def test_register_from_invite_when_user_registers_in_another_browser(
client,
api_user_active,
mock_get_user_by_email,
mock_accept_invite,
):
invited_user = InvitedUser(api_user_active.id, api_user_active.id, "",
api_user_active.email_address,
["manage_users"],
"pending",
datetime.utcnow(),
'sms_auth',
[])
with client.session_transaction() as session:
session['invited_user'] = invited_user.serialize()
response = client.post(
url_for('main.register_from_invite'),
data={
'name': 'Registered in another Browser',
'email_address': api_user_active.email_address,
'mobile_number': api_user_active.mobile_number,
'service': str(api_user_active.id),
'password': '******',
'auth_type': 'sms_auth'
}
)
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
def test_invite_goes_in_session(
client_request,
mocker,
sample_invite,
mock_get_service,
api_user_active,
mock_check_invite_token,
mock_get_user_by_email,
mock_get_users_by_service,
mock_add_user_to_service,
mock_accept_invite,
):
invite = InvitedUser(**sample_invite)
invite.email_address = '*****@*****.**'
mocker.patch('app.invite_api_client.check_token', return_value=invite)
client_request.get(
'main.accept_invite',
token='thisisnotarealtoken',
_expected_status=302,
_expected_redirect=url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True,
),
_follow_redirects=False,
)
with client_request.session_transaction() as session:
assert session['invited_user']['email_address'] == invite.email_address
def test_register_from_invite_when_user_registers_in_another_browser(
client,
api_user_active,
mock_get_user_by_email,
mock_accept_invite,
):
invited_user = InvitedUser(
{
'id': api_user_active['id'],
'service': api_user_active['id'],
'from_user': "",
'email_address': api_user_active['email_address'],
'permissions': ["manage_users"],
'status': "pending",
'created_at': datetime.utcnow(),
'auth_type': 'sms_auth',
'folder_permissions': [],
'blocked': False
}
)
with client.session_transaction() as session:
session['invited_user'] = invited_user.serialize()
response = client.post(
url_for('main.register_from_invite'),
data={
'name': 'Registered in another Browser',
'email_address': api_user_active['email_address'],
'mobile_number': api_user_active['mobile_number'],
'service': str(api_user_active['id']),
'password': '******',
'auth_type': 'sms_auth'
}
)
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
def test_invite_user_with_email_auth_service(
client_request,
service_one,
active_user_with_permissions,
sample_invite,
email_address,
gov_user,
mocker,
auth_type,
mock_get_template_folders,
):
service_one['permissions'].append('email_auth')
sample_invite['email_address'] = '*****@*****.**'
data = [InvitedUser(**sample_invite)]
assert is_gov_user(email_address) == gov_user
mocker.patch('app.invite_api_client.get_invites_for_service',
return_value=data)
mocker.patch('app.user_api_client.get_users_for_service',
return_value=[active_user_with_permissions])
mocker.patch('app.invite_api_client.create_invite',
return_value=InvitedUser(**sample_invite))
page = client_request.post(
'main.invite_user',
service_id=SERVICE_ONE_ID,
_data={
'email_address': email_address,
'view_activity': 'y',
'send_messages': 'y',
'manage_templates': 'y',
'manage_service': 'y',
'manage_api_keys': 'y',
'login_authentication': auth_type,
},
_follow_redirects=True,
_expected_status=200,
)
assert page.h1.string.strip() == 'Team members'
flash_banner = page.find('div',
class_='banner-default-with-tick').string.strip()
assert flash_banner == 'Invite sent to [email protected]'
expected_permissions = {
'manage_api_keys', 'manage_service', 'manage_templates',
'send_messages', 'view_activity'
}
app.invite_api_client.create_invite.assert_called_once_with(
sample_invite['from_user'], sample_invite['service'], email_address,
expected_permissions, auth_type, [])
def activate_user(user_id):
user = User.from_id(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
organisation_id = session.get('organisation_id')
activated_user = user.activate()
activated_user.login()
invited_user = InvitedUser.from_session()
if invited_user:
service_id = _add_invited_user_to_service(invited_user)
service = Service.from_id(service_id)
if service.has_permission('broadcast'):
return redirect(
url_for('main.broadcast_tour',
service_id=service.id,
step_index=1))
return redirect(
url_for('main.service_dashboard', service_id=service_id))
invited_org_user = InvitedOrgUser.from_session()
if invited_org_user:
user_api_client.add_user_to_organisation(invited_org_user.organisation,
session['user_details']['id'])
if organisation_id:
return redirect(
url_for('main.organisation_dashboard', org_id=organisation_id))
else:
return redirect(url_for('main.add_service', first='first'))
def test_existing_email_auth_user_with_phone_can_set_sms_auth(
client_request,
api_user_active,
service_one,
sample_invite,
mock_get_users_by_service,
mock_get_unknown_user_by_email,
mock_accept_invite,
mock_update_user_attribute,
mock_add_user_to_service,
mocker
):
sample_invite['email_address'] = api_user_active.email_address
service_one['permissions'].append('email_auth')
sample_invite['auth_type'] = 'sms_auth'
mocker.patch('app.invite_api_client.check_token', return_value=InvitedUser(**sample_invite))
client_request.get(
'main.accept_invite',
token='thisisnotarealtoken',
_expected_status=302,
_expected_redirect=url_for('main.service_dashboard', service_id=service_one['id'], _external=True),
)
mock_get_unknown_user_by_email.assert_called_once_with(sample_invite['email_address'])
mock_update_user_attribute.assert_called_once_with(USER_ONE_ID, auth_type='sms_auth')
def test_existing_email_auth_user_without_phone_cannot_set_sms_auth(
client_request,
api_user_active,
service_one,
sample_invite,
mock_get_users_by_service,
mock_accept_invite,
mock_update_user_attribute,
mock_add_user_to_service,
mocker
):
sample_invite['email_address'] = api_user_active.email_address
service_one['permissions'].append('email_auth')
api_user_active.auth_type = 'email_auth'
api_user_active.mobile_number = None
sample_invite['auth_type'] = 'sms_auth'
mocker.patch('app.main.views.invites.user_api_client.get_user_by_email', return_value=api_user_active)
mocker.patch('app.main.views.invites.service_api_client.get_service', return_value={'data': service_one})
mocker.patch('app.invite_api_client.check_token', return_value=InvitedUser(**sample_invite))
client_request.get(
'main.accept_invite',
token='thisisnotarealtoken',
_expected_status=302,
_expected_redirect=url_for('main.service_dashboard', service_id=service_one['id'], _external=True),
)
assert not mock_update_user_attribute.called
def test_existing_user_doesnt_get_auth_changed_by_service_without_permission(
client_request,
api_user_active,
service_one,
sample_invite,
mock_get_user_by_email,
mock_get_users_by_service,
mock_accept_invite,
mock_update_user_attribute,
mock_add_user_to_service,
mocker
):
sample_invite['email_address'] = api_user_active.email_address
assert 'email_auth' not in service_one['permissions']
sample_invite['auth_type'] = 'email_auth'
mocker.patch('app.main.views.invites.service_api_client.get_service', return_value={'data': service_one})
mocker.patch('app.invite_api_client.check_token', return_value=InvitedUser(**sample_invite))
client_request.get(
'main.accept_invite',
token='thisisnotarealtoken',
_expected_status=302,
_expected_redirect=url_for('main.service_dashboard', service_id=service_one['id'], _external=True),
)
assert not mock_update_user_attribute.called
def test_signed_in_existing_user_cannot_use_anothers_invite(
client_request,
mocker,
api_user_active,
sample_invite,
mock_get_user,
mock_accept_invite,
mock_get_service,
):
invite = InvitedUser(**sample_invite)
mocker.patch('app.invite_api_client.check_token', return_value=invite)
mocker.patch('app.user_api_client.get_users_for_service', return_value=[api_user_active])
page = client_request.get(
'main.accept_invite',
token='thisisnotarealtoken',
_follow_redirects=True,
_expected_status=403,
)
assert page.h1.string.strip() == '403'
flash_banners = page.find_all('div', class_='banner-dangerous')
assert len(flash_banners) == 1
banner_contents = flash_banners[0].text.strip()
assert "You’re signed in as [email protected]." in banner_contents
assert "This invite is for another email address." in banner_contents
assert "Sign out and click the link again to accept this invite." in banner_contents
assert mock_accept_invite.call_count == 0
def test_existing_user_of_service_get_redirected_to_signin(
client,
mocker,
api_user_active,
sample_invite,
mock_get_service,
mock_get_user_by_email,
mock_accept_invite,
):
sample_invite['email_address'] = api_user_active.email_address
invite = InvitedUser(**sample_invite)
mocker.patch('app.invite_api_client.check_token', return_value=invite)
mocker.patch('app.user_api_client.get_users_for_service', return_value=[api_user_active])
response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken'), follow_redirects=True)
assert response.status_code == 200
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert (
page.h1.string,
page.select('main p')[0].text.strip(),
) == (
'You need to sign in again',
