.error_code),
"error_message": str(e.error_message),
}
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -117,10 +129,14 @@ class SignUpAuthSpaceEndpoint(View):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
params = {
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
# Redirection params
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -133,10 +149,15 @@ class SignUpAuthSpaceEndpoint(View):
password = request.POST.get("password", False)
## Raise exception if any of the above are missing
if not email or not password:
params = {
"error_code": "REQUIRED_EMAIL_PASSWORD",
"error_message": "Both email and password are required",
}
# Redirection params
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"REQUIRED_EMAIL_PASSWORD_SIGN_UP"
],
error_message="REQUIRED_EMAIL_PASSWORD_SIGN_UP",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -149,10 +170,13 @@ class SignUpAuthSpaceEndpoint(View):
try:
validate_email(email)
except ValidationError:
params = {
"error_code": "INVALID_EMAIL",
"error_message": "Please provide a valid email address.",
}
# Redirection params
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_EMAIL_SIGN_UP"],
error_message="INVALID_EMAIL_SIGN_UP",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -162,10 +186,12 @@ class SignUpAuthSpaceEndpoint(View):
return HttpResponseRedirect(url)
if User.objects.filter(email=email).exists():
params = {
"error_code": "USER_ALREADY_EXIST",
"error_message": "User already exists with the email.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXIST"],
error_message="USER_ALREADY_EXIST",
payload={"email": str(email)},
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -188,10 +214,7 @@ class SignUpAuthSpaceEndpoint(View):
)
return HttpResponseRedirect(url)
except AuthenticationException as e:
params = {
"error_code": str(e.error_code),
"error_message": str(e.error_message),
}
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(

51
apiserver/plane/authentication/views/space/github.py
View File

@ -12,6 +12,10 @@ from plane.authentication.provider.oauth.github import GitHubOAuthProvider
from plane.authentication.utils.login import user_login
from plane.license.models import Instance
from plane.authentication.utils.host import base_host
from plane.authentication.adapter.error import (
AUTHENTICATION_ERROR_CODES,
AuthenticationException,
)
class GitHubOauthInitiateSpaceEndpoint(View):
@ -26,10 +30,13 @@ class GitHubOauthInitiateSpaceEndpoint(View):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
params = {
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -44,11 +51,8 @@ class GitHubOauthInitiateSpaceEndpoint(View):
request.session["state"] = state
auth_url = provider.get_auth_url()
return HttpResponseRedirect(auth_url)
except ImproperlyConfigured as e:
params = {
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
}
except AuthenticationException as e:
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -67,10 +71,13 @@ class GitHubCallbackSpaceEndpoint(View):
next_path = request.session.get("next_path")
if state != request.session.get("state", ""):
params = {
"error_code": "OAUTH_PROVIDER_ERROR",
"error_message": "State does not match",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"GITHUB_OAUTH_PROVIDER_ERROR"
],
error_message="GITHUB_OAUTH_PROVIDER_ERROR",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -80,10 +87,13 @@ class GitHubCallbackSpaceEndpoint(View):
return HttpResponseRedirect(url)
if not code:
params = {
"error_code": "OAUTH_PROVIDER_ERROR",
"error_message": "Something went wrong while fetching data from OAuth provider. Please try again after sometime.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"GITHUB_OAUTH_PROVIDER_ERROR"
],
error_message="GITHUB_OAUTH_PROVIDER_ERROR",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -104,11 +114,8 @@ class GitHubCallbackSpaceEndpoint(View):
# redirect to referer path
url = urljoin(base_host, str(next_path) if next_path else "/")
return HttpResponseRedirect(url)
except ImproperlyConfigured as e:
params = {
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
}
except AuthenticationException as e:
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(

