def freja_proofing(user, nin):
proofing_state = current_app.proofing_statedb.get_state_by_eppn(user.eppn, raise_on_missing=False)
if not proofing_state:
current_app.logger.debug('No proofing state found for user {!s}. Initializing new proofing flow.'.format(user))
proofing_state = helpers.create_proofing_state(user, nin)
# Initiate authn request
try:
redirect_url = url_for('oidc_proofing.authorization_response', _external=True)
claims_request = ClaimsRequest(userinfo=Claims(results=None))
success = helpers.do_authn_request(proofing_state, claims_request, redirect_url)
if not success:
current_app.stats.count(name='freja.authn_request_op_error')
return {'_status': 'error', 'message': 'Temporary technical problems'}
except requests.exceptions.ConnectionError as e:
current_app.logger.error('No connection to authorization endpoint: {!s}'.format(e))
return {'_status': 'error', 'message': 'No connection to authorization endpoint'}
# If authentication request went well save user state
current_app.stats.count(name='freja.authn_request_success')
current_app.proofing_statedb.save(proofing_state)
current_app.logger.debug('Proofing state {!s} for user {!s} saved'.format(proofing_state.state, user))
# Add the nin used to initiate the proofing state to the user
# NOOP if the user already have the nin
add_nin_to_user(user, proofing_state)
return get_freja_state()
def freja_proofing(user, nin):
proofing_state = current_app.proofing_statedb.get_state_by_eppn(
user.eppn, raise_on_missing=False)
if not proofing_state:
current_app.logger.debug(
'No proofing state found for user {!s}. Initializing new proofing flow.'
.format(user))
proofing_state = helpers.create_proofing_state(user, nin)
# Initiate authn request
try:
redirect_url = url_for('oidc_proofing.authorization_response',
_external=True)
claims_request = ClaimsRequest(userinfo=Claims(results=None))
success = helpers.do_authn_request(proofing_state, claims_request,
redirect_url)
if not success:
current_app.stats.count(name='freja.authn_request_op_error')
return error_response(message=CommonMsg.temp_problem)
except requests.exceptions.ConnectionError as e:
current_app.logger.error(
'No connection to authorization endpoint: {!s}'.format(e))
return error_response(message=OIDCMsg.no_conn)
# If authentication request went well save user state
current_app.stats.count(name='freja.authn_request_success')
current_app.proofing_statedb.save(proofing_state)
current_app.logger.debug(
'Proofing state {!s} for user {!s} saved'.format(
proofing_state.state, user))
# Add the nin used to initiate the proofing state to the user
# NOOP if the user already have the nin
add_nin_to_user(user, proofing_state)
return get_freja_state()
def proofing(user, nin):
current_app.logger.info('Trying to verify nin via mobile number for user {}.'.format(user))
current_app.logger.debug('NIN: {!s}.'.format(nin))
# Add nin as not verified to the user
proofing_state = create_proofing_state(user, nin)
add_nin_to_user(user, proofing_state)
# Get list of verified mobile numbers
verified_mobiles = [item.number for item in user.phone_numbers.to_list() if item.is_verified]
if not verified_mobiles:
return {'_status': 'error', 'message': 'no_phone'}
try:
success, proofing_log_entry = match_mobile_to_user(user, nin, verified_mobiles)
except LookupMobileTaskFailed:
current_app.stats.count('validate_nin_by_mobile_error')
return {'_status': 'error', 'message': 'error_lookup_mobile_task'}
except MsgTaskFailed:
current_app.stats.count('navet_error')
return {'_status': 'error', 'message': 'error_navet_task'}
if success:
try:
# Verify nin for user
verify_nin_for_user(user, proofing_state, proofing_log_entry)
return {'success': True, 'message': 'letter.verification_success'}
except AmTaskFailed as e:
current_app.logger.error('Verifying nin for user {} failed'.format(user))
current_app.logger.error('{}'.format(e))
return {'_status': 'error', 'message': 'Temporary technical problems'}
return {'_status': 'error', 'message': 'nins.no-mobile-match'}
def add_nin(user, nin):
security_user = SecurityUser.from_user(user, current_app.private_userdb)
current_app.logger.info('Removing NIN from user')
current_app.logger.debug('NIN: {}'.format(nin))
nin_obj = security_user.nins.find(nin)
if nin_obj:
current_app.logger.info('NIN already added.')
