iatoolkit 0.3.9__py3-none-any.whl → 0.107.4__py3-none-any.whl

{services → iatoolkit/services}/profile_service.py

@@ -1,96 +1,162 @@
 # Copyright (c) 2024 Fernando Libedinsky
-# Producto: IAToolkit
-# Todos los derechos reservados.
-# En trámite de registro en el Registro de Propiedad Intelectual de Chile.
+# Product: IAToolkit
+#
+# IAToolkit is open source software.
 
 from injector import inject
-from repositories.profile_repo import ProfileRepo
-from repositories.models import User, Company, ApiKey
+from iatoolkit.repositories.profile_repo import ProfileRepo
+from iatoolkit.services.i18n_service import I18nService
+from iatoolkit.repositories.models import User, Company, ApiKey
 from flask_bcrypt import check_password_hash
-from common.session_manager import SessionManager
+from iatoolkit.common.session_manager import SessionManager
+from iatoolkit.services.dispatcher_service import Dispatcher
+from iatoolkit.services.language_service import LanguageService
+from iatoolkit.services.user_session_context_service import UserSessionContextService
+from iatoolkit.services.configuration_service import ConfigurationService
 from flask_bcrypt import Bcrypt
-from infra.mail_app import MailApp
+from iatoolkit.services.mail_service import MailService
 import random
-import logging
 import re
 import secrets
 import string
-from datetime import datetime, timezone
-from services.user_session_context_service import UserSessionContextService
-from services.query_service import QueryService
+import logging
+from typing import List, Dict
 
 
 class ProfileService:
     @inject
     def __init__(self,
+                 i18n_service: I18nService,
                  profile_repo: ProfileRepo,
                  session_context_service: UserSessionContextService,
-                 query_service: QueryService,
-                 mail_app: MailApp):
+                 config_service: ConfigurationService,
+                 lang_service: LanguageService,
+                 dispatcher: Dispatcher,
+                 mail_service: MailService):
+        self.i18n_service = i18n_service
         self.profile_repo = profile_repo
+        self.dispatcher = dispatcher
         self.session_context = session_context_service
-        self.query_service = query_service
-        self.mail_app = mail_app
+        self.config_service = config_service
+        self.lang_service = lang_service
+        self.mail_service = mail_service
         self.bcrypt = Bcrypt()
 
-
     def login(self, company_short_name: str, email: str, password: str) -> dict:
         try:
-            # check if exits
+            # check if user exists
             user = self.profile_repo.get_user_by_email(email)
             if not user:
-                return {"error": "Usuario no encontrado"}
+                return {'success': False, 'message': self.i18n_service.t('errors.auth.user_not_found')}
 
             # check the encrypted password
             if not check_password_hash(user.password, password):
-                return {"error": "Contraseña inválida"}
+                return {'success': False, 'message': self.i18n_service.t('errors.auth.invalid_password')}
 
-            company = self.get_company_by_short_name(company_short_name)
+            company = self.profile_repo.get_company_by_short_name(company_short_name)
             if not company:
-                return {"error": "Empresa no encontrada"}
+                return {'success': False, "message": "missing company"}
 
-            # check that user belongs to  company
+            # check that user belongs to company
             if company not in user.companies:
-                return {"error": "Usuario no esta autorizado para esta empresa"}
+                return {'success': False, "message": self.i18n_service.t('errors.services.user_not_authorized')}
 
             if not user.verified:
-                return {"error": "Tu cuenta no ha sido verificada. Por favor, revisa tu correo."}
+                return {'success': False,
+                        "message": self.i18n_service.t('errors.services.account_not_verified')}
+
+            user_role = self.profile_repo.get_user_role_in_company(company.id, user.id)
+
+            # 1. Build the local user profile dictionary here.
+            # the user_profile variables are used on the LLM templates also (see in query_main.prompt)
+            user_identifier = user.email
+            user_profile = {
+                "user_email": user.email,
+                "user_fullname": f'{user.first_name} {user.last_name}',
+                "user_is_local": True,
+                "user_id": user.id,
+                "user_role": user_role,
+                "extras": {}
+            }
+
+            # 2. create user_profile in context
+            self.save_user_profile(company, user_identifier, user_profile)
+
+            # 3. create the web session
+            self.set_session_for_user(company.short_name, user_identifier)
+            return {'success': True, "user_identifier": user_identifier, "message": "Login ok"}
+        except Exception as e:
+            logging.error(f"Error in login: {e}")
+            return {'success': False, "message": str(e)}
 
