def service_users_report_json(service_id): # permissions are structured differently on invited vs accepted-invite users def user_permissions(user): return { permission for permission in all_permissions if user.has_permission_for_service(service_id, permission) } def present_row(user): logged_in_at = getattr(user, 'logged_in_at', None) if logged_in_at: logged_in_at = gmt_timezones(logged_in_at) return { "email_address": user.email_address, "name": getattr(user, 'name', None), # does not exist on invited user "mobile_number": getattr(user, 'mobile_number', None), # does not exist on invited user "last_login": logged_in_at, "auth_type": user.auth_type, "permissions": list(user_permissions(user)), } users = sorted( user_api_client.get_users_for_service(service_id=service_id) + [ invite for invite in invite_api_client.get_invites_for_service( service_id=service_id) if invite.status != 'accepted' ], key=lambda user: user.email_address, ) return json_download([present_row(user) for user in users], f'service-{service_id}-users')
def manage_users(service_id): users = user_api_client.get_users_for_service(service_id=service_id) invited_users = [ invite for invite in invite_api_client.get_invites_for_service( service_id=service_id) if invite.status != 'accepted' ] return render_template('views/manage-users.html', users=users, current_user=current_user, invited_users=invited_users)
def manage_users(service_id): users = user_api_client.get_users_for_service(service_id=service_id) invited_users = [invite for invite in invite_api_client.get_invites_for_service(service_id=service_id) if invite.status != 'accepted'] return render_template( 'views/manage-users.html', users=users, current_user=current_user, invited_users=invited_users )
def accept_invite(token): invited_user = invite_api_client.check_token(token) if not current_user.is_anonymous and current_user.email_address != invited_user.email_address: message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format(current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': from_user = user_api_client.get_user(invited_user.from_user) service = service_api_client.get_service(invited_user.service)['data'] return render_template('views/cancelled-invitation.html', from_user=from_user.name, service_name=service['name']) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = user_api_client.get_user_by_email_or_none( invited_user.email_address) service_users = user_api_client.get_users_for_service(invited_user.service) if existing_user: invite_api_client.accept_invite(invited_user.service, invited_user.id) if existing_user in service_users: return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: user_api_client.add_user_to_service(invited_user.service, existing_user.id, invited_user.permissions) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: return redirect(url_for('main.register_from_invite'))
def manage_users(service_id): users = sorted( user_api_client.get_users_for_service(service_id=service_id) + [ invite for invite in invite_api_client.get_invites_for_service( service_id=service_id) if invite.status != 'accepted' ], key=lambda user: user.email_address, ) return render_template( 'views/manage-users.html', users=users, current_user=current_user, show_search_box=(len(users) > 7), form=SearchUsersForm(), )
def test_client_gets_all_users_for_service( mocker, fake_uuid, ): user_api_client.max_failed_login_count = 99 # doesn't matter for this test mock_get = mocker.patch( 'app.notify_client.user_api_client.UserApiClient.get', return_value={'data': [ {'id': fake_uuid}, ]} ) users = user_api_client.get_users_for_service(SERVICE_ONE_ID) mock_get.assert_called_once_with('/service/{}/users'.format(SERVICE_ONE_ID)) assert len(users) == 1 assert users[0].id == fake_uuid
def accept_invite(token): invited_user = invite_api_client.check_token(token) if not current_user.is_anonymous and current_user.email_address != invited_user.email_address: message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format( current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': from_user = user_api_client.get_user(invited_user.from_user) service = service_api_client.get_service(invited_user.service)['data'] return render_template('views/cancelled-invitation.html', from_user=from_user.name, service_name=service['name']) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect(url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = user_api_client.get_user_by_email_or_none(invited_user.email_address) service_users = user_api_client.get_users_for_service(invited_user.service) if existing_user: invite_api_client.accept_invite(invited_user.service, invited_user.id) if existing_user in service_users: return redirect(url_for('main.service_dashboard', service_id=invited_user.service)) else: user_api_client.add_user_to_service(invited_user.service, existing_user.id, invited_user.permissions) return redirect(url_for('main.service_dashboard', service_id=invited_user.service)) else: return redirect(url_for('main.register_from_invite'))
