def update_login_option(org_id, login_source):
"""Create a new contact for this org."""
# check for existing contact (only one contact per org for now)
current_app.logger.debug('>update_login_option')
org = OrgModel.find_by_org_id(org_id)
if org is None:
raise BusinessException(Error.DATA_NOT_FOUND, None)
check_auth(one_of_roles=ADMIN, org_id=org_id)
existing_login_option = AccountLoginOptionsModel.find_active_by_org_id(
org_id)
if existing_login_option is not None:
existing_login_option.is_active = False
existing_login_option.add_to_session()
login_option = AccountLoginOptionsModel(login_source=login_source,
org_id=org_id)
login_option.save()
ActivityLogPublisher.publish_activity(
Activity(org_id,
ActivityAction.AUTHENTICATION_METHOD_CHANGE.value,
name=org.name,
value=login_source,
id=login_option.id))
return login_option
def add_login_option(org_id, login_source, token_info: Dict = None):
"""Create a new contact for this org."""
# check for existing contact (only one contact per org for now)
current_app.logger.debug('>add_login_option')
org = OrgModel.find_by_org_id(org_id)
if org is None:
raise BusinessException(Error.DATA_NOT_FOUND, None)
check_auth(token_info, one_of_roles=ADMIN, org_id=org_id)
login_option = AccountLoginOptionsModel(login_source=login_source, org_id=org_id)
login_option.save()
return login_option
def create_invitation(invitation_info: Dict, user, token_info: Dict, invitation_origin):
"""Create a new invitation."""
# Ensure that the current user is ADMIN or COORDINATOR on each org being invited to
context_path = CONFIG.AUTH_WEB_TOKEN_CONFIRM_PATH
org_id = invitation_info['membership'][0]['orgId']
# get the org and check the access_type
org = OrgModel.find_by_org_id(org_id)
if not org:
raise BusinessException(Error.DATA_NOT_FOUND, None)
check_auth(token_info, org_id=org_id, one_of_roles=(ADMIN, COORDINATOR, STAFF))
org_name = org.name
invitation_type = InvitationType.DIRECTOR_SEARCH.value if org.access_type == AccessType.ANONYMOUS.value \
else InvitationType.STANDARD.value
if org.access_type == AccessType.ANONYMOUS.value: # anonymous account never get bceid or bcsc choices
mandatory_login_source = LoginSource.BCROS.value
else:
default_login_option_based_on_accesstype = LoginSource.BCSC.value if \
org.access_type == AccessType.REGULAR.value else LoginSource.BCEID.value
role = invitation_info['membership'][0]['membershipType']
account_login_options = AccountLoginOptionsModel.find_active_by_org_id(org.id)
mandatory_login_source = LoginSource.BCSC.value if \
role == ADMIN else getattr(account_login_options, 'login_source',
default_login_option_based_on_accesstype)
invitation = InvitationModel.create_from_dict(invitation_info, user.identifier, invitation_type)
confirmation_token = Invitation.generate_confirmation_token(invitation.id, invitation.type)
invitation.token = confirmation_token
invitation.login_source = mandatory_login_source
invitation.save()
Invitation.send_invitation(invitation, org_name, user.as_dict(),
'{}/{}'.format(invitation_origin, context_path), mandatory_login_source)
return Invitation(invitation)
def get_login_options_for_org(org_id, allowed_roles: Tuple = None):
"""Get the payment settings for the given org."""
current_app.logger.debug('get_login_options(>')
org = OrgModel.find_by_org_id(org_id)
if org is None:
raise BusinessException(Error.DATA_NOT_FOUND, None)
# Check authorization for the user
check_auth(one_of_roles=allowed_roles, org_id=org_id)
return AccountLoginOptionsModel.find_active_by_org_id(org_id)
def update_login_option(org_id, login_source):
"""Create a new contact for this org."""
# check for existing contact (only one contact per org for now)
current_app.logger.debug('>update_login_option')
org = OrgModel.find_by_org_id(org_id)
if org is None:
raise BusinessException(Error.DATA_NOT_FOUND, None)
check_auth(one_of_roles=ADMIN, org_id=org_id)
existing_login_option = AccountLoginOptionsModel.find_active_by_org_id(
org_id)
if existing_login_option is not None:
existing_login_option.is_active = False
existing_login_option.add_to_session()
login_option = AccountLoginOptionsModel(login_source=login_source,
org_id=org_id)
login_option.save()
return login_option
def create_invitation(invitation_info: Dict, user, # pylint: disable=too-many-locals
token_info: Dict, invitation_origin):
"""Create a new invitation."""
