def test_returns_value_from_cache( app_, mocker, expected_cache_get_calls, cache_value, expected_return_value, expected_api_calls, expected_cache_set_calls, ): mock_redis_get = mocker.patch( 'app.extensions.RedisClient.get', return_value=cache_value, ) mock_api_get = mocker.patch( 'app.notify_client.NotifyAdminAPIClient.get', return_value={'data': 'from api'}, ) mock_redis_set = mocker.patch('app.extensions.RedisClient.set', ) user_api_client.get_user(user_id) assert mock_redis_get.call_args_list == expected_cache_get_calls assert mock_api_get.call_args_list == expected_api_calls assert mock_redis_set.call_args_list == expected_cache_set_calls
def test_returns_value_from_cache( app_, mocker, expected_cache_get_calls, cache_value, expected_return_value, expected_api_calls, expected_cache_set_calls, ): mock_redis_get = mocker.patch( 'app.extensions.RedisClient.get', return_value=cache_value, ) mock_api_get = mocker.patch( 'app.notify_client.NotifyAdminAPIClient.get', return_value={'data': 'from api'}, ) mock_redis_set = mocker.patch('app.extensions.RedisClient.set', ) mock_model = mocker.patch( 'app.models.user.User.__init__', return_value=None, ) user_api_client.get_user(user_id) mock_model.assert_called_once_with( expected_return_value, max_failed_login_count=10, ) assert mock_redis_get.call_args_list == expected_cache_get_calls assert mock_api_get.call_args_list == expected_api_calls assert mock_redis_set.call_args_list == expected_cache_set_calls
def remove_user_from_organisation(org_id, user_id): user = user_api_client.get_user(user_id) if request.method == 'POST': try: organisations_client.remove_user_from_organisation(org_id, user_id) except HTTPError as e: msg = "You cannot remove the only user for a service" if e.status_code == 400 and msg in e.message: flash(msg, 'info') return redirect(url_for( '.manage_org_users', org_id=org_id)) else: abort(500, e) return redirect(url_for( '.manage_org_users', org_id=org_id )) flash('Are you sure you want to remove {}?'.format(user.name), 'remove') return render_template( 'views/organisations/organisation/users/user/index.html', user=user, )
def edit_user_permissions(service_id, user_id): # TODO we should probably using the service id here in the get user # call as well. eg. /user/<user_id>?&service=service_id user = user_api_client.get_user(user_id) # Need to make the email address read only, or a disabled field? # Do it through the template or the form class? form = PermissionsForm( **{ role: user.has_permissions(permissions=permissions) for role, permissions in roles.items() }) if form.validate_on_submit(): user_api_client.set_user_permissions( user_id, service_id, permissions=set( chain.from_iterable(permissions for role, permissions in roles.items() if form[role].data)) | {'view_activity'}) return redirect(url_for('.manage_users', service_id=service_id)) return render_template('views/edit-user-permissions.html', user=user, form=form)
def log_in_user(user_id): user = user_api_client.get_user(user_id) if should_reverify_email(user.email_last_verified_at, user.created_at, user.auth_type): user_api_client.send_reverify_email(user.id, user.email_address) return redirect(url_for('main.reverify_email')) if should_rotate_password(user.password_changed_at): return redirect(url_for('main.rotate_password')) try: # the user will have a new current_session_id set by the API # store it in the cookie for future requests session['current_session_id'] = user.current_session_id # check if password needs to be updated if 'password' in session.get('user_details', {}): user = user_api_client.update_password( user.id, password=session['user_details']['password']) flash('Your password has been updated', 'default_with_tick') # check if email last verified date needs to be updated if 'set_last_verified_at' in session.get('user_details', {}): user_api_client.set_email_last_verified_at(user_id) flash('Thanks for verifying your email address', 'default_with_tick') activated_user = user_api_client.activate_user(user) login_user(activated_user) finally: # get rid of anything in the session that we don't expect to have been set during register/sign in flow session.pop('user_details', None) session.pop('file_uploads', None) return redirect_when_logged_in(user_id)
