def create_invites(): recipient = request.json['recipient'] sender = request.json['sender'] recipient_user = users.find_one({'email': recipient}) recipient_invite = invites.find_one({'recipient': recipient}) sender_user = users.find_one({'email': sender}) # issue #120 # To ensure no duplicate invitation is allowed, and to ensure # we don't corrupt user record in user table, any POST invitation # must check # (1) if user is not created in users collection - FALSE # (2) if user is created, BUT status is not 'invited' - FALSE # (3) recipient email is found in existing invitation record - FALSE if not recipient_user: return jsonify(success=False, reason='recipient-not-found-in-user-record') elif recipient_user.get('status') != 'invited': return jsonify(success=False, reason='recipient-already-joined') if recipient_invite: return jsonify(success=False, reason='duplicate-invitation-not-allowed') if not sender_user: return jsonify(success=False, reason='sender-not-found-in-user-record') invite_id = str(uuid.uuid4()) # some users may not have name filled out? invite = {'id': invite_id, 'recipient': recipient, 'recipient_name': recipient_user['name'] or recipient, 'sender': sender, 'sender_name': sender_user['name'] or sender, 'sent_on': None, 'accepted_on': None, 'status': 'pending', 'expire_on': None, 'max_time_allowed': request.json.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed')} backend_utils.send_invite( invite['recipient'], invite['recipient_name'], invite['sender'], invite['sender_name'], request.json['base_url'], invite_id) invite['sent_on'] = datetime.datetime.utcnow() invite['expire_on'] = invite['sent_on'] + \ datetime.timedelta(seconds=invite['max_time_allowed']) invites.insert(invite) return jsonify(success=True, invite=sanitize_invite(invite))
def update_user(user_email): new_user = request.json # Verify the incoming user: user must exist, groups must exist, role must exist old_user = users.find_one({'email': user_email}) if old_user is None: return jsonify(success=False, reason='unknown-user') old_user['groups'] = _find_groups_for_user(user_email) old_user['sites'] = _find_sites_for_user(user_email) if 'groups' in new_user: for group_name in new_user.get('groups', []): if not _check_group_exists(group_name): return jsonify(success=False, reason='unknown-group') if 'role' in new_user: if new_user["role"] not in ("user", "administrator"): return jsonify(success=False, reason="invalid-role") if 'status' in new_user: if new_user['status'] not in ('active', 'banned'): return jsonify(success=False, reason='unknown-status-option') # Update the group memberships if 'groups' in new_user: # Add new groups for group_name in new_user.get('groups', []): if group_name not in old_user['groups']: groups.update({'name': group_name}, {'$addToSet': { 'users': user_email }}) # Remove old groups for group_name in old_user['groups']: if group_name not in new_user.get('groups', []): groups.update({'name': group_name}, {'$pull': { 'users': user_email }}) # Modify the user changes = {} if 'name' in new_user: changes['name'] = new_user['name'] if 'role' in new_user: changes['role'] = new_user['role'] if 'groups' in new_user: changes['groups'] = new_user['groups'] if 'status' in new_user: changes['status'] = new_user['status'] users.update({'email': user_email}, {'$set': changes}) # Return the updated user user = users.find_one({'email': user_email}) if not user: return jsonify(success=False, reason='unknown-user') user['groups'] = _find_groups_for_user(user_email) return jsonify(success=True, user=sanitize_user(user))
def login_user(): email = request.json['email'] user = users.find_one({'email': email}) if user: if user['status'] == 'active': timestamp = datetime.datetime.utcnow() users.update({'email': email}, {'$set': {'last_login': timestamp}}) user = users.find_one({'email': email}) return jsonify(success=True, user=sanitize_user(user)) else: return jsonify(success=False, reason=user['status']) else: return jsonify(success=False, reason='user-does-not-exist')