# Ensure that the current user is ADMIN or COORDINATOR on each org being invited to
context_path = CONFIG.AUTH_WEB_TOKEN_CONFIRM_PATH
org_id = invitation_info['membership'][0]['orgId']
# get the org and check the access_type
org: OrgModel = OrgModel.find_by_org_id(org_id)
if not org:
raise BusinessException(Error.DATA_NOT_FOUND, None)
check_auth(token_info, org_id=org_id, one_of_roles=(ADMIN, COORDINATOR, STAFF))
org_name = org.name
invitation_type = Invitation._get_inv_type(org)
if org.access_type == AccessType.ANONYMOUS.value: # anonymous account never get bceid or bcsc choices
mandatory_login_source = LoginSource.BCROS.value
elif org.access_type == AccessType.GOVM.value:
mandatory_login_source = LoginSource.STAFF.value
else:
default_login_option_based_on_accesstype = LoginSource.BCSC.value if \
org.access_type == AccessType.REGULAR.value else LoginSource.BCEID.value
role = invitation_info['membership'][0]['membershipType']
account_login_options = AccountLoginOptionsModel.find_active_by_org_id(org.id)
mandatory_login_source = LoginSource.BCSC.value if \
role == ADMIN else getattr(account_login_options, 'login_source',
default_login_option_based_on_accesstype)
invitation = InvitationModel.create_from_dict(invitation_info, user.identifier, invitation_type)
confirmation_token = Invitation.generate_confirmation_token(invitation.id, invitation.type)
invitation.token = confirmation_token
invitation.login_source = mandatory_login_source
invitation.save()
Invitation.send_invitation(invitation, org_name, user.as_dict(),
'{}/{}'.format(invitation_origin, context_path), mandatory_login_source,
org_status=org.status_code)
# notify admin if staff adds team members
is_staff_access = token_info and 'staff' in token_info.get('realm_access', {}).get('roles', None)
if is_staff_access and invitation_type == InvitationType.STANDARD.value:
publish_to_mailer('teamMemberInvited', org_id)
return Invitation(invitation)
def create_invitation(invitation_info: Dict, user, invitation_origin,
**kwargs): # pylint: disable=too-many-locals
"""Create a new invitation."""
user_from_context: UserContext = kwargs['user_context']
# Ensure that the current user is ADMIN or COORDINATOR on each org being invited to
context_path = CONFIG.AUTH_WEB_TOKEN_CONFIRM_PATH
org_id = invitation_info['membership'][0]['orgId']
# get the org and check the access_type
org: OrgModel = OrgModel.find_by_org_id(org_id)
if not org:
raise BusinessException(Error.DATA_NOT_FOUND, None)
check_auth(org_id=org_id, one_of_roles=(ADMIN, COORDINATOR, STAFF))
org_name = org.name
invitation_type = Invitation._get_inv_type(org)
if org.access_type == AccessType.ANONYMOUS.value: # anonymous account never get bceid or bcsc choices
mandatory_login_source = LoginSource.BCROS.value
elif org.access_type == AccessType.GOVM.value:
mandatory_login_source = LoginSource.STAFF.value
else:
default_login_option_based_on_accesstype = LoginSource.BCSC.value if \
org.access_type == AccessType.REGULAR.value else LoginSource.BCEID.value
role = invitation_info['membership'][0]['membershipType']
account_login_options = AccountLoginOptionsModel.find_active_by_org_id(
org.id)
mandatory_login_source = LoginSource.BCSC.value if \
role == ADMIN else getattr(account_login_options, 'login_source',
default_login_option_based_on_accesstype)
invitation = InvitationModel.create_from_dict(invitation_info,
user.identifier,
invitation_type)
confirmation_token = Invitation.generate_confirmation_token(
invitation.id, invitation.type)
invitation.token = confirmation_token
invitation.login_source = mandatory_login_source
invitation.save()
Invitation.send_invitation(invitation,
org_name,
org.id,
user.as_dict(),
'{}/{}'.format(invitation_origin,
context_path),
mandatory_login_source,
org_status=org.status_code)
# notify admin if staff adds team members
if user_from_context.is_staff(
) and invitation_type == InvitationType.STANDARD.value:
try:
current_app.logger.debug(
'<send_team_member_invitation_notification')
publish_to_mailer(notification_type='teamMemberInvited',
org_id=org_id)
current_app.logger.debug(
'send_team_member_invitation_notification>')
except Exception as e: # noqa=B901
current_app.logger.error(
'<send_team_member_invitation_notification failed')
raise BusinessException(Error.FAILED_NOTIFICATION, None) from e
return Invitation(invitation)