def register_from_invite():
    invited_user = session.get('invited_user')
    if not invited_user:
        abort(404)

    is_sms_auth = invited_user['auth_type'] == 'sms_auth'

    form = RegisterUserFromInviteForm(invited_user)

    if form.validate_on_submit():
        if form.service.data != invited_user[
                'service'] or form.email_address.data != invited_user[
                    'email_address']:
            abort(400)
        _do_registration(form, send_email=False, send_sms=is_sms_auth)
        invite_api_client.accept_invite(invited_user['service'],
                                        invited_user['id'])
        if is_sms_auth:
            return redirect(url_for('main.verify'))
        else:
            # we've already proven this user has email because they clicked the invite link,
            # so just activate them straight away
            return activate_user(session['user_details']['id'])

    return render_template('views/register-from-invite.html',
                           invited_user=invited_user,
                           form=form)
def _add_invited_user_to_service(invited_user):
    invitation = InvitedUser(**invited_user)
    # if invited user add to service and redirect to dashboard
    user = user_api_client.get_user(session['user_id'])
    service_id = invited_user['service']
    user_api_client.add_user_to_service(service_id, user.id, invitation.permissions)
    invite_api_client.accept_invite(service_id, invitation.id)
    return service_id
Beispiel #3
0
def _add_invited_user_to_service(invited_user):
    invitation = InvitedUser(**invited_user)
    # if invited user add to service and redirect to dashboard
    user = user_api_client.get_user(session['user_id'])
    service_id = invited_user['service']
    user_api_client.add_user_to_service(service_id, user.id,
                                        invitation.permissions)
    invite_api_client.accept_invite(service_id, invitation.id)
    return service_id
Beispiel #4
0
def sign_in():
    if current_user and current_user.is_authenticated:
        return redirect(url_for('main.choose_account'))

    form = LoginForm()

    if form.validate_on_submit():
        user = user_api_client.get_user_by_email_or_none(form.email_address.data)
        user = _get_and_verify_user(user, form.password.data)

        if user:
            if user.state == 'pending':
                return redirect(url_for('main.resend_email_verification'))

            if session.get('invited_user'):
                invited_user = session.get('invited_user')

                if user.email_address.lower() != invited_user['email_address'].lower():
                    flash("You can't accept an invite for another person.")
                    session.pop('invited_user', None)
                    abort(403)
                else:
                    invite_api_client.accept_invite(invited_user['service'], invited_user['id'])

            session['user_details'] = {
                'id': user.id,
                'email': user.email_address,
            }

            if user.is_active:
                if user.auth_type == 'email_auth':
                    return sign_in_email(user.id, user.email_address)
                elif user.auth_type == 'sms_auth':
                    return sign_in_sms(user.id, user.mobile_number)

        # Vague error message for login in case of user not known,
        # locked, inactive or password not verified
        flash(Markup(
            (
                "The email address or password you entered is incorrect."
                " <a href={password_reset}>Forgot your password</a>?"
            ).format(password_reset=url_for('.forgot_password'))
        ))

    other_device = current_user.logged_in_elsewhere()

    return render_template(
        'views/signin.html',
        form=form,
        again=bool(request.args.get('next')),
        other_device=other_device
    )
Beispiel #5
0
def sign_in():

    if current_user and current_user.is_authenticated:
        return redirect(url_for('main.choose_service'))

    form = LoginForm()
    if form.validate_on_submit():

        user = user_api_client.get_user_by_email_or_none(form.email_address.data)
        user = _get_and_verify_user(user, form.password.data)
        if user and user.state == 'pending':
            flash("You haven't verified your email or mobile number yet.")
            return redirect(url_for('main.sign_in'))

        if user and session.get('invited_user'):
            invited_user = session.get('invited_user')
            if user.email_address != invited_user['email_address']:
                flash("You can't accept an invite for another person.")
                session.pop('invited_user', None)
                abort(403)
            else:
                invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
        if user:
            # Remember me login
            if not login_fresh() and \
               not current_user.is_anonymous and \
               current_user.id == user.id and \
               user.is_active:

                confirm_login()
                services = service_api_client.get_services({'user_id': str(user.id)}).get('data', [])
                if (len(services) == 1):
                    return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
                else:
                    return redirect(url_for('main.choose_service'))

