def activate_user(user_id):
    user = User.from_id(user_id)
    # the user will have a new current_session_id set by the API - store it in the cookie for future requests
    session['current_session_id'] = user.current_session_id
    organisation_id = session.get('organisation_id')
    activated_user = user.activate()
    activated_user.login()

    invited_user = InvitedUser.from_session()
    if invited_user:
        service_id = _add_invited_user_to_service(invited_user)
        service = Service.from_id(service_id)
        if service.has_permission('broadcast'):
            return redirect(
                url_for('main.broadcast_tour',
                        service_id=service.id,
                        step_index=1))
        return redirect(
            url_for('main.service_dashboard', service_id=service_id))

    invited_org_user = InvitedOrgUser.from_session()
    if invited_org_user:
        user_api_client.add_user_to_organisation(invited_org_user.organisation,
                                                 session['user_details']['id'])

    if organisation_id:
        return redirect(
            url_for('main.organisation_dashboard', org_id=organisation_id))
    else:
        return redirect(url_for('main.add_service', first='first'))
Ejemplo n.º 2
0
def test_invited_user_from_session_uses_id(client, mocker,
                                           mock_get_invited_user_by_id):
    session_dict = {'invited_user_id': USER_ONE_ID}
    mocker.patch.dict('app.models.user.session',
                      values=session_dict,
                      clear=True)

    assert InvitedUser.from_session().id == USER_ONE_ID

    mock_get_invited_user_by_id.assert_called_once_with(USER_ONE_ID)
Ejemplo n.º 3
0
def sign_in():
    if current_user and current_user.is_authenticated:
        return redirect(url_for("main.show_accounts_or_dashboard"))

    form = LoginForm()

    if form.validate_on_submit():

        login_data = {
            "user-agent": request.headers["User-Agent"],
            "location": _geolocate_ip(get_remote_addr(request)),
        }

        user = User.from_email_address_and_password_or_none(form.email_address.data, form.password.data, login_data)

        if user and user.locked:
            flash(
                _("Your account has been locked after {} sign-in attempts. Please email us at [email protected]").format(
                    user.max_failed_login_count
                )
            )
            abort(400)

        if user and user.state == "pending":
            return redirect(url_for("main.resend_email_verification"))

        if user and session.get("invited_user"):
            invited_user = InvitedUser.from_session()
            if user.email_address.lower() != invited_user.email_address.lower():
                flash(_("You cannot accept an invite for another person."))
                session.pop("invited_user", None)
                abort(403)
            else:
                invited_user.accept_invite()
        requires_email_login = user and user.requires_email_login
        if user and user.sign_in():
            if user.sms_auth and not requires_email_login:
                return redirect(url_for(".two_factor_sms_sent", next=request.args.get("next")))
            if user.email_auth or requires_email_login:
                args = {"requires_email_login": True} if requires_email_login else {}
                return redirect(url_for(".two_factor_email_sent", **args))

        # Vague error message for login in case of user not known, inactive or password not verified
        flash(_("The email address or password you entered is incorrect."))

    other_device = current_user.logged_in_elsewhere()
    return render_template(
        "views/signin.html",
        form=form,
        again=bool(request.args.get("next")),
        other_device=other_device,
    )
Ejemplo n.º 4
0
def sign_in():
    if current_user and current_user.is_authenticated:
        return redirect(url_for('main.show_accounts_or_dashboard'))

    form = LoginForm()
    password_reset_url = url_for('.forgot_password',
                                 next=request.args.get('next'))
    redirect_url = request.args.get('next')

    if form.validate_on_submit():

        user = User.from_email_address_and_password_or_none(
            form.email_address.data, form.password.data)

        if user and user.state == 'pending':
            return redirect(
                url_for('main.resend_email_verification', next=redirect_url))

        if user and session.get('invited_user'):
            invited_user = InvitedUser.from_session()
            if user.email_address.lower() != invited_user.email_address.lower(
            ):
                flash("You cannot accept an invite for another person.")
                session.pop('invited_user', None)
                abort(403)
            else:
                invited_user.accept_invite()
        if user and user.sign_in():
            if user.sms_auth:
                return redirect(url_for('.two_factor', next=redirect_url))
            if user.email_auth:
                return redirect(
                    url_for('.two_factor_email_sent', next=redirect_url))

        # Vague error message for login in case of user not known, locked, inactive or password not verified
        flash(
            Markup(
                (f"The email address or password you entered is incorrect."
                 f" <a href={password_reset_url}>Forgotten your password?</a>"
                 )))

    other_device = current_user.logged_in_elsewhere()
    return render_template('views/signin.html',
                           form=form,
                           again=bool(redirect_url),
                           other_device=other_device,
                           password_reset_url=password_reset_url)
Ejemplo n.º 5
0
def sign_in():
    if current_user and current_user.is_authenticated:
        return redirect(url_for('main.show_accounts_or_dashboard'))

    form = LoginForm()

    if form.validate_on_submit():

        login_data = {
            "user-agent": request.headers["User-Agent"],
            "location": _geolocate_ip(request.remote_addr)
        }

        user = User.from_email_address_and_password_or_none(
            form.email_address.data, form.password.data, login_data)

        if user and user.state == 'pending':
            return redirect(url_for('main.resend_email_verification'))

        if user and session.get('invited_user'):
            invited_user = InvitedUser.from_session()
            if user.email_address.lower() != invited_user.email_address.lower(
            ):
                flash("You can't accept an invite for another person.")
                session.pop('invited_user', None)
                abort(403)
            else:
                invited_user.accept_invite()
        if user and user.sign_in():
            if user.sms_auth:
                return redirect(
                    url_for('.two_factor', next=request.args.get('next')))
            if user.email_auth:
                return redirect(url_for('.two_factor_email_sent'))

        # Vague error message for login in case of user not known, locked, inactive or password not verified
        flash(_("The email address or password you entered is incorrect."))

    other_device = current_user.logged_in_elsewhere()
    return render_template('views/signin.html',
                           form=form,
                           again=bool(request.args.get('next')),
                           other_device=other_device)
Ejemplo n.º 6
0
def register_from_invite():
    invited_user = InvitedUser.from_session()
    if not invited_user:
        abort(404)

    form = RegisterUserFromInviteForm(invited_user)

    if form.validate_on_submit():
        if form.service.data != invited_user.service or form.email_address.data != invited_user.email_address:
            abort(400)
        _do_registration(form,
                         send_email=False,
                         send_sms=invited_user.sms_auth)
        invited_user.accept_invite()
        if invited_user.sms_auth:
            return redirect(url_for('main.verify'))
        else:
            # we've already proven this user has email because they clicked the invite link,
            # so just activate them straight away
            return activate_user(session['user_details']['id'])

    return render_template('views/register-from-invite.html',
                           invited_user=invited_user,
                           form=form)
Ejemplo n.º 7
0
def test_invited_user_from_session_returns_none_if_nothing_present(
        client, mocker):
    mocker.patch.dict('app.models.user.session', values={}, clear=True)
    assert InvitedUser.from_session() is None