def create_user(): user = request.json # Verify incoming user: email must not exist yet, groups must exist, role must exist if users.find_one({'email': user['email']}) is not None: return jsonify(success=False, reason='user-already-exists') for group_name in user.get('groups', []): if not _check_group_exists(group_name): return jsonify(success=False, reason='unknown-group') if user.get("role") not in ("user", "administrator"): return jsonify(success=False, reason="invalid-role") new_user = { 'id': str(uuid.uuid4()), 'status': 'invited' if user.get('invitation') else 'active', 'email': user['email'], 'name': user.get('name'), 'role': user['role'], 'created': datetime.datetime.utcnow(), 'last_login': None, 'api_key': str(uuid.uuid4()) } users.insert(new_user) # Add the user to the groups - group membership is stored in the group objet, not in the user for group_name in user.get('groups', []): groups.update({'name': group_name}, {'$addToSet': { 'users': user['email'] }}) new_user['groups'] = user.get('groups', []) return jsonify(success=True, user=sanitize_user(new_user))
def create_group(): group = request.json # perform validations on incoming data; issue#132 if not group.get("name"): return jsonify(success=False, reason="name-field-is-required") userz = group.get("users") sitez = group.get("sites") if userz: for user in userz: if not users.find_one({"email": user}): return jsonify(success=False, reason="user %s does not exist" % user) if sitez: for site in sitez: if not sites.find_one({"name": site}): return jsonify(success=False, reason="site %s does not exist" % site) if groups.find_one({"name": group["name"]}) is not None: return jsonify(success=False, reason="group-already-exists") # post-validation new_group = { "id": str(uuid.uuid4()), "name": group["name"], "description": group.get("description", ""), "sites": group.get("sites", []), "users": group.get("users", []), "created": datetime.datetime.utcnow(), } groups.insert(new_group) return jsonify(success=True, group=sanitize_group(new_group))
def get_reports_sites(): result = [] group_name = request.args.get('group_name') user_email = request.args.get('user') if user_email is not None: # User specified, so return recent scans for each site/plan that the user can see user = users.find_one({'email': user_email}) if user is None: return jsonify(success=False, reason='no-such-user') if group_name: site_list = _find_sites_for_user_by_group_name(user_email, group_name) else: site_list = _find_sites_for_user(user_email) for site_url in sorted(site_list): site = sites.find_one({'url': site_url}) if site is not None: for plan_name in site['plans']: schedule = scanschedules.find_one({'site':site_url, 'plan':plan_name}) crontab = None scheduleEnabled = False if schedule is not None: crontab = schedule['crontab'] scheduleEnabled = schedule['enabled'] l = list(scans.find({'configuration.target':site['url'], 'plan.name': plan_name}).sort("created", -1).limit(1)) if len(l) == 1: scan = summarize_scan(sanitize_scan(l[0])) s = {v: scan.get(v) for v in ('id', 'created', 'state', 'issues')} result.append({'target': site_url, 'plan': plan_name, 'scan': scan, 'crontab': crontab, 'scheduleEnabled': scheduleEnabled}) else: result.append({'target': site_url, 'plan': plan_name, 'scan': None, 'crontab': crontab, 'scheduleEnabled': scheduleEnabled}) return jsonify(success=True, report=result)
def get_reports_issues(): result = [] group_name = request.args.get('group_name') user_email = request.args.get('user') if user_email is not None: # User specified, so return recent scans for each site/plan that the user can see user = users.find_one({'email': user_email}) if user is None: return jsonify(success=False, reason='no-such-user') if group_name: site_list = _find_sites_for_user_by_group_name(user_email, group_name) else: site_list = _find_sites_for_user(user_email) for site_url in sorted(site_list): r = {'target': site_url, 'issues': []} site = sites.find_one({'url': site_url}) if site is not None: for plan_name in site['plans']: for s in scans.find({'configuration.target':site['url'], 'plan.name': plan_name}).sort("created", -1).limit(1): for session in s['sessions']: for issue in session['issues']: r['issues'].append({'severity': issue['Severity'], 'summary': issue['Summary'], 'scan': { 'id': s['id'] }, 'id': issue['Id']}) result.append(r) return jsonify(success=True, report=result)