            session['user_details'] = {"email": user.email_address, "id": user.id}
            if user.is_active:
                user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
                if request.args.get('next'):
                    return redirect(url_for('.two_factor', next=request.args.get('next')))
                else:
                    return redirect(url_for('.two_factor'))
        # Vague error message for login in case of user not known, locked, inactive or password not verified
        flash(Markup((
            "The email address or password you entered is incorrect."
            " <a href={password_reset}>Forgot your password</a>?"
            ).format(password_reset=url_for('.forgot_password'))
        ))

    return render_template('views/signin.html', form=form)
Beispiel #6
0
def sign_in():
    if current_user and current_user.is_authenticated:
        return redirect(url_for('main.choose_service'))

    form = LoginForm()
    if form.validate_on_submit():

        user = user_api_client.get_user_by_email_or_none(form.email_address.data)
        user = _get_and_verify_user(user, form.password.data)
        if user and user.state == 'pending':
            return redirect(url_for('main.resend_email_verification'))

        if user and session.get('invited_user'):
            invited_user = session.get('invited_user')
            if user.email_address != invited_user['email_address']:
                flash("You can't accept an invite for another person.")
                session.pop('invited_user', None)
                abort(403)
            else:
                invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
        if user:
            # Remember me login
            if not login_fresh() and \
               not current_user.is_anonymous and \
               current_user.id == user.id and \
               user.is_active:

                confirm_login()
                services = service_api_client.get_services({'user_id': str(user.id)}).get('data', [])
                if (len(services) == 1):
                    return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
                else:
                    return redirect(url_for('main.choose_service'))

            session['user_details'] = {"email": user.email_address, "id": user.id}
            if user.is_active:
                user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
                if request.args.get('next'):
                    return redirect(url_for('.two_factor', next=request.args.get('next')))
                else:
                    return redirect(url_for('.two_factor'))
        # Vague error message for login in case of user not known, locked, inactive or password not verified
        flash(Markup((
            "The email address or password you entered is incorrect."
            " <a href={password_reset}>Forgot your password</a>?"
            ).format(password_reset=url_for('.forgot_password'))
        ))

    return render_template('views/signin.html', form=form)
def accept_invite(token):

    invited_user = invite_api_client.check_token(token)

    if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
        message = Markup("""
            You’re signed in as {}.
            This invite is for another email address.
            <a href={}>Sign out</a> and click the link again to accept this invite.
            """.format(current_user.email_address,
                       url_for("main.sign_out", _external=True)))

        flash(message=message)

        abort(403)

    if invited_user.status == 'cancelled':
        from_user = user_api_client.get_user(invited_user.from_user)
        service = service_api_client.get_service(invited_user.service)['data']
        return render_template('views/cancelled-invitation.html',
                               from_user=from_user.name,
                               service_name=service['name'])

    if invited_user.status == 'accepted':
        session.pop('invited_user', None)
        return redirect(
            url_for('main.service_dashboard', service_id=invited_user.service))

    session['invited_user'] = invited_user.serialize()

    existing_user = user_api_client.get_user_by_email_or_none(
        invited_user.email_address)
    service_users = user_api_client.get_users_for_service(invited_user.service)

    if existing_user:
        invite_api_client.accept_invite(invited_user.service, invited_user.id)
        if existing_user in service_users:
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
        else:
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
    else:
        return redirect(url_for('main.register_from_invite'))
Beispiel #8
0
def add_service():
    invited_user = session.get('invited_user')
    if invited_user:
        invitation = InvitedUser(**invited_user)
        # if invited user add to service and redirect to dashboard
        user = user_api_client.get_user(session['user_id'])
        service_id = invited_user['service']
        user_api_client.add_user_to_service(service_id, user.id,
                                            invitation.permissions)
        invite_api_client.accept_invite(service_id, invitation.id)
        return redirect(
            url_for('main.service_dashboard', service_id=service_id))

    form = AddServiceForm(service_api_client.find_all_service_email_from)
    heading = 'Which service do you want to set up notifications for?'
    if form.validate_on_submit():
        email_from = email_safe(form.name.data)
        service_id = service_api_client.create_service(
            service_name=form.name.data,
            active=False,
            message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'],
            restricted=True,
            user_id=session['user_id'],
            email_from=email_from)
        session['service_id'] = service_id

