From cb2af2fc9fb333e9ac5785880288f0ddd883d1e2 Mon Sep 17 00:00:00 2001
From: Mr-DareDevil <arnabsen1729@gmail.com>
Date: Mon, 28 Dec 2020 22:26:14 +0530
Subject: [PATCH 1/2] Upd: Email Service added

---
 .gitignore                        |   3 +
 README.md                         |  41 +--
 app/__init__.py                   |   8 +-
 app/db.py                         |  84 +++--
 app/routes.py                     |  71 ++++-
 app/templates/reset-password.html | 495 ++++++++++++++++++++++++++++++
 config.py                         |   9 +-
 sample.env                        |   5 +-
 utils.py                          |  61 ++++
 9 files changed, 694 insertions(+), 83 deletions(-)
 create mode 100644 app/templates/reset-password.html
 create mode 100644 utils.py

diff --git a/.gitignore b/.gitignore
index a81c8ee..5e6bc6a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+# IDE specific config files
+.vscode/
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
diff --git a/README.md b/README.md
index 1d39835..1621711 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,12 @@
-# omg-frames-api
+# IWasAt
 
 This is the backend of the [OMG Frames](https://github.com/dsc-x/omg-frames) having the register/login routes, and other related ones. 
 
 Link to the front-end repo: [omg-frames](https://github.com/dsc-x/omg-frames)
 
-Backend is running at: [http://104.236.25.178/api/v1](http://104.236.25.178/api/v1)
+Backend is running at: [https://api.iwasat.events/api/v1](https://api.iwasat.events/api/v1/)
 
-All the API endpoints are prefixed by `/api/v1` e.g `http://104.236.25.178/api/v1/login`
+All the API endpoints are prefixed by `/api/v1` e.g `https://api.iwasat.events/api/v1/login`
 
 ## Technologies used
 
@@ -18,7 +18,7 @@ All the API endpoints are prefixed by `/api/v1` e.g `http://104.236.25.178/api/v
 
 ## API Endpoints
 
-For API documentation go to [http://104.236.25.178/apidocs/](http://104.236.25.178/apidocs/).
+For API documentation go to [https://api.iwasat.events/apidocs/](https://api.iwasat.events/apidocs/).
 
 ## Development
 
@@ -51,21 +51,22 @@ This will start the local server in port 5000.
 ## Project structure
 
 ```
-    omg-frames-api
-    .
-    ├── app
-    │   ├── db.py
-    │   ├── __init__.py
-    │   └── routes.py
-    ├── config.py
-    ├── docs
-    │   ├── getframes.yml
-    │   ├── login.yml
-    │   ├── postframes.yml
-    │   └── register.yml
-    ├── README.md
-    ├── requirements.txt
-    ├── sample.env
-    └── server.py
+omg-frames-api
+├── app
+│   ├── db.py
+│   ├── __init__.py
+│   └── routes.py
+├── config.py
+├── docs
+│   ├── deleteframes.yml
+│   ├── getframes.yml
+│   ├── login.yml
+│   ├── postframes.yml
+│   ├── register.yml
+│   └── updateframes.yml
+├── README.md
+├── requirements.txt
+├── sample.env
+└── server.py
 ```
 
diff --git a/app/__init__.py b/app/__init__.py
index b31fe93..316d7fd 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -3,6 +3,7 @@
 from app.db import Db
 from flasgger import Swagger
 from flask_cors import CORS
+from flask_mail import Mail
 
 template = {
   "swagger": "2.0",
@@ -19,8 +20,8 @@
     "http",
     "https"
   ],
-  'securityDefinitions': { 
-    'basicAuth': { 'type': 'apiKey', 'name': 'Authorization', 'in': 'header'}
+  'securityDefinitions': {
+    'basicAuth': {'type': 'apiKey', 'name': 'Authorization', 'in': 'header'}
   }
 }
 
