def update_invite(id):
timenow = datetime.datetime.utcnow()
action = request.json['action'].lower()
invitation = invites.find_one({'id': id})
if invitation:
max_time_allowed = invitation.get('max_time_allowed') \
or backend_config.get('invitation').get('max_time_allowed')
recipient = invitation['recipient']
recipient_name = invitation['recipient_name']
sender = invitation['sender']
sender_name = invitation['sender_name']
sent_on = invitation['sent_on']
accepted_on = invitation['accepted_on']
expire_on = invitation['expire_on']
user = users.find_one({'email': recipient})
if user is None:
return jsonify(success=False, reason="user-not-created")
if accepted_on is not None:
return jsonify(success=False, reason="invitation-has-been-used")
if not action in ('resend', 'accept', 'decline'):
return jsonify(success=False, reason='invalid-action')
if action == 'resend':
new_id = str(uuid.uuid4())
base_url = request.json['base_url']
backend_utils.send_invite(recipient, recipient_name, sender, sender_name, base_url, new_id)
# generate new record
sent_on = datetime.datetime.utcnow()
expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed)
invitation['id'] = new_id
invitation['sent_on'] = sent_on
invitation['expire_on'] = expire_on
invites.update({'id': id}, {'$set':
{'sent_on': invitation['sent_on'],
'id': invitation['id']}})
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'accept':
# if time now is ahead of expire_on, the delta is negative
if (expire_on - timenow).seconds < 0:
invitation['status'] = 'expired'
invites.update({'id': id}, {'$set': {'status': 'expired'}})
return jsonify(success=False, reason='invitation-expired')
else:
invitation['status'] = 'used'
invitation['accepted_on'] = datetime.datetime.utcnow()
invites.update({'id': id},{'$set':
{'accepted_on': invitation['accepted_on'],
'status': 'used'}})
users.update({'email': recipient}, {'$set':
{'status': 'active'}})
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'decline':
invitation['status'] = 'declined'
invites.update({'id': id}, {'$set': {'status': 'decline'}})
return jsonify(success=True, invite=sanitize_invite(invitation))
else:
return jsonify(success=False, reason='invitation-does-not-exist')
def create_invites():
recipient = request.json['recipient']
sender = request.json['sender']
recipient_user = users.find_one({'email': recipient})
recipient_invite = invites.find_one({'recipient': recipient})
sender_user = users.find_one({'email': sender})
# issue #120
# To ensure no duplicate invitation is allowed, and to ensure
# we don't corrupt user record in user table, any POST invitation
# must check
# (1) if user is not created in users collection - FALSE
# (2) if user is created, BUT status is not 'invited' - FALSE
# (3) recipient email is found in existing invitation record - FALSE
if not recipient_user:
return jsonify(success=False,
reason='recipient-not-found-in-user-record')
elif recipient_user.get('status') != 'invited':
return jsonify(success=False,
reason='recipient-already-joined')
if recipient_invite:
return jsonify(success=False,
reason='duplicate-invitation-not-allowed')
if not sender_user:
return jsonify(success=False,
reason='sender-not-found-in-user-record')
invite_id = str(uuid.uuid4())