        if (len(
                service_api_client.get_services({
                    'user_id': session['user_id']
                }).get('data', [])) > 1):
            return redirect(
                url_for('main.service_dashboard', service_id=service_id))

        example_sms_template = service_api_client.create_service_template(
            'Example text message template', 'sms',
            'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).',
            service_id)

        return redirect(
            url_for('main.send_test',
                    service_id=service_id,
                    template_id=example_sms_template['data']['id'],
                    help=1))
    else:
        return render_template('views/add-service.html',
                               form=form,
                               heading=heading)
def register_from_invite():
    form = RegisterUserFromInviteForm()
    invited_user = session.get('invited_user')
    if not invited_user:
        abort(404)

    if form.validate_on_submit():
        if form.service.data != invited_user['service'] or form.email_address.data != invited_user['email_address']:
            abort(400)
        _do_registration(form, send_email=False)
        invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
        return redirect(url_for('main.verify'))

    form.service.data = invited_user['service']
    form.email_address.data = invited_user['email_address']

    return render_template('views/register-from-invite.html', email_address=invited_user['email_address'], form=form)
def add_service():
    invited_user = session.get('invited_user')
    if invited_user:
        invitation = InvitedUser(**invited_user)
        # if invited user add to service and redirect to dashboard
        user = user_api_client.get_user(session['user_id'])
        service_id = invited_user['service']
        user_api_client.add_user_to_service(service_id, user.id, invitation.permissions)
        invite_api_client.accept_invite(service_id, invitation.id)
        return redirect(url_for('main.service_dashboard', service_id=service_id))

    form = AddServiceForm(service_api_client.find_all_service_email_from)
    heading = 'Which service do you want to set up notifications for?'
    if form.validate_on_submit():
        email_from = email_safe(form.name.data)
        service_id = service_api_client.create_service(service_name=form.name.data,
                                                       active=False,
                                                       message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'],
                                                       restricted=True,
                                                       user_id=session['user_id'],
                                                       email_from=email_from)
        session['service_id'] = service_id

        if (len(service_api_client.get_services({'user_id': session['user_id']}).get('data', [])) > 1):
            return redirect(url_for('main.service_dashboard', service_id=service_id))

        example_sms_template = service_api_client.create_service_template(
            'Example text message template',
            'sms',
            'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).',
            service_id
        )

        return redirect(url_for(
            'main.send_test',
            service_id=service_id,
            template_id=example_sms_template['data']['id'],
            help=1
        ))
    else:
        return render_template(
            'views/add-service.html',
            form=form,
            heading=heading
        )
Beispiel #11
0
def accept_invite(token):

    invited_user = invite_api_client.check_token(token)

    if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
        message = Markup("""
            You’re signed in as {}.
            This invite is for another email address.
            <a href={}>Sign out</a> and click the link again to accept this invite.
            """.format(
            current_user.email_address,
            url_for("main.sign_out", _external=True)))

        flash(message=message)

        abort(403)

    if invited_user.status == 'cancelled':
        from_user = user_api_client.get_user(invited_user.from_user)
        service = service_api_client.get_service(invited_user.service)['data']
        return render_template('views/cancelled-invitation.html',
                               from_user=from_user.name,
                               service_name=service['name'])

    if invited_user.status == 'accepted':
        session.pop('invited_user', None)
        return redirect(url_for('main.service_dashboard', service_id=invited_user.service))

    session['invited_user'] = invited_user.serialize()

    existing_user = user_api_client.get_user_by_email_or_none(invited_user.email_address)
    service_users = user_api_client.get_users_for_service(invited_user.service)

    if existing_user:
        invite_api_client.accept_invite(invited_user.service, invited_user.id)
        if existing_user in service_users:
            return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
        else:
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
            return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
    else:
        return redirect(url_for('main.register_from_invite'))
Beispiel #12
0
def accept_invite(token):
    try:
        invited_user = invite_api_client.check_token(token)
    except HTTPError as e:
        if e.status_code == 400 and 'invitation' in e.message:
            flash(e.message['invitation'])
            return redirect(url_for('main.sign_in'))
        else:
            raise e