-            # clear history save user data into session manager
-            self.set_user_session(user=user, company=company)
+    def save_user_profile(self, company: Company, user_identifier: str, user_profile: dict):
+        """
+        Private helper: Takes a pre-built profile, saves it to Redis, and sets the Flask cookie.
+        """
+        user_profile['company_short_name'] = company.short_name
+        user_profile['user_identifier'] = user_identifier
+        user_profile['id'] = user_identifier
+        user_profile['company_id'] = company.id
+        user_profile['company'] = company.name
+        user_profile['language'] = self.lang_service.get_current_language()
+
+        # save user_profile in Redis session
+        self.session_context.save_profile_data(company.short_name, user_identifier, user_profile)
+
+    def set_session_for_user(self, company_short_name: str, user_identifier:str ):
+        # save a min Flask session cookie for this user
+        SessionManager.set('company_short_name', company_short_name)
+        SessionManager.set('user_identifier', user_identifier)
+
+    def get_current_session_info(self) -> dict:
+        """
+         Gets the current web user's profile from the unified session.
+         This is the standard way to access user data for web requests.
+         """
+        # 1. Get identifiers from the simple Flask session cookie.
+        user_identifier = SessionManager.get('user_identifier')
+        company_short_name = SessionManager.get('company_short_name')
+
+        if not user_identifier or not company_short_name:
+            # No authenticated web user.
+            return {}
+
+        # 2. Use the identifiers to fetch the full, authoritative profile from Redis.
+        profile = self.session_context.get_profile_data(company_short_name, user_identifier)
+
+        return {
+            "user_identifier": user_identifier,
+            "company_short_name": company_short_name,
+            "profile": profile
+        }
 
-            # initialize company context
-            self.query_service.llm_init_context(
-                company_short_name=company_short_name,
-                local_user_id=user.id
-            )
+    def update_user_language(self, user_identifier: str, new_lang: str) -> dict:
+        """
+        Business logic to update a user's preferred language.
+        It validates the language and then calls the generic update method.
+        """
+        # 1. Validate that the language is supported by checking the loaded translations.
+        if new_lang not in self.i18n_service.translations:
+            return {'success': False, 'error_message': self.i18n_service.t('errors.general.unsupported_language')}
 
-            return {"message": "Login exitoso"}
+        try:
+            # 2. Call the generic update_user method, passing the specific field to update.
+            self.update_user(user_identifier, preferred_language=new_lang)
+            return {'success': True, 'message': 'Language updated successfully.'}
         except Exception as e:
-            logging.exception(f"login error: {str(e)}")
-            return {"error": str(e)}
-
-    def set_user_session(self, user: User, company: Company):
-        SessionManager.set('user_id', user.id)
-        SessionManager.set('company_id', company.id)
-        SessionManager.set('company_short_name', company.short_name)
-
-        # save user data into session manager
-        user_data = {
-            "id": user.id,
-            "email": user.email,
-            "user_fullname": f'{user.first_name} {user.last_name}',
-            "super_user": user.super_user,
-            "company_id": company.id,
-            "company": company.name,
-            "company_short_name": company.short_name,
-            "user_is_local": True,       # origin of data
-            "extras": {}                 # company specific data
-        }
-        SessionManager.set('user', user_data)
+            # Log the error and return a generic failure message.
+            logging.error(f"Failed to update language for {user_identifier}: {e}")
+            return {'success': False, 'error_message': self.i18n_service.t('errors.general.unexpected_error', error=str(e))}
+
 
-        # save time session was activated (in timestamp format)
-        SessionManager.set('last_activity', datetime.now(timezone.utc).timestamp())
+    def get_profile_by_identifier(self, company_short_name: str, user_identifier: str) -> dict:
+        """
+        Fetches a user profile directly by their identifier, bypassing the Flask session.
+        This is ideal for API-side checks.
+        """
+        if not company_short_name or not user_identifier:
+            return {}
+        return self.session_context.get_profile_data(company_short_name, user_identifier)
 
 
     def signup(self,
@@ -98,19 +164,18 @@ class ProfileService:
                email: str,
                first_name: str,
                last_name: str,
-               rut: str,
                password: str,
                confirm_password: str,
                verification_url: str) -> dict:
         try:
 
             # get company info
-            company = self.get_company_by_short_name(company_short_name)
+            company = self.profile_repo.get_company_by_short_name(company_short_name)
             if not company:
-                return {"error": f"la empresa {company_short_name} no existe"}
+                return {
+                    "error": self.i18n_service.t('errors.signup.company_not_found', company_name=company_short_name)}
 
             # normalize  format's
-            rut = rut.lower().replace(" ", "")
             email = email.lower()
 
             # check if user exists
@@ -118,52 +183,59 @@ class ProfileService:
             if existing_user:
                 # validate password
                 if not self.bcrypt.check_password_hash(existing_user.password, password):
-                    return {"error": "La contraseña es incorrecta. No se puede agregar a la nueva empresa."}
-
-                if rut != existing_user.rut:
-                    return {"error": "El RUT ingresado no corresponde al email existente."}
+                    return {"error": self.i18n_service.t('errors.signup.incorrect_password_for_existing_user', email=email)}
 
