def activate(request, headers): if request.method == 'GET': return render(request, "company_portal/activate_account.html") elif request.method == 'POST': new_password = request.POST.get('new_password') if new_password == request.POST.get('confirm_password'): # Make activate account API call data = {"password": hashlib.sha256(new_password).hexdigest()} data['email'] = request.session['username'] data['company_id'] = request.session['company_id'] response = requests.put("{}/user/activate-user".format(settings.COMPANY_WS_URL), data=data, headers=headers) validate_api_call(response, []) # Once the call succeeds, correct their session information and log them in request.session['activated'] = True request.session['reset_password'] = False request.session['auth'] = "Basic {}".format(base64.urlsafe_b64encode("{}:{}".format(data['email'], data['password']))) return redirect((reverse('company_login'))) else: messages.error(request, 'Your activation password could not be validated. Please try again or contact SFO Landside Operations.') return render(request, "company_portal/activate_account.html", "")
def get_company_contact_info(request, headers): response = requests.get("{}/company/{}/company-contact".format( settings.COMPANY_WS_URL, request.session['company_id']), headers=headers) validate_api_call(response, []) data = json.loads(response.text) return JsonResponse(data, safe=False)
def get_company_available_destinations(request, headers): response = requests.get("{}/company/{}/trip-destination".format( settings.COMPANY_WS_URL, request.session['company_id']), headers=headers) validate_api_call(response, []) data = json.loads(response.text) return JsonResponse(data, safe=False)
def wrapper(request, *args, **kw): headers = {"authorization": request.session['auth'], "company_id": str(request.session['company_id'])} response = requests.get("{}/company/{}".format(settings.COMPANY_WS_URL, request.session['company_id']), headers=headers) validate_api_call(response, [403]) company_data = json.loads(response.text)['company'][0] if company_data['enabled']: kw['headers'] = headers return function(request, *args, **kw) else: return JsonResponse({"status": 'false', "reason": company_data['audit_action_reason']}, status=401)
def wrapper(request, *args, **kw): headers = {"authorization": request.session['auth'], "company_id": str(request.session['company_id'])} response = requests.get("{}/user".format(settings.COMPANY_WS_URL), headers=headers) validate_api_call(response, [403]) user_data = json.loads(response.text)['users'][0] if user_data['enabled']: kw['headers'] = headers return function(request, *args, **kw) else: return HttpResponse(status=401)
def create_audit(request, headers, action_reason, resource_name, action_description, action_name, company_id, action_on_user): data = {"action_id": get_action_id(headers, action_name)} data['company_id'] = company_id data['action_description'] = action_description data['action_by_user_role_id'] = request.session['role_id'] data['action_by_user'] = request.session['username'] data['resource_name'] = resource_name data['action_reason'] = action_reason data['action_on_user'] = action_on_user response = requests.post("{}/audit".format(settings.COORDINATOR_WS_URL), data=data, headers=headers) validate_api_call(response, [])
def reset_password(request): if request.method == 'GET': # Validate the uuid token if is_valid_uuid4(request.GET.get("t")): token = uuid.UUID(request.GET.get("t")).hex # If the token is in the database, get it if Token_Entry.tokens.filter(pk=token).exists(): reset_data = Token_Entry.tokens.get(pk=token) # If the token has not expired margin = datetime.timedelta(hours=reset_data.expires_in_hours) if reset_data.created_at <= timezone.now() <= reset_data.created_at + margin: return render(request, "company_portal/reset_password.html", {"email": reset_data.email.lower(), "company_id": reset_data.company_id, "token": request.GET.get("t")}) else: messages.error(request, 'Your password expiration link has expired. Please reset your password and try again.') return redirect((reverse('company_login'))) messages.error(request, 'Your password expiration link has expired. Please reset your password and try again.') return redirect((reverse('company_login'))) elif request.method == 'POST': # Reset the user's password data = {"email": request.POST.get('email').lower()} data['company_id'] = request.POST.get('company_id') # SHA 256 hash the password data['password'] = hashlib.sha256(request.POST.get('password')).hexdigest() response = requests.put("{}/user/forgot-password".format(settings.COMPANY_WS_URL), data=data) validate_api_call(response, []) # Then delete their reset password authentication if is_valid_uuid4(request.POST.get("token")): token = uuid.UUID(request.POST.get("token")).hex if Token_Entry.tokens.filter(pk=token).exists(): token_to_delete = Token_Entry.tokens.get(pk=token) token_to_delete.delete() messages.success(request, 'Password reset!') return redirect((reverse('company_login')))
