def factory_membersip_model(session):
"""Produce a templated org model."""
user = factory_user_model()
org_type = OrgTypeModel(code='TEST', description='Test')
session.add(org_type)
session.commit()
org_status = OrgStatusModel(code='TEST', description='Test')
session.add(org_status)
session.commit()
preferred_payment = PaymentTypeModel(code='TEST', description='Test')
session.add(preferred_payment)
session.commit()
org = OrgModel(name='Test Org')
org.org_type = org_type
org.org_status = OrgStatusModel.get_default_status()
org.preferred_payment = preferred_payment
org.save()
membership = MembershipModel(org_id=org.id,
user_id=user.id,
membership_type_code=ADMIN,
status=1)
membership.save()
return membership
def _add_org_membership(org_id, user_id, membership_type):
membership = MembershipModel(
org_id=org_id,
user_id=user_id,
membership_type_code=membership_type,
membership_type_status=Status.ACTIVE.value)
membership.save()
def test_delete_user_is_member_returns_204(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Test if the user is the member of a team assert status is 204."""
user_model = factory_user_model(user_info=TestUserInfo.user_test)
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.user = user_model
contact_link.commit()
org = OrgService.create_org(TestOrgInfo.org1, user_id=user_model.id)
org_dictionary = org.as_dict()
org_id = org_dictionary['id']
entity = factory_entity_model(entity_info=TestEntityInfo.entity_lear_mock)
affiliation = AffiliationModel(org_id=org_id, entity_id=entity.id)
affiliation.save()
user_model2 = factory_user_model(user_info=TestUserInfo.user2)
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.user = user_model2
contact_link.commit()
membership = MembershipModel(org_id=org_id, user_id=user_model2.id, membership_type_code='MEMBER',
membership_type_status=Status.ACTIVE.value)
membership.save()
claims = copy.deepcopy(TestJwtClaims.public_user_role.value)
claims['sub'] = str(user_model2.keycloak_guid)
headers = factory_auth_header(jwt=jwt, claims=claims)
rv = client.delete('/api/v1/users/@me', headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
def accept_invitation(invitation_id, user: UserService, origin, add_membership: bool = True,
token_info: Dict = None):
"""Add user, role and org from the invitation to membership."""
current_app.logger.debug('>accept_invitation')
invitation: InvitationModel = InvitationModel.find_invitation_by_id(invitation_id)
if invitation is None:
raise BusinessException(Error.DATA_NOT_FOUND, None)
if invitation.invitation_status_code == 'ACCEPTED':
raise BusinessException(Error.ACTIONED_INVITATION, None)
if invitation.invitation_status_code == 'EXPIRED':
raise BusinessException(Error.EXPIRED_INVITATION, None)
if getattr(token_info, 'loginSource', None) is not None: # bcros comes with out token
login_source = token_info.get('loginSource', None)
if invitation.login_source != login_source:
raise BusinessException(Error.INVALID_USER_CREDENTIALS, None)
if add_membership:
for membership in invitation.membership:
membership_model = MembershipModel()
membership_model.org_id = membership.org_id
membership_model.user_id = user.identifier
membership_model.membership_type = membership.membership_type
# check to ensure an invitation for this user/org has not already been processed
existing_membership = MembershipService \
.get_membership_for_org_and_user(org_id=membership_model.org_id, user_id=membership_model.user_id)
if existing_membership:
raise BusinessException(Error.DATA_ALREADY_EXISTS, None)
org_model: OrgModel = OrgModel.find_by_org_id(membership.org_id)
# GOVM users gets direct approval since they are IDIR users.
membership_model.status = Invitation._get_status_based_on_org(org_model)
membership_model.save()
try:
Invitation.notify_admin(user, invitation_id, membership_model.id, origin)
except BusinessException as exception:
current_app.logger.error('<send_notification_to_admin failed', exception.message)
invitation.accepted_date = datetime.now()
invitation.invitation_status = InvitationStatusModel.get_status_by_code('ACCEPTED')
invitation.save()
# Call keycloak to add the user to the group.
if user:
group_name: str = KeycloakService.join_users_group(token_info)
KeycloakService.join_account_holders_group(user.keycloak_guid)
if group_name == GROUP_GOV_ACCOUNT_USERS:
# TODO Remove this if gov account users needs Terms of Use.
tos_document = DocumentsModel.fetch_latest_document_by_type(DocumentType.TERMS_OF_USE.value)
user.update_terms_of_use(token_info, True, tos_document.version_id)
# Add contact to the user.
user.add_contact(token_info, dict(email=token_info.get('email', None)))
current_app.logger.debug('<accept_invitation')
return Invitation(invitation)
def accept_invitation(invitation_id,
user,
origin,
add_membership: bool = True):
"""Add user, role and org from the invitation to membership."""
