def _update_alert(user_to_update, changes=None): service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID']) template = dao_get_template_by_id(current_app.config['ACCOUNT_CHANGE_TEMPLATE_ID']) recipient = user_to_update.email_address reply_to = template.service.get_default_reply_to_email_address() change_type_en = "" change_type_fr = "" if changes: change_type_en = update_dct_to_str(changes, 'EN') change_type_fr = update_dct_to_str(changes, 'FR') saved_notification = persist_notification( template_id=template.id, template_version=template.version, recipient=recipient, service=service, personalisation={ 'base_url': Config.ADMIN_BASE_URL, 'contact_us_url': f'{Config.ADMIN_BASE_URL}/support/ask-question-give-feedback', 'change_type_en': change_type_en, 'change_type_fr': change_type_fr, }, notification_type=template.template_type, api_key_id=None, key_type=KEY_TYPE_NORMAL, reply_to_text=reply_to ) send_notification_to_queue(saved_notification, False, queue=QueueNames.NOTIFY)
def update_user_attribute(user_id): user_to_update = get_user_by_id(user_id=user_id) req_json = request.get_json() if 'updated_by' in req_json: updated_by = get_user_by_id(user_id=req_json.pop('updated_by')) else: updated_by = None update_dct, errors = user_update_schema_load_json.load(req_json) if errors: raise InvalidRequest(errors, status_code=400) save_user_attribute(user_to_update, update_dict=update_dct) service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID']) # Alert user that account change took place change_type = update_dct_to_str(update_dct) _update_alert(user_to_update, change_type) # Alert that team member edit user if updated_by: if 'email_address' in update_dct: template = dao_get_template_by_id( current_app.config['TEAM_MEMBER_EDIT_EMAIL_TEMPLATE_ID']) recipient = user_to_update.email_address reply_to = template.service.get_default_reply_to_email_address() elif 'mobile_number' in update_dct: template = dao_get_template_by_id( current_app.config['TEAM_MEMBER_EDIT_MOBILE_TEMPLATE_ID']) recipient = user_to_update.mobile_number reply_to = template.service.get_default_sms_sender() else: return jsonify(data=user_to_update.serialize()), 200 saved_notification = persist_notification( template_id=template.id, template_version=template.version, recipient=recipient, service=service, personalisation={ 'name': user_to_update.name, 'servicemanagername': updated_by.name, 'email address': user_to_update.email_address, 'change_type': change_type }, notification_type=template.template_type, api_key_id=None, key_type=KEY_TYPE_NORMAL, reply_to_text=reply_to) send_notification_to_queue(saved_notification, False, queue=QueueNames.NOTIFY) return jsonify(data=user_to_update.serialize()), 200
def test_update_dct_to_str(): test_dict = { "email_address": "*****@*****.**", "auth_type": "sms" } result = update_dct_to_str(test_dict) result = ' '.join(result.split()) expected = ["- email address", "- auth type"] expected = ' '.join(expected).strip() assert result == expected
def test_update_dct_to_str(): test_dict = { "email_address": "*****@*****.**", "auth_type": "sms", "dummy_key": "nope", } result = update_dct_to_str(test_dict, "EN") result = " ".join(result.split()) expected = ["- email address", "- auth type", "- dummy key"] expected = " ".join(expected) assert result == expected result = update_dct_to_str(test_dict, "FR") result = " ".join(result.split()) expected = [ "- adresse courriel", "- méthode d'authentification", "- dummy key" ] expected = " ".join(expected) assert result == expected
def set_permissions(user_id, service_id): # TODO fix security hole, how do we verify that the user # who is making this request has permission to make the request. service_user = dao_get_service_user(user_id, service_id) user = service_user.user service = dao_fetch_service_by_id(service_id=service_id) data = request.get_json() validate(data, post_set_permissions_schema) permission_list = [ Permission(service_id=service_id, user_id=user_id, permission=p['permission']) for p in data['permissions'] ] service_key = "service_id_{}".format(service_id) change_dict = {service_key: service_id, "permissions": permission_list} try: _update_alert(user, update_dct_to_str(change_dict)) except Exception as e: current_app.logger.error(e) permission_dao.set_user_service_permission(user, service, permission_list, _commit=True, replace=True) if 'folder_permissions' in data: folders = [ dao_get_template_folder_by_id_and_service_id( folder_id, service_id) for folder_id in data['folder_permissions'] ] service_user.folders = folders dao_update_service_user(service_user) return jsonify({}), 204
def update_password(user_id): user = get_user_by_id(user_id=user_id) req_json = request.get_json() pwd = req_json.get('_password') update_dct, errors = user_update_password_schema_load_json.load(req_json) if errors: raise InvalidRequest(errors, status_code=400) response = pwnedpasswords.check(pwd) if response > 0: errors.update({'password': ['Password is blacklisted.']}) raise InvalidRequest(errors, status_code=400) update_user_password(user, pwd) change_type = update_dct_to_str({'password': "******"}) try: _update_alert(user, change_type) except Exception as e: current_app.logger.error(e) return jsonify(data=user.serialize()), 200