    if not current_user.is_anonymous and current_user.email_address.lower(
    ) != invited_user.email_address.lower():
        message = Markup("""
            You’re signed in as {}.
            This invite is for another email address.
            <a href={}>Sign out</a> and click the link again to accept this invite.
            """.format(current_user.email_address,
                       url_for("main.sign_out", _external=True)))

        flash(message=message)

        abort(403)

    if invited_user.status == 'cancelled':
        from_user = user_api_client.get_user(invited_user.from_user)
        service = service_api_client.get_service(invited_user.service)['data']
        return render_template('views/cancelled-invitation.html',
                               from_user=from_user.name,
                               service_name=service['name'])

    if invited_user.status == 'accepted':
        session.pop('invited_user', None)
        return redirect(
            url_for('main.service_dashboard', service_id=invited_user.service))

    session['invited_user'] = invited_user.serialize()

    existing_user = user_api_client.get_user_by_email_or_none(
        invited_user.email_address)
    service_users = user_api_client.get_users_for_service(invited_user.service)

    if existing_user:
        invite_api_client.accept_invite(invited_user.service, invited_user.id)
        if existing_user in service_users:
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
        else:
            service = service_api_client.get_service(
                invited_user.service)['data']
            # if the service you're being added to can modify auth type, then check if this is relevant
            if 'email_auth' in service['permissions'] and (
                    # they have a phone number, we want them to start using it. if they dont have a mobile we just
                    # ignore that option of the invite
                (existing_user.mobile_number
                 and invited_user.auth_type == 'sms_auth') or
                    # we want them to start sending emails. it's always valid, so lets always update
                    invited_user.auth_type == 'email_auth'):
                user_api_client.update_user_attribute(
                    existing_user.id, auth_type=invited_user.auth_type)
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
    else:
        return redirect(url_for('main.register_from_invite'))
Beispiel #13
0
def accept_invite(token):
    try:
        check_token(token, current_app.config['SECRET_KEY'],
                    current_app.config['DANGEROUS_SALT'],
                    current_app.config['INVITATION_EXPIRY_SECONDS'])
    except SignatureExpired:
        errors = [
            'Your invitation to GOV.UK Notify has expired. '
            'Please ask the person that invited you to send you another one'
        ]
        return render_template("error/400.html", message=errors), 400

    invited_user = invite_api_client.check_token(token)

    if not current_user.is_anonymous and current_user.email_address.lower(
    ) != invited_user.email_address.lower():
        message = Markup("""
            You’re signed in as {}.
            This invite is for another email address.
            <a href={}>Sign out</a> and click the link again to accept this invite.
            """.format(current_user.email_address,
                       url_for("main.sign_out", _external=True)))

        flash(message=message)

        abort(403)

    if invited_user.status == 'cancelled':
        from_user = user_api_client.get_user(invited_user.from_user)
        service = service_api_client.get_service(invited_user.service)['data']
        return render_template('views/cancelled-invitation.html',
                               from_user=from_user.name,
                               service_name=service['name'])

    if invited_user.status == 'accepted':
        session.pop('invited_user', None)
        return redirect(
            url_for('main.service_dashboard', service_id=invited_user.service))

    session['invited_user'] = invited_user.serialize()

    existing_user = user_api_client.get_user_by_email_or_none(
        invited_user.email_address)
    service_users = user_api_client.get_users_for_service(invited_user.service)

    if existing_user:
        invite_api_client.accept_invite(invited_user.service, invited_user.id)
        if existing_user in service_users:
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
        else:
            service = service_api_client.get_service(
                invited_user.service)['data']
            # if the service you're being added to can modify auth type, then check if this is relevant
            if 'email_auth' in service['permissions'] and (
                    # they have a phone number, we want them to start using it. if they dont have a mobile we just
                    # ignore that option of the invite
                (existing_user.mobile_number
                 and invited_user.auth_type == 'sms_auth') or
                    # we want them to start sending emails. it's always valid, so lets always update
                    invited_user.auth_type == 'email_auth'):
                user_api_client.update_user_attribute(
                    existing_user.id, auth_type=invited_user.auth_type)
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
    else:
        return redirect(url_for('main.register_from_invite'))