current_app.logger.debug('>accept_invitation')
invitation: InvitationModel = InvitationModel.find_invitation_by_id(
invitation_id)
if invitation is None:
raise BusinessException(Error.DATA_NOT_FOUND, None)
if invitation.invitation_status_code == 'ACCEPTED':
raise BusinessException(Error.ACTIONED_INVITATION, None)
if invitation.invitation_status_code == 'EXPIRED':
raise BusinessException(Error.EXPIRED_INVITATION, None)
if add_membership:
for membership in invitation.membership:
membership_model = MembershipModel()
membership_model.org_id = membership.org_id
membership_model.user_id = user.identifier
membership_model.membership_type = membership.membership_type
# check to ensure an invitation for this user/org has not already been processed
existing_membership = MembershipService \
.get_membership_for_org_and_user(org_id=membership_model.org_id, user_id=membership_model.user_id)
if existing_membership:
raise BusinessException(Error.DATA_ALREADY_EXISTS, None)
# user needs to get approval
is_auto_approval = OrgSettingsModel.is_admin_auto_approved_invitees(
membership.org_id)
if is_auto_approval:
membership_model.status = Status.ACTIVE.value
else:
membership_model.status = Status.PENDING_APPROVAL.value
membership_model.save()
if not is_auto_approval:
try:
Invitation.notify_admin(user, invitation_id,
membership_model.id, origin)
except BusinessException as exception:
current_app.logger.error(
'<send_notification_to_admin failed',
exception.message)
invitation.accepted_date = datetime.now()
invitation.invitation_status = InvitationStatusModel.get_status_by_code(
'ACCEPTED')
invitation.save()
current_app.logger.debug('<accept_invitation')
return Invitation(invitation)
def accept_invitation(invitation_id,
user,
origin,
add_membership: bool = True,
token_info: Dict = None):
"""Add user, role and org from the invitation to membership."""
current_app.logger.debug('>accept_invitation')
invitation: InvitationModel = InvitationModel.find_invitation_by_id(
invitation_id)
if invitation is None:
raise BusinessException(Error.DATA_NOT_FOUND, None)
if invitation.invitation_status_code == 'ACCEPTED':
raise BusinessException(Error.ACTIONED_INVITATION, None)
if invitation.invitation_status_code == 'EXPIRED':
raise BusinessException(Error.EXPIRED_INVITATION, None)
if getattr(token_info, 'loginSource',
None) is not None: # bcros comes with out token
login_source = token_info.get('loginSource', None)
if invitation.login_source != login_source:
raise BusinessException(Error.INVALID_USER_CREDENTIALS, None)
if add_membership:
for membership in invitation.membership:
membership_model = MembershipModel()
membership_model.org_id = membership.org_id
membership_model.user_id = user.identifier
membership_model.membership_type = membership.membership_type
# check to ensure an invitation for this user/org has not already been processed
existing_membership = MembershipService \
.get_membership_for_org_and_user(org_id=membership_model.org_id, user_id=membership_model.user_id)
if existing_membership:
raise BusinessException(Error.DATA_ALREADY_EXISTS, None)
membership_model.status = Status.PENDING_APPROVAL.value
membership_model.save()
try:
Invitation.notify_admin(user, invitation_id,
membership_model.id, origin)
except BusinessException as exception:
current_app.logger.error(
'<send_notification_to_admin failed',
exception.message)
invitation.accepted_date = datetime.now()
invitation.invitation_status = InvitationStatusModel.get_status_by_code(
'ACCEPTED')
invitation.save()
current_app.logger.debug('<accept_invitation')
return Invitation(invitation)
def test_get_count_active_owner_org_id_multiple(session): # pylint:disable=unused-argument
"""Assert that an Org can be updated from a dictionary."""
membership1 = factory_membersip_model(session)
user2 = factory_user_model(TestUserInfo.user2)
membership2 = MembershipModel(org_id=membership1.org_id,
user_id=user2.id,
membership_type_code=ADMIN,
status=1)
membership2.save()
assert MembershipModel.get_count_active_owner_org_id(
membership2.org_id) == 2
def create_org(org_info: dict, user_id):
"""Create a new organization."""
current_app.logger.debug('<create_org ')
existing_similar__org = OrgModel.find_similar_org_by_name(org_info['name'])
if existing_similar__org is not None:
raise BusinessException(Error.DATA_CONFLICT, None)
org = OrgModel.create_from_dict(camelback2snake(org_info))
org.save()
current_app.logger.info(f'<created_org org_id:{org.id}')
# create the membership record for this user
membership = MembershipModel(org_id=org.id, user_id=user_id, membership_type_code='OWNER',
membership_type_status=Status.ACTIVE.value)
membership.save()
return Org(org)
def test_delete_user_where_org_has_another_owner(session, auth_mock,
keycloak_mock, monkeypatch): # pylint:disable=unused-argument
"""Assert that a user can be deleted."""
