def _audit_title_viewed(title_number, username):
# This puts something in our audit logs of what a user/ip address viewed at what time
ip_address = utils.get_ip_address()
date_and_time_viewed = datetime.now()
auditing.audit(
"VIEWED TITLE ON CONFIRM PAGE: Title number {0} was viewed by {3} on ip address {1} viewed on {2}"
.format(title_number, ip_address, date_and_time_viewed, username))
def title_summary(encrypted_title_number):
# On return from LRPI, the title number is unencrypted
# In order to mask it from google analytics, we need to encrypt it and redirect the user on
if len(encrypted_title_number) < 10:
return redirect(
url_for('title_summary',
encrypted_title_number=encryption_utils.encrypt(
encrypted_title_number),
**request.args))
"""Show title (result) if user is logged in, has paid and hasn't viewed before."""
title_number = encryption_utils.decrypt(encrypted_title_number)
LOGGER.debug(
"STARTED: title_summary title_number: {0}".format(title_number))
username = utils.username_from_header(request)
trans_id = request.args.get('transid')
search_term = request.args.get('search_term', title_number)
params = _get_title_data(trans_id, username, title_number)
auditing.audit("VIEW REGISTER: Title number {0} was viewed by {1}".format(
title_number, username))
LOGGER.debug("ENDED: title_summary")
return render_template('display_title.html',
search_term=search_term,
encrypted_title_number=encrypted_title_number,
show_summary_map=app.config['SHOW_SUMMARY_MAP'],
**params)
def get_ip_address():
ip_address_actual = request.headers.get("iv-remote-address", None)
if ip_address_actual:
auditing.audit("IP Address: {}".format(ip_address_actual))
if ip_address_actual is None:
auditing.audit("IP ADDRESS EMPTY")
return ip_address_actual
def unlock_account(user_id):
if db_access.update_failed_logins(user_id, 0):
auditing.audit('Reset failed login attempts for user {}'.format(user_id))
return Response(json.dumps({'reset': True}),
mimetype=JSON_CONTENT_TYPE)
else:
return USER_NOT_FOUND_RESPONSE
def _handle_locked_user_auth_request(user_id, failed_login_attempts):
failed_login_attempts += 1
auditing.audit('Too many bad logins. username: {}, attempt: {}.'.format(
user_id, failed_login_attempts
))
db_access.update_failed_logins(user_id, failed_login_attempts)
return Response(AUTH_FAILURE_RESPONSE_BODY, status=401, mimetype=JSON_CONTENT_TYPE)
def delete_user(user_id):
if db_access.delete_user(user_id):
auditing.audit('Deleted user {}'.format(user_id))
return Response(
json.dumps({'deleted': True}),
mimetype=JSON_CONTENT_TYPE
)
else:
return USER_NOT_FOUND_RESPONSE
def find_titles_page(search_term=''):
LOGGER.debug("STARTED: find_titles_page search_term: {}".format(search_term))
display_page_number = int(request.args.get('page') or 1)
page_number = display_page_number - 1 # page_number is 0 indexed
username = _username_from_header(request)
search_term = search_term.strip()
if not search_term:
LOGGER.debug("ENDED: find_titles_page")
return _initial_search_page(request)
else:
message_format = "SEARCH REGISTER: '{0}' was searched by {1}"
auditing.audit(message_format.format(search_term, username))
LOGGER.debug("ENDED: find_titles_page search_term: {0}".format(search_term))
return _get_address_search_response(search_term, page_number)
def registration_successful(title_number, search_term):
ip_address = utils.get_ip_address()
auditing.audit("ACCOUNT CREATED: IP Address {0} ".format(ip_address))
# If we've been redirected here from the account creation form, render the success message
if request.referrer and url_for('create_account') in request.referrer:
if title_number and search_term:
return render_template(
'account/registration_successful.html',
title_number=encryption_utils.encrypt(title_number),
search_term=search_term)
else:
return render_template('account/registration_successful.html')
# Otherwise the user has managed to arrive here "directly" such as via entering the url manually
# In this situation we redirect them on to the search page
return redirect(url_for('search'))
