def update_invite(id): timenow = datetime.datetime.utcnow() action = request.json['action'].lower() invitation = invites.find_one({'id': id}) if invitation: max_time_allowed = invitation.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed') recipient = invitation['recipient'] recipient_name = invitation['recipient_name'] sender = invitation['sender'] sender_name = invitation['sender_name'] sent_on = invitation['sent_on'] accepted_on = invitation['accepted_on'] expire_on = invitation['expire_on'] user = users.find_one({'email': recipient}) if user is None: return jsonify(success=False, reason="user-not-created") if accepted_on is not None: return jsonify(success=False, reason="invitation-has-been-used") if not action in ('resend', 'accept', 'decline'): return jsonify(success=False, reason='invalid-action') if action == 'resend': new_id = str(uuid.uuid4()) base_url = request.json['base_url'] backend_utils.send_invite(recipient, recipient_name, sender, sender_name, base_url, new_id) # generate new record sent_on = datetime.datetime.utcnow() expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed) invitation['id'] = new_id invitation['sent_on'] = sent_on invitation['expire_on'] = expire_on invites.update({'id': id}, {'$set': {'sent_on': invitation['sent_on'], 'id': invitation['id']}}) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'accept': # if time now is ahead of expire_on, the delta is negative if (expire_on - timenow).seconds < 0: invitation['status'] = 'expired' invites.update({'id': id}, {'$set': {'status': 'expired'}}) return jsonify(success=False, reason='invitation-expired') else: invitation['status'] = 'used' invitation['accepted_on'] = datetime.datetime.utcnow() invites.update({'id': id},{'$set': {'accepted_on': invitation['accepted_on'], 'status': 'used'}}) users.update({'email': recipient}, {'$set': {'status': 'active'}}) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'decline': invitation['status'] = 'declined' invites.update({'id': id}, {'$set': {'status': 'decline'}}) return jsonify(success=True, invite=sanitize_invite(invitation)) else: return jsonify(success=False, reason='invitation-does-not-exist')
def update_user(user_email): new_user = request.json # Verify the incoming user: user must exist, groups must exist, role must exist old_user = users.find_one({'email': user_email}) if old_user is None: return jsonify(success=False, reason='unknown-user') old_user['groups'] = _find_groups_for_user(user_email) old_user['sites'] = _find_sites_for_user(user_email) if 'groups' in new_user: for group_name in new_user.get('groups', []): if not _check_group_exists(group_name): return jsonify(success=False, reason='unknown-group') if 'role' in new_user: if new_user["role"] not in ("user", "administrator"): return jsonify(success=False, reason="invalid-role") if 'status' in new_user: if new_user['status'] not in ('active', 'banned'): return jsonify(success=False, reason='unknown-status-option') # Update the group memberships if 'groups' in new_user: # Add new groups for group_name in new_user.get('groups', []): if group_name not in old_user['groups']: groups.update({'name': group_name}, {'$addToSet': { 'users': user_email }}) # Remove old groups for group_name in old_user['groups']: if group_name not in new_user.get('groups', []): groups.update({'name': group_name}, {'$pull': { 'users': user_email }}) # Modify the user changes = {} if 'name' in new_user: changes['name'] = new_user['name'] if 'role' in new_user: changes['role'] = new_user['role'] if 'groups' in new_user: changes['groups'] = new_user['groups'] if 'status' in new_user: changes['status'] = new_user['status'] users.update({'email': user_email}, {'$set': changes}) # Return the updated user user = users.find_one({'email': user_email}) if not user: return jsonify(success=False, reason='unknown-user') user['groups'] = _find_groups_for_user(user_email) return jsonify(success=True, user=sanitize_user(user))
def login_user(): email = request.json['email'] user = users.find_one({'email': email}) if user: if user['status'] == 'active': timestamp = datetime.datetime.utcnow() users.update({'email': email}, {'$set': {'last_login': timestamp}}) user = users.find_one({'email': email}) return jsonify(success=True, user=sanitize_user(user)) else: return jsonify(success=False, reason=user['status']) else: return jsonify(success=False, reason='user-does-not-exist')
def update_user(user_email): new_user = request.json # Verify the incoming user: user must exist, groups must exist, role must exist old_user = users.find_one({'email': user_email}) if old_user is None: return jsonify(success=False, reason='unknown-user') old_user['groups'] = _find_groups_for_user(user_email) old_user['sites'] = _find_sites_for_user(user_email) if 'groups' in new_user: for group_name in new_user.get('groups', []): if not _check_group_exists(group_name): return jsonify(success=False, reason='unknown-group') if 'role' in new_user: if new_user["role"] not in ("user", "administrator"): return jsonify(success=False, reason="invalid-role") if 'status' in new_user: if new_user['status'] not in ('active', 'banned'): return jsonify(success=False, reason='unknown-status-option') # Update the group memberships if 'groups' in new_user: # Add new groups for group_name in new_user.get('groups', []): if group_name not in old_user['groups']: groups.update({'name':group_name},{'$addToSet': {'users': user_email}}) # Remove old groups for group_name in old_user['groups']: if group_name not in new_user.get('groups', []): groups.update({'name':group_name},{'$pull': {'users': user_email}}) # Modify the user changes = {} if 'name' in new_user: changes['name'] = new_user['name'] if 'role' in new_user: changes['role'] = new_user['role'] if 'groups' in new_user: changes['groups'] = new_user['groups'] if 'status' in new_user: changes['status'] = new_user['status'] users.update({'email': user_email}, {'$set': changes}) # Return the updated user user = users.find_one({'email': user_email}) if not user: return jsonify(success=False, reason='unknown-user') user['groups'] = _find_groups_for_user(user_email) return jsonify(success=True, user=sanitize_user(user))