def create_group(): group = request.json # perform validations on incoming data; issue#132 if not group.get('name'): return jsonify(success=False, reason='name-field-is-required') userz = group.get('users') sitez = group.get('sites') if userz: for user in userz: if not users.find_one({'email': user}): return jsonify(success=False, reason='user %s does not exist' % user) if sitez: for site in sitez: if not sites.find_one({'url': site}): return jsonify(success=False, reason='site %s does not exist' % site) if groups.find_one({'name': group['name']}) is not None: return jsonify(success=False, reason='group-already-exists') # post-validation new_group = { 'id': str(uuid.uuid4()), 'name': group['name'], 'description': group.get('description', ""), 'sites': group.get('sites', []), 'users': group.get('users', []), 'created': datetime.datetime.utcnow() } groups.insert(new_group) return jsonify(success=True, group=sanitize_group(new_group))
def create_user(): user = request.json # Verify incoming user: email must not exist yet, groups must exist, role must exist if users.find_one({'email': user['email']}) is not None: return jsonify(success=False, reason='user-already-exists') for group_name in user.get('groups', []): if not _check_group_exists(group_name): return jsonify(success=False, reason='unknown-group') if user.get("role") not in ("user", "administrator"): return jsonify(success=False, reason="invalid-role") new_user = { 'id': str(uuid.uuid4()), 'status': 'invited' if user.get('invitation') else 'active', 'email': user['email'], 'name': user.get('name'), 'role': user['role'], 'created': datetime.datetime.utcnow(), 'last_login': None } users.insert(new_user) # Add the user to the groups - group membership is stored in the group objet, not in the user for group_name in user.get('groups', []): groups.update({'name':group_name},{'$addToSet': {'users': user['email']}}) new_user['groups'] = user.get('groups', []) return jsonify(success=True, user=sanitize_user(new_user))
def create_group(): group = request.json # perform validations on incoming data; issue#132 if not group.get('name'): return jsonify(success=False, reason='name-field-is-required') userz = group.get('users') sitez = group.get('sites') if userz: for user in userz: if not users.find_one({'email': user}): return jsonify(success=False, reason='user %s does not exist'%user) if sitez: for site in sitez: if not sites.find_one({'name': site}): return jsonify(success=False, reason='site %s does not exist'%site) if groups.find_one({'name': group['name']}) is not None: return jsonify(success=False, reason='group-already-exists') # post-validation new_group = { 'id': str(uuid.uuid4()), 'name': group['name'], 'description': group.get('description', ""), 'sites': group.get('sites', []), 'users': group.get('users', []), 'created': datetime.datetime.utcnow() } groups.insert(new_group) return jsonify(success=True, group=sanitize_group(new_group))
def create_invites(): recipient = request.json['recipient'] sender = request.json['sender'] recipient_user = users.find_one({'email': recipient}) recipient_invite = invites.find_one({'recipient': recipient}) sender_user = users.find_one({'email': sender}) # issue #120 # To ensure no duplicate invitation is allowed, and to ensure # we don't corrupt user record in user table, any POST invitation # must check # (1) if user is not created in users collection - FALSE # (2) if user is created, BUT status is not 'invited' - FALSE # (3) recipient email is found in existing invitation record - FALSE if not recipient_user: return jsonify(success=False, reason='recipient-not-found-in-user-record') elif recipient_user.get('status') != 'invited': return jsonify(success=False, reason='recipient-already-joined') if recipient_invite: return jsonify(success=False, reason='duplicate-invitation-not-allowed') if not sender_user: return jsonify(success=False, reason='sender-not-found-in-user-record') invite_id = str(uuid.uuid4()) # some users may not have name filled out? invite = {'id': invite_id, 'recipient': recipient, 'recipient_name': recipient_user['name'] or recipient, 'sender': sender, 'sender_name': sender_user['name'] or sender, 'sent_on': None, 'accepted_on': None, 'status': 'pending', 'expire_on': None, 'max_time_allowed': request.json.get('max_time_allowed') \ or backend_config.get('email').get('max_time_allowed'), 'notify_when': request.json.get('notify_when', [])} send_email('invite', invite, extra_data={'base_url': request.json['base_url']}) invite['sent_on'] = datetime.datetime.utcnow() invite['expire_on'] = invite['sent_on'] + \ datetime.timedelta(seconds=invite['max_time_allowed']) invites.insert(invite) return jsonify(success=True, invite=sanitize_invite(invite))
