Example #1
0
def service_users_report_json(service_id):
    # permissions are structured differently on invited vs accepted-invite users
    def user_permissions(user):
        return {
            permission
            for permission in all_permissions
            if user.has_permission_for_service(service_id, permission)
        }

    def present_row(user):
        logged_in_at = getattr(user, 'logged_in_at', None)
        if logged_in_at:
            logged_in_at = gmt_timezones(logged_in_at)

        return {
            "email_address": user.email_address,
            "name": getattr(user, 'name',
                            None),  # does not exist on invited user
            "mobile_number": getattr(user, 'mobile_number',
                                     None),  # does not exist on invited user
            "last_login": logged_in_at,
            "auth_type": user.auth_type,
            "permissions": list(user_permissions(user)),
        }

    users = sorted(
        user_api_client.get_users_for_service(service_id=service_id) + [
            invite for invite in invite_api_client.get_invites_for_service(
                service_id=service_id) if invite.status != 'accepted'
        ],
        key=lambda user: user.email_address,
    )

    return json_download([present_row(user) for user in users],
                         f'service-{service_id}-users')
Example #2
0
def manage_users(service_id):
    users = user_api_client.get_users_for_service(service_id=service_id)
    invited_users = [
        invite for invite in invite_api_client.get_invites_for_service(
            service_id=service_id) if invite.status != 'accepted'
    ]
    return render_template('views/manage-users.html',
                           users=users,
                           current_user=current_user,
                           invited_users=invited_users)
def manage_users(service_id):
    users = user_api_client.get_users_for_service(service_id=service_id)
    invited_users = [invite for invite in invite_api_client.get_invites_for_service(service_id=service_id)
                     if invite.status != 'accepted']
    return render_template(
        'views/manage-users.html',
        users=users,
        current_user=current_user,
        invited_users=invited_users
    )
def accept_invite(token):

    invited_user = invite_api_client.check_token(token)

    if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
        message = Markup("""
            You’re signed in as {}.
            This invite is for another email address.
            <a href={}>Sign out</a> and click the link again to accept this invite.
            """.format(current_user.email_address,
                       url_for("main.sign_out", _external=True)))

        flash(message=message)

        abort(403)

    if invited_user.status == 'cancelled':
        from_user = user_api_client.get_user(invited_user.from_user)
        service = service_api_client.get_service(invited_user.service)['data']
        return render_template('views/cancelled-invitation.html',
                               from_user=from_user.name,
                               service_name=service['name'])

    if invited_user.status == 'accepted':
        session.pop('invited_user', None)
        return redirect(
            url_for('main.service_dashboard', service_id=invited_user.service))

    session['invited_user'] = invited_user.serialize()

    existing_user = user_api_client.get_user_by_email_or_none(
        invited_user.email_address)
    service_users = user_api_client.get_users_for_service(invited_user.service)

    if existing_user:
        invite_api_client.accept_invite(invited_user.service, invited_user.id)
        if existing_user in service_users:
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
        else:
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
    else:
        return redirect(url_for('main.register_from_invite'))
Example #5
0
def manage_users(service_id):
    users = sorted(
        user_api_client.get_users_for_service(service_id=service_id) + [
            invite for invite in invite_api_client.get_invites_for_service(
                service_id=service_id) if invite.status != 'accepted'
        ],
        key=lambda user: user.email_address,
    )

    return render_template(
        'views/manage-users.html',
        users=users,
        current_user=current_user,
        show_search_box=(len(users) > 7),
        form=SearchUsersForm(),
    )
def test_client_gets_all_users_for_service(
    mocker,
    fake_uuid,
):

    user_api_client.max_failed_login_count = 99  # doesn't matter for this test
    mock_get = mocker.patch(
        'app.notify_client.user_api_client.UserApiClient.get',
        return_value={'data': [
            {'id': fake_uuid},
        ]}
    )

    users = user_api_client.get_users_for_service(SERVICE_ONE_ID)

