Merge pull request #125 from rigdenlab/development

Automate user account recovery

Author: FilomenoSanchez

app.py

@@ -201,7 +201,7 @@ def recover_account(n_clicks, username, email, secret, password_1, password_2):
     if not callback_utils.ensure_triggered(trigger):
         return no_update
 
-    return app_utils.recover_account(username, email, secret, password_1, password_2)
+    return app_utils.recover_account(username, email, secret, password_1, password_2, app.logger)
 
 @app.callback([Output('invalid-create-user-collapse', 'is_open'),
                Output('create-user-modal-div', 'children'),

components/__init__.py

@@ -622,6 +622,18 @@ def InvalidPasswordRecoverAccount(*args, **kwargs):
     return InvalidPasswordRecoverAccount(*args, **kwargs)
 
 
+def ContactWrongAccountModal(*args, **kwargs):
+    from components.modals import ContactWrongAccountModal
+
+    return ContactWrongAccountModal(*args, **kwargs)
+
+
+def ContactRecoverAccountModal(*args, **kwargs):
+    from components.modals import ContactRecoverAccountModal
+
+    return ContactRecoverAccountModal(*args, **kwargs)
+
+
 def FailureRecoverAccount(*args, **kwargs):
     from components.modals import FailureRecoverAccount
 

components/modals.py

@@ -601,6 +601,29 @@ def SlackConnectionErrorModal():
     ], id='slack-connection-error-modal', is_open=True)
 
 
+def ContactWrongAccountModal():
+    return dbc.Modal([
+        dbc.ModalHeader(
+            html.H4('Wrong account details', className="alert-heading", style={'color': 'red'})),
+        dbc.ModalBody(
+            html.P("""We cannot match the information you provided with any account on our database. If you wish to 
+            recover your password please make sure to provide the same email address and username you have registered 
+            when creating the account.""", style={'text-align': "justify"})
+        ),
+    ], id='slack-fail-recovery-modal', is_open=True)
+
+
+def ContactRecoverAccountModal():
+    return dbc.Modal([
+        dbc.ModalHeader(
+            html.H4('Account recovery', className="alert-heading", style={'color': 'green'})),
+        dbc.ModalBody(
+            html.P("""We have sent a message to your email address with further instructions to reset your password. 
+            PLEASE MAKE SURE TO CHECK YOUR SPAM FOLDER.""", style={'text-align': "justify"})
+        ),
+    ], id='slack-success-recovery-modal', is_open=True)
+
+
 def PaletteModal(dataset, idx):
     palette_dict = {}
     palette_list = []

requirements.txt

@@ -15,4 +15,7 @@ keydb~=0.0.1
 psycopg2-binary~=2.8.5
 slack~=0.0.2
 slackclient~=2.6.1
-visdcc~=0.0.40
+visdcc~=0.0.40
+yagmail~=0.14.245
+keyring~=22.0.1
+keyrings.cryptfile~=1.3.6

utils/__init__.py

@@ -26,7 +26,7 @@ class WimleyWhiteHydrophobicityScale(Enum):
 
 
 def conplot_version():
-    return 'v0.3'
+    return 'v0.3.1'
 
 
 def get_base_url():
@@ -104,6 +104,8 @@ class UrlIndex(Enum):
     GDPR_WEBSITE = 'https://gdpr-info.eu'
     DOCKER_HUB = 'https://hub.docker.com/r/filosanrod/conplot'
     CONPLOT_DOCKER = 'https://github.com/rigdenlab/conplot-docker'
+    CONPLOT_MAIL = '[email protected]'
+    CONPLOT_USERNAME = 'conplot.noreply'
 
 
 def create_ConPlot(*args, **kwargs):

utils/app_utils.py

@@ -6,16 +6,18 @@
 from utils.exceptions import IntegrityError, UserExists, EmailAlreadyUsed
 
 
-def recover_account(username, email, secret, password_1, password_2):
+def recover_account(username, email, secret, password_1, password_2, logger):
 
     if password_1 != password_2:
         return components.InvalidPasswordRecoverAccount()
 
     success = postgres_utils.recover_account(username, email, secret, password_1)
 
     if success:
+        logger.info('Username {} reset password successful'.format(username))
         return components.SuccessRecoverAccount()
 
+    logger.info('Username {} failed to reset password'.format(username))
     return components.FailureRecoverAccount()
 
 

utils/callback_utils.py

@@ -4,7 +4,7 @@
 from dash import no_update
 from components import EmailIssueReference
 from loaders import DatasetReference, AdditionalDatasetReference
-from utils import slack_utils, decompress_data, cache_utils
+from utils import slack_utils, decompress_data, cache_utils, email_utils, postgres_utils
 
 
 class DatasetIndex(Enum):
@@ -46,6 +46,7 @@ def get_remove_trigger(trigger):
     dataset = index[1]
     return fname, dataset, is_open
 