@@ -28,9 +29,8 @@
 app = Flask(__name__)
 CORS(app)
 app.config.from_object(Config)
+mail = Mail(app)
 
 swagger = Swagger(app, template=template)
 
 from app import routes
-
-
diff --git a/app/db.py b/app/db.py
index 9e27d32..da1130f 100644
--- a/app/db.py
+++ b/app/db.py
@@ -1,36 +1,7 @@
-from config import Config, FirebaseConfig
+from config import FirebaseConfig
 from passlib.hash import pbkdf2_sha256
+from utils import Utils
 import pyrebase
-import jwt
-import datetime
-
-
-def encode_auth_token(user_id):
-    try:
-        payload = {
-            'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1, minutes=0),
-            'iat': datetime.datetime.utcnow(),
-            'id': user_id
-        }
-        return jwt.encode(
-            payload,
-            Config.SECRET_KEY,
-            algorithm='HS256'
-        )
-    except Exception as e:
-        return e
-
-
-def decode_auth_token(auth_token):
-    try:
-        payload = jwt.decode(auth_token, Config.SECRET_KEY)
-        return payload['id']
-    except jwt.ExpiredSignatureError:
-        print('ERROR: Signature expired. Please log in again.')
-        return None
-    except jwt.InvalidTokenError:
-        print('ERROR: Invalid token. Please log in again.')
-        return None
 
 
 class Db:
@@ -59,7 +30,7 @@ def add_participants(db, userDetails):
             print(' * Participant added to db')
             return True
         except Exception as e:
-            print('ERROR: <add_participants>' , e)
+            print('ERROR: <add_participants>', e)
             return False
 
     @staticmethod
@@ -70,7 +41,7 @@ def check_valid_details(db, userDetails):
             assert len(userDetails["password"]) > 6
 
             participants = db.child('participants').get().val()
-            if participants == None:
+            if participants is None:
                 # no participant data
                 return True
             for user_id in participants:
@@ -99,7 +70,7 @@ def authorise_participants(db, userDetails):
     @staticmethod
     def get_token(db, user_id):
         try:
-            token = encode_auth_token(user_id)
+            token = Utils.encode_auth_token(user_id)
             return token.decode('UTF-8')
         except Exception as e:
             print('ERROR:', e)
@@ -108,10 +79,10 @@ def get_token(db, user_id):
     @staticmethod
     def save_frame(db, token, frame):
         try:
-            user_id = decode_auth_token(token)
-            if user_id!= None:
+            user_id = Utils.decode_auth_token(token)
+            if user_id is not None:
                 frame_id = db.child('participants').child(user_id).child('frames').push(frame)
-                frame_obj={
+                frame_obj = {
                     "frame_data": frame,
                     "frame_id": frame_id["name"]
                 }
@@ -127,12 +98,12 @@ def save_frame(db, token, frame):
     @staticmethod
     def get_frames(db, token):
         try:
-            user_id = decode_auth_token(token)
-            if user_id != None:
+            user_id = Utils.decode_auth_token(token)
+            if user_id is not None:
                 frames = db.child('participants').child(user_id).child('frames').get().val()
                 frame_arr = []
-                if frames!= None:
-                    frame_arr = [{"frame_id":fid, "frame_data":frames[fid]} for fid in frames]
+                if frames is not None:
+                    frame_arr = [{"frame_id": fid, "frame_data": frames[fid]} for fid in frames]
                 return frame_arr
             else:
                 print('ERROR: Token Value is None')
@@ -144,8 +115,8 @@ def get_frames(db, token):
     @staticmethod
     def delete_frames(db, token, frame_id):
         try:
-            user_id = decode_auth_token(token)
-            if user_id != None:
+            user_id = Utils.decode_auth_token(token)
+            if user_id is not None:
                 db.child('participants').child(user_id).child('frames').child(frame_id).remove()
                 return True
             else:
@@ -157,12 +128,31 @@ def delete_frames(db, token, frame_id):
 
     @staticmethod
     def update_frames(db, token, frame_id, frame_data):
-        user_id = decode_auth_token(token)
-        if user_id != None:
+        user_id = Utils.decode_auth_token(token)
+        if user_id is not None:
             db.child('participants').child(user_id).child('frames').child(frame_id).remove()
             upd_frame_id = db.child('participants').child(user_id).child('frames').push(frame_data)
-            frame = {"frame_id":upd_frame_id['name'], "frame_data":frame_data}
+            frame = {"frame_id": upd_frame_id['name'], "frame_data": frame_data}
             return frame
         else:
             print('ERROR: Token Value is None')
-            return None
\ No newline at end of file
+            return None
+
+    @staticmethod
+    def check_email_address(db, email):
+        participants = db.child('participants').get().val()
+        if participants is None:
+            # No records found
+            return None
+        else:
+            for user_id in participants:
+                user = participants[user_id]
+                if user and (user["email"] == email):
+                    return user_id
+            return None
+
+    @staticmethod
+    def change_password(db, user_id, password):
+        user_details = db.child('participants').child(user_id).get().val()
+        user_details['password'] = pbkdf2_sha256.hash(password)
+        db.child('participants').child(user_id).update(user_details)
diff --git a/app/routes.py b/app/routes.py
index 160973c..be3065d 100644
--- a/app/routes.py
+++ b/app/routes.py
@@ -1,5 +1,6 @@
-from flask import request, jsonify, make_response, abort
-from app import app, Db
+from flask import request, jsonify, make_response
+from app import app, Db, mail
+from utils import Utils
 from flasgger.utils import swag_from
 