def edit_user_permissions(service_id, user_id): service_has_email_auth = current_service.has_permission('email_auth') # TODO we should probably using the service id here in the get user # call as well. eg. /user/<user_id>?&service=service_id user = user_api_client.get_user(user_id) user_has_no_mobile_number = user.mobile_number is None form = PermissionsForm.from_user(user, service_id) if form.validate_on_submit(): user_api_client.set_user_permissions( user_id, service_id, permissions=form.permissions, ) if service_has_email_auth: user_api_client.update_user_attribute( user_id, auth_type=form.login_authentication.data) return redirect(url_for('.manage_users', service_id=service_id)) return render_template('views/edit-user-permissions.html', user=user, form=form, service_has_email_auth=service_has_email_auth, user_has_no_mobile_number=user_has_no_mobile_number)
def edit_user_org_permissions(org_id, user_id): user = user_api_client.get_user(user_id) return render_template( 'views/organisations/organisation/users/user/index.html', user=user )
def user_profile_mobile_number_confirm(): # Validate verify code for form def _check_code(cde): return user_api_client.check_verify_code(current_user.id, cde, 'sms') if NEW_MOBILE_PASSWORD_CONFIRMED not in session: return redirect(url_for('.user_profile_mobile_number')) form = TwoFactorForm(_check_code) if form.validate_on_submit(): user = user_api_client.get_user(current_user.id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id mobile_number = session[NEW_MOBILE] del session[NEW_MOBILE] del session[NEW_MOBILE_PASSWORD_CONFIRMED] user_api_client.update_user_attribute(current_user.id, mobile_number=mobile_number) return redirect(url_for('.user_profile')) return render_template( 'views/user-profile/confirm.html', form_field=form.sms_code, thing='mobile number' )
def two_factor(): user_id = session['user_details']['id'] def _check_code(code): return user_api_client.check_verify_code(user_id, code, "sms") form = TwoFactorForm(_check_code) if form.validate_on_submit(): try: user = user_api_client.get_user(user_id) services = service_api_client.get_services({'user_id': str(user_id)}).get('data', []) # Check if coming from new password page if 'password' in session['user_details']: user.set_password(session['user_details']['password']) user.reset_failed_login_count() user_api_client.update_user(user) login_user(user, remember=True) finally: del session['user_details'] next_url = request.args.get('next') if next_url and _is_safe_redirect_url(next_url): return redirect(next_url) if current_user.platform_admin: return redirect(url_for('main.show_all_services')) if len(services) == 1: return redirect(url_for('main.service_dashboard', service_id=services[0]['id'])) else: return redirect(url_for('main.choose_service')) return render_template('views/two-factor.html', form=form)
def verify_email(token): try: token_data = check_token( token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['EMAIL_EXPIRY_SECONDS'] ) except SignatureExpired: flash("The link in the email we sent you has expired. We've sent you a new one.") return redirect(url_for('main.resend_email_verification')) # token contains json blob of format: {'user_id': '...', 'secret_code': '...'} (secret_code is unused) token_data = json.loads(token_data) user = user_api_client.get_user(token_data['user_id']) if not user: abort(404) if user.is_active: flash("That verification link has expired.") return redirect(url_for('main.sign_in')) session['user_details'] = {"email": user.email_address, "id": user.id} user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) return redirect(url_for('main.verify'))
def activate_user(user_id): user = user_api_client.get_user(user_id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id activated_user = user_api_client.activate_user(user) login_user(activated_user) return redirect(url_for('main.add_service', first='first'))
def remove_user_from_service(service_id, user_id): user = user_api_client.get_user(user_id) # Need to make the email address read only, or a disabled field? # Do it through the template or the form class? form = PermissionsForm(**{ role: user.has_permissions(permissions=permissions) for role, permissions in roles.items() }) if request.method == 'POST': try: service_api_client.remove_user_from_service(service_id, user_id) except HTTPError as e: msg = "You cannot remove the only user for a service" if e.status_code == 400 and msg in e.message: flash(msg, 'info') return redirect(url_for( '.manage_users', service_id=service_id)) else: abort(500, e) return redirect(url_for( '.manage_users', service_id=service_id )) flash('Are you sure you want to remove {}?'.format(user.name), 'remove') return render_template( 'views/edit-user-permissions.html', user=user, form=form )