def update_invite(id): timenow = datetime.datetime.utcnow() action = request.json['action'].lower() invitation = invites.find_one({'id': id}) if invitation: max_time_allowed = invitation.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed') recipient = invitation['recipient'] recipient_name = invitation['recipient_name'] sender = invitation['sender'] sender_name = invitation['sender_name'] sent_on = invitation['sent_on'] accepted_on = invitation['accepted_on'] expire_on = invitation['expire_on'] user = users.find_one({'email': recipient}) if user is None: return jsonify(success=False, reason="user-not-created") if accepted_on is not None: return jsonify(success=False, reason="invitation-has-been-used") if not action in ('resend', 'accept', 'decline'): return jsonify(success=False, reason='invalid-action') if action == 'resend': new_id = str(uuid.uuid4()) base_url = request.json['base_url'] backend_utils.send_invite(recipient, recipient_name, sender, sender_name, base_url, new_id) # generate new record sent_on = datetime.datetime.utcnow() expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed) invitation['id'] = new_id invitation['sent_on'] = sent_on invitation['expire_on'] = expire_on invites.update({'id': id}, {'$set': {'sent_on': invitation['sent_on'], 'id': invitation['id']}}) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'accept': # if time now is ahead of expire_on, the delta is negative if (expire_on - timenow).seconds < 0: invitation['status'] = 'expired' invites.update({'id': id}, {'$set': {'status': 'expired'}}) return jsonify(success=False, reason='invitation-expired') else: invitation['status'] = 'used' invitation['accepted_on'] = datetime.datetime.utcnow() invites.update({'id': id},{'$set': {'accepted_on': invitation['accepted_on'], 'status': 'used'}}) users.update({'email': recipient}, {'$set': {'status': 'active'}}) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'decline': invitation['status'] = 'declined' invites.update({'id': id}, {'$set': {'status': 'decline'}}) return jsonify(success=True, invite=sanitize_invite(invitation)) else: return jsonify(success=False, reason='invitation-does-not-exist')
def update_user(user_email): new_user = request.json # Verify the incoming user: user must exist, groups must exist, role must exist old_user = users.find_one({'email': user_email}) if old_user is None: return jsonify(success=False, reason='unknown-user') old_user['groups'] = _find_groups_for_user(user_email) old_user['sites'] = _find_sites_for_user(user_email) if 'groups' in new_user: for group_name in new_user.get('groups', []): if not _check_group_exists(group_name): return jsonify(success=False, reason='unknown-group') if 'role' in new_user: if new_user["role"] not in ("user", "administrator"): return jsonify(success=False, reason="invalid-role") if 'status' in new_user: if new_user['status'] not in ('active', 'banned'): return jsonify(success=False, reason='unknown-status-option') # Update the group memberships if 'groups' in new_user: # Add new groups for group_name in new_user.get('groups', []): if group_name not in old_user['groups']: groups.update({'name':group_name},{'$addToSet': {'users': user_email}}) # Remove old groups for group_name in old_user['groups']: if group_name not in new_user.get('groups', []): groups.update({'name':group_name},{'$pull': {'users': user_email}}) # Modify the user changes = {} if 'name' in new_user: changes['name'] = new_user['name'] if 'role' in new_user: changes['role'] = new_user['role'] if 'groups' in new_user: changes['groups'] = new_user['groups'] if 'status' in new_user: changes['status'] = new_user['status'] users.update({'email': user_email}, {'$set': changes}) # Return the updated user user = users.find_one({'email': user_email}) if not user: return jsonify(success=False, reason='unknown-user') user['groups'] = _find_groups_for_user(user_email) return jsonify(success=True, user=sanitize_user(user))
def get_user(email): email = email.lower() user = users.find_one({'email': email}) if not user: return jsonify(success=False, reason='no-such-user') user['groups'] = _find_groups_for_user(user['email']) user['sites'] = _find_sites_for_user(user['email']) return jsonify(success=True, user=sanitize_user(user))
