def reset_password(token):
email_address_encoded = request.args.get('e') or ''
if not email_address_encoded:
return jsonify(message='You must provide an email address when resetting a password'), 400
email_address = unquote_plus(email_address_encoded)
json_payload = get_json_from_request()
required_keys = ['password', 'confirmPassword']
if not set(required_keys).issubset(json_payload):
return jsonify(message='One or more required args were missing from the request'), 400
if json_payload['password'] != json_payload['confirmPassword']:
return jsonify(message="Passwords do not match"), 400
try:
token_age_limit = key_values_service.get_by_key('password_reset_token_age_limit')
claim = user_claims_service.validate_and_update_claim(
type='password_reset',
token=token,
email_address=email_address,
age=token_age_limit['data']['age']
)
if not claim:
return jsonify(message='Invalid token'), 400
except Exception as error:
return jsonify(message='Invalid token'), 400
try:
publish_tasks.user_claim.delay(
publish_tasks.compress_user_claim(claim),
'updated'
)
update_user_details(
password=json_payload['password'],
user_id=claim.data.get('user_id', None)
)
return jsonify(
message="User with email {}, successfully updated their password".format(email_address),
email_address=email_address
), 200
except Exception as error:
return jsonify(message=error.message), 400
def send_reset_password_email():
json_payload = get_json_from_request()
email_address = json_payload.get('email_address', None)
framework_slug = json_payload.get('framework', None)
if email_address is None:
return jsonify(message='One or more required args were missing from the request'), 400
user = User.query.filter(
User.email_address == email_address.lower()).first()
if user is None:
return jsonify(email_address=email_address), 200
app_root_url = get_root_url(framework_slug)
try:
user_data = {
'user_id': user.id
}
claim = user_claims_service.make_claim(type='password_reset', email_address=email_address, data=user_data)
if not claim:
return jsonify(message="There was an issue completing the password reset process."), 500
publish_tasks.user_claim.delay(
publish_tasks.compress_user_claim(claim),
'created'
)
send_reset_password_confirm_email(
token=claim.token,
email_address=email_address,
locked=user.locked,
framework=framework_slug
)
except Exception as error:
return jsonify(message=error.message), 400
return jsonify(
email_address=email_address
), 200
def signup():
"""Signup user
---
tags:
- auth
consumes:
- application/json
parameters:
- name: body
in: body
required: true
schema:
id: SignupUser
required:
- name
- email_address
- user_type
properties:
name:
type: string
email_address:
type: string
user_type:
type: string
employment_status:
type: string
line_manager_name:
type: string
line_manager_email:
type: string
framework:
type: string
responses:
200:
description: User
schema:
$ref: '#/definitions/UserInfo'
"""
json_payload = request.get_json()
name = json_payload.get('name', None)
email_address = json_payload.get('email_address', None)
user_type = json_payload.get('user_type', None)
employment_status = json_payload.get('employment_status', None)
line_manager_name = json_payload.get('line_manager_name', None)
line_manager_email = json_payload.get('line_manager_email', None)
framework = json_payload.get('framework', 'digital-marketplace')
user = User.query.filter(
User.email_address == email_address.lower()).first()
if user is not None:
send_user_existing_password_reset_email(user.name, email_address)
return jsonify(
email_address=email_address,
message="Email invite sent successfully"
), 200
if user_type == 'seller' or user_type == 'applicant':
if is_duplicate_user(email_address):
return jsonify(
email_address=email_address,
message='An account with this email domain already exists'
), 409
if user_type == 'buyer' and not has_whitelisted_email_domain(get_email_domain(email_address)):
return jsonify(
email_address=email_address,
message="A buyer account must have a valid government entity email domain"
), 403
user_data = {
'name': name,
'user_type': user_type,
'framework': framework,
'employment_status': employment_status
}
claim = user_claims_service.make_claim(type='signup', email_address=email_address, data=user_data)
if not claim:
return jsonify(message="There was an issue completing the signup process."), 500
publish_tasks.user_claim.delay(
publish_tasks.compress_user_claim(claim),
'created'
)
if employment_status == 'contractor':
try:
send_account_activation_manager_email(
token=claim.token,
manager_name=line_manager_name,
manager_email=line_manager_email,
applicant_name=name,
applicant_email=email_address,
framework=framework
)
return jsonify(
email_address=email_address,
message="Email invite sent successfully"
), 200
except EmailError:
return jsonify(message='An error occured when trying to send an email'), 500
if employment_status == 'employee' or user_type == 'seller':
try:
send_account_activation_email(
token=claim.token,
email_address=email_address,
framework=framework
)
return jsonify(
email_address=email_address,
message="Email invite sent successfully"
), 200
except EmailError:
return jsonify(
email_address=email_address,
message='An error occured when trying to send an email'
), 500
else:
return jsonify(
email_address=email_address,
message='An error occured when trying to send an email'
), 400
def add(token):
"""Creates a new user based on the token claim and email address provided.
