dxc-technology · Nupur582 · Nov 8, 2021 · Nov 9, 2021 · Nov 10, 2021 · Nov 10, 2021
diff --git a/Backend/activate.py b/Backend/activate.py
@@ -0,0 +1,34 @@
+import re
+from bson.objectid import ObjectId
+from argon2 import PasswordHasher
+from argon2.exceptions import HashingError, VerificationError, VerifyMismatchError, InvalidHash
+import database
+import login
+
+VALID = r"valid"
+INVALID = r"invalid"
+EMAIL_NOT_EXIST = r'email does not exist'
+
+def activateuser(email , confirmationCode):
+    if email == "":
+        return "email is empty"
+    if validate_email_address(email) == INVALID:
+        return "email is not correct"
+    user_doc = database.get_user_details(email)
+    if len(user_doc) > 0:
+        if(user_doc['userStatus'] == ObjectId('5f776e5d6289f17659874f27')):
+            return "User is already active. Please proceed to login."
+        else:
+            if(user_doc['confirmation_code'] == confirmationCode):
+                database.modify_user_status(email)
+                return "You have now been activated. Please go ahead and login"
+            else:
+                return "Confirmation code do not match. Please check your email."
+    return "user does not exist"
+
+
+def validate_email_address(email_address):
+    regex = r'^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,3}$'
+    if re.search(regex, email_address) and email_address.strip() != "" and email_address is not None:
+        return VALID
+    return INVALID
diff --git a/Backend/app.py b/Backend/app.py
@@ -4,6 +4,7 @@
 from pymongo import database
 import login
 import registration
+import activate
 import view_badge
 import create_badge
 import view_users
@@ -72,6 +73,20 @@ def register_user():
                                  organization_name)
 
 
+@app.route("/activate", methods=['POST'])
+def activate_user():
+    req_body = request.get_json()
+    if req_body['email'] == "None":
+        email_id_list = ""
+    else:
+        email_id_list = req_body['email']
+    if req_body['confirmationCode'] == "None":
+        confirmationCode_list = ""
+    else:
+        confirmationCode_list = req_body['confirmationCode']
+    return activate.activateuser(email_id_list,confirmationCode_list)
+
+
 @app.route("/updateuser", methods=['POST'])
 def update_user_details():
     req_body = request.get_json()

diff --git a/Backend/backend_variable.env b/Backend/backend_variable.env
@@ -3,13 +3,12 @@
 DEBUG = True
 MAIL_SERVER = 'smtp.office365.com'
 MAIL_PORT = 587
-MAIL_USERNAME = No-replyBadge@cscportal.onmicrosoft.com
-MAIL_PASSWORD = P@noply@123
+MAIL_USERNAME = 
+MAIL_PASSWORD = 
 MAIL_USE_TLS = True
 MAIL_USE_SSL = True
 
 
 # DATABASE VARIABLES
 DB_NAME = Panoply
 DB_CONNECTION_STRING = 'mongodb+srv://dbuser:admin123@panoplycluster0.ssmov.mongodb.net/Panoply?retryWrites=true&w=majority'
-
diff --git a/Backend/database.py b/Backend/database.py
@@ -116,15 +116,21 @@ def update_user_password(email, hashed_password):
 
 
 def add_new_user(email, password, user_type, created_time_utc, modified_time_utc, first_name, second_name, middle_name,
-                 organization_name):
+                 organization_name,confirmation_code):
     user_collection = myDB["Users"]
     user_type_doc = get_user_type(user_type)
-    user_status_doc = get_user_status("active")
+    user_status_doc = get_user_status("registered")
     new_user = {"email": email, "password": password,
                 "userType": user_type_doc["_id"], "userStatus": user_status_doc["_id"], "created": created_time_utc,
                 "modified": modified_time_utc, "firstName": first_name, "secondName": second_name,
                 "middleName": middle_name, "organizationName": organization_name}
     new_user_doc = user_collection.insert_one(new_user)
+    user_collection.update(
+        {"email": email},
+        {
+            "$set": {"confirmation_code": confirmation_code}
+        }, upsert=False
+    )
     return str(new_user_doc.inserted_id)
 
 def modify_existing_user(userid, first_name, second_name, middle_name, organization_name):
@@ -1321,3 +1327,20 @@ def get_badge_type_options():
     json = dumps(badge_type_doc, indent=2)
     return json
 
