app-MAIL-temp/app/api/views/user_info.py

import base64
import dataclasses
from io import BytesIO
from typing import Optional

from flask import jsonify, g, request, make_response

from app import s3, config
from app.api.base import api_bp, require_api_auth
from app.config import SESSION_COOKIE_NAME
from app.dashboard.views.index import get_stats
from app.db import Session
from app.image_validation import detect_image_format, ImageFormat
from app.models import ApiKey, File, PartnerUser, User
from app.proton.utils import get_proton_partner
from app.session import logout_session
from app.utils import random_string


def get_connected_proton_address(user: User) -> Optional[str]:
    proton_partner = get_proton_partner()
    partner_user = PartnerUser.get_by(user_id=user.id, partner_id=proton_partner.id)
    if partner_user is None:
        return None
    return partner_user.partner_email


def user_to_dict(user: User) -> dict:
    ret = {
        "name": user.name or "",
        "is_premium": user.is_premium(),
        "email": user.email,
        "in_trial": user.in_trial(),
        "max_alias_free_plan": user.max_alias_for_free_account(),
        "connected_proton_address": None,
        "can_create_reverse_alias": user.can_create_contacts(),
    }

    if config.CONNECT_WITH_PROTON:
        ret["connected_proton_address"] = get_connected_proton_address(user)

    if user.profile_picture_id:
        ret["profile_picture_url"] = user.profile_picture.get_url()
    else:
        ret["profile_picture_url"] = None

    return ret


@api_bp.route("/user_info")
@require_api_auth
def user_info():
    """
    Return user info given the api-key

    Output as json
    - name
    - is_premium
    - email
    - in_trial
    - max_alias_free
    - is_connected_with_proton
    - can_create_reverse_alias
    """
    user = g.user

    return jsonify(user_to_dict(user))


@api_bp.route("/user_info", methods=["PATCH"])
@require_api_auth
def update_user_info():
    """
    Input
    - profile_picture (optional): base64 of the profile picture. Set to null to remove the profile picture
    - name (optional)
    """
    user = g.user
    data = request.get_json() or {}

    if "profile_picture" in data:
        if user.profile_picture_id:
            file = user.profile_picture
            user.profile_picture_id = None
            Session.flush()
            if file:
                File.delete(file.id)
                s3.delete(file.path)
                Session.flush()
        else:
            raw_data = base64.decodebytes(data["profile_picture"].encode())
            if detect_image_format(raw_data) == ImageFormat.Unknown:
                return jsonify(error="Unsupported image format"), 400
            file_path = random_string(30)
            file = File.create(user_id=user.id, path=file_path)
            Session.flush()
            s3.upload_from_bytesio(file_path, BytesIO(raw_data))
            user.profile_picture_id = file.id
            Session.flush()

    if "name" in data:
        user.name = data["name"]

    Session.commit()

    return jsonify(user_to_dict(user))


@api_bp.route("/api_key", methods=["POST"])
@require_api_auth
def create_api_key():
    """Used to create a new api key
    Input:
    - device

    Output:
    - api_key
    """
    data = request.get_json()
    if not data:
        return jsonify(error="request body cannot be empty"), 400

    device = data.get("device")

    api_key = ApiKey.create(user_id=g.user.id, name=device)
    Session.commit()

    return jsonify(api_key=api_key.code), 201


@api_bp.route("/logout", methods=["GET"])
@require_api_auth
def logout():
    """
    Log user out on the web, i.e. remove the cookie

    Output:
    - 200
    """
    logout_session()
    response = make_response(jsonify(msg="User is logged out"), 200)
    response.delete_cookie(SESSION_COOKIE_NAME)

    return response


@api_bp.route("/stats")
@require_api_auth
def user_stats():
    """
    Return stats

    Output as json
    - nb_alias
    - nb_forward
    - nb_reply
    - nb_block

    """
    user = g.user
    stats = get_stats(user)