 BASE_URL = '/api/v1'
@@ -7,12 +8,62 @@
 database = Db.init_db()
 
 
-@app.route(BASE_URL+'/')
+@app.route(BASE_URL + '/')
 def index():
     return make_response(jsonify({"message": "DSC Frames API"})), 201
 
 
-@app.route(BASE_URL+'/register', methods=['POST'])
+@app.route(BASE_URL + '/send-reset-mail', methods=['POST'])
+def send_reset_mail():
+    data = request.json
+    if 'email' not in data.keys():
+        responseObject = {
+            'message': 'email not specified in the body'
+        }
+        return make_response(jsonify(responseObject)), 400
+    else:
+        emailAddr = data['email']
+        userId = Db.check_email_address(database, emailAddr)
+        if userId is not None:
+            resetLink = f'https://iwasat.events/reset.html?token={Utils.get_reset_token(userId)}'
+            Utils.send_reset_password_mail(mail, resetLink, emailAddr)
+            responseObject = {
+                'message': 'reset link was sent to the respective email address'
+            }
+            return make_response(jsonify(responseObject)), 200
+        else:
+            responseObject = {
+                'message': 'email doesnot match'
+            }
+            return make_response(jsonify(responseObject)), 401
+
+
+@app.route(BASE_URL + '/update-password', methods=['POST'])
+def update_password():
+    data = request.json
+    if 'token' not in data.keys() and 'password' not in data.keys():
+        responseObject = {
+            'message': 'email not specified in the body'
+        }
+        return make_response(jsonify(responseObject)), 400
+    else:
+        token = data['token']
+        password = data['password']
+        userId = Utils.verify_reset_token(token)
+        if userId is None:
+            responseObject = {
+                'message': 'invalid reset token'
+            }
+            return make_response(jsonify(responseObject)), 401
+        else:
+            Db.change_password(database, userId, password)
+            responseObject = {
+                'message': 'password updated successfully'
+            }
+            return make_response(jsonify(responseObject)), 200
+
+
+@app.route(BASE_URL + '/register', methods=['POST'])
 @swag_from('../docs/register.yml')
 def register():
     user = request.json
@@ -24,19 +75,19 @@ def register():
         return make_response(jsonify({"message": "Internal Server error"})), 500
 
 
-@app.route(BASE_URL+'/login', methods=['POST'])
+@app.route(BASE_URL + '/login', methods=['POST'])
 @swag_from('../docs/login.yml')
 def login():
     user = request.json
     user_data = Db.authorise_participants(database, user)
-    if (user_data != None and user_data[0] != None):
+    if (user_data is not None and user_data[0] is not None):
         user_token = Db.get_token(database, user_data[0])
         return make_response(jsonify({"token": user_token, "data": user_data[1]})), 202
     else:
         return make_response(jsonify({"message": "Login failed"})), 401
 