def verify_email(token): try: token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['EMAIL_EXPIRY_SECONDS']) token_data = json.loads(token_data) verified = user_api_client.check_verify_code(token_data['user_id'], token_data['secret_code'], 'email') user = user_api_client.get_user(token_data['user_id']) if not user: abort(404) if user.is_active: flash("That verification link has expired.") return redirect(url_for('main.sign_in')) session['user_details'] = {"email": user.email_address, "id": user.id} if verified[0]: user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) return redirect('verify') else: if verified[1] == 'Code has expired': flash("The link in the email we sent you has expired. We've sent you a new one.") return redirect(url_for('main.resend_email_verification')) else: message = "There was a problem verifying your account. Error message: '{}'".format(verified[1]) flash(message) return redirect(url_for('main.index')) except SignatureExpired: flash('The link in the email we sent you has expired') return redirect(url_for('main.resend_email_verification'))
def edit_user_permissions(service_id, user_id): service_has_email_auth = 'email_auth' in current_service['permissions'] # TODO we should probably using the service id here in the get user # call as well. eg. /user/<user_id>?&service=service_id user = user_api_client.get_user(user_id) user_has_no_mobile_number = user.mobile_number is None form = PermissionsForm(**{ role: user.has_permission_for_service(service_id, role) for role in roles.keys() }, login_authentication=user.auth_type) if form.validate_on_submit(): user_api_client.set_user_permissions( user_id, service_id, permissions=set(get_permissions_from_form(form)), ) if service_has_email_auth: user_api_client.update_user_attribute( user_id, auth_type=form.login_authentication.data) return redirect(url_for('.manage_users', service_id=service_id)) return render_template('views/edit-user-permissions.html', user=user, form=form, service_has_email_auth=service_has_email_auth, user_has_no_mobile_number=user_has_no_mobile_number)
def remove_user_from_service(service_id, user_id): user = user_api_client.get_user(user_id) # Need to make the email address read only, or a disabled field? # Do it through the template or the form class? form = PermissionsForm( **{ role: user.has_permission_for_service(service_id, role) for role in roles.keys() }) if request.method == 'POST': try: service_api_client.remove_user_from_service(service_id, user_id) except HTTPError as e: msg = "You cannot remove the only user for a service" if e.status_code == 400 and msg in e.message: flash(msg, 'info') return redirect(url_for('.manage_users', service_id=service_id)) else: abort(500, e) return redirect(url_for('.manage_users', service_id=service_id)) flash('Are you sure you want to remove {}?'.format(user.name), 'remove') return render_template('views/edit-user-permissions.html', user=user, form=form)
def _add_invited_user_to_service(invited_user): invitation = InvitedUser(**invited_user) user = user_api_client.get_user(session['user_id']) service_id = invited_user['service'] user_api_client.add_user_to_service(service_id, user.id, invitation.permissions, invitation.folder_permissions) return service_id
def _add_invited_user_to_service(invited_user): invitation = InvitedUser(**invited_user) # if invited user add to service and redirect to dashboard user = user_api_client.get_user(session['user_id']) service_id = invited_user['service'] user_api_client.add_user_to_service(service_id, user.id, invitation.permissions) invite_api_client.accept_invite(service_id, invitation.id) return service_id
def user_information(user_id): user = user_api_client.get_user(user_id) services = user_api_client.get_services_for_user(user) return render_template( 'views/find-users/user-information.html', user=user, services=services, )
def activate_user(user_id): user = user_api_client.get_user(user_id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id organisation_id = session.get('organisation_id', None) activated_user = user_api_client.activate_user(user) login_user(activated_user) if organisation_id: return redirect(url_for('main.organisation_dashboard', org_id=organisation_id)) else: return redirect(url_for('main.add_service', first='first'))
def user_profile_email_confirm(token): token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['EMAIL_EXPIRY_SECONDS']) token_data = json.loads(token_data) user_id = token_data['user_id'] new_email = token_data['email'] user = user_api_client.get_user(user_id) user.email_address = new_email user_api_client.update_user(user) session.pop(NEW_EMAIL, None) return redirect(url_for('.user_profile'))