def delete_user(user_email): user = users.find_one({'email': user_email}) if not user: return jsonify(success=False, reason='no-such-user') # Remove the user users.remove({'email': user_email}) # Remove user group membership remove_group_association(user_email) return jsonify(success=True)
def delete_user(user_email): user = users.find_one({'email': user_email}) if not user: return jsonify(success=False, reason='no-such-user') # Remove the user users.remove({'email': user_email}) # Remove user group membership for group_name in _find_groups_for_user(user_email): groups.update({'name':group_name},{'$pull': {'users': user_email}}) return jsonify(success=True)
def get_reports_sites(): result = [] group_name = request.args.get('group_name') user_email = request.args.get('user') if user_email is not None: # User specified, so return recent scans for each site/plan that the user can see user = users.find_one({'email': user_email}) if user is None: return jsonify(success=False, reason='no-such-user') if group_name: site_list = _find_sites_for_user_by_group_name( user_email, group_name) else: site_list = _find_sites_for_user(user_email) for site_url in sorted(site_list): site = sites.find_one({'url': site_url}) if site is not None: for plan_name in site['plans']: schedule = scanschedules.find_one({ 'site': site_url, 'plan': plan_name }) crontab = None scheduleEnabled = False if schedule is not None: crontab = schedule['crontab'] scheduleEnabled = schedule['enabled'] l = list( scans.find({ 'configuration.target': site['url'], 'plan.name': plan_name }).sort("created", -1).limit(1)) if len(l) == 1: scan = summarize_scan(sanitize_scan(l[0])) s = { v: scan.get(v) for v in ('id', 'created', 'state', 'issues') } result.append({ 'target': site_url, 'plan': plan_name, 'scan': scan, 'crontab': crontab, 'scheduleEnabled': scheduleEnabled }) else: result.append({ 'target': site_url, 'plan': plan_name, 'scan': None, 'crontab': crontab, 'scheduleEnabled': scheduleEnabled }) return jsonify(success=True, report=result)
def has_permission(*args, **kwargs): email = request.args.get('email') if email: user = users.find_one({'email': email}) if not user: return jsonify(success=False, reason='User does not exist.') if user['role'] == 'user': plan_name = request.view_args['plan_name'] if not _check_plan_by_email(email, plan_name): return jsonify(success=False, reason="Plan does not exist.") return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def has_permission(*args, **kwargs): email = request.args.get('email') if email: user = users.find_one({'email': email}) if not user: return jsonify(success=False, reason='user-does-not-exist') scan = scans.find_one({"id": kwargs['scan_id']}) if user['role'] == 'user': groupz = groups.find({'users': email, 'sites': scan['configuration']['target']}) if not groupz.count(): return jsonify(success=False, reason='not-found') return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def get_reports_history(): history = [] user_email = request.args.get('user') if user_email is not None: user = users.find_one({'email': user_email}) if user is None: return jsonify(success=False, reason='no-such-user') for s in scans.find({'configuration.target': {'$in': _find_sites_for_user(user_email)}}).sort("created", -1).limit(100): history.append(summarize_scan(sanitize_scan(s))) else: for s in scans.find({}).sort("created", -1).limit(100): history.append(summarize_scan(sanitize_scan(s))) return jsonify(success=True, report=history)
def delete_invite(id): invitation = invites.find_one({'id': id}) if not invitation: return jsonify(success=False, reason='no-such-invitation') # do not delete users that are not invite pending (bug #123) email = invitation['recipient'] user = users.find_one({'email': email}) if user and user.get('status') == "invited": users.remove(user) # bug #133 delete user associations remove_group_association(email) invites.remove({'id': id}) return jsonify(success=True)
def delete_invite(id): invitation = invites.find_one({'id': id}) if not invitation: return jsonify(success=False, reason='no-such-invitation') # do not delete users that are not invite pending (bug #123) email = invitation['recipient'] user = users.find_one({'email': email}) if user and user.get('status') == "invited": users.remove(user) # bug #133 delete user associations for group_name in _find_groups_for_user(email): groups.update({'name':group_name}, {'$pull': {'users': email}}) for site in _find_sites_for_user(email): sites.update({'url':site}, {'$pull': {'users': email}}) invites.remove({'id': id}) return jsonify(success=True)