56
apiserver/plane/authentication/views/space/google.py
View File

@ -3,17 +3,18 @@ import uuid
from urllib.parse import urlencode, urljoin
# Django import
from django.core.exceptions import ImproperlyConfigured
from django.http import HttpResponseRedirect
from django.views import View
# Module imports
from plane.authentication.provider.oauth.google import GoogleOAuthProvider
from plane.authentication.utils.login import user_login
# Module imports
from plane.license.models import Instance
from plane.authentication.utils.host import base_host
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class GoogleOauthInitiateSpaceEndpoint(View):
@ -26,10 +27,13 @@ class GoogleOauthInitiateSpaceEndpoint(View):
# Check instance configuration
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
params = {
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -44,11 +48,8 @@ class GoogleOauthInitiateSpaceEndpoint(View):
request.session["state"] = state
auth_url = provider.get_auth_url()
return HttpResponseRedirect(auth_url)
except ImproperlyConfigured as e:
params = {
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
}
except AuthenticationException as e:
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -66,10 +67,13 @@ class GoogleCallbackSpaceEndpoint(View):
next_path = request.session.get("next_path")
if state != request.session.get("state", ""):
params = {
"error_code": "OAUTH_PROVIDER_ERROR",
"error_message": "State does not match",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"GOOGLE_OAUTH_PROVIDER_ERROR"
],
error_message="GOOGLE_OAUTH_PROVIDER_ERROR",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -78,10 +82,13 @@ class GoogleCallbackSpaceEndpoint(View):
)
return HttpResponseRedirect(url)
if not code:
params = {
"error_code": "OAUTH_PROVIDER_ERROR",
"error_message": "Something went wrong while fetching data from OAuth provider. Please try again after sometime.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"GOOGLE_OAUTH_PROVIDER_ERROR"
],
error_message="GOOGLE_OAUTH_PROVIDER_ERROR",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = next_path
url = urljoin(
@ -102,11 +109,8 @@ class GoogleCallbackSpaceEndpoint(View):
base_host, str(next_path) if next_path else "/spaces"
)
return HttpResponseRedirect(url)
except ImproperlyConfigured as e:
params = {
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
}
except AuthenticationException as e:
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(

90
apiserver/plane/authentication/views/space/magic.py
View File

@ -14,7 +14,6 @@ from rest_framework.response import Response
from rest_framework.views import APIView
# Module imports
from plane.authentication.adapter.base import AuthenticationException
from plane.authentication.provider.credentials.magic_code import (
MagicCodeProvider,
)
@ -23,6 +22,10 @@ from plane.bgtasks.magic_link_code_task import magic_link
from plane.license.models import Instance
from plane.authentication.utils.host import base_host
from plane.db.models import User, Profile
from plane.authentication.adapter.error import (
AuthenticationException,
AUTHENTICATION_ERROR_CODES,
)
class MagicGenerateSpaceEndpoint(APIView):
@ -35,11 +38,14 @@ class MagicGenerateSpaceEndpoint(APIView):
# Check if instance is configured
instance = Instance.objects.first()
if instance is None or not instance.is_setup_done:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
return Response(
{
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
exc.get_error_dict(), status=status.HTTP_400_BAD_REQUEST
)
origin = base_host(request=request)
@ -53,28 +59,9 @@ class MagicGenerateSpaceEndpoint(APIView):
# If the smtp is configured send through here
magic_link.delay(email, key, token, origin)
return Response({"key": str(key)}, status=status.HTTP_200_OK)
except ImproperlyConfigured as e:
return Response(
{
"error_code": "IMPROPERLY_CONFIGURED",
"error_message": str(e),
},
status=status.HTTP_400_BAD_REQUEST,
)
except AuthenticationException as e:
return Response(
{
"error_code": str(e.error_code),
"error_message": str(e.error_message),
},
status=status.HTTP_400_BAD_REQUEST,
)
except ValidationError:
return Response(
{
"error_code": "INVALID_EMAIL",
"error_message": "Valid email is required for generating a magic code",
},
e.get_error_dict(),
status=status.HTTP_400_BAD_REQUEST,
)
@ -89,10 +76,13 @@ class MagicSignInSpaceEndpoint(View):
next_path = request.POST.get("next_path")
if code == "" or email == "":
params = {
"error_code": "EMAIL_CODE_REQUIRED",
"error_message": "Email and code are required",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"MAGIC_SIGN_IN_EMAIL_CODE_REQUIRED"
],
error_message="MAGIC_SIGN_IN_EMAIL_CODE_REQUIRED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -122,26 +112,17 @@ class MagicSignInSpaceEndpoint(View):
# Login the user and record his device info
user_login(request=request, user=user)
# redirect to referer path
profile = Profile.objects.get(user=user)
if user.is_password_autoset and profile.is_onboarded:
path = "spaces/accounts/set-password"
else:
# Get the redirection path
path = (
str(next_path)
if next_path
else "spaces"
)
url = urljoin(
base_host(request=request),
path
)
path = str(next_path) if next_path else "spaces"
url = urljoin(base_host(request=request), path)
return HttpResponseRedirect(url)
except AuthenticationException as e:
params = {
"error_code": str(e.error_code),
"error_message": str(e.error_message),
}
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -161,10 +142,13 @@ class MagicSignUpSpaceEndpoint(View):
next_path = request.POST.get("next_path")
if code == "" or email == "":
params = {
"error_code": "EMAIL_CODE_REQUIRED",
"error_message": "Email and code are required",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"MAGIC_SIGN_UP_EMAIL_CODE_REQUIRED"
],
error_message="MAGIC_SIGN_UP_EMAIL_CODE_REQUIRED",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -174,10 +158,11 @@ class MagicSignUpSpaceEndpoint(View):
return HttpResponseRedirect(url)
if User.objects.filter(email=email).exists():
params = {
"error_code": "USER_ALREADY_EXIST",
"error_message": "User already exists with the email.",
}
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXIST"],
error_message="USER_ALREADY_EXIST",
)
params = exc.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(
@ -201,10 +186,7 @@ class MagicSignUpSpaceEndpoint(View):
return HttpResponseRedirect(url)
except AuthenticationException as e:
params = {
"error_code": str(e.error_code),
"error_message": str(e.error_message),
}
params = e.get_error_dict()
if next_path:
params["next_path"] = str(next_path)
url = urljoin(

