def update_invite(id): timenow = datetime.datetime.utcnow() action = request.json['action'].lower() invitation = invites.find_one({'id': id}) if invitation: max_time_allowed = invitation.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed') recipient = invitation['recipient'] recipient_name = invitation['recipient_name'] sender = invitation['sender'] sender_name = invitation['sender_name'] sent_on = invitation['sent_on'] accepted_on = invitation['accepted_on'] expire_on = invitation['expire_on'] user = users.find_one({'email': recipient}) if user is None: return jsonify(success=False, reason="user-not-created") if accepted_on is not None: return jsonify(success=False, reason="invitation-has-been-used") if not action in ('resend', 'accept', 'decline'): return jsonify(success=False, reason='invalid-action') if action == 'resend': new_id = str(uuid.uuid4()) base_url = request.json['base_url'] backend_utils.send_invite(recipient, recipient_name, sender, sender_name, base_url, new_id) # generate new record sent_on = datetime.datetime.utcnow() expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed) invitation['id'] = new_id invitation['sent_on'] = sent_on invitation['expire_on'] = expire_on invites.update({'id': id}, {'$set': {'sent_on': invitation['sent_on'], 'id': invitation['id']}}) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'accept': # if time now is ahead of expire_on, the delta is negative if (expire_on - timenow).seconds < 0: invitation['status'] = 'expired' invites.update({'id': id}, {'$set': {'status': 'expired'}}) return jsonify(success=False, reason='invitation-expired') else: invitation['status'] = 'used' invitation['accepted_on'] = datetime.datetime.utcnow() invites.update({'id': id},{'$set': {'accepted_on': invitation['accepted_on'], 'status': 'used'}}) users.update({'email': recipient}, {'$set': {'status': 'active'}}) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'decline': invitation['status'] = 'declined' invites.update({'id': id}, {'$set': {'status': 'decline'}}) return jsonify(success=True, invite=sanitize_invite(invitation)) else: return jsonify(success=False, reason='invitation-does-not-exist')
def create_invites(): recipient = request.json['recipient'] sender = request.json['sender'] recipient_user = users.find_one({'email': recipient}) recipient_invite = invites.find_one({'recipient': recipient}) sender_user = users.find_one({'email': sender}) # issue #120 # To ensure no duplicate invitation is allowed, and to ensure # we don't corrupt user record in user table, any POST invitation # must check # (1) if user is not created in users collection - FALSE # (2) if user is created, BUT status is not 'invited' - FALSE # (3) recipient email is found in existing invitation record - FALSE if not recipient_user: return jsonify(success=False, reason='recipient-not-found-in-user-record') elif recipient_user.get('status') != 'invited': return jsonify(success=False, reason='recipient-already-joined') if recipient_invite: return jsonify(success=False, reason='duplicate-invitation-not-allowed') if not sender_user: return jsonify(success=False, reason='sender-not-found-in-user-record') invite_id = str(uuid.uuid4()) # some users may not have name filled out? invite = {'id': invite_id, 'recipient': recipient, 'recipient_name': recipient_user['name'] or recipient, 'sender': sender, 'sender_name': sender_user['name'] or sender, 'sent_on': None, 'accepted_on': None, 'status': 'pending', 'expire_on': None, 'max_time_allowed': request.json.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed')} backend_utils.send_invite( invite['recipient'], invite['recipient_name'], invite['sender'], invite['sender_name'], request.json['base_url'], invite_id) invite['sent_on'] = datetime.datetime.utcnow() invite['expire_on'] = invite['sent_on'] + \ datetime.timedelta(seconds=invite['max_time_allowed']) invites.insert(invite) return jsonify(success=True, invite=sanitize_invite(invite))