def activate(request, headers):
if request.method == 'GET':
return render(request, "company_portal/activate_account.html")
elif request.method == 'POST':
new_password = request.POST.get('new_password')
if new_password == request.POST.get('confirm_password'):
# Make activate account API call
data = {"password": hashlib.sha256(new_password).hexdigest()}
data['email'] = request.session['username']
data['company_id'] = request.session['company_id']
response = requests.put("{}/user/activate-user".format(settings.COMPANY_WS_URL), data=data, headers=headers)
validate_api_call(response, [])
# Once the call succeeds, correct their session information and log them in
request.session['activated'] = True
request.session['reset_password'] = False
request.session['auth'] = "Basic {}".format(base64.urlsafe_b64encode("{}:{}".format(data['email'], data['password'])))
return redirect((reverse('company_login')))
else:
messages.error(request,
'Your activation password could not be validated. Please try again or contact SFO Landside Operations.')
return render(request, "company_portal/activate_account.html", "")
def get_company_contact_info(request, headers):
response = requests.get("{}/company/{}/company-contact".format(
settings.COMPANY_WS_URL, request.session['company_id']),
headers=headers)
validate_api_call(response, [])
data = json.loads(response.text)
return JsonResponse(data, safe=False)
def get_company_available_destinations(request, headers):
response = requests.get("{}/company/{}/trip-destination".format(
settings.COMPANY_WS_URL, request.session['company_id']),
headers=headers)
validate_api_call(response, [])
data = json.loads(response.text)
return JsonResponse(data, safe=False)
def wrapper(request, *args, **kw):
headers = {"authorization": request.session['auth'], "company_id": str(request.session['company_id'])}
response = requests.get("{}/company/{}".format(settings.COMPANY_WS_URL, request.session['company_id']), headers=headers)
validate_api_call(response, [403])
company_data = json.loads(response.text)['company'][0]
if company_data['enabled']:
kw['headers'] = headers
return function(request, *args, **kw)
else:
return JsonResponse({"status": 'false', "reason": company_data['audit_action_reason']}, status=401)
def wrapper(request, *args, **kw):
headers = {"authorization": request.session['auth'], "company_id": str(request.session['company_id'])}
response = requests.get("{}/user".format(settings.COMPANY_WS_URL), headers=headers)
validate_api_call(response, [403])
user_data = json.loads(response.text)['users'][0]
if user_data['enabled']:
kw['headers'] = headers
return function(request, *args, **kw)
else:
return HttpResponse(status=401)
def create_audit(request, headers, action_reason, resource_name,
action_description, action_name, company_id, action_on_user):
data = {"action_id": get_action_id(headers, action_name)}
data['company_id'] = company_id
data['action_description'] = action_description
data['action_by_user_role_id'] = request.session['role_id']
data['action_by_user'] = request.session['username']
data['resource_name'] = resource_name
data['action_reason'] = action_reason
data['action_on_user'] = action_on_user
response = requests.post("{}/audit".format(settings.COORDINATOR_WS_URL),
data=data,
headers=headers)
validate_api_call(response, [])
def reset_password(request):
if request.method == 'GET':
# Validate the uuid token
if is_valid_uuid4(request.GET.get("t")):
token = uuid.UUID(request.GET.get("t")).hex
# If the token is in the database, get it
if Token_Entry.tokens.filter(pk=token).exists():
reset_data = Token_Entry.tokens.get(pk=token)
# If the token has not expired
margin = datetime.timedelta(hours=reset_data.expires_in_hours)
if reset_data.created_at <= timezone.now() <= reset_data.created_at + margin:
return render(request, "company_portal/reset_password.html", {"email": reset_data.email.lower(),
"company_id": reset_data.company_id,
"token": request.GET.get("t")})
else:
messages.error(request,
'Your password expiration link has expired. Please reset your password and try again.')
return redirect((reverse('company_login')))
messages.error(request, 'Your password expiration link has expired. Please reset your password and try again.')
return redirect((reverse('company_login')))
elif request.method == 'POST':
# Reset the user's password
data = {"email": request.POST.get('email').lower()}
data['company_id'] = request.POST.get('company_id')
# SHA 256 hash the password
data['password'] = hashlib.sha256(request.POST.get('password')).hexdigest()
response = requests.put("{}/user/forgot-password".format(settings.COMPANY_WS_URL), data=data)
validate_api_call(response, [])
# Then delete their reset password authentication
if is_valid_uuid4(request.POST.get("token")):
token = uuid.UUID(request.POST.get("token")).hex
if Token_Entry.tokens.filter(pk=token).exists():
token_to_delete = Token_Entry.tokens.get(pk=token)
token_to_delete.delete()
messages.success(request, 'Password reset!')