+
+def modify_user_status(email):
+    user_collection = myDB["Users"]
+    user_collection.find_one_and_update(
+        {"email": email},
+        {
+            "$set": {"userStatus": ObjectId('5f776e5d6289f17659874f27') , "modified": datetime.now(timezone.utc)
+        }
+        }, upsert=True
+    )
+    user_collection.update(
+        {"email": email},
+        {
+            "$unset": {"confirmation_code": ""}
+        }, upsert=False
+    )
+    return "updated"
diff --git a/Backend/login.py b/Backend/login.py
@@ -16,12 +16,16 @@ def login(email, password):
         return "email is not correct"
     user_doc = database.get_user_details(email.lower())
     if len(user_doc) > 0:
-        try:
-            if password_hash.verify(user_doc['password'], password):
-                return str(ObjectId(user_doc['userType']))
+        if (user_doc['userStatus'] == ObjectId('5f776e5d6289f17659874f27')):    
+            try:
+                if password_hash.verify(user_doc['password'], password):
+                    return str(ObjectId(user_doc['userType']))
+
+            except (InvalidHash, HashingError, VerificationError, VerifyMismatchError):
+                return "password is wrong"
+        else:
+            return "please confirm and activate your account"
 
-        except (InvalidHash, HashingError, VerificationError, VerifyMismatchError):
-            return "password is wrong"
     return "user does not exist"
 
 

diff --git a/Backend/registration.py b/Backend/registration.py
@@ -5,12 +5,14 @@
 from dotenv import load_dotenv
 from argon2 import PasswordHasher
 from argon2.exceptions import HashingError, VerificationError, VerifyMismatchError, InvalidHash
+from pymongo import message
 import database
 import smtplib
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
 import random
 import array
+import math
 from bson.objectid import ObjectId
 
 VALID = r"valid"
@@ -100,6 +102,34 @@ def generate_strong_password():
     return password
 
 
+def email_confirmation(email_address,body):
+    env_path = 'backend_variable.env'
+    load_dotenv(dotenv_path=env_path)
+    sender_email = "No-replyBadge@cscportal.onmicrosoft.com"
+    receiver_email = email_address
+
+    msg = MIMEMultipart()
+    msg['Subject'] = 'Industrial Badger - Confirm and  activate email'
+    msg['From'] = sender_email
+    msg['To'] = receiver_email
+
+    message = """\
+    <p> Please click on the link below  to activate your email </p>
+    <a href="https://industrialized-ai-starter.azurewebsites.net/Activate">Click here to activate your email</a>
+    """
+    msg_text = MIMEText('<b>%s</b>'  % (body+ message), 'html')
+    msg.attach(msg_text)
+
+    try:
+        with smtplib.SMTP('smtp.office365.com', 587) as smtpObj:
+            smtpObj.ehlo()
+            smtpObj.starttls()
+            smtpObj.login(os.getenv("MAIL_USERNAME"), os.getenv("MAIL_PASSWORD"))
+            smtpObj.sendmail(sender_email, receiver_email, msg.as_string())
+    except Exception as e:
+        print(e)
+
+
 def register(email, password, user_type, first_name, second_name, middle_name, organization_name):
     if validate_email_exist(email.lower()) == "email already exists":
         return "user already exists"
@@ -117,13 +147,16 @@ def register(email, password, user_type, first_name, second_name, middle_name, o
     new_user_type = user_type_validation(user_type)
     if new_user_type == INVALID_USER_TYPE_MESSAGE:
         return INVALID_USER_TYPE_MESSAGE
+
+    confirmation_code = generate_strong_password()
     hashed_password = hash_password(password)
-
+    
     new_user_id = database.add_new_user(
         email, hashed_password, new_user_type, created_time_utc, modified_time_utc, first_name, second_name,
-        middle_name, organization_name)
+        middle_name, organization_name, confirmation_code)
     if len(new_user_id) > 0:
-        return "registered"
+        email_confirmation(email, "This is your activation code: " + confirmation_code)
+        return "registered"   
     return None
 
 
@@ -187,11 +220,13 @@ def email_content(email_address, body):
     msg['Subject'] = 'Industrial Badger - Password Reset'
     msg['From'] = sender_email
     msg['To'] = receiver_email
-    msg_text = MIMEText('<b>%s</b>' % body, 'html')
-    text = 'Go ahead and reset the password using the given link: http://localhost:3000/passwordchange'
-    msg_text1 = MIMEText(text, "plain")
+
+    message = """\
+    <p> \n </p>
+    <a href="https://industrialized-ai-starter.azurewebsites.net/passwordchange">Click here to reset password</a>
+    """
+    msg_text = MIMEText('<b>%s</b>' % (body + message), 'html')
     msg.attach(msg_text)
-    msg.attach(msg_text1)
 
     try:
         with smtplib.SMTP('smtp.office365.com', 587) as smtpObj:
@@ -211,7 +246,11 @@ def password_reset_email(email):
     user_doc = database.get_user_details(email)
     if len(user_doc) > 0:
         password = generate_strong_password()
-        email_content(email, "This is your new password: " + password)
+        email_content(email, "This is your new temporary password: " + password)
         password_reset(email, password)
         return "Email sent successfully"
     return "user does not exist"
+
+
+
+
diff --git a/UI/.gitignore b/UI/.gitignore
@@ -5,6 +5,7 @@
 /.pnp
 .pnp.js
 
+
 # testing
 /coverage
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,7 @@ @@
     /.pnp
     .pnp.js
     # testing
     /coverage
@@ Expand Down @@