def get_reports_history(): history = [] user_email = request.args.get('user') if user_email is not None: user = users.find_one({'email': user_email}) if user is None: return jsonify(success=False, reason='no-such-user') for s in scans.find({ 'configuration.target': { '$in': _find_sites_for_user(user_email) } }).sort("created", -1).limit(100): history.append(summarize_scan(sanitize_scan(s))) else: for s in scans.find({}).sort("created", -1).limit(100): history.append(summarize_scan(sanitize_scan(s))) return jsonify(success=True, report=history)
def has_permission(*args, **kwargs): email = request.args.get("email") # If the task is scheduled by crontab, proceed with the task if email == "cron": return view(*args, **kwargs) if email: user = users.find_one({"email": email}) if not user: return jsonify(success=False, reason="user-does-not-exist") scan = scans.find_one({"id": kwargs["scan_id"]}) if user["role"] == "user": groupz = groups.find({"users": email, "sites": scan["configuration"]["target"]}) if not groupz.count(): return jsonify(success=False, reason="not-found") return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def get_reports_sites(): result = [] user_email = request.args.get('user') if user_email is not None: # User specified, so return recent scans for each site/plan that the user can see user = users.find_one({'email': user_email}) if user is None: return jsonify(success=False, reason='no-such-user') for site_url in sorted(_find_sites_for_user(user_email)): site = sites.find_one({'url': site_url}) if site is not None: for plan_name in site['plans']: l = list(scans.find({'configuration.target':site['url'], 'plan.name': plan_name}).sort("created", -1).limit(1)) if len(l) == 1: scan = summarize_scan(sanitize_scan(l[0])) s = {v: scan.get(v) for v in ('id', 'created', 'state', 'issues')} result.append({'target': site_url, 'plan': plan_name, 'scan': scan}) else: result.append({'target': site_url, 'plan': plan_name, 'scan': None}) return jsonify(success=True, report=result)
def has_permission(*args, **kwargs): email = request.args.get('email') # If the task is scheduled by crontab, proceed with the task if email == 'cron': return view(*args, **kwargs) if email: user = users.find_one({'email': email}) if not user: return jsonify(success=False, reason='user-does-not-exist') scan = scans.find_one({"id": kwargs['scan_id']}) if user['role'] == 'user': groupz = groups.find({ 'users': email, 'sites': scan['configuration']['target'] }) if not groupz.count(): return jsonify(success=False, reason='not-found') return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def get_reports_issues(): result = [] group_name = request.args.get('group_name') user_email = request.args.get('user') if user_email is not None: # User specified, so return recent scans for each site/plan that the user can see user = users.find_one({'email': user_email}) if user is None: return jsonify(success=False, reason='no-such-user') if group_name: site_list = _find_sites_for_user_by_group_name( user_email, group_name) else: site_list = _find_sites_for_user(user_email) for site_url in sorted(site_list): r = {'target': site_url, 'issues': []} site = sites.find_one({'url': site_url}) if site is not None: for plan_name in site['plans']: for s in scans.find({ 'configuration.target': site['url'], 'plan.name': plan_name }).sort("created", -1).limit(1): for session in s['sessions']: for issue in session['issues']: r['issues'].append({ 'severity': issue['Severity'], 'summary': issue['Summary'], 'scan': { 'id': s['id'] }, 'id': issue['Id'] }) result.append(r) return jsonify(success=True, report=result)
