def fxa_activity(request):
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-activity requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-activity requires a valid API-key',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
data = json.loads(request.body)
if 'fxa_id' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-activity requires a Firefox Account ID',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
if 'user_agent' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-activity requires a device user-agent',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
add_fxa_activity.delay(data)
return HttpResponseJSON({'status': 'ok'})
def fxa_register(request):
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires a valid API-key',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
data = request.POST.dict()
if 'email' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires an email address',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
if 'fxa_id' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires a Firefox Account ID',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
if 'accept_lang' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires accept_lang',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
lang = get_best_language(get_accept_languages(data['accept_lang']))
if lang is None:
return HttpResponseJSON({
'status': 'error',
'desc': 'invalid language',
'code': errors.BASKET_INVALID_LANGUAGE,
}, 400)
args = [data['email'], lang, data['fxa_id']]
kwargs = {}
if 'source_url' in data:
kwargs['source_url'] = data['source_url']
if data.get('skip_welcome', False):
kwargs['skip_welcome'] = True
update_fxa_info.delay(*args, **kwargs)
return HttpResponseJSON({'status': 'ok'})
def fxa_register(request):
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires a valid API-key',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
data = request.POST.dict()
if 'email' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires an email address',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
email = process_email(data['email'])
if not email:
return invalid_email_response()
if 'fxa_id' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires a Firefox Account ID',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
if 'accept_lang' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-register requires accept_lang',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
lang = get_best_language(get_accept_languages(data['accept_lang']))
if lang is None:
return HttpResponseJSON({
'status': 'error',
'desc': 'invalid language',
'code': errors.BASKET_INVALID_LANGUAGE,
}, 400)
update_fxa_info.delay(email, lang, data['fxa_id'])
return HttpResponseJSON({'status': 'ok'})
def fxa_activity(request):
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-activity requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-activity requires a valid API-key',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
data = json.loads(request.body)
if 'fxa_id' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'fxa-activity requires a Firefox Account ID',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
add_fxa_activity.delay(data)
return HttpResponseJSON({'status': 'ok'})
def update_user_task(request, api_call_type, data=None, optin=True, sync=False):
"""Call the update_user task async with the right parameters.
If sync==True, be sure to include the token in the response.
Otherwise, basket can just do everything in the background.
"""
data = data or request.POST.dict()
newsletters = data.get('newsletters', None)
if newsletters:
newsletters = [x.strip() for x in newsletters.split(',')]
if api_call_type == SUBSCRIBE:
all_newsletters = newsletter_and_group_slugs()
else:
all_newsletters = newsletter_slugs()
private_newsletters = newsletter_private_slugs()
for nl in newsletters:
if nl not in all_newsletters:
return HttpResponseJSON({
'status': 'error',
'desc': 'invalid newsletter',
'code': errors.BASKET_INVALID_NEWSLETTER,
}, 400)
if api_call_type != UNSUBSCRIBE and nl in private_newsletters:
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'private newsletter subscription requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'private newsletter subscription requires a valid API key',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
if 'lang' in data:
if not language_code_is_valid(data['lang']):
return HttpResponseJSON({
'status': 'error',
'desc': 'invalid language',
'code': errors.BASKET_INVALID_LANGUAGE,
}, 400)
elif 'accept_lang' in data:
lang = get_best_language(get_accept_languages(data['accept_lang']))
if lang:
data['lang'] = lang
del data['accept_lang']
else:
return HttpResponseJSON({
'status': 'error',
'desc': 'invalid language',
'code': errors.BASKET_INVALID_LANGUAGE,
}, 400)
email = data.get('email')
token = data.get('token')
if not (email or token):
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if sync:
try:
user_data, created = get_or_create_user_data(email=email, token=token)
except NewsletterException as e:
return newsletter_exception_response(e)
update_user.delay(data, user_data['email'], user_data['token'], api_call_type, optin,
start_time=time())
return HttpResponseJSON({
'status': 'ok',
'token': user_data['token'],
'created': created,
})
else:
update_user.delay(data, email, token, api_call_type, optin,
start_time=time())
return HttpResponseJSON({
'status': 'ok',
})
def lookup_user(request):
"""Lookup a user in Exact Target given email or token (not both).
To look up by email, a valid API key are required.
If email and token are both provided, an error is returned rather
than trying to define all the possible behaviors.
SSL is always required when using this call. If no SSL, it'll fail
with 401 and an appropriate message in the response body.
Response content is always JSON.
If user is not found, returns a 404 status and json is::
{
'status': 'error',
'desc': 'No such user'
}
(If you need to distinguish user not found from an error calling
the API, check the response content.)
If a required, valid API key is not provided, status is 401 Unauthorized.
The API key can be provided either as a GET query parameter ``api-key``
or a request header ``X-api-key``. If it's provided as a query parameter,
any request header is ignored.