'We signed you out because you haven’t used Notify for a while.',
)
assert mock_accept_invite.call_count == 1
def accept_invite(token):
try:
invited_user = InvitedUser.from_token(token)
except InviteTokenError as exception:
flash(_(str(exception)))
return redirect(url_for("main.sign_in"))
if not current_user.is_anonymous and current_user.email_address.lower() != invited_user.email_address.lower():
message = Markup(
_(
"You’re signed in as %(email)s. This invite is for another email address. "
+ "<a href=%(href)s>Sign out</a> and click the link again to accept this invite.",
email=current_user.email_address,
href=url_for("main.sign_out", _external=True),
)
)
flash(message=message)
abort(403)
if invited_user.status == "cancelled":
service = Service.from_id(invited_user.service)
return render_template(
"views/cancelled-invitation.html",
from_user=invited_user.from_user.name,
service_name=service.name,
)
if invited_user.status == "accepted":
session.pop("invited_user", None)
return redirect(url_for("main.service_dashboard", service_id=invited_user.service))
session["invited_user"] = invited_user.serialize()
existing_user = User.from_email_address_or_none(invited_user.email_address)
if existing_user:
invited_user.accept_invite()
if existing_user in Users(invited_user.service):
return redirect(url_for("main.service_dashboard", service_id=invited_user.service))
else:
service = Service.from_id(invited_user.service)
# if the service you're being added to can modify auth type, then check if this is relevant
if service.has_permission("email_auth") and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number and invited_user.auth_type == "sms_auth")
or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == "email_auth"
):
existing_user.update(auth_type=invited_user.auth_type)
existing_user.add_to_service(
service_id=invited_user.service,
permissions=invited_user.permissions,
folder_permissions=invited_user.folder_permissions,
)
return redirect(url_for("main.service_dashboard", service_id=service.id))
else:
return redirect(url_for("main.register_from_invite"))
def invite_user(service_id):
form = InviteUserForm(
invalid_email_address=current_user.email_address,
all_template_folders=current_service.all_template_folders,
folder_permissions=[
f['id'] for f in current_service.all_template_folders
])
service_has_email_auth = current_service.has_permission('email_auth')
if not service_has_email_auth:
form.login_authentication.data = 'sms_auth'
if form.validate_on_submit():
email_address = form.email_address.data
invited_user = InvitedUser.create(
current_user.id,
service_id,
email_address,
form.permissions,
form.login_authentication.data,
form.folder_permissions.data,
)
flash('{} {}'.format(_l('Invite sent to'), invited_user.email_address),
'default_with_tick')
return redirect(url_for('.manage_users', service_id=service_id))
return render_template(
'views/invite-user.html',
form=form,
service_has_email_auth=service_has_email_auth,
mobile_number=True,
)
def _add_invited_user_to_service(invited_user):
invitation = InvitedUser(invited_user)
user = User.from_id(session['user_id'])
service_id = invited_user['service']
user.add_to_service(service_id, invitation.permissions,
invitation.folder_permissions)
return service_id
def create_invite(self, invite_from_id, service_id, email_address,
permissions, auth_type, folder_permissions):
data = {
'service':
str(service_id),
'email_address':
email_address,
'from_user':
invite_from_id,
'permissions':
','.join(
sorted(
translate_permissions_from_admin_roles_to_db(
permissions))),
'auth_type':
auth_type,
'invite_link_host':
self.admin_url,
'folder_permissions':
folder_permissions,
}
data = _attach_current_user(data)
resp = self.post(url='/service/{}/invite'.format(service_id),
data=data)
return InvitedUser(**resp['data'])
def invite_user(service_id, user_id=None):
if current_service.has_permission('broadcast'):
form_class = BroadcastInviteUserForm
else:
form_class = InviteUserForm
form = form_class(
invalid_email_address=current_user.email_address,
all_template_folders=current_service.all_template_folders,
folder_permissions=[
f['id'] for f in current_service.all_template_folders
])
if user_id:
user_to_invite = User.from_id(user_id)
if user_to_invite.belongs_to_service(current_service.id):
return render_template(
'views/user-already-team-member.html',
user_to_invite=user_to_invite,
)
if current_service.invite_pending_for(user_to_invite.email_address):
return render_template(
'views/user-already-invited.html',
user_to_invite=user_to_invite,
)
if not user_to_invite.default_organisation:
abort(403)