                 # check if register
                 if company in existing_user.companies:
-                    return {"error": "Usuario ya registrado en esta empresa"}
+                    return {"error": self.i18n_service.t('errors.signup.user_already_registered', email=email)}
                 else:
                     # add new company to existing user
                     existing_user.companies.append(company)
                     self.profile_repo.save_user(existing_user)
-                    return {"message": "Usuario asociado a nueva empresa"}
+                    return {"message": self.i18n_service.t('flash_messages.user_associated_success')}
 
             # add the new user
             if password != confirm_password:
-                return {"error": "Las contraseñas no coinciden. Por favor, inténtalo de nuevo."}
+                return {"error": self.i18n_service.t('errors.signup.password_mismatch')}
 
             is_valid, message = self.validate_password(password)
             if not is_valid:
-                return {"error": message}
+                # Translate the key returned by validate_password
+                return {"error": self.i18n_service.t(message)}
 
             # encrypt the password
             hashed_password = self.bcrypt.generate_password_hash(password).decode('utf-8')
 
+            # account verification can be skiped with this security parameter
+            verified = False
+            cfg = self.config_service.get_configuration(company_short_name, 'parameters')
+            if cfg and not cfg.get('verify_account', True):
+                verified = True
+                message = self.i18n_service.t('flash_messages.signup_success_no_verification')
+
             # create the new user
             new_user = User(email=email,
-                            rut=rut,
                             password=hashed_password,
                             first_name=first_name.lower(),
                             last_name=last_name.lower(),
-                            verified=False,
+                            verified=verified,
                             verification_url=verification_url
                             )
 
             # associate new company to user
             new_user.companies.append(company)
 
+            # and create in the database
             self.profile_repo.create_user(new_user)
 
             # send email with verification
-            self.send_verification_email(new_user, company_short_name)
+            if not cfg or cfg.get('verify_account', True):
+                self.send_verification_email(new_user, company_short_name)
+                message = self.i18n_service.t('flash_messages.signup_success')
 
-            return {"message": "Registro exitoso. Por favor, revisa tu correo para verificar tu cuenta."}
+            return {"message": message}
         except Exception as e:
-            return {"error": str(e)}
+            return {"error": self.i18n_service.t('errors.general.unexpected_error', error=str(e))}
 
     def update_user(self, email: str, **kwargs) -> User:
         return self.profile_repo.update_user(email, **kwargs)
@@ -173,14 +245,14 @@ class ProfileService:
             # check if user exist
             user = self.profile_repo.get_user_by_email(email)
             if not user:
-                return {"error": "El usuario no existe."}
+                return {"error": self.i18n_service.t('errors.verification.user_not_found')}
 
             # activate the user account
             self.profile_repo.verify_user(email)
-            return {"message": "Tu cuenta ha sido verificada exitosamente. Ahora puedes iniciar sesión."}
+            return {"message": self.i18n_service.t('flash_messages.account_verified_success')}
 
         except Exception as e:
-            return {"error": str(e)}
+            return {"error": self.i18n_service.t('errors.general.unexpected_error')}
 
     def change_password(self,
                          email: str,
@@ -189,65 +261,61 @@ class ProfileService:
                          confirm_password: str):
         try:
             if new_password != confirm_password:
-                return {"error": "Las contraseñas no coinciden. Por favor, inténtalo nuevamente."}
+                return {"error": self.i18n_service.t('errors.change_password.password_mismatch')}
 
             # check the temporary code
             user = self.profile_repo.get_user_by_email(email)
             if not user or user.temp_code != temp_code:
-                return {"error": "El código temporal no es válido. Por favor, verifica o solicita uno nuevo."}
+                return {"error": self.i18n_service.t('errors.change_password.invalid_temp_code')}
 
             # encrypt and save the password, make the temporary code invalid
             hashed_password = self.bcrypt.generate_password_hash(new_password).decode('utf-8')
             self.profile_repo.update_password(email, hashed_password)
             self.profile_repo.reset_temp_code(email)
 
-            return {"message": "La clave se cambio correctamente"}
+            return {"message": self.i18n_service.t('flash_messages.password_changed_success')}
         except Exception as e:
-            return {"error": str(e)}
+            return {"error": self.i18n_service.t('errors.general.unexpected_error')}
 
