|
|
"""
|
|
|
User authentication models and validation for OpenManus
|
|
|
Mobile number + password based authentication system
|
|
|
"""
|
|
|
|
|
|
import hashlib
|
|
|
import re
|
|
|
import secrets
|
|
|
from datetime import datetime, timedelta
|
|
|
from typing import Optional
|
|
|
from dataclasses import dataclass
|
|
|
from pydantic import BaseModel, validator
|
|
|
|
|
|
|
|
|
class UserSignupRequest(BaseModel):
|
|
|
"""User signup request model"""
|
|
|
|
|
|
full_name: str
|
|
|
mobile_number: str
|
|
|
password: str
|
|
|
confirm_password: str
|
|
|
|
|
|
@validator("full_name")
|
|
|
def validate_full_name(cls, v):
|
|
|
if not v or len(v.strip()) < 2:
|
|
|
raise ValueError("Full name must be at least 2 characters long")
|
|
|
if len(v.strip()) > 100:
|
|
|
raise ValueError("Full name must be less than 100 characters")
|
|
|
return v.strip()
|
|
|
|
|
|
@validator("mobile_number")
|
|
|
def validate_mobile_number(cls, v):
|
|
|
|
|
|
digits_only = re.sub(r"\D", "", v)
|
|
|
|
|
|
|
|
|
if len(digits_only) < 10 or len(digits_only) > 15:
|
|
|
raise ValueError("Mobile number must be between 10-15 digits")
|
|
|
|
|
|
|
|
|
if not re.match(r"^(\+?[1-9]\d{9,14})$", digits_only):
|
|
|
raise ValueError("Invalid mobile number format")
|
|
|
|
|
|
return digits_only
|
|
|
|
|
|
@validator("password")
|
|
|
def validate_password(cls, v):
|
|
|
if len(v) < 8:
|
|
|
raise ValueError("Password must be at least 8 characters long")
|
|
|
if len(v) > 128:
|
|
|
raise ValueError("Password must be less than 128 characters")
|
|
|
|
|
|
|
|
|
if not re.search(r"[A-Z]", v):
|
|
|
raise ValueError("Password must contain at least one uppercase letter")
|
|
|
if not re.search(r"[a-z]", v):
|
|
|
raise ValueError("Password must contain at least one lowercase letter")
|
|
|
if not re.search(r"\d", v):
|
|
|
raise ValueError("Password must contain at least one digit")
|
|
|
|
|
|
return v
|
|
|
|
|
|
@validator("confirm_password")
|
|
|
def validate_confirm_password(cls, v, values):
|
|
|
if "password" in values and v != values["password"]:
|
|
|
raise ValueError("Passwords do not match")
|
|
|
return v
|
|
|
|
|
|
|
|
|
class UserLoginRequest(BaseModel):
|
|
|
"""User login request model"""
|
|
|
|
|
|
mobile_number: str
|
|
|
password: str
|
|
|
|
|
|
@validator("mobile_number")
|
|
|
def validate_mobile_number(cls, v):
|
|
|
|
|
|
digits_only = re.sub(r"\D", "", v)
|
|
|
|
|
|
if len(digits_only) < 10 or len(digits_only) > 15:
|
|
|
raise ValueError("Invalid mobile number")
|
|
|
|
|
|
return digits_only
|
|
|
|
|
|
|
|
|
@dataclass
|
|
|
class User:
|
|
|
"""User model"""
|
|
|
|
|
|
id: str
|
|
|
mobile_number: str
|
|
|
full_name: str
|
|
|
password_hash: str
|
|
|
avatar_url: Optional[str] = None
|
|
|
preferences: Optional[str] = None
|
|
|
is_active: bool = True
|
|
|
created_at: Optional[datetime] = None
|
|
|
updated_at: Optional[datetime] = None
|
|
|
|
|
|
|
|
|
@dataclass
|
|
|
class UserSession:
|
|
|
"""User session model"""
|
|
|
|
|
|