return redirect((reverse('company_login')))
def get_all_company_editable_info(request, headers):
response = requests.get("{}/company/{}/curbside-checkin".format(
settings.COMPANY_WS_URL, request.session['company_id']),
headers=headers)
validate_api_call(response, [])
editable_info = {
"curbside_checkin": json.loads(response.text)['curbside_checkin']
}
response = requests.get("{}/company/{}/company-contact".format(
settings.COMPANY_WS_URL, request.session['company_id']),
headers=headers)
validate_api_call(response, [])
editable_info['company_contact'] = json.loads(
response.text)['company_contact']
return JsonResponse(editable_info, safe=False)
def edit_contact_info(request, headers):
information_data = json.loads(request.body)['information_data']
# First iterate through curbside_checkins
for curbside in information_data['curbside_checkin']:
response = requests.put("{}/company/{}/curbside-checkin/{}".format(
settings.COMPANY_WS_URL, request.session['company_id'],
curbside['curbside_checkin_id']),
params={"enabled": curbside['enabled']},
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "CURBSIDE_CHECKIN",
"Set curbside checkin option '{}' to '{}'".format(
curbside['terminal'], parse_status(curbside['enabled'])),
"UPDATE", request.session['company_id'], None)
# Next iterate through company_contacts
for contact in information_data['company_contact']:
response = requests.put("{}/company/{}/company-contact/{}".format(
settings.COMPANY_WS_URL, request.session['company_id'],
contact['company_contact_id']),
params={"enabled": contact['enabled']},
headers=headers)
validate_api_call(response, [])
create_audit(
request, headers, None, "COMPANY_CONTACT",
"Set contact information '{}' to '{}'".format(
contact['contact_info'], parse_status(contact['enabled'])),
"UPDATE", request.session['company_id'], None)
# Finally, let the display know we've made changes to a company's contact info or curbside checkins
params = {"company_id": request.session['company_id']}
display_response = requests.get("{}/display/company_contacts".format(
settings.COORDINATOR_WS_URL),
params=params)
validate_api_call(display_response, [])
# Return a 200 to the front-end
data = {"status_code": 200}
return JsonResponse(data, safe=False)
def forgot_password(request):
if request.method == 'GET':
response = requests.get("{}/company".format(settings.COMPANY_WS_URL))
validate_api_call(response, [])
all_companies = json.loads(response.text)['companies']
return render(request, "company_portal/forgot_password.html", {"all_companies": all_companies})
elif request.method == 'POST':
reset_email = request.POST.get('email').lower()
company_id = request.POST.get('company_id')
# First make an API call to see if the password is in the user table
response = requests.get("{}/user/validate-email".format(settings.COMPANY_WS_URL), params={"email": reset_email, "company_id": company_id})
validate_api_call(response, [404])
if response.status_code == 200:
user_info = json.loads(response.text)['users'][0]
if user_info['activated']:
# If it is, send off an email to reset the password
url = "https://sharedridevans.flysfo.com/company/reset_password"
if settings.BUILD_ENV == "LOCAL":
url = "127.0.0.1:8000/company/reset_password"
elif settings.BUILD_ENV == "DEV":
url = "dev-srv.flysfo.com/company/reset_password"
elif settings.BUILD_ENV == "QA":
url = "https://qa-srv.flysfo.com/company/reset_password"
elif settings.BUILD_ENV == "STG":
url = "https://stg-sharedridevans.flysfo.com/company/reset_password"
# Attempt to create the token entry in the token table
# Create a random primary key (uuid)
new_uuid = uuid.uuid4()
# Continue to make new uuids until a unique uuid is generated (should not run more than once)
while Token_Entry.tokens.filter(pk=new_uuid).exists():
new_uuid = uuid.uuid4()
# A unique uuid was created, so now store the reset password entry in the database
token = Token_Entry(uuid=new_uuid, email=reset_email, company_id=company_id, expires_in_hours=settings.TOKEN_EXPIRE_TIME_HOURS)
token.save()
# Construct the url and email to send out
url = url+"?t="+str(new_uuid)
email_data = {"from": "*****@*****.**"}
email_data['to'] = reset_email
email_data['isHtml'] = True
email_data['subject'] = "Shared Ride Vans - Reset Password"
email_raw = loader.render_to_string('company_portal/forgot_password_email.html',
{"name": user_info['first_name'] + " " + user_info['last_name'],
"url": url})
email_data['message'] = email_raw
# Then send the email with the url
response = requests.post("{}/email".format(settings.EMAIL_WS_URL),
files=(('test', 'email'), ('test2', 'email2')), data=email_data, headers=settings.SERVICE_AUTH_HEADER)
validate_api_call(response, [])
messages.success(request, 'Reset password request accepted! Check your email for your password reset link.')