def get_all_company_editable_info(request, headers): response = requests.get("{}/company/{}/curbside-checkin".format( settings.COMPANY_WS_URL, request.session['company_id']), headers=headers) validate_api_call(response, []) editable_info = { "curbside_checkin": json.loads(response.text)['curbside_checkin'] } response = requests.get("{}/company/{}/company-contact".format( settings.COMPANY_WS_URL, request.session['company_id']), headers=headers) validate_api_call(response, []) editable_info['company_contact'] = json.loads( response.text)['company_contact'] return JsonResponse(editable_info, safe=False)
def edit_contact_info(request, headers): information_data = json.loads(request.body)['information_data'] # First iterate through curbside_checkins for curbside in information_data['curbside_checkin']: response = requests.put("{}/company/{}/curbside-checkin/{}".format( settings.COMPANY_WS_URL, request.session['company_id'], curbside['curbside_checkin_id']), params={"enabled": curbside['enabled']}, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "CURBSIDE_CHECKIN", "Set curbside checkin option '{}' to '{}'".format( curbside['terminal'], parse_status(curbside['enabled'])), "UPDATE", request.session['company_id'], None) # Next iterate through company_contacts for contact in information_data['company_contact']: response = requests.put("{}/company/{}/company-contact/{}".format( settings.COMPANY_WS_URL, request.session['company_id'], contact['company_contact_id']), params={"enabled": contact['enabled']}, headers=headers) validate_api_call(response, []) create_audit( request, headers, None, "COMPANY_CONTACT", "Set contact information '{}' to '{}'".format( contact['contact_info'], parse_status(contact['enabled'])), "UPDATE", request.session['company_id'], None) # Finally, let the display know we've made changes to a company's contact info or curbside checkins params = {"company_id": request.session['company_id']} display_response = requests.get("{}/display/company_contacts".format( settings.COORDINATOR_WS_URL), params=params) validate_api_call(display_response, []) # Return a 200 to the front-end data = {"status_code": 200} return JsonResponse(data, safe=False)
def forgot_password(request): if request.method == 'GET': response = requests.get("{}/company".format(settings.COMPANY_WS_URL)) validate_api_call(response, []) all_companies = json.loads(response.text)['companies'] return render(request, "company_portal/forgot_password.html", {"all_companies": all_companies}) elif request.method == 'POST': reset_email = request.POST.get('email').lower() company_id = request.POST.get('company_id') # First make an API call to see if the password is in the user table response = requests.get("{}/user/validate-email".format(settings.COMPANY_WS_URL), params={"email": reset_email, "company_id": company_id}) validate_api_call(response, [404]) if response.status_code == 200: user_info = json.loads(response.text)['users'][0] if user_info['activated']: # If it is, send off an email to reset the password url = "https://sharedridevans.flysfo.com/company/reset_password" if settings.BUILD_ENV == "LOCAL": url = "127.0.0.1:8000/company/reset_password" elif settings.BUILD_ENV == "DEV": url = "dev-srv.flysfo.com/company/reset_password" elif settings.BUILD_ENV == "QA": url = "https://qa-srv.flysfo.com/company/reset_password" elif settings.BUILD_ENV == "STG": url = "https://stg-sharedridevans.flysfo.com/company/reset_password" # Attempt to create the token entry in the token table # Create a random primary key (uuid) new_uuid = uuid.uuid4() # Continue to make new uuids until a unique uuid is generated (should not run more than once) while Token_Entry.tokens.filter(pk=new_uuid).exists(): new_uuid = uuid.uuid4() # A unique uuid was created, so now store the reset password entry in the database token = Token_Entry(uuid=new_uuid, email=reset_email, company_id=company_id, expires_in_hours=settings.TOKEN_EXPIRE_TIME_HOURS) token.save() # Construct the url and email to send out url = url+"?t="+str(new_uuid) email_data = {"from": "*****@*****.