 
-@app.route(BASE_URL+'/frames', methods=['POST', 'GET', 'DELETE', 'PUT'])
+@app.route(BASE_URL + '/frames', methods=['POST', 'GET', 'DELETE', 'PUT'])
 @swag_from('../docs/getframes.yml', methods=['GET'])
 @swag_from('../docs/postframes.yml', methods=['POST'])
 @swag_from('../docs/deleteframes.yml', methods=['DELETE'])
@@ -58,7 +109,7 @@ def frames():
             frame = request.json['frame']
             if frame:
                 responseObject = Db.save_frame(database, auth_token, frame)
-                if responseObject != None:
+                if responseObject is not None:
                     return make_response(jsonify(responseObject)), 201
                 else:
                     responseObject = {
@@ -72,7 +123,7 @@ def frames():
                 return make_response(jsonify(responseObject)), 400
         elif request.method == 'GET':
             frames_arr = Db.get_frames(database, auth_token)
-            if frames_arr != None:
+            if frames_arr is not None:
                 responseObject = {
                     'frames': frames_arr
                 }
@@ -98,7 +149,7 @@ def frames():
             frame_id = request.json['frame_id']
             frame_data = request.json['frame_data']
             upd_frame = Db.update_frames(database, auth_token, frame_id, frame_data)
-            if upd_frame != None:
+            if upd_frame is not None:
                 responseObject = {
                     'message': 'Frame was updated successfully',
                     'data': upd_frame
diff --git a/app/templates/reset-password.html b/app/templates/reset-password.html
new file mode 100644
index 0000000..d25c4c0
--- /dev/null
+++ b/app/templates/reset-password.html
@@ -0,0 +1,495 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="x-apple-disable-message-reformatting" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <meta name="color-scheme" content="light dark" />
+    <meta name="supported-color-schemes" content="light dark" />
+    <title></title>
+    <style type="text/css" rel="stylesheet" media="all">
+    /* Base ------------------------------ */
+    
+    @import url("https://fonts.googleapis.com/css?family=Nunito+Sans:400,700&amp;display=swap");
+    body {
+      width: 100% !important;
+      height: 100%;
+      margin: 0;
+      -webkit-text-size-adjust: none;
+    }
+    
+    a {
+      color: #3869D4;
+    }
+    
+    a img {
+      border: none;
+    }
+    
+    td {
+      word-break: break-word;
+    }
+    
+    .preheader {
+      display: none !important;
+      visibility: hidden;
+      mso-hide: all;
+      font-size: 1px;
+      line-height: 1px;
+      max-height: 0;
+      max-width: 0;
+      opacity: 0;
+      overflow: hidden;
+    }
+    /* Type ------------------------------ */
+    
+    body,
+    td,
+    th {
+      font-family: "Nunito Sans", Helvetica, Arial, sans-serif;
+    }
+    
+    h1 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 22px;
+      font-weight: bold;
+      text-align: left;
+    }
+    
+    h2 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 16px;
+      font-weight: bold;
+      text-align: left;
+    }
+    
+    h3 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 14px;
+      font-weight: bold;
+      text-align: left;
+    }
+    
+    td,
+    th {
+      font-size: 16px;
+    }
+    
+    p,
+    ul,
+    ol,
+    blockquote {
+      margin: .4em 0 1.1875em;
+      font-size: 16px;
+      line-height: 1.625;
+    }
+    
+    p.sub {
+      font-size: 13px;
+    }
+    /* Utilities ------------------------------ */
+    
+    .align-right {
+      text-align: right;
+    }
+    
+    .align-left {
+      text-align: left;
+    }
+    
+    .align-center {
+      text-align: center;
+    }
+    /* Buttons ------------------------------ */
+    
+    .button {
+      background-color: #3869D4;
+      border-top: 10px solid #3869D4;
+      border-right: 18px solid #3869D4;
+      border-bottom: 10px solid #3869D4;
+      border-left: 18px solid #3869D4;
+      display: inline-block;
+      color: #FFF;
+      text-decoration: none;
+      border-radius: 3px;
+      box-shadow: 0 2px 3px rgba(0, 0, 0, 0.16);
+      -webkit-text-size-adjust: none;
+      box-sizing: border-box;
+    }
+        
+    .button--red {
+      background-color: #FF6136;
+      border-top: 10px solid #FF6136;
+      border-right: 18px solid #FF6136;
+      border-bottom: 10px solid #FF6136;
+      border-left: 18px solid #FF6136;
+    }
+    
+    @media only screen and (max-width: 500px) {
+      .button {
+        width: 100% !important;
+        text-align: center !important;
+      }
+    }
+    /* Attribute list ------------------------------ */
+    
+    .attributes {
+      margin: 0 0 21px;
+    }
+    
+    .attributes_content {
+      background-color: #F4F4F7;
+      padding: 16px;
+    }
+    
+    .attributes_item {
+      padding: 0;
+    }
+    /* Related Items ------------------------------ */
+    
+    .related {
+      width: 100%;
+      margin: 0;
+      padding: 25px 0 0 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+    
+    .related_item {
+      padding: 10px 0;
+      color: #CBCCCF;
+      font-size: 15px;
+      line-height: 18px;
+    }
+    
+    .related_item-title {
+      display: block;
+      margin: .5em 0 0;
+    }
+    
+    .related_item-thumb {
+      display: block;
+      padding-bottom: 10px;
+    }
+    
+    .related_heading {
+      border-top: 1px solid #CBCCCF;
+      text-align: center;
+      padding: 25px 0 10px;
+    }
+    /* Social Icons ------------------------------ */
+    
+    .social {
+      width: auto;
+    }
