def choose_service():
return render_template(
'views/choose-service.html',
services=[ServicesBrowsableItem(x) for x in
service_api_client.get_active_services({'user_id': current_user.id})['data']],
can_add_service=is_gov_user(current_user.email_address)
)
def edit_user_email(service_id, user_id):
user = current_service.get_team_member(user_id)
user_email = user.email_address
session_key = 'team_member_email_change-{}'.format(user_id)
if is_gov_user(user_email):
form = ChangeEmailForm(User.already_registered,
email_address=user_email)
else:
form = ChangeNonGovEmailForm(User.already_registered,
email_address=user_email)
if request.form.get('email_address', '').strip() == user_email:
return redirect(url_for('.manage_users',
service_id=current_service.id))
if form.validate_on_submit():
session[session_key] = form.email_address.data
return redirect(
url_for('.confirm_edit_user_email',
user_id=user.id,
service_id=service_id))
return render_template('views/manage-users/edit-user-email.html',
user=user,
form=form,
service_id=service_id)
def test_non_whitelist_user_cannot_access_create_service_page(
logged_in_client,
mock_get_non_govuser,
api_nongov_user_active,
):
assert not is_gov_user(api_nongov_user_active.email_address)
response = logged_in_client.get(url_for('main.add_service'))
assert response.status_code == 403
def __call__(self, form, field):
from flask import url_for
message = (
'Enter a central government email address.'
' If you think you should have access'
' <a href="{}">contact us</a>').format(url_for('main.feedback'))
if not is_gov_user(field.data.lower()):
raise ValidationError(message)
def test_non_whitelist_user_cannot_create_service(client,
mock_login,
mock_get_non_govuser,
api_nongov_user_active):
client.login(api_nongov_user_active)
assert not is_gov_user(api_nongov_user_active.email_address)
response = client.post(url_for('main.add_service'), data={'name': 'SERVICE TWO'})
assert response.status_code == 403
def test_non_whitelist_user_cannot_access_create_service_page(client,
mock_login,
mock_get_non_govuser,
api_nongov_user_active):
client.login(api_nongov_user_active)
assert not is_gov_user(api_nongov_user_active.email_address)
response = client.get(url_for('main.add_service'))
assert response.status_code == 403
def __call__(self, form, field):
from flask import url_for
message = ('Enter a government email address.'
' If you think you should have access'
' <a href="{}">contact us</a>').format(
url_for('main.support'))
if not is_gov_user(field.data.lower()):
raise ValidationError(message)
def choose_service():
return render_template('views/choose-service.html',
services=[
ServicesBrowsableItem(x)
for x in service_api_client.get_active_services(
{'user_id': current_user.id})['data']
],
can_add_service=is_gov_user(
current_user.email_address))
def test_non_whitelist_user_cannot_create_service(
logged_in_client,
mock_get_non_govuser,
api_nongov_user_active,
):
assert not is_gov_user(api_nongov_user_active.email_address)
response = logged_in_client.post(url_for('main.add_service'),
data={'name': 'SERVICE TWO'})
assert response.status_code == 403
def choose_account():
orgs_and_services = user_api_client.get_organisations_and_services_for_user(
current_user.id)
return render_template('views/choose-account.html',
organisations=orgs_and_services['organisations'],
services_without_organisations=orgs_and_services[
'services_without_organisations'],
can_add_service=is_gov_user(
current_user.email_address))
def test_non_whitelist_user_cannot_access_create_service_page(
client_request,