+
 def is_user_login(trigger):
     prop_id = json.loads(trigger['prop_id'].replace('.n_clicks', ''))
     index = prop_id['idx']
@@ -109,10 +110,24 @@ def get_session_action(trigger):
 def submit_form(name, email, subject, description, logger):
     if not name or not email or not description or not subject:
         return components.InvalidContactFormModal()
-    elif slack_utils.user_get_in_touch(name, email, subject, description, logger):
+
+    elif subject != EmailIssueReference.FORGOT_PSSWRD.value:
+        slack_success = slack_utils.user_get_in_touch(name, email, subject, description, logger)
+        if not slack_success:
+            return components.SlackConnectionErrorModal()
         return components.SuccessContactFormModal()
+
     else:
-        return components.SlackConnectionErrorModal()
+        secret = postgres_utils.activate_recovery_mode(name, email)
+        if secret is None:
+            return components.ContactWrongAccountModal()
+
+        email_success = email_utils.acount_recovery(name, email, secret, logger)
+        slack_success = slack_utils.user_get_in_touch(name, email, subject, description, logger)
+        if not email_success or not slack_success:
+            return components.SlackConnectionErrorModal()
+
+        return components.ContactRecoverAccountModal()
 
 
 def retrieve_contact_fnames(session_id, cache):

utils/email_utils.py

@@ -0,0 +1,57 @@
+import os
+import yagmail
+import keyring
+from keyrings.cryptfile.cryptfile import CryptFileKeyring
+from utils import UrlIndex
+
+
+def no_keyring():
+    kr = keyring.get_keyring()
+    if not isinstance(kr, CryptFileKeyring):
+        return True
+    return False
+
+
+def set_keyring():
+    kr = CryptFileKeyring()
+    kr.keyring_key = os.environ["KEYRING_CRYPTFILE_PSSWRD"]
+    keyring.set_keyring(kr)
+
+
+def send_email(recipient, subject, contents):
+    with yagmail.SMTP(UrlIndex.CONPLOT_USERNAME.value) as yag:
+        yag.send(to=recipient, subject=subject, contents=contents)
+
+
+def register_mail():
+    yagmail.register(UrlIndex.CONPLOT_MAIL.value, os.environ['MAIL_PSSWRD'])
+
+
+def acount_recovery(username, email, secret, logger):
+    subject = 'ConPlot password recovery'
+
+    body = """
+Dear ConPlot user,
+    
+We are sending this email because you have requested to reset your password. To regain access to your account, please
+go to www.conplot.org/contact and complete the form. You will need to include the following verification code:
+
+Verification Code: {}
+
+This is an automated email, please do not reply to this message. To get in touch with us again, use to the form at 
+www.conplot.org/account-recovery
+    
+Best wishes,
+The ConPlot Team
+""".format(secret)
+
+    try:
+        if no_keyring():
+            set_keyring()
+            register_mail()
+        send_email(email, subject, body)
+        logger.info('Sent email to {} - {} for password recovery'.format(username, email))
+        return True
+    except Exception as e:
+        logger.error('Cannot send recovery email to {} - {}. Exception found: {}'.format(username, email, e))
+        return False

utils/postgres_utils.py

@@ -1,4 +1,5 @@
 import os
+import uuid
 from operator import attrgetter
 from collections import namedtuple
 from components import SessionListType
@@ -60,6 +61,13 @@ class SqlQueries(Enum):
     """.format(TableNames.USER_DATA.value, SqlFieldNames.PASSWORD.value, SqlFieldNames.PASSWORD.value,
                SqlFieldNames.USERNAME.value)
 
+    CHECK_USER_AND_EMAIL = """SELECT * FROM {} WHERE {} = %s AND {} = %s
+            """.format(TableNames.USER_DATA.value, SqlFieldNames.USERNAME.value, SqlFieldNames.EMAIL.value)
+
+    ACTIVATE_RECOVERY = """UPDATE {} SET {} = crypt(%s, {}) WHERE {} = %s AND {} = %s
+    """.format(TableNames.USER_DATA.value, SqlFieldNames.RECOVERY.value, SqlFieldNames.RECOVERY.value,
+               SqlFieldNames.USERNAME.value, SqlFieldNames.EMAIL.value)
+
     CHECK_IS_RECOVERY = """SELECT {} FROM {} WHERE {} = crypt(%s, {}) AND {} = %s AND {} = %s
     """.format(SqlFieldNames.ID.value, TableNames.USER_DATA.value, SqlFieldNames.RECOVERY.value,
                SqlFieldNames.RECOVERY.value, SqlFieldNames.USERNAME.value, SqlFieldNames.EMAIL.value)
@@ -190,6 +198,17 @@ def recover_account(username, email, secret, new_password):
     return False
 
 
+def activate_recovery_mode(username, email):
+    rslt = perform_query(SqlQueries.CHECK_USER_AND_EMAIL.value, args=(username, email), fetch=True)
+    if not rslt:
+        return None
+
+    secret = str(uuid.uuid4())
+    perform_query(SqlQueries.ACTIVATE_RECOVERY.value, args=(secret, username, email), commit=True)
+
+    return secret
+
+
 def store_session(username, session_name, session):
     session = prepare_session_storage(session)