def update_invite(id): timenow = datetime.datetime.utcnow() action = request.json['action'].lower() invitation = invites.find_one({'id': id}) if invitation: max_time_allowed = invitation.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed') recipient = invitation['recipient'] recipient_name = invitation['recipient_name'] sender = invitation['sender'] sender_name = invitation['sender_name'] sent_on = invitation['sent_on'] accepted_on = invitation['accepted_on'] expire_on = invitation['expire_on'] user = users.find_one({'email': recipient}) if user is None: return jsonify(success=False, reason="user-not-created") if accepted_on is not None: return jsonify(success=False, reason="invitation-has-been-used") if not action in ('resend', 'accept', 'decline'): return jsonify(success=False, reason='invalid-action') if action == 'resend': new_id = str(uuid.uuid4()) base_url = request.json['base_url'] send_email('invite', invitation, extra_data={'base_url': base_url}) # generate new record sent_on = datetime.datetime.utcnow() expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed) invitation['id'] = new_id invitation['sent_on'] = sent_on invitation['expire_on'] = expire_on invites.update({'id': id}, {'$set': {'sent_on': invitation['sent_on'], 'id': invitation['id']}}) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'accept': # if time now is ahead of expire_on, the delta is negative if (expire_on - timenow).seconds < 0: invitation['status'] = 'expired' invites.update({'id': id}, {'$set': {'status': 'expired'}}) return jsonify(success=False, reason='invitation-expired') else: invitation['status'] = 'used' invitation['accepted_on'] = datetime.datetime.utcnow() invites.update({'id': id},{'$set': {'accepted_on': invitation['accepted_on'], 'status': 'used'}}) users.update({'email': recipient}, {'$set': {'status': 'active', \ 'email': request.json['login']}}) if invitation['recipient'] != request.json['login']: update_group_association(invitation['recipient'], request.json['login']) # if user's persona email is different invitation['recipient'] = request.json['login'] # notify inviter if he chooses to receive such notification if "accept" in invitation['notify_when']: send_email('accept', invitation) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'decline': invitation['status'] = 'declined' invites.update({'id': id}, {'$set': {'status': 'declined'}}) users.remove(user) remove_group_association(invitation['recipient']) # notify inviter if he chooses to if "decline" in invitation['notify_when']: send_email('decline', invitation) return jsonify(success=True, invite=sanitize_invite(invitation)) else: return jsonify(success=False, reason='invitation-does-not-exist')
def update_invite(id): timenow = datetime.datetime.utcnow() action = request.json['action'].lower() invitation = invites.find_one({'id': id}) if invitation: max_time_allowed = invitation.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed') recipient = invitation['recipient'] recipient_name = invitation['recipient_name'] sender = invitation['sender'] sender_name = invitation['sender_name'] sent_on = invitation['sent_on'] accepted_on = invitation['accepted_on'] expire_on = invitation['expire_on'] user = users.find_one({'email': recipient}) if user is None: return jsonify(success=False, reason="user-not-created") if accepted_on is not None: return jsonify(success=False, reason="invitation-has-been-used") if not action in ('resend', 'accept', 'decline'): return jsonify(success=False, reason='invalid-action') if action == 'resend': new_id = str(uuid.uuid4()) base_url = request.json['base_url'] send_email('invite', invitation, extra_data={'base_url': base_url}) # generate new record sent_on = datetime.datetime.utcnow() expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed) invitation['id'] = new_id invitation['sent_on'] = sent_on invitation['expire_on'] = expire_on invites.update({'id': id}, { '$set': { 'sent_on': invitation['sent_on'], 'id': invitation['id'] } }) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'accept': # if time now is ahead of expire_on, the delta is negative if (expire_on - timenow).seconds < 0: invitation['status'] = 'expired' invites.update({'id': id}, {'$set': {'status': 'expired'}}) return jsonify(success=False, reason='invitation-expired') else: invitation['status'] = 'used' invitation['accepted_on'] = datetime.datetime.utcnow() invites.update({'id': id}, { '$set': { 'accepted_on': invitation['accepted_on'], 'status': 'used' } }) users.update({'email': recipient}, {'$set': {'status': 'active', \ 'email': request.json['login']}}) if invitation['recipient'] != request.json['login']: update_group_association(invitation['recipient'], request.json['login']) # if user's persona email is different invitation['recipient'] = request.json['login'] # notify inviter if he chooses to receive such notification if "accept" in invitation['notify_when']: send_email('accept', invitation) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'decline': invitation['status'] = 'declined' invites.update({'id': id}, {'$set': {'status': 'declined'}}) users.remove(user) remove_group_association(invitation['recipient']) # notify inviter if he chooses to if "decline" in invitation['notify_when']: send_email('decline', invitation) return jsonify(success=True, invite=sanitize_invite(invitation)) else: return jsonify(success=False, reason='invitation-does-not-exist')