def test_delete_service_and_associated_objects(notify_db_session): user = create_user() organisation = create_organisation() service = create_service(user=user, service_permissions=None, organisation=organisation) create_user_code(user=user, code='somecode', code_type='email') create_user_code(user=user, code='somecode', code_type='sms') template = create_template(service=service) api_key = create_api_key(service=service) create_notification(template=template, api_key=api_key) create_invited_user(service=service) user.organisations = [organisation] assert ServicePermission.query.count() == len(( SMS_TYPE, EMAIL_TYPE, LETTER_TYPE, INTERNATIONAL_SMS_TYPE, UPLOAD_LETTERS, )) delete_service_and_all_associated_db_objects(service) assert VerifyCode.query.count() == 0 assert ApiKey.query.count() == 0 assert ApiKey.get_history_model().query.count() == 0 assert Template.query.count() == 0 assert TemplateHistory.query.count() == 0 assert Job.query.count() == 0 assert Notification.query.count() == 0 assert Permission.query.count() == 0 assert User.query.count() == 0 assert InvitedUser.query.count() == 0 assert Service.query.count() == 0 assert Service.get_history_model().query.count() == 0 assert ServicePermission.query.count() == 0 # the organisation hasn't been deleted assert Organisation.query.count() == 1
def create_2fa_code(template_id, user_to_send_to, secret_code, recipient, personalisation): template = dao_get_template_by_id(template_id) # save the code in the VerifyCode table create_user_code(user_to_send_to, secret_code, template.template_type) reply_to = None if template.template_type == SMS_TYPE: reply_to = template.service.get_default_sms_sender() elif template.template_type == EMAIL_TYPE: reply_to = template.service.get_default_reply_to_email_address() saved_notification = persist_notification( template_id=template.id, template_version=template.version, recipient=recipient, service=template.service, personalisation=personalisation, notification_type=template.template_type, api_key_id=None, key_type=KEY_TYPE_NORMAL, reply_to_text=reply_to ) # Assume that we never want to observe the Notify service's research mode # setting for this notification - we still need to be able to log into the # admin even if we're doing user research using this service: send_notification_to_queue(saved_notification, False, queue=QueueNames.NOTIFY)
def send_user_sms_code(user_id): user_to_send_to = get_user_by_id(user_id=user_id) verify_code, errors = request_verify_code_schema.load(request.get_json()) secret_code = create_secret_code() create_user_code(user_to_send_to, secret_code, SMS_TYPE) mobile = user_to_send_to.mobile_number if verify_code.get('to', None) is None else verify_code.get('to') sms_code_template_id = current_app.config['SMS_CODE_TEMPLATE_ID'] sms_code_template = dao_get_template_by_id(sms_code_template_id) notify_service_id = current_app.config['NOTIFY_SERVICE_ID'] saved_notification = persist_notification( template_id=sms_code_template_id, template_version=sms_code_template.version, recipient=mobile, service_id=notify_service_id, personalisation={'verify_code': secret_code}, notification_type=SMS_TYPE, api_key_id=None, key_type=KEY_TYPE_NORMAL ) # Assume that we never want to observe the Notify service's research mode # setting for this notification - we still need to be able to log into the # admin even if we're doing user research using this service: send_notification_to_queue(saved_notification, False, queue='notify') return jsonify({}), 204
def test_delete_service_and_associated_objects(notify_db_session): user = create_user() service = create_service(user=user, service_permissions=None) create_user_code(user=user, code="somecode", code_type="email") create_user_code(user=user, code="somecode", code_type="sms") template = create_template(service=service) api_key = create_api_key(service=service) create_notification(template=template, api_key=api_key) create_invited_user(service=service) assert ServicePermission.query.count() == len(( SMS_TYPE, EMAIL_TYPE, INTERNATIONAL_SMS_TYPE, )) delete_service_and_all_associated_db_objects(service) assert VerifyCode.query.count() == 0 assert ApiKey.query.count() == 0 assert ApiKey.get_history_model().query.count() == 0 assert Template.query.count() == 0 assert TemplateHistory.query.count() == 0 assert Job.query.count() == 0 assert Notification.query.count() == 0 assert Permission.query.count() == 0 assert User.query.count() == 0 assert InvitedUser.query.count() == 0 assert Service.query.count() == 0 assert Service.get_history_model().query.count() == 0 assert ServicePermission.query.count() == 0