return error_response(message=SecurityMsg.already_exists)
try:
nin_element = NinProofingElement.from_dict(
dict(number=nin, created_by='security', verified=False))
proofing_state = NinProofingState.from_dict({
'eduPersonPrincipalName':
security_user.eppn,
'nin':
nin_element.to_dict()
})
add_nin_to_user(user, proofing_state, user_class=SecurityUser)
return success_response(
payload=dict(nins=security_user.nins.to_list_of_dicts()),
message=SecurityMsg.add_success)
except AmTaskFailed as e:
current_app.logger.error('Adding nin to user failed')
current_app.logger.debug(f'NIN: {nin}')
current_app.logger.error('{}'.format(e))
return error_response(message=CommonMsg.temp_problem)
def proofing(user, nin):
current_app.logger.info('Send letter for user {} initiated'.format(user))
proofing_state = current_app.proofing_statedb.get_state_by_eppn(user.eppn, raise_on_missing=False)
# No existing proofing state was found, create a new one
if not proofing_state:
# Create a LetterNinProofingUser in proofingdb
proofing_state = create_proofing_state(user.eppn, nin)
current_app.logger.info('Created proofing state for user {}'.format(user))
# Add the nin used to initiate the proofing state to the user
# NOOP if the user already have the nin
add_nin_to_user(user, proofing_state)
if proofing_state.proofing_letter.is_sent:
current_app.logger.info('A letter has already been sent to the user. ')
current_app.logger.debug('Proofing state: {}'.format(proofing_state.to_dict()))
result = check_state(proofing_state)
if not result['letter_expired']:
return result
else:
# XXX Are we sure that the user wants to send a new letter?
current_app.logger.info('The letter has expired. Sending a new one...')
try:
address = get_address(user, proofing_state)
if not address:
current_app.logger.error('No address found for user {}'.format(user))
return {'_status': 'error', 'message': 'letter.no-address-found'}
except MsgTaskFailed as e:
current_app.logger.error('Navet lookup failed for user {}: {}'.format(user, e))
current_app.stats.count('navet_error')
return {'_status': 'error', 'message': 'error_navet_task'}
# Set and save official address
proofing_state.proofing_letter.address = address
current_app.proofing_statedb.save(proofing_state)
try:
campaign_id = send_letter(user, proofing_state)
except pdf.AddressFormatException as e:
current_app.logger.error('{}'.format(e))
return {'_status': 'error', 'message': 'letter.bad-postal-address'}
except EkopostException as e:
current_app.logger.error('{}'.format(e))
return {'_status': 'error', 'message': 'Temporary technical problems'}
# Save the users proofing state
proofing_state.proofing_letter.transaction_id = campaign_id
proofing_state.proofing_letter.is_sent = True
proofing_state.proofing_letter.sent_ts = True
current_app.proofing_statedb.save(proofing_state)
result = check_state(proofing_state)
result['message'] = 'letter.saved-unconfirmed'
return result
def proofing(user, nin):
current_app.logger.info('Send letter for user {} initiated'.format(user))
proofing_state = current_app.proofing_statedb.get_state_by_eppn(user.eppn, raise_on_missing=False)
# No existing proofing state was found, create a new one
if not proofing_state:
# Create a LetterNinProofingUser in proofingdb
proofing_state = create_proofing_state(user.eppn, nin)
current_app.logger.info('Created proofing state for user {}'.format(user))
# Add the nin used to initiate the proofing state to the user
# NOOP if the user already have the nin
add_nin_to_user(user, proofing_state)
if proofing_state.proofing_letter.is_sent:
current_app.logger.info('A letter has already been sent to the user. ')
current_app.logger.debug('Proofing state: {}'.format(proofing_state.to_dict()))
result = check_state(proofing_state)
if not result['letter_expired']:
return result
else:
# XXX Are we sure that the user wants to send a new letter?
current_app.logger.info('The letter has expired. Sending a new one...')