    mock_get.assert_called_once_with('/service/{}/users'.format(SERVICE_ONE_ID))
    assert len(users) == 1
    assert users[0].id == fake_uuid
Example #7
0
def accept_invite(token):

    invited_user = invite_api_client.check_token(token)

    if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
        message = Markup("""
            You’re signed in as {}.
            This invite is for another email address.
            <a href={}>Sign out</a> and click the link again to accept this invite.
            """.format(
            current_user.email_address,
            url_for("main.sign_out", _external=True)))

        flash(message=message)

        abort(403)

    if invited_user.status == 'cancelled':
        from_user = user_api_client.get_user(invited_user.from_user)
        service = service_api_client.get_service(invited_user.service)['data']
        return render_template('views/cancelled-invitation.html',
                               from_user=from_user.name,
                               service_name=service['name'])

    if invited_user.status == 'accepted':
        session.pop('invited_user', None)
        return redirect(url_for('main.service_dashboard', service_id=invited_user.service))

    session['invited_user'] = invited_user.serialize()

    existing_user = user_api_client.get_user_by_email_or_none(invited_user.email_address)
    service_users = user_api_client.get_users_for_service(invited_user.service)

    if existing_user:
        invite_api_client.accept_invite(invited_user.service, invited_user.id)
        if existing_user in service_users:
            return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
        else:
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
            return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
    else:
        return redirect(url_for('main.register_from_invite'))
Example #8
0
def service_users_report(service_id):
    # permissions are structured differently on invited vs accepted-invite users
    def user_permissions(user):
        return {
            permission
            for permission in all_permissions
            if user.has_permission_for_service(service_id, permission)
        }

    def present_row(user):
        logged_in_at = getattr(user, 'logged_in_at', None)
        if logged_in_at:
            logged_in_at = gmt_timezones(logged_in_at)

        return [
            user.email_address,
            getattr(user, 'name', None),  # does not exist on invited user
            getattr(user, 'mobile_number',
                    None),  # does not exist on invited user
            logged_in_at,
            user.auth_type,
            ';'.join(user_permissions(user))
        ]

    users = sorted(
        user_api_client.get_users_for_service(service_id=service_id) + [
            invite for invite in invite_api_client.get_invites_for_service(
                service_id=service_id) if invite.status != 'accepted'
        ],
        key=lambda user: user.email_address,
    )

    columns = [
        "email_address", "name", "mobile_number", "last_login", "auth_type",
        "permissions"
    ]
    csv_data = [columns, *(present_row(user) for user in users)]
    return Spreadsheet.from_rows(csv_data).as_csv_data, 200, {
        'Content-Type': 'text/csv; charset=utf-8',
        'Content-Disposition':
        f'inline; filename="service-{service_id}-users.csv"'
    }
Example #9
0
def check_messages(service_id, template_type, upload_id):

    if not session.get('upload_data'):
        return redirect(
            url_for('main.choose_template',
                    service_id=service_id,
                    template_type=template_type))

    users = user_api_client.get_users_for_service(service_id=service_id)

    statistics = service_api_client.get_detailed_service_for_today(
        service_id)['data']['statistics']
    remaining_messages = (current_service['message_limit'] -
                          sum(stat['requested']
                              for stat in statistics.values()))

    contents = s3download(service_id, upload_id)
    if not contents:
        flash('There was a problem reading your upload file')

    template = Template(service_api_client.get_service_template(
        service_id, session['upload_data'].get('template_id'))['data'],
                        prefix=current_service['name'],
                        sms_sender=current_service['sms_sender'])

    recipients = RecipientCSV(
        contents,
        template_type=template.template_type,
        placeholders=template.placeholders,
        max_initial_rows_shown=50,
        max_errors_shown=50,
        whitelist=itertools.chain.from_iterable(
            [user.mobile_number, user.email_address]
            for user in users) if current_service['restricted'] else None,
        remaining_messages=remaining_messages)