-    def forgot_password(self, email: str, reset_url: str):
+    def forgot_password(self, company_short_name: str, email: str, reset_url: str):
         try:
             # Verificar si el usuario existe
             user = self.profile_repo.get_user_by_email(email)
             if not user:
-                return {"error": "El usuario no existe."}
+                return {"error": self.i18n_service.t('errors.forgot_password.user_not_registered', email=email)}
 
             # Gen a temporary code and store in the repositories
             temp_code = ''.join(random.choices(string.ascii_letters + string.digits, k=6)).upper()
             self.profile_repo.set_temp_code(email, temp_code)
 
             # send email to the user
-            self.send_forgot_password_email(user, reset_url)
+            self.send_forgot_password_email(company_short_name, user, reset_url)
 
-            return {"message": "se envio mail para cambio de clave"}
+            return {"message": self.i18n_service.t('flash_messages.forgot_password_success')}
         except Exception as e:
-            return {"error": str(e)}
+            return {"error": self.i18n_service.t('errors.general.unexpected_error')}
 
     def validate_password(self, password):
         """
-        Valida que una contraseña cumpla con los siguientes requisitos:
-        - Al menos 8 caracteres de longitud
-        - Contiene al menos una letra mayúscula
-        - Contiene al menos una letra minúscula
-        - Contiene al menos un número
-        - Contiene al menos un carácter especial
+        Validates that a password meets all requirements.
+        Returns (True, "...") on success, or (False, "translation.key") on failure.
         """
         if len(password) < 8:
-            return False, "La contraseña debe tener al menos 8 caracteres."
+            return False, "errors.validation.password_too_short"
 
         if not any(char.isupper() for char in password):
-            return False, "La contraseña debe tener al menos una letra mayúscula."
+            return False, "errors.validation.password_no_uppercase"
 
         if not any(char.islower() for char in password):
-            return False, "La contraseña debe tener al menos una letra minúscula."
+            return False, "errors.validation.password_no_lowercase"
 
         if not any(char.isdigit() for char in password):
-            return False, "La contraseña debe tener al menos un número."
+            return False, "errors.validation.password_no_digit"
 
         if not re.search(r'[!@#$%^&*(),.?":{}|<>]', password):
-            return False, "La contraseña debe tener al menos un carácter especial."
+            return False, "errors.validation.password_no_special_char"
 
-        return True, "La contraseña es válida."
+        return True, "Password is valid."
 
     def get_companies(self):
         return self.profile_repo.get_companies()
@@ -255,10 +323,35 @@ class ProfileService:
     def get_company_by_short_name(self, short_name: str) -> Company:
         return self.profile_repo.get_company_by_short_name(short_name)
 
+    def get_company_users(self, company_short_name: str) -> List[Dict]:
+        company = self.profile_repo.get_company_by_short_name(company_short_name)
+        if not company:
+            return []
+
+        # get the company users from the repo
+        company_users =  self.profile_repo.get_company_users_with_details(company_short_name)
+
+        users_data = []
+        for user, role, last_access in company_users:
+            users_data.append({
+                "first_name": user.first_name,
+                "last_name": user.last_name,
+                "email": user.email,
+                "created": user.created_at,
+                "verified": user.verified,
+                "role": role or "user",
+                "last_access": last_access
+            })
+
+        return users_data
+
+    def get_active_api_key_entry(self, api_key_value: str) -> ApiKey | None:
+        return self.profile_repo.get_active_api_key_entry(api_key_value)
+
     def new_api_key(self, company_short_name: str):
         company = self.get_company_by_short_name(company_short_name)
         if not company:
-            return {"error": f"la empresa {company_short_name} no existe"}
+            return {"error": self.i18n_service.t('errors.company_not_found', company_short_name=company_short_name)}
 
         length = 40     # lenght of the api key
         alphabet = string.ascii_letters + string.digits
@@ -319,9 +412,12 @@ class ProfileService:
             </body>
             </html>
             """
-        self.mail_app.send_email(to=new_user.email, subject=subject, body=body)
+        self.mail_service.send_mail(company_short_name=company_short_name,
+                                    recipient=new_user.email,
+                                    subject=subject,
+                                    body=body)
 
-    def send_forgot_password_email(self, user: User, reset_url: str):
+    def send_forgot_password_email(self, company_short_name: str, user: User, reset_url: str):
         # send email to the user
         subject = f"Recuperación de Contraseña "
         body = f"""
@@ -372,5 +468,8 @@ class ProfileService:
                 </html>
                 """
 
-        self.mail_app.send_email(to=user.email, subject=subject, body=body)
-        return {"message": "se envio mail para cambio de clave"}
+        self.mail_service.send_mail(company_short_name=company_short_name,
+                                    recipient=user.email,
+                                    subject=subject,
+                                    body=body)
+        return {"message": self.i18n_service.t('services.mail_change_password') }