def accept_invite(token): invited_user = invite_api_client.check_token(token) if not current_user.is_anonymous and current_user.email_address != invited_user.email_address: message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format(current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': from_user = user_api_client.get_user(invited_user.from_user) service = service_api_client.get_service(invited_user.service)['data'] return render_template('views/cancelled-invitation.html', from_user=from_user.name, service_name=service['name']) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = user_api_client.get_user_by_email_or_none( invited_user.email_address) service_users = user_api_client.get_users_for_service(invited_user.service) if existing_user: invite_api_client.accept_invite(invited_user.service, invited_user.id) if existing_user in service_users: return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: user_api_client.add_user_to_service(invited_user.service, existing_user.id, invited_user.permissions) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: return redirect(url_for('main.register_from_invite'))
def log_in_user(user_id): try: user = user_api_client.get_user(user_id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id # Check if coming from new password page if 'password' in session.get('user_details', {}): user = user_api_client.update_password( user.id, password=session['user_details']['password']) activated_user = user_api_client.activate_user(user) login_user(activated_user) finally: session.pop("user_details", None) return redirect_when_logged_in(user_id)
def add_service(): invited_user = session.get('invited_user') if invited_user: invitation = InvitedUser(**invited_user) # if invited user add to service and redirect to dashboard user = user_api_client.get_user(session['user_id']) service_id = invited_user['service'] user_api_client.add_user_to_service(service_id, user.id, invitation.permissions) invite_api_client.accept_invite(service_id, invitation.id) return redirect( url_for('main.service_dashboard', service_id=service_id)) form = AddServiceForm(service_api_client.find_all_service_email_from) heading = 'Which service do you want to set up notifications for?' if form.validate_on_submit(): email_from = email_safe(form.name.data) service_id = service_api_client.create_service( service_name=form.name.data, active=False, message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'], restricted=True, user_id=session['user_id'], email_from=email_from) session['service_id'] = service_id if (len( service_api_client.get_services({ 'user_id': session['user_id'] }).get('data', [])) > 1): return redirect( url_for('main.service_dashboard', service_id=service_id)) example_sms_template = service_api_client.create_service_template( 'Example text message template', 'sms', 'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).', service_id) return redirect( url_for('main.send_test', service_id=service_id, template_id=example_sms_template['data']['id'], help=1)) else: return render_template('views/add-service.html', form=form, heading=heading)
def accept_org_invite(token): invited_org_user = org_invite_api_client.check_token(token) if not current_user.is_anonymous and current_user.email_address.lower( ) != invited_org_user.email_address.lower(): message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format(current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_org_user.status == 'cancelled': invited_by = user_api_client.get_user(invited_org_user.invited_by) organisation = organisations_client.get_organisation( invited_org_user.organisation) return render_template('views/cancelled-invitation.html', from_user=invited_by.name, organisation_name=organisation['name']) if invited_org_user.status == 'accepted': session.pop('invited_org_user', None) return redirect( url_for('main.organisation_dashboard', org_id=invited_org_user.organisation)) session['invited_org_user'] = invited_org_user.serialize() existing_user = user_api_client.get_user_by_email_or_none( invited_org_user.email_address) organisation_users = user_api_client.get_users_for_organisation( invited_org_user.organisation) if existing_user: org_invite_api_client.accept_invite(invited_org_user.organisation, invited_org_user.id) if existing_user not in organisation_users: user_api_client.add_user_to_organisation( invited_org_user.organisation, existing_user.id) return redirect( url_for('main.organisation_dashboard', org_id=invited_org_user.organisation)) else: return redirect(url_for('main.register_from_org_invite'))