if user_to_invite.default_organisation.id != current_service.organisation_id:
abort(403)
form.email_address.data = user_to_invite.email_address
else:
user_to_invite = None
service_has_email_auth = current_service.has_permission('email_auth')
if not service_has_email_auth:
form.login_authentication.data = 'sms_auth'
if form.validate_on_submit():
email_address = form.email_address.data
invited_user = InvitedUser.create(
current_user.id,
service_id,
email_address,
form.permissions,
form.login_authentication.data,
form.folder_permissions.data,
)
flash('Invite sent to {}'.format(invited_user.email_address),
'default_with_tick')
return redirect(url_for('.manage_users', service_id=service_id))
return render_template(
'views/invite-user.html',
form=form,
service_has_email_auth=service_has_email_auth,
mobile_number=True,
user_to_invite=user_to_invite,
)
def _add_invited_user_to_service(invited_user):
invitation = InvitedUser(invited_user)
user = User.from_id(session["user_id"])
service_id = invited_user["service"]
user_api_client.add_user_to_service(service_id, user.id,
invitation.permissions,
invitation.folder_permissions)
return service_id
def _add_invited_user_to_service(invited_user):
invitation = InvitedUser(**invited_user)
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id,
invitation.permissions,
invitation.folder_permissions)
return service_id
def accept_invite(token):
invited_user = InvitedUser.from_token(token)
if not current_user.is_anonymous and current_user.email_address.lower(
) != invited_user.email_address.lower():
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={} class="govuk-link govuk-link--no-visited-state">Sign out</a>
and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
service = Service.from_id(invited_user.service)
return render_template('views/cancelled-invitation.html',
from_user=invited_user.from_user.name,
service_name=service.name)
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(
url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = User.from_email_address_or_none(invited_user.email_address)
if existing_user:
invited_user.accept_invite()
if existing_user in Users(invited_user.service):
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
service = Service.from_id(invited_user.service)
# if the service you're being added to can modify auth type, then check if this is relevant
if service.has_permission('email_auth') and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number
and invited_user.auth_type == 'sms_auth') or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == 'email_auth'):
existing_user.update(auth_type=invited_user.auth_type)
existing_user.add_to_service(
service_id=invited_user.service,
permissions=invited_user.permissions,
folder_permissions=invited_user.folder_permissions,
)
return redirect(
url_for('main.service_dashboard', service_id=service.id))
else:
return redirect(url_for('main.register_from_invite'))
def cancel_invited_user(service_id, invited_user_id):
current_service.cancel_invite(invited_user_id)
invited_user = InvitedUser.by_id_and_service_id(service_id,
invited_user_id)
flash(f'Invitation cancelled for {invited_user.email_address}',
'default_with_tick')
return redirect(url_for('main.manage_users', service_id=service_id))
def test_register_from_invite(
client,
fake_uuid,
mock_email_is_not_already_in_use,
mock_register_user,
mock_send_verify_code,
mock_accept_invite,
):
invited_user = InvitedUser(
{
'id': fake_uuid,
'service': fake_uuid,
'from_user': "",
'email_address': "*****@*****.**",
'permissions': ["manage_users"],
'status': "pending",
'created_at': datetime.utcnow(),
'auth_type': 'sms_auth',
'folder_permissions': [],
'blocked': True
}
)
with client.session_transaction() as session:
session['invited_user'] = invited_user.serialize()
response = client.post(
url_for('main.register_from_invite'),
data={
'name': 'Registered in another Browser',
'email_address': invited_user.email_address,
'mobile_number': '+16502532222',
'service': str(invited_user.id),
'password': '******',
'auth_type': 'sms_auth'
}
)
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
mock_register_user.assert_called_once_with(
'Registered in another Browser',
invited_user.email_address,
'+16502532222',
'rZXdoBkuz6U37DDXIaAfpBR1OTJcSZOGICLCz4dMtmopS3KsVauIrtcgqs1eU02',
'sms_auth',
)
def test_invited_user_from_session_uses_id(client, mocker,
mock_get_invited_user_by_id):
session_dict = {'invited_user_id': USER_ONE_ID}
mocker.patch.dict('app.models.user.session',
values=session_dict,
clear=True)
assert InvitedUser.from_session().id == USER_ONE_ID