---
tags:
- users
consumes:
- application/json
parameters:
- name: e
in: query
type: string
required: true
description: URL encoded email address
- name: token
in: path
type: string
required: true
description: the validation token
- name: body
in: body
required: true
schema:
required:
- password
properties:
password:
type: string
responses:
200:
description: User
type: object
properties:
role:
type: string
email_address:
type: string
name:
type: string
supplier_code:
type: string
application_id:
type: string
"""
email_address_encoded = request.args.get('e') or ''
if not email_address_encoded:
return jsonify(message='You must provide an email address when validating a new account'), 400
email_address = unquote_plus(email_address_encoded)
json_payload = request.get_json()
password = json_payload.get('password', None)
if not password:
return jsonify(message='You must provide a password for your new user account'), 400
claim = user_claims_service.find(type='signup', token=token, email_address=email_address,
claimed=False).one_or_none()
if not claim:
return jsonify(message='Invalid token'), 400
user = create_user(
user_type=claim.data['user_type'],
name=claim.data['name'],
email_address=email_address,
password=password,
framework=claim.data['framework'],
supplier_code=claim.data.get('supplier_code', None)
)
try:
claim = user_claims_service.validate_and_update_claim(type='signup', token=token, email_address=email_address)
if not claim:
return jsonify(message='Invalid token'), 400
except Exception as error:
return jsonify(message='Invalid token'), 400
publish_tasks.user_claim.delay(
publish_tasks.compress_user_claim(claim),
'updated'
)
return user
def add(token):
"""Creates a new user based on the token claim and email address provided.
---
tags:
- users
consumes:
- application/json
parameters:
- name: e
in: query
type: string
required: true
description: URL encoded email address
- name: token
in: path
type: string
required: true
description: the validation token
- name: body
in: body
required: true
schema:
required:
- password
properties:
password:
type: string
responses:
200:
description: User
type: object
properties:
role:
type: string
email_address:
type: string
name:
type: string
supplier_code:
type: string
application_id:
type: string
"""
email_address_encoded = request.args.get('e') or ''
if not email_address_encoded:
return jsonify(
message=
'You must provide an email address when validating a new account'
), 400
email_address = unquote_plus(email_address_encoded)
json_payload = request.get_json()
password = json_payload.get('password', None)
if not password:
return jsonify(
message='You must provide a password for your new user account'
), 400
claim = user_claims_service.get_claim(type='signup',
token=token,
email_address=email_address,
claimed=False)
headers = {}
for x in request.headers:
headers[x[0]] = x[1]
if not claim:
current_app.logger.info('login.signup.fail: 1 {email_address}',
extra={'email_address': email_address})
current_app.logger.info('login.signup.headers: {headers}',
extra={'headers': headers})
return jsonify(message='Invalid token'), 400
user = create_user(user_type=claim.data['user_type'],
name=claim.data['name'],
email_address=email_address,
password=password,
framework=claim.data['framework'],
supplier_code=claim.data.get('supplier_code', None),
abn=claim.data.get('abn', None))
try:
claim = user_claims_service.validate_and_update_claim(
type='signup', token=token, email_address=email_address)
if not claim:
current_app.logger.info('login.signup.fail: 2 {email_address}',
extra={'email_address': email_address})
current_app.logger.info('login.signup.headers: {headers}',
extra={'headers': headers})
return jsonify(message='Invalid token'), 400
except Exception as error:
current_app.logger.info(
'login.signup.fail: 3 {email_address} {exception}',
extra={
'email_address': email_address,
'exception': str(error)
})
current_app.logger.info('login.signup.headers: {headers}',
extra={'headers': headers})
return jsonify(message='Invalid token'), 400
publish_tasks.user_claim.delay(publish_tasks.compress_user_claim(claim),
'updated')
return user