    if request.args.get('from_test'):
        extra_args = {
            'help': 1
        } if request.args.get('help', '0') != '0' else {}
        if len(template.placeholders):
            back_link = url_for('.send_test',
                                service_id=service_id,
                                template_id=template.id,
                                **extra_args)
        else:
            back_link = url_for('.choose_template',
                                service_id=service_id,
                                template_type=template.template_type,
                                **extra_args)
        choose_time_form = None
    else:
        back_link = url_for('.send_messages',
                            service_id=service_id,
                            template_id=template.id)
        choose_time_form = ChooseTimeForm()

    with suppress(StopIteration):
        template.values = next(recipients.rows)
        first_recipient = template.values.get(
            recipients.recipient_column_header, '')

    session['upload_data']['notification_count'] = len(list(recipients.rows))
    session['upload_data']['valid'] = not recipients.has_errors
    return render_template(
        'views/check.html',
        recipients=recipients,
        first_recipient=first_recipient,
        template=template,
        errors=recipients.has_errors,
        row_errors=get_errors_for_csv(recipients, template.template_type),
        count_of_recipients=session['upload_data']['notification_count'],
        count_of_displayed_recipients=(
            len(list(recipients.initial_annotated_rows_with_errors))
            if any(recipients.rows_with_errors)
            and not recipients.missing_column_headers else len(
                list(recipients.initial_annotated_rows))),
        original_file_name=session['upload_data'].get('original_file_name'),
        upload_id=upload_id,
        form=CsvUploadForm(),
        remaining_messages=remaining_messages,
        choose_time_form=choose_time_form,
        back_link=back_link,
        help=get_help_argument())
Example #10
0
def accept_invite(token):
    try:
        invited_user = invite_api_client.check_token(token)
    except HTTPError as e:
        if e.status_code == 400 and 'invitation' in e.message:
            flash(e.message['invitation'])
            return redirect(url_for('main.sign_in'))
        else:
            raise e

    if not current_user.is_anonymous and current_user.email_address.lower(
    ) != invited_user.email_address.lower():
        message = Markup("""
            You’re signed in as {}.
            This invite is for another email address.
            <a href={}>Sign out</a> and click the link again to accept this invite.
            """.format(current_user.email_address,
                       url_for("main.sign_out", _external=True)))

        flash(message=message)

        abort(403)

    if invited_user.status == 'cancelled':
        from_user = user_api_client.get_user(invited_user.from_user)
        service = service_api_client.get_service(invited_user.service)['data']
        return render_template('views/cancelled-invitation.html',
                               from_user=from_user.name,
                               service_name=service['name'])

    if invited_user.status == 'accepted':
        session.pop('invited_user', None)
        return redirect(
            url_for('main.service_dashboard', service_id=invited_user.service))

    session['invited_user'] = invited_user.serialize()

    existing_user = user_api_client.get_user_by_email_or_none(
        invited_user.email_address)
    service_users = user_api_client.get_users_for_service(invited_user.service)

    if existing_user:
        invite_api_client.accept_invite(invited_user.service, invited_user.id)
        if existing_user in service_users:
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
        else:
            service = service_api_client.get_service(
                invited_user.service)['data']
            # if the service you're being added to can modify auth type, then check if this is relevant
            if 'email_auth' in service['permissions'] and (
                    # they have a phone number, we want them to start using it. if they dont have a mobile we just
                    # ignore that option of the invite
                (existing_user.mobile_number
                 and invited_user.auth_type == 'sms_auth') or
                    # we want them to start sending emails. it's always valid, so lets always update
                    invited_user.auth_type == 'email_auth'):
                user_api_client.update_user_attribute(
                    existing_user.id, auth_type=invited_user.auth_type)
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
    else:
        return redirect(url_for('main.register_from_invite'))
Example #11
0
def _check_messages(service_id, template_type, upload_id, preview_row, letters_as_pdf=False):

    if not session.get('upload_data'):
        # if we just return a `redirect` (302) object here, we'll get errors when we try and unpack in the
        # check_messages route - so raise a werkzeug.routing redirect to ensure that doesn't happen.