def service_users_report(service_id): # permissions are structured differently on invited vs accepted-invite users def user_permissions(user): return { permission for permission in all_permissions if user.has_permission_for_service(service_id, permission) } def present_row(user): logged_in_at = getattr(user, 'logged_in_at', None) if logged_in_at: logged_in_at = gmt_timezones(logged_in_at) return [ user.email_address, getattr(user, 'name', None), # does not exist on invited user getattr(user, 'mobile_number', None), # does not exist on invited user logged_in_at, user.auth_type, ';'.join(user_permissions(user)) ] users = sorted( user_api_client.get_users_for_service(service_id=service_id) + [ invite for invite in invite_api_client.get_invites_for_service( service_id=service_id) if invite.status != 'accepted' ], key=lambda user: user.email_address, ) columns = [ "email_address", "name", "mobile_number", "last_login", "auth_type", "permissions" ] csv_data = [columns, *(present_row(user) for user in users)] return Spreadsheet.from_rows(csv_data).as_csv_data, 200, { 'Content-Type': 'text/csv; charset=utf-8', 'Content-Disposition': f'inline; filename="service-{service_id}-users.csv"' }
def check_messages(service_id, template_type, upload_id): if not session.get('upload_data'): return redirect( url_for('main.choose_template', service_id=service_id, template_type=template_type)) users = user_api_client.get_users_for_service(service_id=service_id) statistics = service_api_client.get_detailed_service_for_today( service_id)['data']['statistics'] remaining_messages = (current_service['message_limit'] - sum(stat['requested'] for stat in statistics.values())) contents = s3download(service_id, upload_id) if not contents: flash('There was a problem reading your upload file') template = Template(service_api_client.get_service_template( service_id, session['upload_data'].get('template_id'))['data'], prefix=current_service['name'], sms_sender=current_service['sms_sender']) recipients = RecipientCSV( contents, template_type=template.template_type, placeholders=template.placeholders, max_initial_rows_shown=50, max_errors_shown=50, whitelist=itertools.chain.from_iterable( [user.mobile_number, user.email_address] for user in users) if current_service['restricted'] else None, remaining_messages=remaining_messages) if request.args.get('from_test'): extra_args = { 'help': 1 } if request.args.get('help', '0') != '0' else {} if len(template.placeholders): back_link = url_for('.send_test', service_id=service_id, template_id=template.id, **extra_args) else: back_link = url_for('.choose_template', service_id=service_id, template_type=template.template_type, **extra_args) choose_time_form = None else: back_link = url_for('.send_messages', service_id=service_id, template_id=template.id) choose_time_form = ChooseTimeForm() with suppress(StopIteration): template.values = next(recipients.rows) first_recipient = template.values.get( recipients.recipient_column_header, '') session['upload_data']['notification_count'] = len(list(recipients.rows)) session['upload_data']['valid'] = not recipients.has_errors return render_template( 'views/check.html', recipients=recipients, first_recipient=first_recipient, template=template, errors=recipients.has_errors, row_errors=get_errors_for_csv(recipients, template.template_type), count_of_recipients=session['upload_data']['notification_count'], count_of_displayed_recipients=( len(list(recipients.initial_annotated_rows_with_errors)) if any(recipients.rows_with_errors) and not recipients.missing_column_headers else len( list(recipients.initial_annotated_rows))), original_file_name=session['upload_data'].get('original_file_name'), upload_id=upload_id, form=CsvUploadForm(), remaining_messages=remaining_messages, choose_time_form=choose_time_form, back_link=back_link, help=get_help_argument())
def accept_invite(token): try: invited_user = invite_api_client.check_token(token) except HTTPError as e: if e.status_code == 400 and 'invitation' in e.message: flash(e.message['invitation']) return redirect(url_for('main.sign_in')) else: raise e if not current_user.is_anonymous and current_user.email_address.lower( ) != invited_user.email_address.lower(): message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format(current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': from_user = user_api_client.get_user(invited_user.from_user) service = service_api_client.get_service(invited_user.service)['data'] return render_template('views/cancelled-invitation.html', from_user=from_user.name, service_name=service['name']) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = user_api_client.get_user_by_email_or_none( invited_user.email_address) service_users = user_api_client.get_users_for_service(invited_user.service) if existing_user: invite_api_client.accept_invite(invited_user.service, invited_user.id) if existing_user in service_users: return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: service = service_api_client.get_service( invited_user.service)['data'] # if the service you're being added to can modify auth type, then check if this is relevant if 'email_auth' in service['permissions'] and ( # they have a phone number, we want them to start using it. if they dont have a mobile we just # ignore that option of the invite (existing_user.mobile_number and invited_user.auth_type == 'sms_auth') or # we want them to start sending emails. it's always valid, so lets always update invited_user.auth_type == 'email_auth'): user_api_client.update_user_attribute( existing_user.id, auth_type=invited_user.auth_type) user_api_client.add_user_to_service(invited_user.service, existing_user.id, invited_user.permissions) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: return redirect(url_for('main.register_from_invite'))