mock_get_non_govuser,
api_nongov_user_active,
):
assert not is_gov_user(api_nongov_user_active.email_address)
client_request.get(
'main.add_service',
_expected_status=403,
)
def test_non_whitelist_user_cannot_create_service(
client_request,
mock_get_non_govuser,
api_nongov_user_active,
):
assert not is_gov_user(api_nongov_user_active.email_address)
client_request.post(
'main.add_service',
_data={'name': 'SERVICE TWO'},
_expected_status=403,
)
def test_non_safelist_user_cannot_access_create_service_page(
client_request,
mock_get_non_govuser,
api_nongov_user_active,
mock_get_organisations,
):
assert is_gov_user(api_nongov_user_active["email_address"]) is False
client_request.get(
"main.add_service",
_expected_status=403,
)
def test_non_government_user_can_access_create_service_page(
client_request,
mock_get_non_govuser,
api_nongov_user_active,
mock_get_organisations,
mock_get_organisation_by_domain,
):
assert is_gov_user(api_nongov_user_active['email_address']) is False
client_request.get(
'main.add_service',
_expected_status=200,
)
def test_non_government_user_cannot_create_service(
client_request,
mock_get_non_govuser,
api_nongov_user_active,
mock_get_organisations,
):
assert is_gov_user(api_nongov_user_active['email_address']) is False
client_request.post(
'main.add_service',
_data={'name': 'SERVICE TWO'},
_expected_status=403,
)
def test_non_safelist_user_cannot_create_service(
client_request,
mock_get_non_govuser,
api_nongov_user_active,
mock_get_organisations,
):
assert is_gov_user(api_nongov_user_active["email_address"]) is False
client_request.post(
"main.add_service",
_data={"name": "SERVICE TWO"},
_expected_status=403,
)
def __call__(self, form, field):
if field.data == '':
return
from flask import url_for
message = '''
Enter a public sector email address or
<a class="govuk-link govuk-link--no-visited-state" href="{}">find out who can use Notify</a>
'''.format(url_for('main.who_can_use_notify'))
if not is_gov_user(field.data.lower()):
raise ValidationError(message)
def test_invite_user_with_email_auth_service(
client_request,
service_one,
active_user_with_permissions,
sample_invite,
email_address,
gov_user,
mocker,
auth_type,
mock_get_organisations,
mock_get_template_folders,
):
service_one['permissions'].append('email_auth')
sample_invite['email_address'] = '*****@*****.**'
assert is_gov_user(email_address) is gov_user
mocker.patch('app.models.user.InvitedUsers.client_method',
return_value=[sample_invite])
mocker.patch('app.models.user.Users.client_method',
return_value=[active_user_with_permissions])
mocker.patch('app.invite_api_client.create_invite',
return_value=sample_invite)
page = client_request.post(
'main.invite_user',
service_id=SERVICE_ONE_ID,
_data={
'email_address': email_address,
'view_activity': 'y',
'send_messages': 'y',
'manage_templates': 'y',
'manage_service': 'y',
'manage_api_keys': 'y',
'login_authentication': auth_type,
},
_follow_redirects=True,
_expected_status=200,
)
assert page.h1.string.strip() == 'Team members'
flash_banner = page.find('div',
class_='banner-default-with-tick').string.strip()
assert flash_banner == 'Invite sent to [email protected]'
expected_permissions = {
'manage_api_keys', 'manage_service', 'manage_templates',
'send_messages', 'view_activity'
}
app.invite_api_client.create_invite.assert_called_once_with(
sample_invite['from_user'], sample_invite['service'], email_address,
expected_permissions, auth_type, [])
def __call__(self, form, field):
if field.data == "":
return
from flask import url_for
gov_email = _("Enter a government email address.")