        # NOTE: this is a 301 MOVED PERMANENTLY (httpstatus.es/301), so the browser will cache this redirect, and it'll
        # *always* happen for that browser. _check_messages is only used by endpoints that contain `upload_id`, which
        # is a one-time-use id (that ties to a given file in S3 that is already deleted if it's not in the session)
        raise RequestRedirect(url_for('main.choose_template', service_id=service_id))

    users = user_api_client.get_users_for_service(service_id=service_id)

    statistics = service_api_client.get_detailed_service_for_today(service_id)['data']['statistics']
    remaining_messages = (current_service['message_limit'] - sum(stat['requested'] for stat in statistics.values()))

    contents = s3download(service_id, upload_id)
    email_reply_to = None
    sms_sender = None
    if template_type == 'email':
        email_reply_to = get_email_reply_to_address_from_session(service_id)
    elif template_type == 'sms':
        sms_sender = get_sms_sender_from_session(service_id)
    template = get_template(
        service_api_client.get_service_template(
            service_id,
            session['upload_data'].get('template_id')
        )['data'],
        current_service,
        show_recipient=True,
        letter_preview_url=url_for(
            '.check_messages_preview',
            service_id=service_id,
            template_type=template_type,
            upload_id=upload_id,
            filetype='png',
            row_index=preview_row,
        ) if not letters_as_pdf else None,
        email_reply_to=email_reply_to,
        sms_sender=sms_sender
    )
    recipients = RecipientCSV(
        contents,
        template_type=template.template_type,
        placeholders=template.placeholders,
        max_initial_rows_shown=50,
        max_errors_shown=50,
        whitelist=itertools.chain.from_iterable(
            [user.name, user.mobile_number, user.email_address] for user in users
        ) if current_service['restricted'] else None,
        remaining_messages=remaining_messages,
        international_sms='international_sms' in current_service['permissions'],
    )

    if request.args.get('from_test'):
        # only happens if generating a letter preview test
        back_link = url_for('.send_test', service_id=service_id, template_id=template.id)
        choose_time_form = None
    else:
        back_link = url_for('.send_messages', service_id=service_id, template_id=template.id)
        choose_time_form = ChooseTimeForm()

    count_of_recipients = len(list(recipients.rows))

    if preview_row < 2:
        abort(404)

    if preview_row < count_of_recipients + 2:
        template.values = recipients[preview_row - 2]
    elif preview_row > 2:
        abort(404)

    session['upload_data']['notification_count'] = count_of_recipients
    session['upload_data']['valid'] = not recipients.has_errors
    return dict(
        recipients=recipients,
        template=template,
        errors=recipients.has_errors,
        row_errors=get_errors_for_csv(recipients, template.template_type),
        count_of_recipients=count_of_recipients,
        count_of_displayed_recipients=(
            len(list(recipients.initial_annotated_rows_with_errors))
            if any(recipients.rows_with_errors) and not recipients.missing_column_headers else
            len(list(recipients.initial_annotated_rows))
        ),
        original_file_name=session['upload_data'].get('original_file_name'),
        upload_id=upload_id,
        form=CsvUploadForm(),
        remaining_messages=remaining_messages,
        choose_time_form=choose_time_form,
        back_link=back_link,
        help=get_help_argument(),
        trying_to_send_letters_in_trial_mode=all((
            current_service['restricted'],
            template.template_type == 'letter',
            not request.args.get('from_test'),
        )),
        required_recipient_columns=OrderedSet(recipients.recipient_column_headers) - optional_address_columns,
        preview_row=preview_row,
    )
Example #12
0
def _check_messages(service_id,
                    template_id,
                    upload_id,
                    preview_row,
                    letters_as_pdf=False):

    try:
        # The happy path is that the job doesn’t already exist, so the
        # API will return a 404 and the client will raise HTTPError.
        job_api_client.get_job(service_id, upload_id)