230
apiserver/plane/license/api/views/admin.py
View File

@ -29,6 +29,10 @@ from plane.db.models import User, Profile
from plane.utils.cache import cache_response, invalidate_cache
from plane.authentication.utils.login import user_login
from plane.authentication.utils.host import base_host
from plane.authentication.adapter.error import (
AUTHENTICATION_ERROR_CODES,
AuthenticationException,
)
class InstanceAdminEndpoint(BaseAPIView):
@ -95,29 +99,27 @@ class InstanceAdminSignUpEndpoint(View):
# Check instance first
instance = Instance.objects.first()
if instance is None:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
url = urljoin(
base_host(request=request),
"god-mode/setup?"
+ urlencode(
{
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
),
"god-mode/setup?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
# check if the instance has already an admin registered
if InstanceAdmin.objects.first():
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["ADMIN_ALREADY_EXIST"],
error_message="ADMIN_ALREADY_EXIST",
)
url = urljoin(
base_host(request=request),
"god-mode/setup?"
+ urlencode(
{
"error_code": "ADMIN_ALREADY_EXIST",
"error_message": "Admin for the instance has been already registered.",
}
),
"god-mode/setup?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -131,20 +133,22 @@ class InstanceAdminSignUpEndpoint(View):
# return error if the email and password is not present
if not email or not password or not first_name:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"REQUIRED_ADMIN_EMAIL_PASSWORD_FIRST_NAME"
],
error_message="REQUIRED_ADMIN_EMAIL_PASSWORD_FIRST_NAME",
payload={
"email": email,
"first_name": first_name,
"last_name": last_name,
"company_name": company_name,
"is_telemetry_enabled": is_telemetry_enabled,
},
)
url = urljoin(
base_host(request=request),
"god-mode/setup?"
+ urlencode(
{
"email": email,
"first_name": first_name,
"last_name": last_name,
"company_name": company_name,
"is_telemetry_enabled": is_telemetry_enabled,
"error_code": "REQUIRED_EMAIL_PASSWORD_FIRST_NAME",
"error_message": "Email, name and password are required",
}
),
"god-mode/setup?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -153,60 +157,62 @@ class InstanceAdminSignUpEndpoint(View):
try:
validate_email(email)
except ValidationError:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_ADMIN_EMAIL"],
error_message="INVALID_ADMIN_EMAIL",
payload={
"email": email,
"first_name": first_name,
"last_name": last_name,
"company_name": company_name,
"is_telemetry_enabled": is_telemetry_enabled,
},
)
url = urljoin(
base_host(request=request),
"god-mode/setup?"
+ urlencode(
{
"email": email,
"first_name": first_name,
"last_name": last_name,
"company_name": company_name,
"is_telemetry_enabled": is_telemetry_enabled,
"error_code": "INVALID_EMAIL",
"error_message": "Please provide a valid email address.",
}
),
"god-mode/setup?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
# Check if already a user exists or not
# Existing user
if User.objects.filter(email=email).exists():
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_ALREADY_EXISTS"],
error_message="USER_ALREADY_EXISTS",
payload={
"email": email,
"first_name": first_name,
"last_name": last_name,
"company_name": company_name,
"is_telemetry_enabled": is_telemetry_enabled,
},
)
url = urljoin(
base_host(request=request),
"god-mode/setup?"
+ urlencode(
{
"email": email,
"first_name": first_name,
"last_name": last_name,
"company_name": company_name,
"is_telemetry_enabled": is_telemetry_enabled,
"error_code": "USER_ALREADY_EXISTS",
"error_message": "User already exists.",
}
),
"god-mode/setup?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
else:
results = zxcvbn(password)
if results["score"] < 3:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INVALID_ADMIN_PASSWORD"
],
error_message="INVALID_ADMIN_PASSWORD",