def _check_messages(service_id, template_type, upload_id, preview_row, letters_as_pdf=False): if not session.get('upload_data'): # if we just return a `redirect` (302) object here, we'll get errors when we try and unpack in the # check_messages route - so raise a werkzeug.routing redirect to ensure that doesn't happen. # NOTE: this is a 301 MOVED PERMANENTLY (httpstatus.es/301), so the browser will cache this redirect, and it'll # *always* happen for that browser. _check_messages is only used by endpoints that contain `upload_id`, which # is a one-time-use id (that ties to a given file in S3 that is already deleted if it's not in the session) raise RequestRedirect(url_for('main.choose_template', service_id=service_id)) users = user_api_client.get_users_for_service(service_id=service_id) statistics = service_api_client.get_detailed_service_for_today(service_id)['data']['statistics'] remaining_messages = (current_service['message_limit'] - sum(stat['requested'] for stat in statistics.values())) contents = s3download(service_id, upload_id) email_reply_to = None sms_sender = None if template_type == 'email': email_reply_to = get_email_reply_to_address_from_session(service_id) elif template_type == 'sms': sms_sender = get_sms_sender_from_session(service_id) template = get_template( service_api_client.get_service_template( service_id, session['upload_data'].get('template_id') )['data'], current_service, show_recipient=True, letter_preview_url=url_for( '.check_messages_preview', service_id=service_id, template_type=template_type, upload_id=upload_id, filetype='png', row_index=preview_row, ) if not letters_as_pdf else None, email_reply_to=email_reply_to, sms_sender=sms_sender ) recipients = RecipientCSV( contents, template_type=template.template_type, placeholders=template.placeholders, max_initial_rows_shown=50, max_errors_shown=50, whitelist=itertools.chain.from_iterable( [user.name, user.mobile_number, user.email_address] for user in users ) if current_service['restricted'] else None, remaining_messages=remaining_messages, international_sms='international_sms' in current_service['permissions'], ) if request.args.get('from_test'): # only happens if generating a letter preview test back_link = url_for('.send_test', service_id=service_id, template_id=template.id) choose_time_form = None else: back_link = url_for('.send_messages', service_id=service_id, template_id=template.id) choose_time_form = ChooseTimeForm() count_of_recipients = len(list(recipients.rows)) if preview_row < 2: abort(404) if preview_row < count_of_recipients + 2: template.values = recipients[preview_row - 2] elif preview_row > 2: abort(404) session['upload_data']['notification_count'] = count_of_recipients session['upload_data']['valid'] = not recipients.has_errors return dict( recipients=recipients, template=template, errors=recipients.has_errors, row_errors=get_errors_for_csv(recipients, template.template_type), count_of_recipients=count_of_recipients, count_of_displayed_recipients=( len(list(recipients.initial_annotated_rows_with_errors)) if any(recipients.rows_with_errors) and not recipients.missing_column_headers else len(list(recipients.initial_annotated_rows)) ), original_file_name=session['upload_data'].get('original_file_name'), upload_id=upload_id, form=CsvUploadForm(), remaining_messages=remaining_messages, choose_time_form=choose_time_form, back_link=back_link, help=get_help_argument(), trying_to_send_letters_in_trial_mode=all(( current_service['restricted'], template.template_type == 'letter', not request.args.get('from_test'), )), required_recipient_columns=OrderedSet(recipients.recipient_column_headers) - optional_address_columns, preview_row=preview_row, )
def _check_messages(service_id, template_id, upload_id, preview_row, letters_as_pdf=False): try: # The happy path is that the job doesn’t already exist, so the # API will return a 404 and the client will raise HTTPError. job_api_client.get_job(service_id, upload_id) # the job exists already - so go back to the templates page # If we just return a `redirect` (302) object here, we'll get # errors when we try and unpack in the check_messages route. # Rasing a werkzeug.routing redirect means that doesn't happen. raise RequestRedirect( url_for('.send_messages', service_id=service_id, template_id=template_id)) except HTTPError as e: if e.status_code != 404: raise users = user_api_client.get_users_for_service(service_id=service_id) statistics = service_api_client.get_service_statistics(service_id, today_only=True) remaining_messages = (current_service['message_limit'] - sum(stat['requested'] for stat in statistics.values())) contents = s3download(service_id, upload_id) db_template = service_api_client.get_service_template( service_id, str(template_id), )['data'] email_reply_to = None sms_sender = None if db_template['template_type'] == 'email': email_reply_to = get_email_reply_to_address_from_session(service_id) elif db_template['template_type'] == 'sms': sms_sender = get_sms_sender_from_session(service_id) template = get_template( db_template, current_service, show_recipient=True, letter_preview_url=url_for( '.check_messages_preview', service_id=service_id, template_id=template_id, upload_id=upload_id, filetype='png', row_index=preview_row, ) if not letters_as_pdf else None, email_reply_to=email_reply_to, sms_sender=sms_sender, ) recipients = RecipientCSV( contents, template_type=template.template_type, placeholders=template.placeholders, max_initial_rows_shown=50, max_errors_shown=50, whitelist=itertools.chain.from_iterable( [user.name, user.mobile_number, user.email_address] for user in users) if current_service['restricted'] else None, remaining_messages=remaining_messages, international_sms='international_sms' in current_service['permissions'], ) if request.args.get('from_test'): # only happens if generating a letter preview test back_link = url_for('.send_test', service_id=service_id, template_id=template.id) choose_time_form = None else: back_link = url_for('.send_messages', service_id=service_id, template_id=template.id) choose_time_form = ChooseTimeForm() if preview_row < 2: abort(404) if preview_row < len(recipients) + 2: template.values = recipients[preview_row - 2].recipient_and_personalisation elif preview_row > 2: abort(404) return dict( recipients=recipients, template=template, errors=recipients.has_errors, row_errors=get_errors_for_csv(recipients, template.template_type), count_of_recipients=len(recipients), count_of_displayed_recipients=len(list(recipients.displayed_rows)), original_file_name=request.args.get('original_file_name'), upload_id=upload_id, form=CsvUploadForm(), remaining_messages=remaining_messages, choose_time_form=choose_time_form, back_link=back_link, help=get_help_argument(), trying_to_send_letters_in_trial_mode=all(( current_service['restricted'], template.template_type == 'letter', not request.args.get('from_test'), )), required_recipient_columns=OrderedSet( recipients.recipient_column_headers) - optional_address_columns, preview_row=preview_row, )
def accept_invite(token): try: check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['INVITATION_EXPIRY_SECONDS']) except SignatureExpired: errors = [ 'Your invitation to GOV.UK Notify has expired. ' 'Please ask the person that invited you to send you another one' ] return render_template("error/400.html", message=errors), 400 invited_user = invite_api_client.check_token(token) if not current_user.is_anonymous and current_user.email_address.lower( ) != invited_user.email_address.lower(): message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format(current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': from_user = user_api_client.get_user(invited_user.from_user) service = service_api_client.get_service(invited_user.service)['data'] return render_template('views/cancelled-invitation.html', from_user=from_user.name, service_name=service['name']) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = user_api_client.get_user_by_email_or_none( invited_user.email_address) service_users = user_api_client.get_users_for_service(invited_user.service) if existing_user: invite_api_client.accept_invite(invited_user.service, invited_user.id) if existing_user in service_users: return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: service = service_api_client.get_service( invited_user.service)['data'] # if the service you're being added to can modify auth type, then check if this is relevant if 'email_auth' in service['permissions'] and ( # they have a phone number, we want them to start using it. if they dont have a mobile we just # ignore that option of the invite (existing_user.mobile_number and invited_user.auth_type == 'sms_auth') or # we want them to start sending emails. it's always valid, so lets always update invited_user.auth_type == 'email_auth'): user_api_client.update_user_attribute( existing_user.id, auth_type=invited_user.auth_type) user_api_client.add_user_to_service(invited_user.service, existing_user.id, invited_user.permissions) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: return redirect(url_for('main.register_from_invite'))
