def register_from_invite():
invited_user = session.get('invited_user')
if not invited_user:
abort(404)
is_sms_auth = invited_user['auth_type'] == 'sms_auth'
form = RegisterUserFromInviteForm(invited_user)
if form.validate_on_submit():
if form.service.data != invited_user[
'service'] or form.email_address.data != invited_user[
'email_address']:
abort(400)
_do_registration(form, send_email=False, send_sms=is_sms_auth)
invite_api_client.accept_invite(invited_user['service'],
invited_user['id'])
if is_sms_auth:
return redirect(url_for('main.verify'))
else:
# we've already proven this user has email because they clicked the invite link,
# so just activate them straight away
return activate_user(session['user_details']['id'])
return render_template('views/register-from-invite.html',
invited_user=invited_user,
form=form)
def _add_invited_user_to_service(invited_user):
invitation = InvitedUser(**invited_user)
# if invited user add to service and redirect to dashboard
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id, invitation.permissions)
invite_api_client.accept_invite(service_id, invitation.id)
return service_id
def _add_invited_user_to_service(invited_user):
invitation = InvitedUser(**invited_user)
# if invited user add to service and redirect to dashboard
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id,
invitation.permissions)
invite_api_client.accept_invite(service_id, invitation.id)
return service_id
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.choose_account'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user:
if user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address.lower() != invited_user['email_address'].lower():
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
session['user_details'] = {
'id': user.id,
'email': user.email_address,
}
if user.is_active:
if user.auth_type == 'email_auth':
return sign_in_email(user.id, user.email_address)
elif user.auth_type == 'sms_auth':
return sign_in_sms(user.id, user.mobile_number)
# Vague error message for login in case of user not known,
# locked, inactive or password not verified
flash(Markup(
(
"The email address or password you entered is incorrect."
" <a href={password_reset}>Forgot your password</a>?"
).format(password_reset=url_for('.forgot_password'))
))
other_device = current_user.logged_in_elsewhere()
return render_template(
'views/signin.html',
form=form,
again=bool(request.args.get('next')),
other_device=other_device
)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.choose_service'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user and user.state == 'pending':
flash("You haven't verified your email or mobile number yet.")
return redirect(url_for('main.sign_in'))
if user and session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address != invited_user['email_address']:
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
if user:
# Remember me login
if not login_fresh() and \
not current_user.is_anonymous and \
current_user.id == user.id and \
user.is_active:
confirm_login()
services = service_api_client.get_services({'user_id': str(user.id)}).get('data', [])
if (len(services) == 1):
return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
session['user_details'] = {"email": user.email_address, "id": user.id}
if user.is_active:
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
if request.args.get('next'):
return redirect(url_for('.two_factor', next=request.args.get('next')))
else:
return redirect(url_for('.two_factor'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(Markup((
"The email address or password you entered is incorrect."
" <a href={password_reset}>Forgot your password</a>?"
).format(password_reset=url_for('.forgot_password'))
))
return render_template('views/signin.html', form=form)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.choose_service'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user and user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if user and session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address != invited_user['email_address']:
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
if user:
# Remember me login
if not login_fresh() and \
not current_user.is_anonymous and \
current_user.id == user.id and \
user.is_active:
confirm_login()
services = service_api_client.get_services({'user_id': str(user.id)}).get('data', [])
if (len(services) == 1):
return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
session['user_details'] = {"email": user.email_address, "id": user.id}
if user.is_active:
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
if request.args.get('next'):
return redirect(url_for('.two_factor', next=request.args.get('next')))
else:
return redirect(url_for('.two_factor'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(Markup((
"The email address or password you entered is incorrect."
" <a href={password_reset}>Forgot your password</a>?"
).format(password_reset=url_for('.forgot_password'))
))
return render_template('views/signin.html', form=form)
def accept_invite(token):
invited_user = invite_api_client.check_token(token)
if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
return render_template('views/cancelled-invitation.html',
from_user=from_user.name,
service_name=service['name'])
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(
url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(
invited_user.email_address)
service_users = user_api_client.get_users_for_service(invited_user.service)
if existing_user:
invite_api_client.accept_invite(invited_user.service, invited_user.id)
if existing_user in service_users:
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))
def add_service():
invited_user = session.get('invited_user')
if invited_user:
invitation = InvitedUser(**invited_user)
# if invited user add to service and redirect to dashboard
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id,
invitation.permissions)
invite_api_client.accept_invite(service_id, invitation.id)
return redirect(
url_for('main.service_dashboard', service_id=service_id))
form = AddServiceForm(service_api_client.find_all_service_email_from)
heading = 'Which service do you want to set up notifications for?'