return redirect((reverse('company_login')))
else:
messages.error(request, 'You must activate your account before you can reset your password!')
return redirect((reverse('company_login')))
messages.success(request, 'Reset password request accepted! If your email is registered with Shared Rides, you will recieve an email with your password reset link.');
return redirect((reverse('company_login')))
def login(request):
try:
# GET requests to the page return the page itself
if request.session.session_key and 'role' in request.session and 'activated' in request.session:
if request.session['activated']:
if request.GET.get('next'):
return redirect(request.GET.get('next'))
return render(request, "company_portal/app.html")
else:
return render(request, "company_portal/activate_account.html")
# POST request to the page attempt to validate the credentials and log-in the user
elif request.method == 'POST':
form = LoginForm(request.POST)
if form.is_valid():
email = request.POST.get('username').lower()
password = hashlib.sha256(request.POST.get('password')).hexdigest()
company_id = request.POST.get("company_id")
# Attempt to GET the user from the company user table
headers = {"authorization": "Basic {}".format(base64.urlsafe_b64encode("{}:{}".format(email, password))), "company_id": str(company_id)}
response = requests.get("{}/user".format(settings.COMPANY_WS_URL), headers=headers)
validate_api_call(response, [403])
# 200 implies successful login
if response.status_code == 200:
data = json.loads(response.text)['users'][0]
# If the user's account is not deleted
if not data['deleted']:
request.session["logged_in"] = True
request.session["first_name"] = data["first_name"]
request.session["last_name"] = data["last_name"]
request.session["username"] = data["email"].lower()
request.session["user_id"] = data["user_id"]
request.session["role"] = data['role']['role_name']
request.session["role_id"] = data['role']['role_id']
request.session['activated'] = data['activated']
request.session['enabled'] = data['enabled']
request.session['reset_password'] = data['reset_password']
request.session["auth"] = headers['authorization']
request.session["company_id"] = data["company_id"]
# If the account is not activated (just created by an Landside Admin)
if not request.session['activated'] and request.session['reset_password']:
# Send them to activate their account
return render(request, "company_portal/activate_account.html")
# Redirect to next/app page
elif request.GET.get('next'):
return redirect(request.GET.get('next'))
return render(request, "company_portal/app.html")
# Otherwise don't allow the user to enter
else:
messages.error(request, 'Wrong username / password combination.')
response = requests.get("{}/company".format(settings.COMPANY_WS_URL))
validate_api_call(response, [])
all_companies = json.loads(response.text)['companies']
return redirect(reverse('company_login'), {"all_companies": all_companies})
# 403 implies the user entered an incorrect username / password combination
elif response.status_code == 403:
messages.error(request, 'Wrong username or password.')
response = requests.get("{}/company".format(settings.COMPANY_WS_URL))
validate_api_call(response, [])
all_companies = json.loads(response.text)['companies']
return redirect(reverse('company_login'), {"all_companies": all_companies})
else:
messages.error(request,
'Your login information could not be validated. Please try again or contact SFO Landside Operations.')
response = requests.get("{}/company".format(settings.COMPANY_WS_URL))
validate_api_call(response, [])
all_companies = json.loads(response.text)['companies']
return redirect(reverse('company_login'), {"all_companies": all_companies})
# Any other request redirects to the login page regardless
else:
response = requests.get("{}/company".format(settings.COMPANY_WS_URL))
validate_api_call(response, [])
all_companies = json.loads(response.text)['companies']
return render(request, "company_portal/login.html", {"all_companies": all_companies})
except KeyError:
django_logout(request)
response = requests.get("{}/company".format(settings.COMPANY_WS_URL))
validate_api_call(response, [])
all_companies = json.loads(response.text)['companies']
return redirect(reverse('company_login'), {"all_companies": all_companies})