        # the job exists already - so go back to the templates page
        # If we just return a `redirect` (302) object here, we'll get
        # errors when we try and unpack in the check_messages route.
        # Rasing a werkzeug.routing redirect means that doesn't happen.
        raise RequestRedirect(
            url_for('.send_messages',
                    service_id=service_id,
                    template_id=template_id))
    except HTTPError as e:
        if e.status_code != 404:
            raise

    users = user_api_client.get_users_for_service(service_id=service_id)

    statistics = service_api_client.get_service_statistics(service_id,
                                                           today_only=True)
    remaining_messages = (current_service['message_limit'] -
                          sum(stat['requested']
                              for stat in statistics.values()))

    contents = s3download(service_id, upload_id)

    db_template = service_api_client.get_service_template(
        service_id,
        str(template_id),
    )['data']

    email_reply_to = None
    sms_sender = None
    if db_template['template_type'] == 'email':
        email_reply_to = get_email_reply_to_address_from_session(service_id)
    elif db_template['template_type'] == 'sms':
        sms_sender = get_sms_sender_from_session(service_id)
    template = get_template(
        db_template,
        current_service,
        show_recipient=True,
        letter_preview_url=url_for(
            '.check_messages_preview',
            service_id=service_id,
            template_id=template_id,
            upload_id=upload_id,
            filetype='png',
            row_index=preview_row,
        ) if not letters_as_pdf else None,
        email_reply_to=email_reply_to,
        sms_sender=sms_sender,
    )
    recipients = RecipientCSV(
        contents,
        template_type=template.template_type,
        placeholders=template.placeholders,
        max_initial_rows_shown=50,
        max_errors_shown=50,
        whitelist=itertools.chain.from_iterable(
            [user.name, user.mobile_number, user.email_address]
            for user in users) if current_service['restricted'] else None,
        remaining_messages=remaining_messages,
        international_sms='international_sms'
        in current_service['permissions'],
    )

    if request.args.get('from_test'):
        # only happens if generating a letter preview test
        back_link = url_for('.send_test',
                            service_id=service_id,
                            template_id=template.id)
        choose_time_form = None
    else:
        back_link = url_for('.send_messages',
                            service_id=service_id,
                            template_id=template.id)
        choose_time_form = ChooseTimeForm()

    if preview_row < 2:
        abort(404)

    if preview_row < len(recipients) + 2:
        template.values = recipients[preview_row -
                                     2].recipient_and_personalisation
    elif preview_row > 2:
        abort(404)

    return dict(
        recipients=recipients,
        template=template,
        errors=recipients.has_errors,
        row_errors=get_errors_for_csv(recipients, template.template_type),
        count_of_recipients=len(recipients),
        count_of_displayed_recipients=len(list(recipients.displayed_rows)),
        original_file_name=request.args.get('original_file_name'),
        upload_id=upload_id,
        form=CsvUploadForm(),
        remaining_messages=remaining_messages,
        choose_time_form=choose_time_form,
        back_link=back_link,
        help=get_help_argument(),
        trying_to_send_letters_in_trial_mode=all((
            current_service['restricted'],
            template.template_type == 'letter',
            not request.args.get('from_test'),
        )),
        required_recipient_columns=OrderedSet(
            recipients.recipient_column_headers) - optional_address_columns,
        preview_row=preview_row,
    )
Example #13
0
def accept_invite(token):
    try:
        check_token(token, current_app.config['SECRET_KEY'],
                    current_app.config['DANGEROUS_SALT'],
                    current_app.config['INVITATION_EXPIRY_SECONDS'])
    except SignatureExpired:
        errors = [
            'Your invitation to GOV.UK Notify has expired. '
            'Please ask the person that invited you to send you another one'
        ]
        return render_template("error/400.html", message=errors), 400

    invited_user = invite_api_client.check_token(token)