    return jsonify(dataclasses.asdict(stats))
return profile_picture_url in GET /user_info 2020-10-28 17:11:33 +01:00			`import base64`
Stats endpoint (#1716) * update some dependencies: newrelic, gevent that isn't compatible with python 3.11 on mac * update package-lock using npm 9.6.4 and node 20.0 * Add GET /api/stats * update pytest --------- Co-authored-by: Son Nguyen Kim <son@Sons-MacBook-Air-2.local> 2023-05-03 10:15:47 +02:00			`import dataclasses`
return profile_picture_url in GET /user_info 2020-10-28 17:11:33 +01:00			`from io import BytesIO`
fix proton partner error when self host (#1255) * fix proton partner error when self host * fix test * fix test * remove a@b.c 2022-09-01 14:59:16 +02:00			`from typing import Optional`
return profile_picture_url in GET /user_info 2020-10-28 17:11:33 +01:00
add GET /api/logout 2020-07-04 12:10:04 +02:00			`from flask import jsonify, g, request, make_response`
Add /api/user_info 2020-01-05 22:48:38 +01:00
fix proton partner error when self host (#1255) * fix proton partner error when self host * fix test * fix test * remove a@b.c 2022-09-01 14:59:16 +02:00			`from app import s3, config`
rename verify_api_key -> require_api_auth 2020-04-24 14:08:00 +02:00			`from app.api.base import api_bp, require_api_auth`
add GET /api/logout 2020-07-04 12:10:04 +02:00			`from app.config import SESSION_COOKIE_NAME`
Stats endpoint (#1716) * update some dependencies: newrelic, gevent that isn't compatible with python 3.11 on mac * update package-lock using npm 9.6.4 and node 20.0 * Add GET /api/stats * update pytest --------- Co-authored-by: Son Nguyen Kim <son@Sons-MacBook-Air-2.local> 2023-05-03 10:15:47 +02:00			`from app.dashboard.views.index import get_stats`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`from app.db import Session`
Several fixes (#2157) * Ensure uploaded pictures are images and delete the previous ones * Add CSRF protection to admin routes * Only allow https urls in the client envs * Close connection to try to get a new one * Missing parameter * start_time can be non existant. Set a default value 2024-07-18 14:48:18 +02:00			`from app.image_validation import detect_image_format, ImageFormat`
Fixes for connect with proton on mobile (#1230) * Fixes for connect with proton on mobile * Added a test Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-08-12 13:17:21 +02:00			`from app.models import ApiKey, File, PartnerUser, User`
			`from app.proton.utils import get_proton_partner`
Store session in redis if redis is enabled (#1288) * Store sesions in redis to prevent saving old cookies * Format * Rename sid to session_id * Logout session completely Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-09-21 11:11:17 +02:00			`from app.session import logout_session`
fix proton partner error when self host (#1255) * fix proton partner error when self host * fix test * fix test * remove a@b.c 2022-09-01 14:59:16 +02:00			`from app.utils import random_string`
Fixes for connect with proton on mobile (#1230) * Fixes for connect with proton on mobile * Added a test Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-08-12 13:17:21 +02:00

			`def get_connected_proton_address(user: User) -> Optional[str]:`
			`proton_partner = get_proton_partner()`
			`partner_user = PartnerUser.get_by(user_id=user.id, partner_id=proton_partner.id)`
			`if partner_user is None:`
			`return None`
			`return partner_user.partner_email`
return profile_picture_url in GET /user_info 2020-10-28 17:11:33 +01:00

			`def user_to_dict(user: User) -> dict:`
			`ret = {`
remove the "Hi {name}" from email template 2021-01-11 10:22:39 +01:00			`"name": user.name or "",`
return profile_picture_url in GET /user_info 2020-10-28 17:11:33 +01:00			`"is_premium": user.is_premium(),`
			`"email": user.email,`
			`"in_trial": user.in_trial(),`
Restrict the number of free alias for new free users (#1155) * Restrict the number of free alias for new free users * Fix test * Make flag reverse Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-07-20 11:09:22 +02:00			`"max_alias_free_plan": user.max_alias_for_free_account(),`
fix proton partner error when self host (#1255) * fix proton partner error when self host * fix test * fix test * remove a@b.c 2022-09-01 14:59:16 +02:00			`"connected_proton_address": None,`
Do not allow free users to create reverse alias to reduce abuse (#2013) * Do not allow free users to create reverse alias to reduce abuse * Update format * Move function under user * Update tests 2024-01-16 14:51:01 +01:00			`"can_create_reverse_alias": user.can_create_contacts(),`
return profile_picture_url in GET /user_info 2020-10-28 17:11:33 +01:00			`}`

fix proton partner error when self host (#1255) * fix proton partner error when self host * fix test * fix test * remove a@b.c 2022-09-01 14:59:16 +02:00			`if config.CONNECT_WITH_PROTON:`
			`ret["connected_proton_address"] = get_connected_proton_address(user)`

return profile_picture_url in GET /user_info 2020-10-28 17:11:33 +01:00			`if user.profile_picture_id:`
			`ret["profile_picture_url"] = user.profile_picture.get_url()`
			`else:`
			`ret["profile_picture_url"] = None`

			`return ret`
Add /api/user_info 2020-01-05 22:48:38 +01:00

			`@api_bp.route("/user_info")`
rename verify_api_key -> require_api_auth 2020-04-24 14:08:00 +02:00			`@require_api_auth`
Add /api/user_info 2020-01-05 22:48:38 +01:00			`def user_info():`
			`"""`
			`Return user info given the api-key`
Restrict the number of free alias for new free users (#1155) * Restrict the number of free alias for new free users * Fix test * Make flag reverse Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-07-20 11:09:22 +02:00
			`Output as json`
			`- name`
			`- is_premium`
			`- email`
			`- in_trial`
			`- max_alias_free`
Fixes for connect with proton on mobile (#1230) * Fixes for connect with proton on mobile * Added a test Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-08-12 13:17:21 +02:00			`- is_connected_with_proton`
Do not allow free users to create reverse alias to reduce abuse (#2013) * Do not allow free users to create reverse alias to reduce abuse * Update format * Move function under user * Update tests 2024-01-16 14:51:01 +01:00			`- can_create_reverse_alias`
Add /api/user_info 2020-01-05 22:48:38 +01:00			`"""`
			`user = g.user`

return profile_picture_url in GET /user_info 2020-10-28 17:11:33 +01:00			`return jsonify(user_to_dict(user))`
Create POST /api/api_key 2020-07-04 11:41:31 +02:00

