Umair/sesemail (#68)

## Notion ticket link
<!-- Please replace with your ticket's URL -->
[Ticket
Name](https://www.notion.so/uwblueprintexecs/Emails-27210f3fb1dc804ea227de3164b36bd3?v=27210f3fb1dc8133a6e1000cf4eabc81&source=copy_link)


<!-- Give a quick summary of the implementation details, provide design
justifications if necessary -->
## Implementation description
* Emails now send through amazon ses not going into spam emails


<!-- What should the reviewer do to verify your changes? Describe
expected results and include screenshots when appropriate -->
## Steps to test
1. Add email to verifed on amazon ses
2. Checkout verify email and resend buttons for both regular users and
admin on english and french
3. Check password reset and resend buttons for regular users and admin


<!-- Draw attention to the substantial parts of your PR or anything
you'd like a second opinion on -->
## What should reviewers focus on?
* Template of the email


## Checklist
- [ ] My PR name is descriptive and in imperative tense
- [ ] My commit messages are descriptive and in imperative tense. My
commits are atomic and trivial commits are squashed or fixup'd into
non-trivial commits
- [ ] I have run the appropriate linter(s)
- [ ] I have requested a review from the PL, as well as other devs who
have background knowledge on this PR or who will be building on top of
this PR

---------

Co-authored-by: YashK2005 <[email protected]>

Author: UmairHundekar

backend/app/interfaces/auth_service.py

@@ -78,9 +78,9 @@ def reset_password(self, email):
     def send_email_verification_link(self, email):
         """
         Generates an email verification link for the user with the given email
-        and sends the reset link to that email address
+        and sends the verification link to that email address
 
-        :param email: email of user requesting password reset
+        :param email: email of user requesting email verification
         :type email: str
         :raises Exception: if unable to generate link or send email
         """

backend/app/routes/auth.py

@@ -1,4 +1,6 @@
-from fastapi import APIRouter, Depends, HTTPException, Request, Response
+import logging
+
+from fastapi import APIRouter, Depends, HTTPException, Query, Request, Response
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 from sqlalchemy.orm import Session
 
@@ -116,6 +118,32 @@ async def verify_email(email: str, auth_service: AuthService = Depends(get_auth_
         return Response(status_code=500)
 
 
+@router.post("/send-email-verification/{email}")
+async def send_email_verification(
+    email: str,
+    language: str = Query("en", description="Language code: 'en' for English, 'fr' for French"),
+    auth_service: AuthService = Depends(get_auth_service),
+):
+    try:
+        # Normalize and validate language
+        language = language.lower() if language else "en"
+        if language not in ["en", "fr"]:
+            language = "en"  # Default to English if invalid
+
+        # Log for debugging
+        logger = logging.getLogger(__name__)
+        logger.info(f"Sending email verification to {email} with language: {language}")
+
+        auth_service.send_email_verification_link(email, language)
+        return Response(status_code=204)
+    except Exception as e:
+        # Log error but don't reveal if email exists or not for security reasons
+        logger = logging.getLogger(__name__)
+        logger.error(f"Error sending email verification: {str(e)}")
+        # Always return success even if email doesn't exist
+        return Response(status_code=204)
+
+
 @router.get("/me", response_model=UserCreateResponse)
 async def get_current_user(
     request: Request,

backend/app/server.py

@@ -41,6 +41,7 @@
     "/auth/register",
     "/auth/resetPassword/{email}",
     "/auth/verify/{email}",
+    "/auth/send-email-verification/{email}",
     "/health",
     "/test-middleware-public",
     "/email/send-test-email",

backend/app/services/implementations/auth_service.py

@@ -2,10 +2,10 @@
 import os
 
 import firebase_admin.auth
-import requests
 from fastapi import HTTPException
 
 from app.utilities.constants import LOGGER_NAME
+from app.utilities.ses_email_service import SESEmailService
 
 from ...interfaces.auth_service import IAuthService
 from ...schemas.auth import AuthResponse, Token
@@ -17,6 +17,7 @@ def __init__(self, logger, user_service):
         self.logger = logging.getLogger(LOGGER_NAME("auth_service"))
         self.user_service = user_service
         self.firebase_client = FirebaseRestClient(logger)
+        self.ses_email_service = SESEmailService()
 
     def generate_token(self, email: str, password: str) -> AuthResponse:
         try:
@@ -48,36 +49,105 @@ def renew_token(self, refresh_token: str) -> Token:
 