contact_url = url_for(".contact")
access_text = _("If you think you should have access")
contact_text = _("contact us")
message = ('{} {} <a href="{}">{}</a>').format(gov_email, access_text, contact_url, contact_text)
if not is_gov_user(field.data.lower()):
raise ValidationError(message)
def test_invite_user(
client_request,
active_user_with_permissions,
mocker,
sample_invite,
email_address,
gov_user,
mock_get_template_folders,
mock_get_organisations,
):
sample_invite['email_address'] = '*****@*****.**'
assert is_gov_user(email_address) == gov_user
mocker.patch('app.models.user.InvitedUsers.client',
return_value=[sample_invite])
mocker.patch('app.models.user.Users.client',
return_value=[active_user_with_permissions])
mocker.patch('app.invite_api_client.create_invite',
return_value=sample_invite)
page = client_request.post(
'main.invite_user',
service_id=SERVICE_ONE_ID,
_data={
'email_address': email_address,
'view_activity': 'y',
'send_messages': 'y',
'manage_templates': 'y',
'manage_service': 'y',
'manage_api_keys': 'y',
},
_follow_redirects=True,
)
if (gov_user):
assert page.h1.string.strip() == 'Team members'
flash_banner = page.find(
'div', class_='banner-default-with-tick').string.strip()
assert flash_banner == 'Invite sent to [email protected]'
expected_permissions = {
'manage_api_keys', 'manage_service', 'manage_templates',
'send_messages', 'view_activity'
}
app.invite_api_client.create_invite.assert_called_once_with(
sample_invite['from_user'], sample_invite['service'],
email_address, expected_permissions, 'sms_auth', [])
else:
assert page.h1.string.strip() == 'Invite a team member'
app.invite_api_client.create_invite.assert_not_called()
def user_profile_email():
if not is_gov_user(current_user.email_address):
abort(403)
def _is_email_already_in_use(email):
return user_api_client.is_email_already_in_use(email)
form = ChangeEmailForm(_is_email_already_in_use,
email_address=current_user.email_address)
if form.validate_on_submit():
session[NEW_EMAIL] = form.email_address.data
return redirect(url_for('.user_profile_email_authenticate'))
return render_template('views/user-profile/change.html',
thing='email address',
form_field=form.email_address)
def test_invite_user(
logged_in_client,
active_user_with_permissions,
mocker,
sample_invite,
email_address,
gov_user,
):
service = create_sample_service(active_user_with_permissions)
sample_invite['email_address'] = '*****@*****.**'
data = [InvitedUser(**sample_invite)]
assert is_gov_user(email_address) == gov_user
mocker.patch('app.invite_api_client.get_invites_for_service',
return_value=data)
mocker.patch('app.user_api_client.get_users_for_service',
return_value=[active_user_with_permissions])
mocker.patch('app.invite_api_client.create_invite',
return_value=InvitedUser(**sample_invite))
response = logged_in_client.post(url_for('main.invite_user',
service_id=service['id']),
data={
'email_address': email_address,
'view_activity': 'y',
'send_messages': 'y',
'manage_templates': 'y',
'manage_service': 'y',
'manage_api_keys': 'y'
},
follow_redirects=True)
assert response.status_code == 200
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert page.h1.string.strip() == 'Team members'
flash_banner = page.find('div',
class_='banner-default-with-tick').string.strip()
assert flash_banner == 'Invite sent to [email protected]'
expected_permissions = {
'manage_api_keys', 'manage_service', 'manage_templates',
'send_messages', 'view_activity'
}
app.invite_api_client.create_invite.assert_called_once_with(
sample_invite['from_user'], sample_invite['service'], email_address,
expected_permissions, 'sms_auth')
def __call__(self, form, field):
if field.data == '':
return
from flask import url_for
gov_email = _("Enter a government email address.")