def send_user_code(user_id): try: user = get_model_users(user_id=user_id) except DataError: return jsonify(result="error", message="Invalid user id"), 400 except NoResultFound: return jsonify(result="error", message="User not found"), 404 text_pwd = None verify_code, errors = verify_code_schema.load(request.get_json()) if errors: return jsonify(result="error", message=errors), 400 code = create_user_code( user, create_secret_code(), verify_code.code_type) # TODO this will need to fixed up when we stop using # notify_alpha_client if verify_code.code_type == 'sms': notify_alpha_client.send_sms( mobile_number=user.mobile_number, message=code.code) elif verify_code.code_type == 'email': notify_alpha_client.send_email( user.email_address, code.code, '*****@*****.**', 'Verification code') else: abort(500) return jsonify(''), 204
def test_user_verify_email_code(admin_request, sample_user): magic_code = str(uuid.uuid4()) verify_code = create_user_code(sample_user, magic_code, EMAIL_TYPE) data = {'code_type': 'email', 'code': magic_code} admin_request.post('user.verify_user_code', user_id=sample_user.id, _data=data, _expected_status=204) assert verify_code.code_used assert sample_user.logged_in_at == datetime.utcnow() assert sample_user.current_session_id is not None
def send_user_email_verification(user_id): user_to_send_to = get_user_by_id(user_id=user_id) secret_code = create_secret_code() create_user_code(user_to_send_to, secret_code, 'email') template = dao_get_template_by_id(current_app.config['EMAIL_VERIFY_CODE_TEMPLATE_ID']) saved_notification = persist_notification( template_id=template.id, template_version=template.version, recipient=user_to_send_to.email_address, service_id=current_app.config['NOTIFY_SERVICE_ID'], personalisation={ 'name': user_to_send_to.name, 'url': _create_verification_url(user_to_send_to, secret_code) }, notification_type=EMAIL_TYPE, api_key_id=None, key_type=KEY_TYPE_NORMAL ) send_notification_to_queue(saved_notification, False, queue="notify") return jsonify({}), 204
def test_user_verify_email_code_fails_if_code_already_used( admin_request, sample_user, code_type): magic_code = str(uuid.uuid4()) verify_code = create_user_code(sample_user, magic_code, code_type) verify_code.code_used = True data = {'code_type': code_type, 'code': magic_code} admin_request.post('user.verify_user_code', user_id=sample_user.id, _data=data, _expected_status=400) assert verify_code.code_used assert sample_user.logged_in_at is None assert sample_user.current_session_id is None
def test_user_verify_code_expired_code_and_increments_failed_login_count( code_type, admin_request, sample_user): magic_code = str(uuid.uuid4()) verify_code = create_user_code(sample_user, magic_code, code_type) verify_code.expiry_datetime = datetime(2020, 4, 1, 11, 59) data = {'code_type': code_type, 'code': magic_code} admin_request.post('user.verify_user_code', user_id=sample_user.id, _data=data, _expected_status=400) assert verify_code.code_used is False assert sample_user.logged_in_at is None assert sample_user.current_session_id is None assert sample_user.failed_login_count == 1
def send_user_code(user_id): try: user = get_model_users(user_id=user_id) except DataError: return jsonify(result="error", message="Invalid user id"), 400 except NoResultFound: return jsonify(result="error", message="User not found"), 404 text_pwd = None verify_code, errors = verify_code_schema.load(request.get_json()) if errors: return jsonify(result="error", message=errors), 400 code = create_user_code(user, create_secret_code(), verify_code.code_type) # TODO this will need to fixed up when we stop using # notify_alpha_client if verify_code.code_type == 'sms': notify_alpha_client.send_sms(mobile_number=user.mobile_number, message=code.code) elif verify_code.code_type == 'email': notify_alpha_client.send_email(user.email_address, code.code, '*****@*****.**', 'Verification code') else: abort(500) return jsonify(''), 204
def create_code(notify_db_session, code_type): code = create_secret_code() usr = create_user() return create_user_code(usr, code, code_type), code
def create_code(notify_db, notify_db_session, code_type, usr=None, code=None): if code is None: code = create_secret_code() if usr is None: usr = create_user() return create_user_code(usr, code, code_type), code
def create_code(notify_db, notify_db_session, code_type, usr=None, code=None): if code is None: code = create_secret_code() if usr is None: usr = sample_user(notify_db, notify_db_session) return create_user_code(usr, code, code_type), code