     def reset_password(self, email: str) -> None:
         try:
-            # Use Firebase REST API to send password reset email
-            url = f"https://identitytoolkit.googleapis.com/v1/accounts:sendOobCode?key={os.getenv('FIREBASE_WEB_API_KEY')}"
-            data = {
-                "requestType": "PASSWORD_RESET",
-                "email": email,
-                "continueUrl": "http://localhost:3000/set-new-password",  # Custom action URL
-            }
+            # Use Firebase Admin SDK to generate password reset link
+            action_code_settings = firebase_admin.auth.ActionCodeSettings(
+                url="http://localhost:3000/set-new-password",
+                handle_code_in_app=True,
+            )
 
-            response = requests.post(url, json=data)
-            response_json = response.json()
+            reset_link = firebase_admin.auth.generate_password_reset_link(email, action_code_settings)
 
-            if response.status_code != 200:
-                error_message = response_json.get("error", {}).get("message", "Unknown error")
-                self.logger.error(f"Failed to send password reset email: {error_message}")
-                # Don't raise exception for security reasons - don't reveal if email exists
-                return
+            # Send via SES
+            email_sent = self.ses_email_service.send_password_reset_email(email, reset_link)
 
-            self.logger.info(f"Password reset email sent successfully to {email}")
+            if email_sent:
+                self.logger.info(f"Password reset email sent successfully to {email}")
+            else:
+                self.logger.warning(
+                    f"Failed to send password reset email to {email}, but link was generated: {reset_link}"
+                )
+                # Do not raise, avoid revealing if email exists
 
         except Exception as e:
             self.logger.error(f"Failed to reset password: {str(e)}")
             # Don't raise exception for security reasons - don't reveal if email exists
             return
 
-    def send_email_verification_link(self, email: str) -> None:
+    def send_email_verification_link(self, email: str, language: str = None) -> None:
         try:
-            firebase_admin.auth.generate_email_verification_link(email)
+            # Get user's first name if available
+            # Try Firebase first (for display_name), then fall back to database
+            first_name = None
+            try:
+                # Try to get from Firebase user (display_name)
+                try:
+                    firebase_user = firebase_admin.auth.get_user_by_email(email)
+                    if firebase_user and firebase_user.display_name:
+                        # Extract first name from display_name (e.g., "John Doe" -> "John")
+                        display_name = firebase_user.display_name.strip()
+                        first_name = display_name.split()[0] if display_name else None
+                        if first_name:
+                            self.logger.info(
+                                f"Found first name '{first_name}' from Firebase display_name for user {email}"
+                            )
+                    else:
+                        self.logger.debug(f"Firebase user exists but display_name is None for {email}")
+                except Exception as firebase_error:
+                    self.logger.debug(f"Could not get Firebase user for {email}: {str(firebase_error)}")
+
+                # Fall back to database if Firebase didn't have display_name
+                if not first_name:
+                    try:
+                        user = self.user_service.get_user_by_email(email)
+                        if user and user.first_name and user.first_name.strip():
+                            first_name = user.first_name.strip()
+                            self.logger.info(f"Found first name '{first_name}' from database for user {email}")
+                        else:
+                            self.logger.debug(f"No first name found in database for user {email}")
+                    except Exception as db_error:
+                        self.logger.debug(f"Could not get user from database for {email}: {str(db_error)}")
+            except Exception as e:
+                # If we can't get the user, continue without first name
+                self.logger.debug(f"Could not retrieve user for email {email}: {str(e)}")
+                pass
+
+            # Normalize and validate language
+            # If not provided, check environment variable, otherwise default to English
+            if not language:
+                language = os.getenv("EMAIL_LANGUAGE", "en").lower()
+            else:
+                language = language.lower()
+
+            # Only allow 'en' or 'fr', default to 'en' for anything else
+            if language not in ["en", "fr"]:
+                language = "en"
+
+            # Use Firebase Admin SDK to generate email verification link
+            action_code_settings = firebase_admin.auth.ActionCodeSettings(
+                url="http://localhost:3000/action",  # URL to redirect after verification
+                handle_code_in_app=True,
+            )
+
+            # Generate the verification link
+            verification_link = firebase_admin.auth.generate_email_verification_link(email, action_code_settings)
+
+            # Send the verification email via SES (works with any email address)
+            email_sent = self.ses_email_service.send_verification_email(email, verification_link, first_name, language)
+
+            if email_sent:
+                self.logger.info(f"Email verification sent successfully to {email}")
+            else:
+                # If SES fails, we can still provide the link for manual verification
+                self.logger.warning(
+                    f"Failed to send verification email to {email}, but link was generated: {verification_link}"
+                )
+                # For development/testing, you could log the link or store it temporarily
+                # In production, you might want to implement a fallback mechanism
+
         except Exception as e:
             self.logger.error(f"Failed to send verification email: {str(e)}")
-            raise
+            # Don't raise exception for security reasons - don't reveal if email exists
+            return
 