mock_get_invited_user_by_id.assert_called_once_with(USER_ONE_ID)
def test_register_from_invite(
client,
fake_uuid,
mock_email_is_not_already_in_use,
mock_register_user,
mock_send_verify_code,
mock_accept_invite,
):
invited_user = InvitedUser({
"id": fake_uuid,
"service": fake_uuid,
"from_user": "",
"email_address": "*****@*****.**",
"permissions": ["manage_users"],
"status": "pending",
"created_at": datetime.utcnow(),
"auth_type": "sms_auth",
"folder_permissions": [],
"blocked": True,
})
with client.session_transaction() as session:
session["invited_user"] = invited_user.serialize()
response = client.post(
url_for("main.register_from_invite"),
data={
"name": "Registered in another Browser",
"email_address": invited_user.email_address,
"mobile_number": "+16502532222",
"service": str(invited_user.id),
"password":
"******",
"auth_type": "sms_auth",
},
)
assert response.status_code == 302
assert response.location == url_for("main.verify", _external=True)
mock_register_user.assert_called_once_with(
"Registered in another Browser",
invited_user.email_address,
"+16502532222",
"rZXdoBkuz6U37DDXIaAfpBR1OTJcSZOGICLCz4dMtmopS3KsVauIrtcgqs1eU02",
"sms_auth",
)
def test_register_from_invite_when_user_registers_in_another_browser(
client,
api_user_active,
mock_get_user_by_email,
mock_accept_invite,
):
invited_user = InvitedUser({
"id":
api_user_active["id"],
"service":
api_user_active["id"],
"from_user":
"",
"email_address":
api_user_active["email_address"],
"permissions": ["manage_users"],
"status":
"pending",
"created_at":
datetime.utcnow(),
"auth_type":
"sms_auth",
"folder_permissions": [],
"blocked":
False,
})
with client.session_transaction() as session:
session["invited_user"] = invited_user.serialize()
response = client.post(
url_for("main.register_from_invite"),
data={
"name": "Registered in another Browser",
"email_address": api_user_active["email_address"],
"mobile_number": api_user_active["mobile_number"],
"service": str(api_user_active["id"]),
"password":
"******",
"auth_type": "sms_auth",
},
)
assert response.status_code == 302
assert response.location == url_for("main.verify", _external=True)
def test_register_from_invite(
client,
fake_uuid,
mock_email_is_not_already_in_use,
mock_register_user,
mock_send_verify_code,
mock_accept_invite,
extra_data,
):
invited_user = InvitedUser({
'id': fake_uuid,
'service': fake_uuid,
'from_user': "",
'email_address': "*****@*****.**",
'permissions': ["manage_users"],
'status': "pending",
'created_at': datetime.utcnow(),
'auth_type': 'sms_auth',
'folder_permissions': [],
})
with client.session_transaction() as session:
session['invited_user'] = invited_user.serialize()
response = client.post(
url_for('main.register_from_invite'),
data=dict(name='Registered in another Browser',
email_address=invited_user.email_address,
mobile_number='+4407700900460',
service=str(invited_user.id),
password='******',
auth_type='sms_auth',
**extra_data),
)
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
mock_register_user.assert_called_once_with(
'Registered in another Browser',
invited_user.email_address,
'+4407700900460',
'somreallyhardthingtoguess',
'sms_auth',
)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for("main.show_accounts_or_dashboard"))
form = LoginForm()
if form.validate_on_submit():
login_data = {
"user-agent": request.headers["User-Agent"],
"location": _geolocate_ip(get_remote_addr(request)),
}
user = User.from_email_address_and_password_or_none(form.email_address.data, form.password.data, login_data)
if user and user.locked:
flash(
_("Your account has been locked after {} sign-in attempts. Please email us at [email protected]").format(
user.max_failed_login_count
)
)
abort(400)
if user and user.state == "pending":
return redirect(url_for("main.resend_email_verification"))
if user and session.get("invited_user"):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower():
flash(_("You cannot accept an invite for another person."))
session.pop("invited_user", None)
abort(403)
else:
invited_user.accept_invite()
requires_email_login = user and user.requires_email_login
if user and user.sign_in():
if user.sms_auth and not requires_email_login:
return redirect(url_for(".two_factor_sms_sent", next=request.args.get("next")))
if user.email_auth or requires_email_login:
args = {"requires_email_login": True} if requires_email_login else {}
return redirect(url_for(".two_factor_email_sent", **args))
# Vague error message for login in case of user not known, inactive or password not verified
flash(_("The email address or password you entered is incorrect."))