For other errors, similarly
response status is 4xx and the json 'desc' says what's wrong.
Otherwise, status is 200 and json is the return value from
`get_user_data`. See that method for details.
Note that because this method always calls Exact Target one or
more times, it can be slower than some other Basket APIs, and will
fail if ET is down.
"""
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'lookup_user always requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
token = request.GET.get('token', None)
email = request.GET.get('email', None)
if (not email and not token) or (email and token):
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if email and not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'Using lookup_user with `email`, you need to pass a '
'valid `api-key` GET parameter or X-api-key header',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
try:
user_data = get_user_data(token=token, email=email)
except NewsletterException as e:
return newsletter_exception_response(e)
status_code = 200
if not user_data:
code = errors.BASKET_UNKNOWN_TOKEN if token else errors.BASKET_UNKNOWN_EMAIL
user_data = {
'status': 'error',
'desc': MSG_USER_NOT_FOUND,
'code': code,
}
status_code = 404
return HttpResponseJSON(user_data, status_code)
def subscribe(request):
data = request.POST.dict()
newsletters = data.get('newsletters', None)
if not newsletters:
# request.body causes tests to raise exceptions
# while request.read() works.
raw_request = request.read()
if 'newsletters=' in raw_request:
# malformed request from FxOS
# Can't use QueryDict since the string is not url-encoded.
# It will convert '+' to ' ' for example.
data = dict(pair.split('=') for pair in raw_request.split('&'))
email = data.get('email')
if email:
data['email'] = force_unicode(email)
statsd.incr('subscribe-fxos-workaround')
else:
return HttpResponseJSON({
'status': 'error',
'desc': 'newsletters is missing',
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if 'email' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'email is required',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
if email_is_blocked(data['email']):
# don't let on there's a problem
return HttpResponseJSON({'status': 'ok'})
optin = data.get('optin', 'N').upper() == 'Y'
sync = data.get('sync', 'N').upper() == 'Y'
if optin and (not request.is_secure() or not has_valid_api_key(request)):
# for backward compat we just ignore the optin if
# no valid API key is sent.
optin = False
if sync:
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'subscribe with sync=Y requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'Using subscribe with sync=Y, you need to pass a '
'valid `api-key` GET or POST parameter or X-api-key header',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
try:
validate_email(data.get('email'))
except EmailValidationError as e:
return invalid_email_response(e)
return update_user_task(request, SUBSCRIBE, data=data, optin=optin, sync=sync)
def update_user_task(request, api_call_type, data=None, optin=False, sync=False):
"""Call the update_user task async with the right parameters.
If sync==True, be sure to include the token in the response.
Otherwise, basket can just do everything in the background.
"""
data = data or request.POST.dict()
newsletters = parse_newsletters_csv(data.get('newsletters'))
if newsletters:
if api_call_type == SUBSCRIBE:
all_newsletters = newsletter_and_group_slugs() + get_transactional_message_ids()
else:
all_newsletters = newsletter_slugs()
private_newsletters = newsletter_private_slugs()
for nl in newsletters:
if nl not in all_newsletters:
return HttpResponseJSON({
'status': 'error',
'desc': 'invalid newsletter',
'code': errors.BASKET_INVALID_NEWSLETTER,
}, 400)
if api_call_type != UNSUBSCRIBE and nl in private_newsletters:
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'private newsletter subscription requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'private newsletter subscription requires a valid API key',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
if 'lang' in data:
if not language_code_is_valid(data['lang']):
data['lang'] = 'en'
elif 'accept_lang' in data:
lang = get_best_language(get_accept_languages(data['accept_lang']))
if lang:
data['lang'] = lang
del data['accept_lang']
else:
data['lang'] = 'en'
email = data.get('email')
token = data.get('token')
if not (email or token):
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if optin:
data['optin'] = True
if api_call_type == SUBSCRIBE and email and data.get('newsletters'):
# only rate limit here so we don't rate limit errors.
if is_ratelimited(request, group='news.views.update_user_task.subscribe',
key=lambda x, y: '%s-%s' % (data['newsletters'], email),
rate=EMAIL_SUBSCRIBE_RATE_LIMIT, increment=True):
raise Ratelimited()
if api_call_type == SET and token and data.get('newsletters'):