    if not current_user.is_anonymous and current_user.email_address.lower(
    ) != invited_user.email_address.lower():
        message = Markup("""
            You’re signed in as {}.
            This invite is for another email address.
            <a href={}>Sign out</a> and click the link again to accept this invite.
            """.format(current_user.email_address,
                       url_for("main.sign_out", _external=True)))

        flash(message=message)

        abort(403)

    if invited_user.status == 'cancelled':
        from_user = user_api_client.get_user(invited_user.from_user)
        service = service_api_client.get_service(invited_user.service)['data']
        return render_template('views/cancelled-invitation.html',
                               from_user=from_user.name,
                               service_name=service['name'])

    if invited_user.status == 'accepted':
        session.pop('invited_user', None)
        return redirect(
            url_for('main.service_dashboard', service_id=invited_user.service))

    session['invited_user'] = invited_user.serialize()

    existing_user = user_api_client.get_user_by_email_or_none(
        invited_user.email_address)
    service_users = user_api_client.get_users_for_service(invited_user.service)

    if existing_user:
        invite_api_client.accept_invite(invited_user.service, invited_user.id)
        if existing_user in service_users:
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
        else:
            service = service_api_client.get_service(
                invited_user.service)['data']
            # if the service you're being added to can modify auth type, then check if this is relevant
            if 'email_auth' in service['permissions'] and (
                    # they have a phone number, we want them to start using it. if they dont have a mobile we just
                    # ignore that option of the invite
                (existing_user.mobile_number
                 and invited_user.auth_type == 'sms_auth') or
                    # we want them to start sending emails. it's always valid, so lets always update
                    invited_user.auth_type == 'email_auth'):
                user_api_client.update_user_attribute(
                    existing_user.id, auth_type=invited_user.auth_type)
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
            return redirect(
                url_for('main.service_dashboard',
                        service_id=invited_user.service))
    else:
        return redirect(url_for('main.register_from_invite'))
Example #14
0
def check_messages(service_id, template_type, upload_id):

    if not session.get('upload_data'):
        return redirect(url_for('main.choose_template', service_id=service_id, template_type=template_type))

    users = user_api_client.get_users_for_service(service_id=service_id)
    today = datetime.utcnow().date().strftime('%Y-%m-%d')

    statistics = statistics_api_client.get_statistics_for_service_for_day(service_id, today)
    if not statistics:
        statistics = {}

    contents = s3download(service_id, upload_id)
    if not contents:
        flash('There was a problem reading your upload file')

    template = service_api_client.get_service_template(
        service_id,
        session['upload_data'].get('template_id')
    )['data']

    template = Template(
        template,
        prefix=current_service['name']
    )

    recipients = RecipientCSV(
        contents,
        template_type=template.template_type,
        placeholders=template.placeholders,
        max_initial_rows_shown=50,
        max_errors_shown=50,
        whitelist=itertools.chain.from_iterable(
            [user.mobile_number, user.email_address] for user in users
        ) if current_service['restricted'] else None
    )

    if request.args.get('from_test'):
        extra_args = {'help': 1} if request.args.get('help', '0') != '0' else {}
        if len(template.placeholders):
            back_link = url_for(
                '.send_test', service_id=service_id, template_id=template.id, **extra_args
            )
        else:
            back_link = url_for(
                '.choose_template', service_id=service_id, template_type=template.template_type, **extra_args
            )
    else:
        back_link = url_for('.send_messages', service_id=service_id, template_id=template.id)

    with suppress(StopIteration):
        template.values = next(recipients.rows)
        first_recipient = template.values.get(recipients.recipient_column_header, '')