payload={
"email": email,
"first_name": first_name,
"last_name": last_name,
"company_name": company_name,
"is_telemetry_enabled": is_telemetry_enabled,
},
)
url = urljoin(
base_host(request=request),
"god-mode/setup?"
+ urlencode(
{
"email": email,
"first_name": first_name,
"last_name": last_name,
"company_name": company_name,
"is_telemetry_enabled": is_telemetry_enabled,
"error_code": "INVALID_PASSWORD",
"error_message": "Invalid password provided.",
}
),
"god-mode/setup?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -254,15 +260,15 @@ class InstanceAdminSignInEndpoint(View):
# Check instance first
instance = Instance.objects.first()
if instance is None:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"INSTANCE_NOT_CONFIGURED"
],
error_message="INSTANCE_NOT_CONFIGURED",
)
url = urljoin(
base_host(request=request),
"god-mode/login?"
+ urlencode(
{
"error_code": "INSTANCE_NOT_CONFIGURED",
"error_message": "Instance is not configured",
}
),
"god-mode/login?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -272,16 +278,18 @@ class InstanceAdminSignInEndpoint(View):
# return error if the email and password is not present
if not email or not password:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"REQUIRED_ADMIN_EMAIL_PASSWORD"
],
error_message="REQUIRED_ADMIN_EMAIL_PASSWORD",
payload={
"email": email,
},
)
url = urljoin(
base_host(request=request),
"god-mode/login?"
+ urlencode(
{
"email": email,
"error_code": "REQUIRED_EMAIL_PASSWORD",
"error_message": "Email and password are required",
}
),
"god-mode/login?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -290,16 +298,16 @@ class InstanceAdminSignInEndpoint(View):
try:
validate_email(email)
except ValidationError:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["INVALID_ADMIN_EMAIL"],
error_message="INVALID_ADMIN_EMAIL",
payload={
"email": email,
},
)
url = urljoin(
base_host(request=request),
"god-mode/login?"
+ urlencode(
{
"email": email,
"error_code": "INVALID_EMAIL",
"error_message": "Please provide a valid email address.",
}
),
"god-mode/login?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
@ -308,46 +316,50 @@ class InstanceAdminSignInEndpoint(View):
# Error out if the user is not present
if not user:
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES["USER_DOES_NOT_EXIST"],
error_message="USER_DOES_NOT_EXIST",
payload={
"email": email,
},
)
url = urljoin(
base_host(request=request),
"god-mode/login?"
+ urlencode(
{
"email": email,
"error_code": "USER_DOES_NOT_EXIST",
"error_message": "User does not exist",
}
),
"god-mode/login?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
# Check password of the user
if not user.check_password(password):
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"ADMIN_AUTHENTICATION_FAILED"
],
error_message="ADMIN_AUTHENTICATION_FAILED",
payload={
"email": email,
},
)
url = urljoin(
base_host(request=request),
"god-mode/login?"
+ urlencode(
{
"email": email,
"error_code": "AUTHENTICATION_FAILED",
"error_message": "Sorry, we could not find an admin user with the provided credentials. Please try again.",
}
),
"god-mode/login?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
# Check if the user is an instance admin
if not InstanceAdmin.objects.filter(instance=instance, user=user):
exc = AuthenticationException(
error_code=AUTHENTICATION_ERROR_CODES[
"ADMIN_AUTHENTICATION_FAILED"
],
error_message="ADMIN_AUTHENTICATION_FAILED",
payload={
"email": email,
},
)
url = urljoin(
base_host(request=request),
"god-mode/login?"
+ urlencode(
{
"email": email,
"error_code": "AUTHENTICATION_FAILED",
"error_message": "Sorry, we could not find an admin user with the provided credentials. Please try again.",
}
),
"god-mode/login?" + urlencode(exc.get_error_dict()),
)
return HttpResponseRedirect(url)
# settings last active for the user