+    
+    .social td {
+      padding: 0;
+      width: auto;
+    }
+    
+    .social_icon {
+      height: 20px;
+      margin: 0 8px 10px 8px;
+      padding: 0;
+    }
+    /* Data table ------------------------------ */
+    
+    .purchase {
+      width: 100%;
+      margin: 0;
+      padding: 35px 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+    
+    .purchase_content {
+      width: 100%;
+      margin: 0;
+      padding: 25px 0 0 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+    
+    .purchase_item {
+      padding: 10px 0;
+      color: #51545E;
+      font-size: 15px;
+      line-height: 18px;
+    }
+    
+    .purchase_heading {
+      padding-bottom: 8px;
+      border-bottom: 1px solid #EAEAEC;
+    }
+    
+    .purchase_heading p {
+      margin: 0;
+      color: #85878E;
+      font-size: 12px;
+    }
+    
+    .purchase_footer {
+      padding-top: 15px;
+      border-top: 1px solid #EAEAEC;
+    }
+    
+    .purchase_total {
+      margin: 0;
+      text-align: right;
+      font-weight: bold;
+      color: #333333;
+    }
+    
+    .purchase_total--label {
+      padding: 0 15px 0 0;
+    }
+    
+    body {
+      background-color: #F2F4F6;
+      color: #51545E;
+    }
+    
+    p {
+      color: #51545E;
+    }
+    
+    .email-wrapper {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #F2F4F6;
+    }
+    
+    .email-content {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+    /* Masthead ----------------------- */
+    
+    .email-masthead {
+      padding: 25px 0;
+      text-align: center;
+    }
+    
+    .email-masthead_logo {
+      width: 94px;
+    }
+    
+    .email-masthead_name {
+      font-size: 16px;
+      font-weight: bold;
+      color: #A8AAAF;
+      text-decoration: none;
+      text-shadow: 0 1px 0 white;
+    }
+    /* Body ------------------------------ */
+    
+    .email-body {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+    
+    .email-body_inner {
+      width: 570px;
+      margin: 0 auto;
+      padding: 0;
+      -premailer-width: 570px;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #FFFFFF;
+    }
+    
+    .email-footer {
+      width: 570px;
+      margin: 0 auto;
+      padding: 0;
+      -premailer-width: 570px;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      text-align: center;
+    }
+    
+    .email-footer p {
+      color: #A8AAAF;
+    }
+    
+    .body-action {
+      width: 100%;
+      margin: 30px auto;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      text-align: center;
+    }
+    
+    .body-sub {
+      margin-top: 25px;
+      padding-top: 25px;
+      border-top: 1px solid #EAEAEC;
+    }
+    
+    .content-cell {
+      padding: 45px;
+    }
+    /*Media Queries ------------------------------ */
+    
+    @media only screen and (max-width: 600px) {
+      .email-body_inner,
+      .email-footer {
+        width: 100% !important;
+      }
+    }
+    
+    @media (prefers-color-scheme: dark) {
+      body,
+      .email-body,
+      .email-body_inner,
+      .email-content,
+      .email-wrapper,
+      .email-masthead,
+      .email-footer {
+        background-color: #333333 !important;
+        color: #FFF !important;
+      }
+      p,
+      ul,
+      ol,
+      blockquote,
+      h1,
+      h2,
+      h3,
+      span,
+      .purchase_item {
+        color: #FFF !important;
+      }
+      .attributes_content,
+      .discount {
+        background-color: #222 !important;
+      }
+      .email-masthead_name {
+        text-shadow: none !important;
+      }
+    }
+    
+    :root {
+      color-scheme: light dark;
+      supported-color-schemes: light dark;
+    }
+    </style>
+    <style type="text/css" rel="stylesheet" media="all">
+    body {
+      width: 100% !important;
+      height: 100%;
+      margin: 0;
+      -webkit-text-size-adjust: none;
+    }
+    
+    body {
+      font-family: "Nunito Sans", Helvetica, Arial, sans-serif;
+    }
+    
+    body {
+      background-color: #F2F4F6;
+      color: #51545E;
+    }
+    </style>
+  </head>
+  <body style="width: 100% !important; height: 100%; -webkit-text-size-adjust: none; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; background-color: #F2F4F6; color: #51545E; margin: 0;" bgcolor="#F2F4F6">
+    <span class="preheader" style="display: none !important; visibility: hidden; mso-hide: all; font-size: 1px; line-height: 1px; max-height: 0; max-width: 0; opacity: 0; overflow: hidden;">Use this link to reset your password. The link is only valid for 24 hours.</span>
+    <table class="email-wrapper" width="100%" cellpadding="0" cellspacing="0" role="presentation" style="width: 100%; -premailer-width: 100%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; background-color: #F2F4F6; margin: 0; padding: 0;" bgcolor="#F2F4F6">
+      <tr>
+        <td align="center" style="word-break: break-word; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px;">
+          <table class="email-content" width="100%" cellpadding="0" cellspacing="0" role="presentation" style="width: 100%; -premailer-width: 100%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; margin: 0; padding: 0;">
+            <tr>
+              <td class="email-masthead" style="word-break: break-word; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px; text-align: center; padding: 25px 0;" align="center">
+                <div>
+                   <img src="https://iwasat.events/images/logo.png" /> 
+                </div>
+                <a href="https:/iwasat.events" class="f-fallback email-masthead_name" style="color: #A8AAAF; font-size: 16px; font-weight: bold; text-decoration: none; text-shadow: 0 1px 0 white;">
