def handle_expired_link(token):
try:
current_app.logger.info(
'resetting expired link for token: {}'.format(token))
decoded_jwt, status = api_get('/api/authentication/token/' + token +
'?validation-type=expired-token')
if status != 200:
current_app.logger.error(
'Error decoding the jwt: {}'.format(decoded_jwt))
return False
api_url = '/api/account/users/{}/activate'.format(decoded_jwt['sub'])
resp, code = api_post(api_url,
headers={'Content-Type': 'application/json'})
if code < 299:
return True
else:
current_app.logger.error(
'Error activating the users account: {}'.format(resp))
return False
except Exception as e:
current_app.logger.error(e)
return False
def post_password_reset():
try:
email = request.form['email']
json_resp, status = api_post('/api/authentication/token',
json={"email": email})
form = FormValidator('An error has occurred')
form.add_validator('email',
email, [email_validator, is_not_empty],
empty_msg='Enter your email address')
if status != 200 or not form.is_valid():
raise ValueError
token = json_resp['token']
decoded_jwt, status = api_get('/api/authentication/token/' + token +
'?validation-type=reset-password')
if status != 200:
current_app.logger.error('Token has failed validation:' +
decoded_jwt['error'])
raise ValueError
first_name = decoded_jwt['principle']['first_name']
url = current_app.config.get(
"SITE_URL") + "/password/change?t=" + token
current_app.logger.info(url)
template_id = current_app.config.get("RESET_PASSWORD_TEMPLATE")
_, email_status = api_post('/api/notifications',
json={
"email_address": email,
"template_id": template_id,
"personalisation": {
"first_name":
first_name,
"last_name":
decoded_jwt['principle']['surname'],
"change_password_link":
url
},
"reference": "password-reset"
},
headers={'Accept': 'application/json'})
if email_status != 201:
raise ValueError
return render_template('app/password/email_sent.html', email=email)
except ValueError:
form = FormValidator('An error has occurred')
form.add_validator('email',
email, [is_not_empty, email_validator],
empty_msg='Enter your email address')
return render_template(
'app/password/reset.html',
error_title="There was a problem",
fields=form.validate(),
)
def password_token_is_valid(token):
decoded_jwt, status = api_get('/api/authentication/token/' + token +
'?validation-type=reset-password')
if status == 200:
return decoded_jwt, True
else:
return {}, False
def account_exists(email, _):
# Email cannot already exist in LDAP (and thus the service)
content, status = api_get('/api/account/users?cn={}'.format(email))
if status != 404:
if status == 200:
raise Exception('Account for {} already exists'.format(email))
else:
raise Exception(
'Could not check email address, please re-try submission'.
format(email))
def is_valid(self):
if 'AccessToken' in request.cookies:
current_app.logger.info('AccessToken is ' +
request.cookies['AccessToken'])
token = request.cookies['AccessToken']
_, status = api_get('/api/session/{}'.format(token))
if status == 204:
return True
self.destroy()
return False
def test_api_get_fail_value_error(self, mock_req, mock_requests):
response = mock_requests.Response()
response.status_code = 205
response.json.side_effect = ValueError
mock_req.get.return_value = response
test_response, test_code = api_get('/url')
self.assertEqual(test_response, {})
self.assertEqual(test_code, 205)
def test_api_get_fail_status_code_500(self, mock_req, mock_requests):
response = mock_requests.Response()
response.status_code = 500
response.json.return_value = {}
mock_req.get.return_value = response
test_response, test_code = api_get('/url')
self.assertEqual(test_response, {})
self.assertEqual(test_code, 500)
def test_api_get_ok(self, mock_req, mock_requests):
response = mock_requests.Response()
response.status_code = 200
response.json.return_value = {'key': 'value'}
mock_req.get.return_value = response
test_response, test_code = api_get('/url')
self.assertEqual(test_response, {'key': 'value'})
self.assertEqual(test_code, 200)
def populate_state(self, session):
if 'AccessToken' in request.cookies:
current_app.logger.info('AccessToken is ' +
request.cookies['AccessToken'])
token = request.cookies['AccessToken']
content, status = api_get('/api/session/{}/state'.format(token))
if status == 200:
session['dps-session'] = content
return session['dps-session']
self.destroy()
return {}
def test_api_get_fail_status_code_401_not_authorized(
self, mock_req, mock_requests):
response = mock_requests.Response()
response.status_code = 401
response.json.return_value = {}
mock_req.get.return_value = response
test_response, test_code = api_get('/url')
self.assertEqual(test_response, {})
self.assertEqual(test_code, 401)
def get_payment_status(payment_id):
current_app.logger.info(
'Finding GovPay payment with id {}'.format(payment_id))
response, status_code = api_get(gov_pay_url + "/" + payment_id,
headers=_make_headers(),
external=True)
if status_code != 200:
current_app.logger.error(
"Fail response from GovPay API: {}".format(response))
return None
else:
return response
def fail_signin():
email = request.form['email']
password = request.form['password']
current_app.logger.info(
'Calling account-api to check lock status for {}'.format(email))
api_url = '/api/account/users/{}/check_lock'.format(email)
resp, code = api_get(api_url, headers={'Content-Type': 'application/json'})
if 'locked' in resp and resp['locked'] is not None:
current_app.logger.info('Users account is locked')
breadcrumb_links = [{
"label": "Home",
"href": "/"
}, {
"label": "Sign in to your account",
"href": None
}]
flash('Your account is locked. Check your email.')
return render_template("app/auth/signin.html",
error_title="There was a problem",
breadcrumb_links=breadcrumb_links)
form = FormValidator('Email or password not recognised')
form.add_validator('email', email, [email_validator, is_not_empty])
form.add_validator('password', password, is_not_empty)
breadcrumb_links = [{
"label": "Home",
"href": "/"
}, {
"label": "Sign in to your account",
"href": None
}]
return render_template("app/auth/signin.html",
error_title="There was a problem",
fields=form.validate(),
breadcrumb_links=breadcrumb_links)