# some users may not have name filled out?
invite = {'id': invite_id,
'recipient': recipient,
'recipient_name': recipient_user['name'] or recipient,
'sender': sender,
'sender_name': sender_user['name'] or sender,
'sent_on': None,
'accepted_on': None,
'status': 'pending',
'expire_on': None,
'max_time_allowed': request.json.get('max_time_allowed') \
or backend_config.get('invitation').get('max_time_allowed')}
backend_utils.send_invite(
invite['recipient'],
invite['recipient_name'],
invite['sender'],
invite['sender_name'],
request.json['base_url'],
invite_id)
invite['sent_on'] = datetime.datetime.utcnow()
invite['expire_on'] = invite['sent_on'] + \
datetime.timedelta(seconds=invite['max_time_allowed'])
invites.insert(invite)
return jsonify(success=True, invite=sanitize_invite(invite))
def delete_invite(id):
invitation = invites.find_one({'id': id})
if not invitation:
return jsonify(success=False, reason='no-such-invitation')
# do not delete users that are not invite pending (bug #123)
email = invitation['recipient']
user = users.find_one({'email': email})
if user and user.get('status') == "invited":
users.remove(user)
# bug #133 delete user associations
remove_group_association(email)
invites.remove({'id': id})
return jsonify(success=True)
def delete_invite(id):
invitation = invites.find_one({'id': id})
if not invitation:
return jsonify(success=False, reason='no-such-invitation')
# do not delete users that are not invite pending (bug #123)
email = invitation['recipient']
user = users.find_one({'email': email})
if user and user.get('status') == "invited":
users.remove(user)
# bug #133 delete user associations
remove_group_association(email)
invites.remove({'id': id})
return jsonify(success=True)
def delete_invite(id):
invitation = invites.find_one({'id': id})
if not invitation:
return jsonify(success=False, reason='no-such-invitation')
# do not delete users that are not invite pending (bug #123)
email = invitation['recipient']
user = users.find_one({'email': email})
if user and user.get('status') == "invited":
users.remove(user)
# bug #133 delete user associations
for group_name in _find_groups_for_user(email):
groups.update({'name':group_name}, {'$pull': {'users': email}})
for site in _find_sites_for_user(email):
sites.update({'url':site}, {'$pull': {'users': email}})
invites.remove({'id': id})
return jsonify(success=True)
def create_invites():
recipient = request.json['recipient']
sender = request.json['sender']
recipient_user = users.find_one({'email': recipient})
recipient_invite = invites.find_one({'recipient': recipient})
sender_user = users.find_one({'email': sender})
# issue #120
# To ensure no duplicate invitation is allowed, and to ensure
# we don't corrupt user record in user table, any POST invitation
# must check
# (1) if user is not created in users collection - FALSE
# (2) if user is created, BUT status is not 'invited' - FALSE
# (3) recipient email is found in existing invitation record - FALSE
if not recipient_user:
return jsonify(success=False,
reason='recipient-not-found-in-user-record')
elif recipient_user.get('status') != 'invited':
return jsonify(success=False, reason='recipient-already-joined')
if recipient_invite:
return jsonify(success=False,
reason='duplicate-invitation-not-allowed')
if not sender_user:
return jsonify(success=False, reason='sender-not-found-in-user-record')
invite_id = str(uuid.uuid4())
# some users may not have name filled out?
invite = {'id': invite_id,
'recipient': recipient,
'recipient_name': recipient_user['name'] or recipient,
'sender': sender,
'sender_name': sender_user['name'] or sender,
'sent_on': None,
'accepted_on': None,
'status': 'pending',
'expire_on': None,
'max_time_allowed': request.json.get('max_time_allowed') \
or backend_config.get('email').get('max_time_allowed'),
'notify_when': request.json.get('notify_when', [])}
send_email('invite',
invite,
extra_data={'base_url': request.json['base_url']})
invite['sent_on'] = datetime.datetime.utcnow()
invite['expire_on'] = invite['sent_on'] + \
datetime.timedelta(seconds=invite['max_time_allowed'])
invites.insert(invite)
return jsonify(success=True, invite=sanitize_invite(invite))
def get_invite(id):
invitation = invites.find_one({'id': id})
if invitation:
return jsonify(success=True, invite=sanitize_invite(invitation))
else:
return jsonify(success=False, reason='invitation-does-not-exist')
def update_invite(id):
timenow = datetime.datetime.utcnow()
action = request.json['action'].lower()
invitation = invites.find_one({'id': id})
if invitation:
max_time_allowed = invitation.get('max_time_allowed') \
or backend_config.get('invitation').get('max_time_allowed')
recipient = invitation['recipient']
recipient_name = invitation['recipient_name']
sender = invitation['sender']
sender_name = invitation['sender_name']
sent_on = invitation['sent_on']
accepted_on = invitation['accepted_on']
expire_on = invitation['expire_on']
user = users.find_one({'email': recipient})
if user is None:
return jsonify(success=False, reason="user-not-created")
if accepted_on is not None:
return jsonify(success=False, reason="invitation-has-been-used")
if not action in ('resend', 'accept', 'decline'):
return jsonify(success=False, reason='invalid-action')
if action == 'resend':
new_id = str(uuid.uuid4())
base_url = request.json['base_url']
send_email('invite', invitation, extra_data={'base_url': base_url})
# generate new record
sent_on = datetime.datetime.utcnow()
expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed)
invitation['id'] = new_id
invitation['sent_on'] = sent_on
invitation['expire_on'] = expire_on
invites.update({'id': id}, {'$set':
{'sent_on': invitation['sent_on'],
'id': invitation['id']}})
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'accept':
# if time now is ahead of expire_on, the delta is negative
if (expire_on - timenow).seconds < 0:
invitation['status'] = 'expired'
invites.update({'id': id}, {'$set': {'status': 'expired'}})
return jsonify(success=False, reason='invitation-expired')
else:
invitation['status'] = 'used'
invitation['accepted_on'] = datetime.datetime.utcnow()
invites.update({'id': id},{'$set':
{'accepted_on': invitation['accepted_on'],
'status': 'used'}})
users.update({'email': recipient}, {'$set':
{'status': 'active', \
'email': request.json['login']}})
if invitation['recipient'] != request.json['login']:
update_group_association(invitation['recipient'], request.json['login'])
# if user's persona email is different
invitation['recipient'] = request.json['login']
# notify inviter if he chooses to receive such notification
if "accept" in invitation['notify_when']:
send_email('accept', invitation)
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'decline':
invitation['status'] = 'declined'
invites.update({'id': id}, {'$set': {'status': 'declined'}})
users.remove(user)
remove_group_association(invitation['recipient'])
# notify inviter if he chooses to
if "decline" in invitation['notify_when']:
send_email('decline', invitation)
return jsonify(success=True, invite=sanitize_invite(invitation))
else:
return jsonify(success=False, reason='invitation-does-not-exist')
def update_invite(id):
timenow = datetime.datetime.utcnow()
action = request.json['action'].lower()
invitation = invites.find_one({'id': id})
if invitation:
max_time_allowed = invitation.get('max_time_allowed') \
or backend_config.get('invitation').get('max_time_allowed')
recipient = invitation['recipient']
recipient_name = invitation['recipient_name']
sender = invitation['sender']
sender_name = invitation['sender_name']
sent_on = invitation['sent_on']
accepted_on = invitation['accepted_on']
expire_on = invitation['expire_on']
user = users.find_one({'email': recipient})
if user is None:
return jsonify(success=False, reason="user-not-created")
if accepted_on is not None:
return jsonify(success=False, reason="invitation-has-been-used")
if not action in ('resend', 'accept', 'decline'):
return jsonify(success=False, reason='invalid-action')
if action == 'resend':
new_id = str(uuid.uuid4())
base_url = request.json['base_url']
send_email('invite', invitation, extra_data={'base_url': base_url})
# generate new record
sent_on = datetime.datetime.utcnow()
expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed)
invitation['id'] = new_id
invitation['sent_on'] = sent_on
invitation['expire_on'] = expire_on
invites.update({'id': id}, {
'$set': {
'sent_on': invitation['sent_on'],
'id': invitation['id']
}
})
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'accept':
# if time now is ahead of expire_on, the delta is negative
if (expire_on - timenow).seconds < 0:
invitation['status'] = 'expired'
invites.update({'id': id}, {'$set': {'status': 'expired'}})
return jsonify(success=False, reason='invitation-expired')
else:
invitation['status'] = 'used'
invitation['accepted_on'] = datetime.datetime.utcnow()
invites.update({'id': id}, {
'$set': {
'accepted_on': invitation['accepted_on'],
'status': 'used'
}
})
users.update({'email': recipient}, {'$set':
{'status': 'active', \
'email': request.json['login']}})
if invitation['recipient'] != request.json['login']:
update_group_association(invitation['recipient'],
request.json['login'])
# if user's persona email is different
invitation['recipient'] = request.json['login']
# notify inviter if he chooses to receive such notification
if "accept" in invitation['notify_when']:
send_email('accept', invitation)
return jsonify(success=True,
invite=sanitize_invite(invitation))
elif action == 'decline':
invitation['status'] = 'declined'
invites.update({'id': id}, {'$set': {'status': 'declined'}})
users.remove(user)
remove_group_association(invitation['recipient'])
# notify inviter if he chooses to
if "decline" in invitation['notify_when']:
send_email('decline', invitation)
return jsonify(success=True, invite=sanitize_invite(invitation))
else:
return jsonify(success=False, reason='invitation-does-not-exist')
def get_invite(id):
invitation = invites.find_one({'id': id})
if invitation:
return jsonify(success=True, invite=sanitize_invite(invitation))
else:
return jsonify(success=False, reason='invitation-does-not-exist')