session_id: str
|
|
|
user_id: str
|
|
|
mobile_number: str
|
|
|
full_name: str
|
|
|
created_at: datetime
|
|
|
expires_at: datetime
|
|
|
|
|
|
@property
|
|
|
def is_valid(self) -> bool:
|
|
|
"""Check if session is still valid"""
|
|
|
return datetime.utcnow() < self.expires_at
|
|
|
|
|
|
|
|
|
class UserAuth:
|
|
|
"""User authentication utilities"""
|
|
|
|
|
|
@staticmethod
|
|
|
def hash_password(password: str) -> str:
|
|
|
"""Hash password using SHA-256 with salt"""
|
|
|
salt = secrets.token_hex(32)
|
|
|
password_hash = hashlib.sha256((password + salt).encode()).hexdigest()
|
|
|
return f"{salt}:{password_hash}"
|
|
|
|
|
|
@staticmethod
|
|
|
def verify_password(password: str, password_hash: str) -> bool:
|
|
|
"""Verify password against stored hash"""
|
|
|
try:
|
|
|
salt, stored_hash = password_hash.split(":")
|
|
|
password_hash_check = hashlib.sha256((password + salt).encode()).hexdigest()
|
|
|
return password_hash_check == stored_hash
|
|
|
except ValueError:
|
|
|
return False
|
|
|
|
|
|
@staticmethod
|
|
|
def generate_session_id() -> str:
|
|
|
"""Generate secure session ID"""
|
|
|
return secrets.token_urlsafe(32)
|
|
|
|
|
|
@staticmethod
|
|
|
def generate_user_id() -> str:
|
|
|
"""Generate unique user ID"""
|
|
|
return f"user_{secrets.token_hex(16)}"
|
|
|
|
|
|
@staticmethod
|
|
|
def format_mobile_number(mobile_number: str) -> str:
|
|
|
"""Format mobile number for consistent storage"""
|
|
|
|
|
|
digits_only = re.sub(r"\D", "", mobile_number)
|
|
|
|
|
|
|
|
|
if not digits_only.startswith("+"):
|
|
|
|
|
|
if len(digits_only) == 10:
|
|
|
digits_only = f"1{digits_only}"
|
|
|
|
|
|
return f"+{digits_only}"
|
|
|
|
|
|
@staticmethod
|
|
|
def create_session(user: User, duration_hours: int = 24) -> UserSession:
|
|
|
"""Create a new user session"""
|
|
|
session_id = UserAuth.generate_session_id()
|
|
|
created_at = datetime.utcnow()
|
|
|
expires_at = created_at + timedelta(hours=duration_hours)
|
|
|
|
|
|
return UserSession(
|
|
|
session_id=session_id,
|
|
|
user_id=user.id,
|
|
|
mobile_number=user.mobile_number,
|
|
|
full_name=user.full_name,
|
|
|
created_at=created_at,
|
|
|
expires_at=expires_at,
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
class AuthResponse(BaseModel):
|
|
|
"""Authentication response model"""
|
|
|
|
|
|
success: bool
|
|
|
message: str
|
|
|
session_id: Optional[str] = None
|
|
|
user_id: Optional[str] = None
|
|
|
full_name: Optional[str] = None
|
|
|
|
|
|
|
|
|
class UserProfile(BaseModel):
|
|
|
"""User profile response model"""
|
|
|
|
|
|
user_id: str
|
|
|
full_name: str
|
|
|
mobile_number: str
|
|
|
avatar_url: Optional[str] = None
|
|
|
created_at: Optional[str] = None
|
|
|
|
|
|
@staticmethod
|
|
|
def mask_mobile_number(mobile_number: str) -> str:
|
|
|
"""Mask mobile number for security (show only last 4 digits)"""
|
|
|
if len(mobile_number) <= 4:
|
|
|
return "*" * len(mobile_number)
|
|
|
return "*" * (len(mobile_number) - 4) + mobile_number[-4:]
|
|
|
|