def check_messages(service_id, template_type, upload_id): if not session.get('upload_data'): return redirect(url_for('main.choose_template', service_id=service_id, template_type=template_type)) users = user_api_client.get_users_for_service(service_id=service_id) today = datetime.utcnow().date().strftime('%Y-%m-%d') statistics = statistics_api_client.get_statistics_for_service_for_day(service_id, today) if not statistics: statistics = {} contents = s3download(service_id, upload_id) if not contents: flash('There was a problem reading your upload file') template = service_api_client.get_service_template( service_id, session['upload_data'].get('template_id') )['data'] template = Template( template, prefix=current_service['name'] ) recipients = RecipientCSV( contents, template_type=template.template_type, placeholders=template.placeholders, max_initial_rows_shown=50, max_errors_shown=50, whitelist=itertools.chain.from_iterable( [user.mobile_number, user.email_address] for user in users ) if current_service['restricted'] else None ) if request.args.get('from_test'): extra_args = {'help': 1} if request.args.get('help', '0') != '0' else {} if len(template.placeholders): back_link = url_for( '.send_test', service_id=service_id, template_id=template.id, **extra_args ) else: back_link = url_for( '.choose_template', service_id=service_id, template_type=template.template_type, **extra_args ) else: back_link = url_for('.send_messages', service_id=service_id, template_id=template.id) with suppress(StopIteration): template.values = next(recipients.rows) first_recipient = template.values.get(recipients.recipient_column_header, '') session['upload_data']['notification_count'] = len(list(recipients.rows)) session['upload_data']['valid'] = not recipients.has_errors return render_template( 'views/check.html', recipients=recipients, first_recipient=first_recipient, template=template, errors=recipients.has_errors, row_errors=get_errors_for_csv(recipients, template.template_type), count_of_recipients=session['upload_data']['notification_count'], count_of_displayed_recipients=( len(list(recipients.initial_annotated_rows_with_errors)) if any(recipients.rows_with_errors) and not recipients.missing_column_headers else len(list(recipients.initial_annotated_rows)) ), original_file_name=session['upload_data'].get('original_file_name'), upload_id=upload_id, form=CsvUploadForm(), statistics=statistics, back_link=back_link, help=get_help_argument() )
def _check_messages(service_id, template_id, upload_id, preview_row, letters_as_pdf=False): users = user_api_client.get_users_for_service(service_id=service_id) statistics = service_api_client.get_detailed_service_for_today(service_id)['data']['statistics'] remaining_messages = (current_service['message_limit'] - sum(stat['requested'] for stat in statistics.values())) contents = s3download(service_id, upload_id) db_template = service_api_client.get_service_template( service_id, str(template_id), )['data'] email_reply_to = None sms_sender = None if db_template['template_type'] == 'email': email_reply_to = get_email_reply_to_address_from_session(service_id) elif db_template['template_type'] == 'sms': sms_sender = get_sms_sender_from_session(service_id) template = get_template( service_api_client.get_service_template( service_id, str(template_id), )['data'], current_service, show_recipient=True, letter_preview_url=url_for( '.check_messages_preview', service_id=service_id, template_id=template_id, upload_id=upload_id, filetype='png', row_index=preview_row, ) if not letters_as_pdf else None, email_reply_to=email_reply_to, sms_sender=sms_sender, ) recipients = RecipientCSV( contents, template_type=template.template_type, placeholders=template.placeholders, max_initial_rows_shown=50, max_errors_shown=50, whitelist=itertools.chain.from_iterable( [user.name, user.mobile_number, user.email_address] for user in users ) if current_service['restricted'] else None, remaining_messages=remaining_messages, international_sms='international_sms' in current_service['permissions'], ) if request.args.get('from_test'): # only happens if generating a letter preview test back_link = url_for('.send_test', service_id=service_id, template_id=template.id) choose_time_form = None else: back_link = url_for('.send_messages', service_id=service_id, template_id=template.id) choose_time_form = ChooseTimeForm() if preview_row < 2: abort(404) if preview_row < len(recipients) + 2: template.values = recipients[preview_row - 2].recipient_and_personalisation elif preview_row > 2: abort(404) if 'file_uploads' not in session: session['file_uploads'] = {} session['file_uploads'][upload_id] = {} if any(recipients) and not recipients.has_errors: session['file_uploads'][upload_id]['notification_count'] = len(recipients) session['file_uploads'][upload_id]['template_id'] = str(template_id) session['file_uploads'][upload_id]['valid'] = True else: session['file_uploads'].pop(upload_id) return dict( recipients=recipients, template=template, errors=recipients.has_errors, row_errors=get_errors_for_csv(recipients, template.template_type), count_of_recipients=len(recipients), count_of_displayed_recipients=len(list(recipients.displayed_rows)), original_file_name=request.args.get('original_file_name'), upload_id=upload_id, form=CsvUploadForm(), remaining_messages=remaining_messages, choose_time_form=choose_time_form, back_link=back_link, help=get_help_argument(), trying_to_send_letters_in_trial_mode=all(( current_service['restricted'], template.template_type == 'letter', not request.args.get('from_test'), )), required_recipient_columns=OrderedSet(recipients.recipient_column_headers) - optional_address_columns, preview_row=preview_row, )