+                IWasAtEvents
+              </a>
+              </td>
+            </tr>
+            <!-- Email Body -->
+            <tr>
+              <td class="email-body" width="570" cellpadding="0" cellspacing="0" style="word-break: break-word; margin: 0; padding: 0; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px; width: 100%; -premailer-width: 100%; -premailer-cellpadding: 0; -premailer-cellspacing: 0;">
+                <table class="email-body_inner" align="center" width="570" cellpadding="0" cellspacing="0" role="presentation" style="width: 570px; -premailer-width: 570px; -premailer-cellpadding: 0; -premailer-cellspacing: 0; background-color: #FFFFFF; margin: 0 auto; padding: 0;" bgcolor="#FFFFFF">
+                  <!-- Body content -->
+                  <tr>
+                    <td class="content-cell" style="word-break: break-word; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px; padding: 45px;">
+                      <div class="f-fallback">
+                        <h1 style="margin-top: 0; color: #333333; font-size: 22px; font-weight: bold; text-align: left;" align="left">Hi &#x1F44B; </h1>
+                        <p style="font-size: 16px; line-height: 1.625; color: #51545E; margin: .4em 0 1.1875em;">You recently requested to reset your password for your IWasAt account. Use the button below to reset it. <strong>This password reset is only valid for the next 12 hours.</strong></p>
+                        <!-- Action -->
+                        <table class="body-action" align="center" width="100%" cellpadding="0" cellspacing="0" role="presentation" style="width: 100%; -premailer-width: 100%; -premailer-cellpadding: 0; -premailer-cellspacing: 0; text-align: center; margin: 30px auto; padding: 0;">
+                          <tr>
+                            <td align="center" style="word-break: break-word; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px;">
+                              <table width="100%" border="0" cellspacing="0" cellpadding="0" role="presentation">
+                                <tr>
+                                  <td align="center" style="word-break: break-word; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px;">
+                                    <a href="{{link}}" class="f-fallback button button" target="_blank" style="color: #FFF; border-color: #3869D4; border-style: solid; border-width: 10px 18px; background-color: #3869D4; display: inline-block; text-decoration: none; border-radius: 3px; box-shadow: 0 2px 3px rgba(0, 0, 0, 0.16); -webkit-text-size-adjust: none; box-sizing: border-box;">Reset your password</a>
+                                  </td>
+                                </tr>
+                              </table>
+                            </td>
+                          </tr>
+                        </table>
+                        <p style="font-size: 16px; line-height: 1.625; color: #51545E; margin: .4em 0 1.1875em;">If you did not request a password reset, please ignore this email.</p>
+                        <p style="font-size: 16px; line-height: 1.625; color: #51545E; margin: .4em 0 1.1875em;">Thanks,
+                          <br />The IWasAt Team</p>
+                        <!-- Sub copy -->
+                        <table class="body-sub" role="presentation" style="margin-top: 25px; padding-top: 25px; border-top-width: 1px; border-top-color: #EAEAEC; border-top-style: solid;">
+                          <tr>
+                            <td style="word-break: break-word; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px;">
+                              <p class="f-fallback sub" style="font-size: 13px; line-height: 1.625; color: #51545E; margin: .4em 0 1.1875em;">If you’re having trouble with the button above, copy and paste the URL below into your web browser.</p>
+                              <p class="f-fallback sub" style="font-size: 13px; line-height: 1.625; color: #51545E; margin: .4em 0 1.1875em;">{{link}}</p>
+                            </td>
+                          </tr>
+                        </table>
+                      </div>
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+            <tr>
+              <td style="word-break: break-word; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px;">
+                <table class="email-footer" align="center" width="570" cellpadding="0" cellspacing="0" role="presentation" style="width: 570px; -premailer-width: 570px; -premailer-cellpadding: 0; -premailer-cellspacing: 0; text-align: center; margin: 0 auto; padding: 0;">
+                  <tr>
+                    <td class="content-cell" align="center" style="word-break: break-word; font-family: &quot;Nunito Sans&quot;, Helvetica, Arial, sans-serif; font-size: 16px; padding: 45px;">
+                      <p class="f-fallback sub align-center" style="font-size: 13px; line-height: 1.625; text-align: center; color: #A8AAAF; margin: .4em 0 1.1875em;" align="center">© 2021 IWasAt. All rights reserved.</p>
+                      <!-- <p class="f-fallback sub align-center" style="font-size: 13px; line-height: 1.625; text-align: center; color: #A8AAAF; margin: .4em 0 1.1875em;" align="center">
+                        [Company Name, LLC]
+                        <br />1234 Street Rd.
+                        <br />Suite 1234
+                      </p> -->
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+  </body>
+</html>
\ No newline at end of file
diff --git a/config.py b/config.py
index e28ae14..255b0c9 100644
--- a/config.py
+++ b/config.py
@@ -3,6 +3,13 @@
 