feedback_url = url_for('.feedback',
ticket_type='ask-question-give-feedback')
access_text = _("If you think you should have access")
contact_text = _('contact us')
message = ('{} {} <a href="{}">{}</a>').format(gov_email, access_text,
feedback_url,
contact_text)
if not is_gov_user(field.data.lower()):
raise ValidationError(message)
def user_profile_email():
if not is_gov_user(current_user.email_address):
abort(403)
def _is_email_unique(email):
return user_api_client.is_email_unique(email)
form = ChangeEmailForm(_is_email_unique,
email_address=current_user.email_address)
if form.validate_on_submit():
session[NEW_EMAIL] = form.email_address.data
return redirect(url_for('.user_profile_email_authenticate'))
return render_template(
'views/user-profile/change.html',
thing='email address',
form_field=form.email_address
)
def add_service():
invited_user = session.get('invited_user')
if invited_user:
service_id = _add_invited_user_to_service(invited_user)
return redirect(
url_for('main.service_dashboard', service_id=service_id))
if not is_gov_user(current_user.email_address):
abort(403)
form = CreateServiceForm()
heading = 'About your service'
if form.validate_on_submit():
email_from = email_safe(form.name.data)
service_name = form.name.data
service_id, error = _create_service(service_name,
form.organisation_type.data,
email_from, form)
if error:
return render_template('views/add-service.html',
form=form,
heading=heading)
if len(
service_api_client.get_active_services({
'user_id':
session['user_id']
}).get('data', [])) > 1:
return redirect(
url_for('main.service_dashboard', service_id=service_id))
example_sms_template = _create_example_template(service_id)
return redirect(
url_for(
'main.start_tour',
service_id=service_id,
template_id=example_sms_template['data']['id'],
))
else:
return render_template('views/add-service.html',
form=form,
heading=heading)
def test_invite_user(
app_,
active_user_with_permissions,
mocker,
sample_invite,
email_address,
gov_user
):
service = create_sample_service(active_user_with_permissions)
sample_invite['email_address'] = '*****@*****.**'
data = [InvitedUser(**sample_invite)]
with app_.test_request_context():
with app_.test_client() as client:
client.login(active_user_with_permissions, mocker, service)
assert is_gov_user(email_address) == gov_user
mocker.patch('app.invite_api_client.get_invites_for_service', return_value=data)
mocker.patch('app.user_api_client.get_users_for_service', return_value=[active_user_with_permissions])
mocker.patch('app.invite_api_client.create_invite', return_value=InvitedUser(**sample_invite))
response = client.post(
url_for('main.invite_user', service_id=service['id']),
data={'email_address': email_address,
'send_messages': 'y',
'manage_service': 'y',
'manage_api_keys': 'y'},
follow_redirects=True
)
assert response.status_code == 200
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert page.h1.string.strip() == 'Team members'
flash_banner = page.find('div', class_='banner-default-with-tick').string.strip()
assert flash_banner == 'Invite sent to [email protected]'
expected_permissions = 'manage_api_keys,manage_settings,manage_templates,manage_users,send_emails,send_letters,send_texts,view_activity' # noqa
app.invite_api_client.create_invite.assert_called_once_with(sample_invite['from_user'],
sample_invite['service'],
email_address,
expected_permissions)
def add_service():
invited_user = session.get('invited_user')
if invited_user:
service_id = _add_invited_user_to_service(invited_user)
return redirect(url_for('main.service_dashboard', service_id=service_id))
if not is_gov_user(current_user.email_address):
abort(403)
form = AddServiceForm(service_api_client.find_all_service_email_from)
heading = 'Which service do you want to set up notifications for?'
if form.validate_on_submit():
email_from = email_safe(form.name.data)
service_name = form.name.data
service_id = _create_service(service_name, email_from)
if (len(service_api_client.get_active_services({'user_id': session['user_id']}).get('data', [])) > 1):
return redirect(url_for('main.service_dashboard', service_id=service_id))
example_sms_template = service_api_client.create_service_template(
'Example text message template',
'sms',
'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).',
service_id
)
return redirect(url_for(
'main.send_test',
service_id=service_id,
template_id=example_sms_template['data']['id'],
help=1
))
else:
return render_template(
'views/add-service.html',
form=form,
heading=heading
)
def user_profile():
return render_template('views/user-profile.html',
can_see_edit=is_gov_user(
current_user.email_address))
def is_gov_user(self):
return is_gov_user(self.email_address)
def user_profile():
return render_template(
'views/user-profile.html',
can_see_edit=is_gov_user(current_user.email_address)
)