other_device = current_user.logged_in_elsewhere()
return render_template(
"views/signin.html",
form=form,
again=bool(request.args.get("next")),
other_device=other_device,
)
def test_accepting_invite_removes_invite_from_session(
client_request,
mocker,
sample_invite,
mock_get_service,
service_one,
mock_check_invite_token,
mock_get_user_by_email,
mock_get_users_by_service,
mock_add_user_to_service,
mock_accept_invite,
mock_get_service_templates,
mock_get_template_statistics,
mock_get_jobs,
mock_get_service_statistics,
mock_get_template_folders,
mock_get_usage,
mock_get_inbound_sms_summary,
fake_uuid,
user,
landing_page_title,
):
invite = InvitedUser(**sample_invite)
user = user(fake_uuid)
invite.email_address = user.email_address
mocker.patch('app.invite_api_client.check_token', return_value=invite)
client_request.login(user)
page = client_request.get(
'main.accept_invite',
token='thisisnotarealtoken',
_follow_redirects=True,
)
assert normalize_spaces(page.select_one('h1').text) == landing_page_title
with client_request.session_transaction() as session:
assert 'invited_user' not in session
def test_register_from_invite(
client,
fake_uuid,
mock_email_is_not_already_in_use,
mock_register_user,
mock_send_verify_code,
mock_accept_invite,
):
invited_user = InvitedUser(fake_uuid, fake_uuid, "",
"*****@*****.**",
["manage_users"],
"pending",
datetime.utcnow(),
'sms_auth',
[])
with client.session_transaction() as session:
session['invited_user'] = invited_user.serialize()
response = client.post(
url_for('main.register_from_invite'),
data={
'name': 'Registered in another Browser',
'email_address': invited_user.email_address,
'mobile_number': '+4407700900460',
'service': str(invited_user.id),
'password': '******',
'auth_type': 'sms_auth'
}
)
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
mock_register_user.assert_called_once_with(
'Registered in another Browser',
invited_user.email_address,
'+4407700900460',
'somreallyhardthingtoguess',
'sms_auth',
)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.show_accounts_or_dashboard'))
form = LoginForm()
password_reset_url = url_for('.forgot_password',
next=request.args.get('next'))
redirect_url = request.args.get('next')
if form.validate_on_submit():
user = User.from_email_address_and_password_or_none(
form.email_address.data, form.password.data)
if user and user.state == 'pending':
return redirect(
url_for('main.resend_email_verification', next=redirect_url))
if user and session.get('invited_user'):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower(
):
flash("You cannot accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invited_user.accept_invite()
if user and user.sign_in():
if user.sms_auth:
return redirect(url_for('.two_factor', next=redirect_url))
if user.email_auth:
return redirect(
url_for('.two_factor_email_sent', next=redirect_url))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(
Markup(
(f"The email address or password you entered is incorrect."
f" <a href={password_reset_url}>Forgotten your password?</a>"
)))
other_device = current_user.logged_in_elsewhere()
return render_template('views/signin.html',
form=form,
again=bool(redirect_url),
other_device=other_device,
password_reset_url=password_reset_url)
def test_shows_registration_page_from_invite(
client_request,
fake_uuid,
email_address,
expected_value,
):
with client_request.session_transaction() as session:
session['invited_user'] = InvitedUser(
fake_uuid, fake_uuid, "",
email_address,
["manage_users"],
"pending",
datetime.utcnow(),
'sms_auth', []
).serialize()
page = client_request.get('main.register_from_invite')
assert page.select_one('input[name=name]')['value'] == expected_value
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.show_accounts_or_dashboard'))
form = LoginForm()
if form.validate_on_submit():
login_data = {
"user-agent": request.headers["User-Agent"],
"location": _geolocate_ip(request.remote_addr)
}
user = User.from_email_address_and_password_or_none(
form.email_address.data, form.password.data, login_data)
if user and user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if user and session.get('invited_user'):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower(
):
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invited_user.accept_invite()
if user and user.sign_in():
if user.sms_auth:
return redirect(
url_for('.two_factor', next=request.args.get('next')))
if user.email_auth:
return redirect(url_for('.two_factor_email_sent'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(_("The email address or password you entered is incorrect."))
other_device = current_user.logged_in_elsewhere()
return render_template('views/signin.html',
form=form,
again=bool(request.args.get('next')),
other_device=other_device)