Add PATCH /api/user_info 2020-10-28 17:12:21 +01:00			`@api_bp.route("/user_info", methods=["PATCH"])`
			`@require_api_auth`
			`def update_user_info():`
			`"""`
			`Input`
			`- profile_picture (optional): base64 of the profile picture. Set to null to remove the profile picture`
			`- name (optional)`
			`"""`
			`user = g.user`
			`data = request.get_json() or {}`

			`if "profile_picture" in data:`
Several fixes (#2157) * Ensure uploaded pictures are images and delete the previous ones * Add CSRF protection to admin routes * Only allow https urls in the client envs * Close connection to try to get a new one * Missing parameter * start_time can be non existant. Set a default value 2024-07-18 14:48:18 +02:00			`if user.profile_picture_id:`
			`file = user.profile_picture`
			`user.profile_picture_id = None`
			`Session.flush()`
			`if file:`
			`File.delete(file.id)`
			`s3.delete(file.path)`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.flush()`
Add PATCH /api/user_info 2020-10-28 17:12:21 +01:00			`else:`
			`raw_data = base64.decodebytes(data["profile_picture"].encode())`
Several fixes (#2157) * Ensure uploaded pictures are images and delete the previous ones * Add CSRF protection to admin routes * Only allow https urls in the client envs * Close connection to try to get a new one * Missing parameter * start_time can be non existant. Set a default value 2024-07-18 14:48:18 +02:00			`if detect_image_format(raw_data) == ImageFormat.Unknown:`
			`return jsonify(error="Unsupported image format"), 400`
Add PATCH /api/user_info 2020-10-28 17:12:21 +01:00			`file_path = random_string(30)`
			`file = File.create(user_id=user.id, path=file_path)`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.flush()`
Add PATCH /api/user_info 2020-10-28 17:12:21 +01:00			`s3.upload_from_bytesio(file_path, BytesIO(raw_data))`
			`user.profile_picture_id = file.id`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.flush()`
Add PATCH /api/user_info 2020-10-28 17:12:21 +01:00
			`if "name" in data:`
			`user.name = data["name"]`

do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.commit()`
Add PATCH /api/user_info 2020-10-28 17:12:21 +01:00
			`return jsonify(user_to_dict(user))`


Create POST /api/api_key 2020-07-04 11:41:31 +02:00			`@api_bp.route("/api_key", methods=["POST"])`
			`@require_api_auth`
			`def create_api_key():`
			`"""Used to create a new api key`
			`Input:`
			`- device`

			`Output:`
			`- api_key`
			`"""`
			`data = request.get_json()`
			`if not data:`
			`return jsonify(error="request body cannot be empty"), 400`

			`device = data.get("device")`

			`api_key = ApiKey.create(user_id=g.user.id, name=device)`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`Session.commit()`
Create POST /api/api_key 2020-07-04 11:41:31 +02:00
			`return jsonify(api_key=api_key.code), 201`
add GET /api/logout 2020-07-04 12:10:04 +02:00

			`@api_bp.route("/logout", methods=["GET"])`
			`@require_api_auth`
			`def logout():`
			`"""`
			`Log user out on the web, i.e. remove the cookie`

			`Output:`
			`- 200`
			`"""`
Store session in redis if redis is enabled (#1288) * Store sesions in redis to prevent saving old cookies * Format * Rename sid to session_id * Logout session completely Co-authored-by: Adrià Casajús <adria.casajus@proton.ch> 2022-09-21 11:11:17 +02:00			`logout_session()`
add GET /api/logout 2020-07-04 12:10:04 +02:00			`response = make_response(jsonify(msg="User is logged out"), 200)`
			`response.delete_cookie(SESSION_COOKIE_NAME)`

			`return response`
Stats endpoint (#1716) * update some dependencies: newrelic, gevent that isn't compatible with python 3.11 on mac * update package-lock using npm 9.6.4 and node 20.0 * Add GET /api/stats * update pytest --------- Co-authored-by: Son Nguyen Kim <son@Sons-MacBook-Air-2.local> 2023-05-03 10:15:47 +02:00

			`@api_bp.route("/stats")`
			`@require_api_auth`
			`def user_stats():`
			`"""`
			`Return stats`

			`Output as json`
			`- nb_alias`
			`- nb_forward`
			`- nb_reply`
			`- nb_block`

			`"""`
			`user = g.user`
			`stats = get_stats(user)`

			`return jsonify(dataclasses.asdict(stats))`