def _handle_allowed_user_auth_request(user_id, password, failed_login_attempts):
password_salt = app.config['PASSWORD_SALT']
password_hash = security.get_user_password_hash(user_id, password, password_salt)
user = db_access.get_user(user_id, password_hash)
if user:
# Reset failed login attempts to zero and proceed
db_access.update_failed_logins(user_id, 0)
return Response(_authenticated_response_body(user), mimetype=JSON_CONTENT_TYPE)
else:
failed_login_attempts += 1
db_access.update_failed_logins(user_id, failed_login_attempts)
auditing.audit('Invalid credentials used. username: {}, attempt: {}.'.format(
user_id, failed_login_attempts
))
return Response(AUTH_FAILURE_RESPONSE_BODY, status=401, mimetype=JSON_CONTENT_TYPE)
def create_user():
request_json = _try_get_request_json(request)
if request_json and _is_create_request_data_valid(request_json):
user = request_json['user']
user_id = user['user_id']
password = user['password']
# TODO: common code
password_hash = security.get_user_password_hash(
user_id,
password,
app.config['PASSWORD_SALT']
)
if db_access.create_user(user_id, password_hash):
auditing.audit('Created user {}'.format(user_id))
return Response(json.dumps({'created': True}), mimetype=JSON_CONTENT_TYPE)
else:
response_body = json.dumps({'error': 'User already exists'})
return Response(response_body, 409, mimetype=JSON_CONTENT_TYPE)
else:
return INVALID_REQUEST_RESPONSE
def update_user(user_id):
request_json = _try_get_request_json(request)
if request_json and _is_update_request_data_valid(request_json):
new_password = request_json['user']['password']
new_password_hash = security.get_user_password_hash(
user_id,
new_password,
app.config['PASSWORD_SALT']
)
if db_access.update_user(
user_id=user_id,
password_hash=new_password_hash
):
auditing.audit('Updated user {}'.format(user_id))
return Response(
json.dumps({'updated': True}),
mimetype=JSON_CONTENT_TYPE
)
else:
return USER_NOT_FOUND_RESPONSE
else:
return INVALID_REQUEST_RESPONSE
def get_title(title_number):
"""
Show title (result) if user is logged in, has paid and hasn't viewed before.
"""
LOGGER.debug("STARTED: get_title title_number: {0}".format(title_number))
title = _get_register_title(title_number)
username = _username_from_header(request)
if title and _user_can_view(username, title_number):
display_page_number = int(request.args.get('page') or 1)
search_term = request.args.get('search_term', title_number)
show_pdf = _should_show_full_title_pdf()
full_title_data = (
api_client.get_official_copy_data(title_number) if _should_show_full_title_data() else None
)
full_title_data = _strip_delimiters(full_title_data)
LOGGER.debug("Title number{0}".format(title_number))
auditing.audit("VIEW REGISTER: Title number {0} was viewed by {1}".format(
title_number,
username)
)
vat_json = {"date": 'N/A',
"address1": 'N/A',
"address2": 'N/A',
"address3": 'N/A',
"address4": 'N/A',
"postcode": 'N/A',
"title_number": 'N/A',
"net_amt": 0,
"vat_amt": 0,
"fee_amt": 0,
"vat_num": 'N/A'}
transId = request.args.get('transid')
if transId:
receiptData = api_client.get_invoice_data(transId)
receiptText = demjson.decode(receiptData.text)
vat_json = demjson.decode(receiptText['vat_json'])
receipt = {
"trans_id": transId,
"date": vat_json['date'],
"address1": vat_json['address1'],
"address2": vat_json['address2'],
"address3": vat_json['address3'],
"address4": vat_json['address4'],
"postcode": vat_json['postcode'],
"title_number": title_number,
"net": "{0:.2f}".format(vat_json['net_amt']),
"vat": "{0:.2f}".format(vat_json['vat_amt']),
"total": "{0:.2f}".format(vat_json['fee_amt']),
"reg_number": vat_json['vat_num']
}
LOGGER.debug("ENDED: get_title")
return _title_details_page(title, search_term, show_pdf, full_title_data, request, receipt)
else:
LOGGER.debug("ENDED: get_title")
abort(404)
def _handle_non_existing_user_auth_request(user_id):
auditing.audit('Invalid credentials used. username: {}. User does not exist.'.format(user_id))
return Response(AUTH_FAILURE_RESPONSE_BODY, status=401, mimetype=JSON_CONTENT_TYPE)