 class Config(object):
     SECRET_KEY = os.getenv('SECRET_KEY') or os.urandom(24)
+    MAIL_SERVER = 'smtp.gmail.com'
+    MAIL_PORT = 465
+    MAIL_USERNAME = os.getenv('MAIL_USERNAME')
+    MAIL_PASSWORD = os.getenv('MAIL_PASWORD')
+    MAIL_USE_TLS = False
+    MAIL_USE_SSL = True
+    SENDER_ADDR = os.getenv('SENDER_ADDR')
 
 
 FirebaseConfig = {
@@ -14,4 +21,4 @@ class Config(object):
     "messagingSenderId": "21222617342",
     "appId": "1:21222617342:web:f03af782ee33832a39f5af",
     "measurementId": "G-Y797P25ZN9"
-}
\ No newline at end of file
+}
diff --git a/sample.env b/sample.env
index c99ed94..88cdb1f 100644
--- a/sample.env
+++ b/sample.env
@@ -3,4 +3,7 @@ FLASK_RUN_HOST=localhost
 DEBUG=True                      # change to False in production
 FLASK_ENV=development           # change to 'production'
 FIREBASE_API_KEY="your-api-key" # specified in the firebase console
-SECRET_KEY="winterofcode2020"   # should be random and secret
+SECRET_KEY="your-secret-key"   # should be random and secret
+MAIL_USERNAME=''
+MAIL_PASWORD=''
+SENDER_ADDR=''
\ No newline at end of file
diff --git a/utils.py b/utils.py
new file mode 100644
index 0000000..9ac2940
--- /dev/null
+++ b/utils.py
@@ -0,0 +1,61 @@
+import jwt
+import datetime
+from config import Config
+from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
+from flask_mail import Message
+from flask import render_template
+
+
+class Utils:
+    @staticmethod
+    def encode_auth_token(user_id):
+        try:
+            payload = {
+                'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1, minutes=0),
+                'iat': datetime.datetime.utcnow(),
+                'id': user_id
+            }
+            return jwt.encode(
+                payload,
+                Config.SECRET_KEY,
+                algorithm='HS256'
+            )
+        except Exception as e:
+            return e
+
+    @staticmethod
+    def decode_auth_token(auth_token):
+        try:
+            payload = jwt.decode(auth_token, Config.SECRET_KEY)
+            return payload['id']
+        except jwt.ExpiredSignatureError:
+            print('ERROR: Signature expired. Please log in again.')
+            return None
+        except jwt.InvalidTokenError:
+            print('ERROR: Invalid token. Please log in again.')
+            return None
+
+    @staticmethod
+    def get_reset_token(user_id, expires_sec=1800):
+        s = Serializer(Config.SECRET_KEY, expires_sec)
+        return s.dumps({'user_id': user_id}).decode('utf-8')
+
+    @staticmethod
+    def verify_reset_token(token):
+        s = Serializer(Config.SECRET_KEY)
+        try:
+            user_id = s.loads(token)['user_id']
+        except Exception as e:
+            print('ERROR: ', str(e))
+            return None
+        return user_id
+
+    @staticmethod
+    def send_reset_password_mail(mail, link, recipient_addr):
+        msg = Message("Send Mail Tutorial!",
+                      sender=Config.SENDER_ADDR,
+                      recipients=[recipient_addr])
+        msg.subject = 'Reset password for IWasAtEvents'
+        msg.body = 'You or someone else has requested that a new password be generated for your account. If you made this request, then please follow this link:' + link
+        msg.html = render_template('reset-password.html', link=link)
+        mail.send(msg)