    session['upload_data']['notification_count'] = len(list(recipients.rows))
    session['upload_data']['valid'] = not recipients.has_errors
    return render_template(
        'views/check.html',
        recipients=recipients,
        first_recipient=first_recipient,
        template=template,
        errors=recipients.has_errors,
        row_errors=get_errors_for_csv(recipients, template.template_type),
        count_of_recipients=session['upload_data']['notification_count'],
        count_of_displayed_recipients=(
            len(list(recipients.initial_annotated_rows_with_errors))
            if any(recipients.rows_with_errors) and not recipients.missing_column_headers else
            len(list(recipients.initial_annotated_rows))
        ),
        original_file_name=session['upload_data'].get('original_file_name'),
        upload_id=upload_id,
        form=CsvUploadForm(),
        statistics=statistics,
        back_link=back_link,
        help=get_help_argument()
    )
Example #15
0
def _check_messages(service_id, template_id, upload_id, preview_row, letters_as_pdf=False):

    users = user_api_client.get_users_for_service(service_id=service_id)

    statistics = service_api_client.get_detailed_service_for_today(service_id)['data']['statistics']
    remaining_messages = (current_service['message_limit'] - sum(stat['requested'] for stat in statistics.values()))

    contents = s3download(service_id, upload_id)

    db_template = service_api_client.get_service_template(
        service_id,
        str(template_id),
    )['data']

    email_reply_to = None
    sms_sender = None
    if db_template['template_type'] == 'email':
        email_reply_to = get_email_reply_to_address_from_session(service_id)
    elif db_template['template_type'] == 'sms':
        sms_sender = get_sms_sender_from_session(service_id)
    template = get_template(
        service_api_client.get_service_template(
            service_id,
            str(template_id),
        )['data'],
        current_service,
        show_recipient=True,
        letter_preview_url=url_for(
            '.check_messages_preview',
            service_id=service_id,
            template_id=template_id,
            upload_id=upload_id,
            filetype='png',
            row_index=preview_row,
        ) if not letters_as_pdf else None,
        email_reply_to=email_reply_to,
        sms_sender=sms_sender,
    )
    recipients = RecipientCSV(
        contents,
        template_type=template.template_type,
        placeholders=template.placeholders,
        max_initial_rows_shown=50,
        max_errors_shown=50,
        whitelist=itertools.chain.from_iterable(
            [user.name, user.mobile_number, user.email_address] for user in users
        ) if current_service['restricted'] else None,
        remaining_messages=remaining_messages,
        international_sms='international_sms' in current_service['permissions'],
    )

    if request.args.get('from_test'):
        # only happens if generating a letter preview test
        back_link = url_for('.send_test', service_id=service_id, template_id=template.id)
        choose_time_form = None
    else:
        back_link = url_for('.send_messages', service_id=service_id, template_id=template.id)
        choose_time_form = ChooseTimeForm()

    if preview_row < 2:
        abort(404)

    if preview_row < len(recipients) + 2:
        template.values = recipients[preview_row - 2].recipient_and_personalisation
    elif preview_row > 2:
        abort(404)

    if 'file_uploads' not in session:
        session['file_uploads'] = {}
    session['file_uploads'][upload_id] = {}

    if any(recipients) and not recipients.has_errors:
        session['file_uploads'][upload_id]['notification_count'] = len(recipients)
        session['file_uploads'][upload_id]['template_id'] = str(template_id)
        session['file_uploads'][upload_id]['valid'] = True
    else:
        session['file_uploads'].pop(upload_id)

    return dict(
        recipients=recipients,
        template=template,
        errors=recipients.has_errors,
        row_errors=get_errors_for_csv(recipients, template.template_type),
        count_of_recipients=len(recipients),
        count_of_displayed_recipients=len(list(recipients.displayed_rows)),
        original_file_name=request.args.get('original_file_name'),
        upload_id=upload_id,
        form=CsvUploadForm(),
        remaining_messages=remaining_messages,
        choose_time_form=choose_time_form,
        back_link=back_link,
        help=get_help_argument(),
        trying_to_send_letters_in_trial_mode=all((
            current_service['restricted'],
            template.template_type == 'letter',
            not request.args.get('from_test'),
        )),
        required_recipient_columns=OrderedSet(recipients.recipient_column_headers) - optional_address_columns,
        preview_row=preview_row,
    )