try:
address = get_address(user, proofing_state)
if not address:
current_app.logger.error('No address found for user {}'.format(user))
return {'_status': 'error', 'message': 'letter.no-address-found'}
except MsgTaskFailed as e:
current_app.logger.error('Navet lookup failed for user {}: {}'.format(user, e))
current_app.stats.count('navet_error')
return {'_status': 'error', 'message': 'error_navet_task'}
# Set and save official address
proofing_state.proofing_letter.address = address
current_app.proofing_statedb.save(proofing_state)
try:
campaign_id = send_letter(user, proofing_state)
except pdf.AddressFormatException as e:
current_app.logger.error('{!r}'.format(e.message))
return {'_status': 'error', 'message': 'letter.bad-postal-address'}
except EkopostException as e:
current_app.logger.error('{!r}'.format(e.message))
return {'_status': 'error', 'message': 'Temporary technical problems'}
# Save the users proofing state
proofing_state.proofing_letter.transaction_id = campaign_id
proofing_state.proofing_letter.is_sent = True
proofing_state.proofing_letter.sent_ts = True
current_app.proofing_statedb.save(proofing_state)
result = check_state(proofing_state)
result['message'] = 'letter.saved-unconfirmed'
return result
def proofing(user, nin):
current_app.logger.info(
'Trying to verify nin via mobile number for user {}.'.format(user))
current_app.logger.debug('NIN: {!s}.'.format(nin))
# Add nin as not verified to the user
proofing_state = create_proofing_state(user, nin)
add_nin_to_user(user, proofing_state)
# Get list of verified mobile numbers
verified_mobiles = [
item.number for item in user.phone_numbers.to_list()
if item.is_verified
]
if not verified_mobiles:
return error_response(message=MobileMsg.no_phone)
try:
success, proofing_log_entry = match_mobile_to_user(
user, nin, verified_mobiles)
except LookupMobileTaskFailed:
current_app.stats.count('validate_nin_by_mobile_error')
return error_response(message=MobileMsg.lookup_error)
except MsgTaskFailed:
current_app.stats.count('navet_error')
return error_response(message=CommonMsg.navet_error)
if success:
try:
# Verify nin for user
if not verify_nin_for_user(user, proofing_state,
proofing_log_entry):
return error_response(message=CommonMsg.temp_problem)
return {
'success': True,
'message': str(MobileMsg.verify_success.value)
}
except AmTaskFailed:
current_app.logger.exception(
f'Verifying nin for user {user} failed')
return error_response(message=CommonMsg.temp_problem)
return error_response(message=MobileMsg.no_match)
def seleg_proofing(user, nin):
proofing_state = current_app.proofing_statedb.get_state_by_eppn(
user.eppn, raise_on_missing=False)
if not proofing_state:
current_app.logger.debug(
'No proofing state found for user {!s}. Initializing new proofing flow.'
.format(user))
proofing_state = helpers.create_proofing_state(user, nin)
# Initiate authn request
try:
redirect_url = url_for('oidc_proofing.authorization_response',
_external=True)
claims_request = ClaimsRequest(userinfo=Claims(
identity=None, vetting_time=None, metadata=None))
success = helpers.do_authn_request(proofing_state, claims_request,
redirect_url)
if not success:
current_app.stats.count(name='seleg.authn_request_op_error')
return {
'_status': 'error',
'message': 'Temporary technical problems'
}
except requests.exceptions.ConnectionError as e:
current_app.logger.error(
'No connection to authorization endpoint: {!s}'.format(e))
return {
'_status': 'error',
'message': 'No connection to authorization endpoint'
}
# If authentication request went well save user state
current_app.stats.count(name='seleg.authn_request_success')
current_app.proofing_statedb.save(proofing_state)
current_app.logger.debug(
'Proofing state {!s} for user {!s} saved'.format(
proofing_state.state, user))
# Add the nin used to initiate the proofing state to the user
# NOOP if the user already have the nin
add_nin_to_user(user, proofing_state)
return get_seleg_state()