def _update_alert(user_to_update, changes=None):
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
template = dao_get_template_by_id(current_app.config['ACCOUNT_CHANGE_TEMPLATE_ID'])
recipient = user_to_update.email_address
reply_to = template.service.get_default_reply_to_email_address()
change_type_en = ""
change_type_fr = ""
if changes:
change_type_en = update_dct_to_str(changes, 'EN')
change_type_fr = update_dct_to_str(changes, 'FR')
saved_notification = persist_notification(
template_id=template.id,
template_version=template.version,
recipient=recipient,
service=service,
personalisation={
'base_url': Config.ADMIN_BASE_URL,
'contact_us_url': f'{Config.ADMIN_BASE_URL}/support/ask-question-give-feedback',
'change_type_en': change_type_en,
'change_type_fr': change_type_fr,
},
notification_type=template.template_type,
api_key_id=None,
key_type=KEY_TYPE_NORMAL,
reply_to_text=reply_to
)
send_notification_to_queue(saved_notification, False, queue=QueueNames.NOTIFY)
def update_user_attribute(user_id):
user_to_update = get_user_by_id(user_id=user_id)
req_json = request.get_json()
if 'updated_by' in req_json:
updated_by = get_user_by_id(user_id=req_json.pop('updated_by'))
else:
updated_by = None
update_dct, errors = user_update_schema_load_json.load(req_json)
if errors:
raise InvalidRequest(errors, status_code=400)
save_user_attribute(user_to_update, update_dict=update_dct)
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
# Alert user that account change took place
change_type = update_dct_to_str(update_dct)
_update_alert(user_to_update, change_type)
# Alert that team member edit user
if updated_by:
if 'email_address' in update_dct:
template = dao_get_template_by_id(
current_app.config['TEAM_MEMBER_EDIT_EMAIL_TEMPLATE_ID'])
recipient = user_to_update.email_address
reply_to = template.service.get_default_reply_to_email_address()
elif 'mobile_number' in update_dct:
template = dao_get_template_by_id(
current_app.config['TEAM_MEMBER_EDIT_MOBILE_TEMPLATE_ID'])
recipient = user_to_update.mobile_number
reply_to = template.service.get_default_sms_sender()
else:
return jsonify(data=user_to_update.serialize()), 200
saved_notification = persist_notification(
template_id=template.id,
template_version=template.version,
recipient=recipient,
service=service,
personalisation={
'name': user_to_update.name,
'servicemanagername': updated_by.name,
'email address': user_to_update.email_address,
'change_type': change_type
},
notification_type=template.template_type,
api_key_id=None,
key_type=KEY_TYPE_NORMAL,
reply_to_text=reply_to)
send_notification_to_queue(saved_notification,
False,
queue=QueueNames.NOTIFY)
return jsonify(data=user_to_update.serialize()), 200
def test_update_dct_to_str():
test_dict = {
"email_address": "*****@*****.**",
"auth_type": "sms"
}
result = update_dct_to_str(test_dict)
result = ' '.join(result.split())
expected = ["- email address", "- auth type"]
expected = ' '.join(expected).strip()
assert result == expected
def test_update_dct_to_str():
test_dict = {
"email_address": "*****@*****.**",
"auth_type": "sms",
"dummy_key": "nope",
}
result = update_dct_to_str(test_dict, "EN")
result = " ".join(result.split())
expected = ["- email address", "- auth type", "- dummy key"]
expected = " ".join(expected)
assert result == expected
result = update_dct_to_str(test_dict, "FR")
result = " ".join(result.split())
expected = [
"- adresse courriel", "- méthode d'authentification", "- dummy key"
]
expected = " ".join(expected)
assert result == expected
def set_permissions(user_id, service_id):
# TODO fix security hole, how do we verify that the user
# who is making this request has permission to make the request.
service_user = dao_get_service_user(user_id, service_id)
user = service_user.user
service = dao_fetch_service_by_id(service_id=service_id)
data = request.get_json()
validate(data, post_set_permissions_schema)
permission_list = [
Permission(service_id=service_id,
user_id=user_id,
permission=p['permission']) for p in data['permissions']
]
service_key = "service_id_{}".format(service_id)
change_dict = {service_key: service_id, "permissions": permission_list}
try:
_update_alert(user, update_dct_to_str(change_dict))
except Exception as e:
current_app.logger.error(e)
permission_dao.set_user_service_permission(user,
service,
permission_list,
_commit=True,
replace=True)
if 'folder_permissions' in data:
folders = [
dao_get_template_folder_by_id_and_service_id(
folder_id, service_id)
for folder_id in data['folder_permissions']
]
service_user.folders = folders
dao_update_service_user(service_user)
return jsonify({}), 204
def update_password(user_id):
user = get_user_by_id(user_id=user_id)
req_json = request.get_json()
pwd = req_json.get('_password')
update_dct, errors = user_update_password_schema_load_json.load(req_json)
if errors:
raise InvalidRequest(errors, status_code=400)
response = pwnedpasswords.check(pwd)
if response > 0:
errors.update({'password': ['Password is blacklisted.']})
raise InvalidRequest(errors, status_code=400)
update_user_password(user, pwd)
change_type = update_dct_to_str({'password': "******"})
try:
_update_alert(user, change_type)
except Exception as e:
current_app.logger.error(e)
return jsonify(data=user.serialize()), 200