if form.validate_on_submit():
email_from = email_safe(form.name.data)
service_id = service_api_client.create_service(
service_name=form.name.data,
active=False,
message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'],
restricted=True,
user_id=session['user_id'],
email_from=email_from)
session['service_id'] = service_id
if (len(
service_api_client.get_services({
'user_id': session['user_id']
}).get('data', [])) > 1):
return redirect(
url_for('main.service_dashboard', service_id=service_id))
example_sms_template = service_api_client.create_service_template(
'Example text message template', 'sms',
'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).',
service_id)
return redirect(
url_for('main.send_test',
service_id=service_id,
template_id=example_sms_template['data']['id'],
help=1))
else:
return render_template('views/add-service.html',
form=form,
heading=heading)
def register_from_invite():
form = RegisterUserFromInviteForm()
invited_user = session.get('invited_user')
if not invited_user:
abort(404)
if form.validate_on_submit():
if form.service.data != invited_user['service'] or form.email_address.data != invited_user['email_address']:
abort(400)
_do_registration(form, send_email=False)
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
return redirect(url_for('main.verify'))
form.service.data = invited_user['service']
form.email_address.data = invited_user['email_address']
return render_template('views/register-from-invite.html', email_address=invited_user['email_address'], form=form)
def add_service():
invited_user = session.get('invited_user')
if invited_user:
invitation = InvitedUser(**invited_user)
# if invited user add to service and redirect to dashboard
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id, invitation.permissions)
invite_api_client.accept_invite(service_id, invitation.id)
return redirect(url_for('main.service_dashboard', service_id=service_id))
form = AddServiceForm(service_api_client.find_all_service_email_from)
heading = 'Which service do you want to set up notifications for?'
if form.validate_on_submit():
email_from = email_safe(form.name.data)
service_id = service_api_client.create_service(service_name=form.name.data,
active=False,
message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'],
restricted=True,
user_id=session['user_id'],
email_from=email_from)
session['service_id'] = service_id
if (len(service_api_client.get_services({'user_id': session['user_id']}).get('data', [])) > 1):
return redirect(url_for('main.service_dashboard', service_id=service_id))
example_sms_template = service_api_client.create_service_template(
'Example text message template',
'sms',
'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).',
service_id
)
return redirect(url_for(
'main.send_test',
service_id=service_id,
template_id=example_sms_template['data']['id'],
help=1
))
else:
return render_template(
'views/add-service.html',
form=form,
heading=heading
)
def accept_invite(token):
invited_user = invite_api_client.check_token(token)
if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(
current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
return render_template('views/cancelled-invitation.html',
from_user=from_user.name,
service_name=service['name'])
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(invited_user.email_address)
service_users = user_api_client.get_users_for_service(invited_user.service)
if existing_user:
invite_api_client.accept_invite(invited_user.service, invited_user.id)
if existing_user in service_users:
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
else:
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))
def accept_invite(token):
try:
invited_user = invite_api_client.check_token(token)
except HTTPError as e:
if e.status_code == 400 and 'invitation' in e.message:
flash(e.message['invitation'])
return redirect(url_for('main.sign_in'))
else:
raise e
if not current_user.is_anonymous and current_user.email_address.lower(
) != invited_user.email_address.lower():
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
return render_template('views/cancelled-invitation.html',
from_user=from_user.name,
service_name=service['name'])
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(
url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(
invited_user.email_address)
service_users = user_api_client.get_users_for_service(invited_user.service)
if existing_user:
invite_api_client.accept_invite(invited_user.service, invited_user.id)
if existing_user in service_users:
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
service = service_api_client.get_service(
invited_user.service)['data']
# if the service you're being added to can modify auth type, then check if this is relevant
if 'email_auth' in service['permissions'] and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number
and invited_user.auth_type == 'sms_auth') or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == 'email_auth'):
user_api_client.update_user_attribute(
existing_user.id, auth_type=invited_user.auth_type)
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))
def accept_invite(token):
try:
check_token(token, current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['INVITATION_EXPIRY_SECONDS'])
except SignatureExpired:
errors = [
'Your invitation to GOV.UK Notify has expired. '
'Please ask the person that invited you to send you another one'
]
return render_template("error/400.html", message=errors), 400
invited_user = invite_api_client.check_token(token)
if not current_user.is_anonymous and current_user.email_address.lower(
) != invited_user.email_address.lower():
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
return render_template('views/cancelled-invitation.html',
from_user=from_user.name,
service_name=service['name'])
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(
url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(
invited_user.email_address)
service_users = user_api_client.get_users_for_service(invited_user.service)
if existing_user:
invite_api_client.accept_invite(invited_user.service, invited_user.id)
if existing_user in service_users:
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
service = service_api_client.get_service(
invited_user.service)['data']
# if the service you're being added to can modify auth type, then check if this is relevant
if 'email_auth' in service['permissions'] and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number
and invited_user.auth_type == 'sms_auth') or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == 'email_auth'):
user_api_client.update_user_attribute(
existing_user.id, auth_type=invited_user.auth_type)
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))