     def is_authorized_by_role(self, access_token: str, roles: set[str]) -> bool:
         try:

backend/app/utilities/ses/ses_init.py

@@ -31,8 +31,8 @@ def load_file_content(file_path: str) -> str:
         return ""
 
 
-# Function to create SES template
-def create_ses_template(template_metadata, ses_client):
+# Function to create or update SES template
+def create_or_update_ses_template(template_metadata, ses_client, force_update=False):
     name = template_metadata["TemplateName"]
     try:
         text_part = load_file_content(template_metadata["TextPart"])
@@ -47,17 +47,29 @@ def create_ses_template(template_metadata, ses_client):
             "TextPart": text_part,
             "HtmlPart": html_part,
         }
-        ses_client.create_template(Template=template)
-        print(f"SES template '{name}' created successfully!")
+
+        # Check if template exists
+        try:
+            ses_client.get_template(TemplateName=name)
+            # Template exists, update it
+            if force_update:
+                ses_client.update_template(Template=template)
+                print(f"SES template '{name}' updated successfully!")
+            else:
+                print(f"SES template '{name}' already exists. Use force_update=True to update.")
+        except ClientError as e:
+            if e.response["Error"]["Code"] == "TemplateDoesNotExist":
+                # Template doesn't exist, create it
+                ses_client.create_template(Template=template)
+                print(f"SES template '{name}' created successfully!")
+            else:
+                raise
     except ClientError as e:
-        if e.response["Error"]["Code"] == "TemplateAlreadyExists":
-            print(f"SES template '{name}' already exists.")
-        else:
-            print(f"An error occurred while creating the SES template: {e}")
+        print(f"An error occurred while processing SES template '{name}': {e}")
 
 
 # Ensure SES templates are available at app startup
-def ensure_ses_templates():
+def ensure_ses_templates(force_update=False):
     templates_metadata = load_templates_metadata(TEMPLATES_FILE)
     aws_region = os.getenv("AWS_REGION")
     aws_access_key = os.getenv("AWS_ACCESS_KEY")
@@ -75,14 +87,4 @@ def ensure_ses_templates():
     )
 
     for template_metadata in templates_metadata:
-        name = template_metadata["TemplateName"]
-        try:
-            # Check if the template exists
-            ses_client.get_template(TemplateName=name)
-            print(f"SES template '{name}' already exists.")
-        except ClientError as e:
-            if e.response["Error"]["Code"] == "TemplateDoesNotExist":
-                print(f"SES template '{name}' does not exist. Creating template...")
-                create_ses_template(template_metadata, ses_client)
-            else:
-                print(f"An error occurred while checking the SES template: {e}")
+        create_or_update_ses_template(template_metadata, ses_client, force_update=force_update)

backend/app/utilities/ses/ses_templates.json

@@ -4,5 +4,23 @@
     "SubjectPart": "Testing Email SES Template",
     "TemplateName": "Test",
     "TextPart": "app/utilities/ses/template_files/test.txt"
+  },
+  {
+    "HtmlPart": "app/utilities/ses/template_files/email_verification_en.html",
+    "SubjectPart": "Verify Your Email Address",
+    "TemplateName": "EmailVerificationEn",
+    "TextPart": "app/utilities/ses/template_files/email_verification_en.txt"
+  },
+  {
+    "HtmlPart": "app/utilities/ses/template_files/email_verification_fr.html",
+    "SubjectPart": "Vérifiez votre adresse courriel",
+    "TemplateName": "EmailVerificationFr",
+    "TextPart": "app/utilities/ses/template_files/email_verification_fr.txt"
+  },
+  {
+    "HtmlPart": "app/utilities/ses/template_files/password_reset.html",
+    "SubjectPart": "Reset Your Password",
+    "TemplateName": "PasswordReset",
+    "TextPart": "app/utilities/ses/template_files/password_reset.txt"
   }
 ]