def log_in_user(user_id): try: user = user_api_client.get_user(user_id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id # Check if coming from new password page if 'password' in session.get('user_details', {}): user = user_api_client.update_password( user.id, password=session['user_details']['password']) activated_user = user_api_client.activate_user(user) login_user(activated_user) finally: # get rid of anything in the session that we don't expect to have been set during register/sign in flow session.pop("user_details", None) session.pop("file_uploads", None) return redirect_when_logged_in(user_id)
def add_service(): invited_user = session.get('invited_user') if invited_user: invitation = InvitedUser(**invited_user) # if invited user add to service and redirect to dashboard user = user_api_client.get_user(session['user_id']) service_id = invited_user['service'] user_api_client.add_user_to_service(service_id, user.id, invitation.permissions) invite_api_client.accept_invite(service_id, invitation.id) return redirect(url_for('main.service_dashboard', service_id=service_id)) form = AddServiceForm(service_api_client.find_all_service_email_from) heading = 'Which service do you want to set up notifications for?' if form.validate_on_submit(): email_from = email_safe(form.name.data) service_id = service_api_client.create_service(service_name=form.name.data, active=False, message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'], restricted=True, user_id=session['user_id'], email_from=email_from) session['service_id'] = service_id if (len(service_api_client.get_services({'user_id': session['user_id']}).get('data', [])) > 1): return redirect(url_for('main.service_dashboard', service_id=service_id)) example_sms_template = service_api_client.create_service_template( 'Example text message template', 'sms', 'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).', service_id ) return redirect(url_for( 'main.send_test', service_id=service_id, template_id=example_sms_template['data']['id'], help=1 )) else: return render_template( 'views/add-service.html', form=form, heading=heading )
def verify(): user_id = session['user_details']['id'] def _check_code(code): return user_api_client.check_verify_code(user_id, code, 'sms') form = TwoFactorForm(_check_code) if form.validate_on_submit(): try: user = user_api_client.get_user(user_id) activated_user = user_api_client.activate_user(user) login_user(activated_user) return redirect(url_for('main.add_service', first='first')) finally: session.pop('user_details', None) return render_template('views/two-factor.html', form=form)
def accept_invite(token): invited_user = invite_api_client.check_token(token) if not current_user.is_anonymous and current_user.email_address != invited_user.email_address: message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format( current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': from_user = user_api_client.get_user(invited_user.from_user) service = service_api_client.get_service(invited_user.service)['data'] return render_template('views/cancelled-invitation.html', from_user=from_user.name, service_name=service['name']) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect(url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = user_api_client.get_user_by_email_or_none(invited_user.email_address) service_users = user_api_client.get_users_for_service(invited_user.service) if existing_user: invite_api_client.accept_invite(invited_user.service, invited_user.id) if existing_user in service_users: return redirect(url_for('main.service_dashboard', service_id=invited_user.service)) else: user_api_client.add_user_to_service(invited_user.service, existing_user.id, invited_user.permissions) return redirect(url_for('main.service_dashboard', service_id=invited_user.service)) else: return redirect(url_for('main.register_from_invite'))
def remove_user_from_service(service_id, user_id): user = user_api_client.get_user(user_id) form = PermissionsForm.from_user(user, service_id) if request.method == 'POST': try: service_api_client.remove_user_from_service(service_id, user_id) except HTTPError as e: msg = "You cannot remove the only user for a service" if e.status_code == 400 and msg in e.message: flash(msg, 'info') return redirect(url_for('.manage_users', service_id=service_id)) else: abort(500, e) return redirect(url_for('.manage_users', service_id=service_id)) flash('Are you sure you want to remove {}?'.format(user.name), 'remove') return render_template('views/edit-user-permissions.html', user=user, form=form)