From e07f424c2f3723ad4bc2f599fa05474279ffef7f Mon Sep 17 00:00:00 2001
From: Mr-DareDevil <arnabsen1729@gmail.com>
Date: Mon, 28 Dec 2020 23:09:04 +0530
Subject: [PATCH 2/2] Upd: Api docs added for the new routes

---
 app/routes.py           |  4 +++-
 docs/sendresetmail.yml  | 25 +++++++++++++++++++++++++
 docs/updatepassword.yml | 29 +++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 docs/sendresetmail.yml
 create mode 100644 docs/updatepassword.yml

diff --git a/app/routes.py b/app/routes.py
index be3065d..886b853 100644
--- a/app/routes.py
+++ b/app/routes.py
@@ -14,6 +14,7 @@ def index():
 
 
 @app.route(BASE_URL + '/send-reset-mail', methods=['POST'])
+@swag_from('../docs/sendresetmail.yml')
 def send_reset_mail():
     data = request.json
     if 'email' not in data.keys():
@@ -39,11 +40,12 @@ def send_reset_mail():
 
 
 @app.route(BASE_URL + '/update-password', methods=['POST'])
+@swag_from('../docs/updatepassword.yml')
 def update_password():
     data = request.json
     if 'token' not in data.keys() and 'password' not in data.keys():
         responseObject = {
-            'message': 'email not specified in the body'
+            'message': 'token or password is absent in the request body'
         }
         return make_response(jsonify(responseObject)), 400
     else:
diff --git a/docs/sendresetmail.yml b/docs/sendresetmail.yml
new file mode 100644
index 0000000..6f71324
--- /dev/null
+++ b/docs/sendresetmail.yml
@@ -0,0 +1,25 @@
+Sending Reset Password Mail to the user
+The email provided will be checked in the database, if present then an email with reset URL link will be sent to that email address
+---
+tags:
+  - user
+parameters:
+  - name: body
+    in: body
+    required: true
+    schema:
+      required:
+        - email
+      properties:
+        email:
+          type: string
+          description: Email of the user whose password has to be updated.
+responses:
+  "200":
+    description: Reset link was sent to the email address
+  "400":
+    description: Email is not specified in the request body
+  "401":
+    description: Email doesnot exist. Registration required
+  "500":
+    description: Internal Server Error
\ No newline at end of file
diff --git a/docs/updatepassword.yml b/docs/updatepassword.yml
new file mode 100644
index 0000000..8a7f041
--- /dev/null
+++ b/docs/updatepassword.yml
@@ -0,0 +1,29 @@
+Sending Reset Password Mail to the user
+The email provided will be checked in the database, if present then an email with reset URL link will be sent to that email address
+---
+tags:
+  - user
+parameters:
+  - name: body
+    in: body
+    required: true
+    schema:
+      required:
+        - token
+        - password
+      properties:
+        token:
+          type: string
+          description: Reset token to validate the user
+        password:
+          type: string
+          description: New Password of the user
+responses:
+  "200":
+    description: Password successfully updated
+  "400":
+    description: Token or Password is absent in the request body
+  "401":
+    description: Reset token invalid or expired
+  "500":
+    description: Internal Server Error
\ No newline at end of file