# Create a user and org
user_model = factory_user_model(user_info=TestUserInfo.user_test)
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.user = user_model
contact_link.commit()
patch_token_info(TestJwtClaims.get_test_user(user_model.keycloak_guid),
monkeypatch)
org = OrgService.create_org(TestOrgInfo.org1, user_id=user_model.id)
org_dictionary = org.as_dict()
org_id = org_dictionary['id']
entity = factory_entity_model(entity_info=TestEntityInfo.entity_lear_mock)
affiliation = AffiliationModel(org_id=org_id, entity_id=entity.id)
affiliation.save()
# Create another user and add membership to the above org
user_model2 = factory_user_model(user_info=TestUserInfo.user2)
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.user = user_model2
contact_link.commit()
membership = MembershipModel(org_id=org_id,
user_id=user_model2.id,
membership_type_code='ADMIN',
membership_type_status=Status.ACTIVE.value)
membership.save()
membership.commit()
# with pytest.raises(BusinessException) as exception:
patch_token_info(TestJwtClaims.get_test_user(user_model2.keycloak_guid),
monkeypatch)
UserService.delete_user()
updated_user = UserModel.find_by_jwt_token()
assert len(updated_user.contacts) == 0
user_orgs = MembershipModel.find_orgs_for_user(updated_user.id)
for org in user_orgs:
assert org.status_code == 'INACTIVE'
def create_org(org_info: dict, user_id, token_info: Dict = None):
"""Create a new organization."""
current_app.logger.debug('<create_org ')
is_staff_admin = token_info and 'staff_admin' in token_info.get(
'realm_access').get('roles')
if not is_staff_admin: # staff can create any number of orgs
count = OrgModel.get_count_of_org_created_by_user_id(user_id)
if count >= current_app.config.get('MAX_NUMBER_OF_ORGS'):
raise BusinessException(Error.MAX_NUMBER_OF_ORGS_LIMIT, None)
if org_info.get('accessType', None) == AccessType.ANONYMOUS.value:
raise BusinessException(Error.USER_CANT_CREATE_ANONYMOUS_ORG,
None)
existing_similar__org = OrgModel.find_similar_org_by_name(
org_info['name'])
if existing_similar__org is not None:
raise BusinessException(Error.DATA_CONFLICT, None)
org = OrgModel.create_from_dict(camelback2snake(org_info))
if is_staff_admin:
org.access_type = AccessType.ANONYMOUS.value
org.billable = False
else:
org.access_type = AccessType.BCSC.value
org.billable = True
org.save()
current_app.logger.info(f'<created_org org_id:{org.id}')
# create the membership record for this user if its not created by staff and access_type is anonymous
if not is_staff_admin and org_info.get(
'access_type') != AccessType.ANONYMOUS:
membership = MembershipModel(
org_id=org.id,
user_id=user_id,
membership_type_code='OWNER',
membership_type_status=Status.ACTIVE.value)
membership.save()
# Add the user to account_holders group
KeycloakService.join_account_holders_group()
# TODO Remove later, create payment settings now with default values
AccountPaymentModel.create_from_dict({'org_id': org.id})
return Org(org)
def accept_invitation(invitation_id, user, origin):
"""Add user, role and org from the invitation to membership."""
current_app.logger.debug('>accept_invitation')
invitation: InvitationModel = InvitationModel.find_invitation_by_id(
invitation_id)
if invitation is None:
raise BusinessException(Error.DATA_NOT_FOUND, None)
if invitation.invitation_status_code == 'ACCEPTED':
raise BusinessException(Error.ACTIONED_INVITATION, None)
if invitation.invitation_status_code == 'EXPIRED':
raise BusinessException(Error.EXPIRED_INVITATION, None)
# TODO : isnt this only one?remove for loop
for membership in invitation.membership:
membership_model = MembershipModel()
membership_model.org_id = membership.org_id
membership_model.user_id = user.identifier
membership_model.membership_type = membership.membership_type
# user needs to get approval
is_auto_approval = OrgSettingsModel.is_admin_auto_approved_invitees(
membership.org_id)
if is_auto_approval:
membership_model.status = Status.ACTIVE.value
else:
membership_model.status = Status.PENDING_APPROVAL.value
membership_model.save()
if not is_auto_approval:
try:
Invitation.notify_admin(user, invitation_id,
membership_model.id, origin)
except BusinessException as exception:
current_app.logger.error(
'<send_notification_to_admin failed',
exception.message)
invitation.accepted_date = datetime.now()
invitation.invitation_status = InvitationStatusModel.get_status_by_code(
'ACCEPTED')
invitation.save()
current_app.logger.debug('<accept_invitation')
return Invitation(invitation)