def two_factor(): user_id = session['user_details']['id'] def _check_code(code): return user_api_client.check_verify_code(user_id, code, "sms") form = TwoFactorForm(_check_code) if form.validate_on_submit(): try: user = user_api_client.get_user(user_id) services = service_api_client.get_services({ 'user_id': str(user_id) }).get('data', []) # Check if coming from new password page if 'password' in session['user_details']: user.set_password(session['user_details']['password']) user.reset_failed_login_count() user_api_client.update_user(user) activated_user = user_api_client.activate_user(user) login_user(activated_user, remember=True) finally: del session['user_details'] next_url = request.args.get('next') if next_url and _is_safe_redirect_url(next_url): return redirect(next_url) if current_user.platform_admin: return redirect(url_for('main.show_all_services')) if len(services) == 1: return redirect( url_for('main.service_dashboard', service_id=services[0]['id'])) else: return redirect(url_for('main.choose_service')) return render_template('views/two-factor.html', form=form)
def verify_email(token): try: token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['EMAIL_EXPIRY_SECONDS']) token_data = json.loads(token_data) verified = user_api_client.check_verify_code(token_data['user_id'], token_data['secret_code'], 'email') user = user_api_client.get_user(token_data['user_id']) if not user: abort(404) if user.is_active: flash("That verification link has expired.") return redirect(url_for('main.sign_in')) session['user_details'] = {"email": user.email_address, "id": user.id} if verified[0]: user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) return redirect('verify') else: if verified[1] == 'Code has expired': flash( "The link in the email we sent you has expired. We've sent you a new one." ) return redirect(url_for('main.resend_email_verification')) else: message = "There was a problem verifying your account. Error message: '{}'".format( verified[1]) flash(message) return redirect(url_for('main.index')) except SignatureExpired: flash('The link in the email we sent you has expired') return redirect(url_for('main.resend_email_verification'))
def activate_user(user_id): user = user_api_client.get_user(user_id) # the user will have a new current_session_id set by the API - store it in the cookie for future requests session['current_session_id'] = user.current_session_id organisation_id = session.get('organisation_id') activated_user = user_api_client.activate_user(user) login_user(activated_user) invited_user = session.get('invited_user') if invited_user: service_id = _add_invited_user_to_service(invited_user) return redirect( url_for('main.service_dashboard', service_id=service_id)) invited_org_user = session.get('invited_org_user') if invited_org_user: user_api_client.add_user_to_organisation( invited_org_user['organisation'], session['user_details']['id']) if organisation_id: return redirect( url_for('main.organisation_dashboard', org_id=organisation_id)) else: return redirect(url_for('main.add_service', first='first'))
def reverify_email_token(token): try: token_data = check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['EMAIL_EXPIRY_SECONDS']) except SignatureExpired: flash( 'The link in the email we sent you has expired. We\'ve sent you a new one.' ) return redirect(url_for('main.resend_email_reverification')) token_data = json.loads(token_data) user = user_api_client.get_user(token_data['user_id']) if not user: abort(404) session['user_details'] = { 'email': user.email_address, 'id': user.id, 'set_last_verified_at': True, } return log_in_user(user.id)
def edit_user_permissions(service_id, user_id): # TODO we should probably using the service id here in the get user # call as well. eg. /user/<user_id>?&service=service_id user = user_api_client.get_user(user_id) # Need to make the email address read only, or a disabled field? # Do it through the template or the form class? form = PermissionsForm(**{ role: user.has_permissions(permissions=permissions) for role, permissions in roles.items() }) if form.validate_on_submit(): user_api_client.set_user_permissions( user_id, service_id, permissions=set(chain.from_iterable( permissions for role, permissions in roles.items() if form[role].data )) | {'view_activity'} ) return redirect(url_for('.manage_users', service_id=service_id)) return render_template( 'views/edit-user-permissions.html', user=user, form=form )