**"} email_data['to'] = reset_email email_data['isHtml'] = True email_data['subject'] = "Shared Ride Vans - Reset Password" email_raw = loader.render_to_string('company_portal/forgot_password_email.html', {"name": user_info['first_name'] + " " + user_info['last_name'], "url": url}) email_data['message'] = email_raw # Then send the email with the url response = requests.post("{}/email".format(settings.EMAIL_WS_URL), files=(('test', 'email'), ('test2', 'email2')), data=email_data, headers=settings.SERVICE_AUTH_HEADER) validate_api_call(response, []) messages.success(request, 'Reset password request accepted! Check your email for your password reset link.') return redirect((reverse('company_login'))) else: messages.error(request, 'You must activate your account before you can reset your password!') return redirect((reverse('company_login'))) messages.success(request, 'Reset password request accepted! If your email is registered with Shared Rides, you will recieve an email with your password reset link.'); return redirect((reverse('company_login')))
def login(request): try: # GET requests to the page return the page itself if request.session.session_key and 'role' in request.session and 'activated' in request.session: if request.session['activated']: if request.GET.get('next'): return redirect(request.GET.get('next')) return render(request, "company_portal/app.html") else: return render(request, "company_portal/activate_account.html") # POST request to the page attempt to validate the credentials and log-in the user elif request.method == 'POST': form = LoginForm(request.POST) if form.is_valid(): email = request.POST.get('username').lower() password = hashlib.sha256(request.POST.get('password')).hexdigest() company_id = request.POST.get("company_id") # Attempt to GET the user from the company user table headers = {"authorization": "Basic {}".format(base64.urlsafe_b64encode("{}:{}".format(email, password))), "company_id": str(company_id)} response = requests.get("{}/user".format(settings.COMPANY_WS_URL), headers=headers) validate_api_call(response, [403]) # 200 implies successful login if response.status_code == 200: data = json.loads(response.text)['users'][0] # If the user's account is not deleted if not data['deleted']: request.session["logged_in"] = True request.session["first_name"] = data["first_name"] request.session["last_name"] = data["last_name"] request.session["username"] = data["email"].lower() request.session["user_id"] = data["user_id"] request.session["role"] = data['role']['role_name'] request.session["role_id"] = data['role']['role_id'] request.session['activated'] = data['activated'] request.session['enabled'] = data['enabled'] request.session['reset_password'] = data['reset_password'] request.session["auth"] = headers['authorization'] request.session["company_id"] = data["company_id"] # If the account is not activated (just created by an Landside Admin) if not request.session['activated'] and request.session['reset_password']: # Send them to activate their account return render(request, "company_portal/activate_account.html") # Redirect to next/app page elif request.GET.get('next'): return redirect(request.GET.get('next')) return render(request, "company_portal/app.html") # Otherwise don't allow the user to enter else: messages.error(request, 'Wrong username / password combination.') response = requests.get("{}/company".format(settings.COMPANY_WS_URL)) validate_api_call(response, []) all_companies = json.loads(response.text)['companies'] return redirect(reverse('company_login'), {"all_companies": all_companies}) # 403 implies the user entered an incorrect username / password combination elif response.status_code == 403: messages.error(request, 'Wrong username or password.') response = requests.get("{}/company".format(settings.COMPANY_WS_URL)) validate_api_call(response, []) all_companies = json.loads(response.text)['companies'] return redirect(reverse('company_login'), {"all_companies": all_companies}) else: messages.error(request, 'Your login information could not be validated. Please try again or contact SFO Landside Operations.') response = requests.get("{}/company".format(settings.COMPANY_WS_URL)) validate_api_call(response, []) all_companies = json.loads(response.text)['companies'] return redirect(reverse('company_login'), {"all_companies": all_companies}) # Any other request redirects to the login page regardless else: response = requests.get("{}/company".format(settings.COMPANY_WS_URL)) validate_api_call(response, []) all_companies = json.loads(response.text)['companies'] return render(request, "company_portal/login.html", {"all_companies": all_companies}) except KeyError: django_logout(request) response = requests.get("{}/company".format(settings.COMPANY_WS_URL)) validate_api_call(response, []) all_companies = json.loads(response.text)['companies'] return redirect(reverse('company_login'), {"all_companies": all_companies})