# only rate limit here so we don't rate limit errors.
if is_ratelimited(request, group='news.views.update_user_task.set',
key=lambda x, y: '%s-%s' % (data['newsletters'], token),
rate=EMAIL_SUBSCRIBE_RATE_LIMIT, increment=True):
raise Ratelimited()
if sync:
statsd.incr('news.views.subscribe.sync')
if settings.MAINTENANCE_MODE and not settings.MAINTENANCE_READ_ONLY:
# save what we can
upsert_user.delay(api_call_type, data, start_time=time())
# have to error since we can't return a token
return HttpResponseJSON({
'status': 'error',
'desc': 'sync is not available in maintenance mode',
'code': errors.BASKET_NETWORK_FAILURE,
}, 400)
try:
user_data = get_user_data(email=email, token=token)
except NewsletterException as e:
return newsletter_exception_response(e)
if not user_data:
if not email:
# must have email to create a user
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
token, created = upsert_contact(api_call_type, data, user_data)
return HttpResponseJSON({
'status': 'ok',
'token': token,
'created': created,
})
else:
upsert_user.delay(api_call_type, data, start_time=time())
return HttpResponseJSON({
'status': 'ok',
})
def lookup_user(request):
"""Lookup a user in Exact Target given email or token (not both).
To look up by email, a valid API key are required.
If email and token are both provided, an error is returned rather
than trying to define all the possible behaviors.
SSL is always required when using this call. If no SSL, it'll fail
with 401 and an appropriate message in the response body.
Response content is always JSON.
If user is not found, returns a 404 status and json is::
{
'status': 'error',
'desc': 'No such user'
}
(If you need to distinguish user not found from an error calling
the API, check the response content.)
If a required, valid API key is not provided, status is 401 Unauthorized.
The API key can be provided either as a GET query parameter ``api-key``
or a request header ``X-api-key``. If it's provided as a query parameter,
any request header is ignored.
For other errors, similarly
response status is 4xx and the json 'desc' says what's wrong.
Otherwise, status is 200 and json is the return value from
`get_user_data`. See that method for details.
Note that because this method always calls Exact Target one or
more times, it can be slower than some other Basket APIs, and will
fail if ET is down.
"""
if settings.MAINTENANCE_MODE and not settings.MAINTENANCE_READ_ONLY:
# can't return user data during maintenance
return HttpResponseJSON({
'status': 'error',
'desc': 'user data is not available in maintenance mode',
'code': errors.BASKET_NETWORK_FAILURE,
}, 400)
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'lookup_user always requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
token = request.GET.get('token', None)
email = request.GET.get('email', None)
if (not email and not token) or (email and token):
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if email and not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'Using lookup_user with `email`, you need to pass a '
'valid `api-key` GET parameter or X-api-key header',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
if email:
email = process_email(email)
if not email:
return invalid_email_response()
try:
user_data = get_user_data(token=token, email=email)
except NewsletterException as e:
return newsletter_exception_response(e)
status_code = 200
if not user_data:
code = errors.BASKET_UNKNOWN_TOKEN if token else errors.BASKET_UNKNOWN_EMAIL
user_data = {
'status': 'error',
'desc': MSG_USER_NOT_FOUND,
'code': code,
}
status_code = 404
return HttpResponseJSON(user_data, status_code)
def subscribe(request):
data = request.POST.dict()
newsletters = data.get('newsletters', None)
if not newsletters:
# request.body causes tests to raise exceptions
# while request.read() works.
raw_request = request.read()
if 'newsletters=' in raw_request:
# malformed request from FxOS
# Can't use QueryDict since the string is not url-encoded.
# It will convert '+' to ' ' for example.
data = dict(pair.split('=') for pair in raw_request.split('&') if '=' in pair)
statsd.incr('news.views.subscribe.fxos-workaround')
else:
return HttpResponseJSON({
'status': 'error',
'desc': 'newsletters is missing',
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if 'email' not in data:
return HttpResponseJSON({
'status': 'error',
'desc': 'email is required',
'code': errors.BASKET_USAGE_ERROR,
}, 401)
email = process_email(data['email'])
if not email:
return invalid_email_response()
data['email'] = email
if email_is_blocked(data['email']):
statsd.incr('news.views.subscribe.email_blocked')
# don't let on there's a problem
return HttpResponseJSON({'status': 'ok'})
optin = data.pop('optin', 'N').upper() == 'Y'
sync = data.pop('sync', 'N').upper() == 'Y'
if optin and (not request.is_secure() or not has_valid_api_key(request)):
# for backward compat we just ignore the optin if
# no valid API key is sent.
optin = False
if sync:
if not request.is_secure():
return HttpResponseJSON({
'status': 'error',
'desc': 'subscribe with sync=Y requires SSL',
'code': errors.BASKET_SSL_REQUIRED,
}, 401)
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'Using subscribe with sync=Y, you need to pass a '
'valid `api-key` GET or POST parameter or X-api-key header',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
# NOTE this is not a typo; Referrer is misspelled in the HTTP spec
# https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.36
if not data.get('source_url') and request.META.get('HTTP_REFERER'):
# try to get it from referrer
statsd.incr('news.views.subscribe.use_referrer')
data['source_url'] = request.META['HTTP_REFERER']
return update_user_task(request, SUBSCRIBE, data=data, optin=optin, sync=sync)