def accept_invite(token): try: check_token(token, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'], current_app.config['INVITATION_EXPIRY_SECONDS']) except SignatureExpired: errors = [ 'Your invitation to GOV.UK Notify has expired. ' 'Please ask the person that invited you to send you another one' ] return render_template("error/400.html", message=errors), 400 invited_user = invite_api_client.check_token(token) if not current_user.is_anonymous and current_user.email_address.lower( ) != invited_user.email_address.lower(): message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format(current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': from_user = user_api_client.get_user(invited_user.from_user) service = service_api_client.get_service(invited_user.service)['data'] return render_template('views/cancelled-invitation.html', from_user=from_user.name, service_name=service['name']) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = user_api_client.get_user_by_email_or_none( invited_user.email_address) service_users = user_api_client.get_users_for_service(invited_user.service) if existing_user: invite_api_client.accept_invite(invited_user.service, invited_user.id) if existing_user in service_users: return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: service = service_api_client.get_service( invited_user.service)['data'] # if the service you're being added to can modify auth type, then check if this is relevant if 'email_auth' in service['permissions'] and ( # they have a phone number, we want them to start using it. if they dont have a mobile we just # ignore that option of the invite (existing_user.mobile_number and invited_user.auth_type == 'sms_auth') or # we want them to start sending emails. it's always valid, so lets always update invited_user.auth_type == 'email_auth'): user_api_client.update_user_attribute( existing_user.id, auth_type=invited_user.auth_type) user_api_client.add_user_to_service(invited_user.service, existing_user.id, invited_user.permissions) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: return redirect(url_for('main.register_from_invite'))
def accept_invite(token): try: invited_user = invite_api_client.check_token(token) except HTTPError as e: if e.status_code == 400 and 'invitation' in e.message: flash(e.message['invitation']) return redirect(url_for('main.sign_in')) else: raise e if not current_user.is_anonymous and current_user.email_address.lower( ) != invited_user.email_address.lower(): message = Markup(""" You’re signed in as {}. This invite is for another email address. <a href={}>Sign out</a> and click the link again to accept this invite. """.format(current_user.email_address, url_for("main.sign_out", _external=True))) flash(message=message) abort(403) if invited_user.status == 'cancelled': from_user = user_api_client.get_user(invited_user.from_user) service = service_api_client.get_service(invited_user.service)['data'] return render_template('views/cancelled-invitation.html', from_user=from_user.name, service_name=service['name']) if invited_user.status == 'accepted': session.pop('invited_user', None) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) session['invited_user'] = invited_user.serialize() existing_user = user_api_client.get_user_by_email_or_none( invited_user.email_address) service_users = user_api_client.get_users_for_service(invited_user.service) if existing_user: invite_api_client.accept_invite(invited_user.service, invited_user.id) if existing_user in service_users: return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: service = service_api_client.get_service( invited_user.service)['data'] # if the service you're being added to can modify auth type, then check if this is relevant if 'email_auth' in service['permissions'] and ( # they have a phone number, we want them to start using it. if they dont have a mobile we just # ignore that option of the invite (existing_user.mobile_number and invited_user.auth_type == 'sms_auth') or # we want them to start sending emails. it's always valid, so lets always update invited_user.auth_type == 'email_auth'): user_api_client.update_user_attribute( existing_user.id, auth_type=invited_user.auth_type) user_api_client.add_user_to_service(invited_user.service, existing_user.id, invited_user.permissions) return redirect( url_for('main.service_dashboard', service_id=invited_user.service)) else: return redirect(url_for('main.register_from_invite'))