def update_invite(id): timenow = datetime.datetime.utcnow() action = request.json['action'].lower() invitation = invites.find_one({'id': id}) if invitation: max_time_allowed = invitation.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed') recipient = invitation['recipient'] recipient_name = invitation['recipient_name'] sender = invitation['sender'] sender_name = invitation['sender_name'] sent_on = invitation['sent_on'] accepted_on = invitation['accepted_on'] expire_on = invitation['expire_on'] user = users.find_one({'email': recipient}) if user is None: return jsonify(success=False, reason="user-not-created") if accepted_on is not None: return jsonify(success=False, reason="invitation-has-been-used") if not action in ('resend', 'accept', 'decline'): return jsonify(success=False, reason='invalid-action') if action == 'resend': new_id = str(uuid.uuid4()) base_url = request.json['base_url'] send_email('invite', invitation, extra_data={'base_url': base_url}) # generate new record sent_on = datetime.datetime.utcnow() expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed) invitation['id'] = new_id invitation['sent_on'] = sent_on invitation['expire_on'] = expire_on invites.update({'id': id}, { '$set': { 'sent_on': invitation['sent_on'], 'id': invitation['id'] } }) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'accept': # if time now is ahead of expire_on, the delta is negative if (expire_on - timenow).seconds < 0: invitation['status'] = 'expired' invites.update({'id': id}, {'$set': {'status': 'expired'}}) return jsonify(success=False, reason='invitation-expired') else: invitation['status'] = 'used' invitation['accepted_on'] = datetime.datetime.utcnow() invites.update({'id': id}, { '$set': { 'accepted_on': invitation['accepted_on'], 'status': 'used' } }) users.update({'email': recipient}, {'$set': {'status': 'active', \ 'email': request.json['login']}}) if invitation['recipient'] != request.json['login']: update_group_association(invitation['recipient'], request.json['login']) # if user's persona email is different invitation['recipient'] = request.json['login'] # notify inviter if he chooses to receive such notification if "accept" in invitation['notify_when']: send_email('accept', invitation) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'decline': invitation['status'] = 'declined' invites.update({'id': id}, {'$set': {'status': 'declined'}}) users.remove(user) remove_group_association(invitation['recipient']) # notify inviter if he chooses to if "decline" in invitation['notify_when']: send_email('decline', invitation) return jsonify(success=True, invite=sanitize_invite(invitation)) else: return jsonify(success=False, reason='invitation-does-not-exist')
def update_invite(id): timenow = datetime.datetime.utcnow() action = request.json['action'].lower() invitation = invites.find_one({'id': id}) if invitation: max_time_allowed = invitation.get('max_time_allowed') \ or backend_config.get('invitation').get('max_time_allowed') recipient = invitation['recipient'] recipient_name = invitation['recipient_name'] sender = invitation['sender'] sender_name = invitation['sender_name'] sent_on = invitation['sent_on'] accepted_on = invitation['accepted_on'] expire_on = invitation['expire_on'] user = users.find_one({'email': recipient}) if user is None: return jsonify(success=False, reason="user-not-created") if accepted_on is not None: return jsonify(success=False, reason="invitation-has-been-used") if not action in ('resend', 'accept', 'decline'): return jsonify(success=False, reason='invalid-action') if action == 'resend': new_id = str(uuid.uuid4()) base_url = request.json['base_url'] send_email('invite', invitation, extra_data={'base_url': base_url}) # generate new record sent_on = datetime.datetime.utcnow() expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed) invitation['id'] = new_id invitation['sent_on'] = sent_on invitation['expire_on'] = expire_on invites.update({'id': id}, {'$set': {'sent_on': invitation['sent_on'], 'id': invitation['id']}}) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'accept': # if time now is ahead of expire_on, the delta is negative if (expire_on - timenow).seconds < 0: invitation['status'] = 'expired' invites.update({'id': id}, {'$set': {'status': 'expired'}}) return jsonify(success=False, reason='invitation-expired') else: invitation['status'] = 'used' invitation['accepted_on'] = datetime.datetime.utcnow() invites.update({'id': id},{'$set': {'accepted_on': invitation['accepted_on'], 'status': 'used'}}) users.update({'email': recipient}, {'$set': {'status': 'active', \ 'email': request.json['login']}}) if invitation['recipient'] != request.json['login']: update_group_association(invitation['recipient'], request.json['login']) # if user's persona email is different invitation['recipient'] = request.json['login'] # notify inviter if he chooses to receive such notification if "accept" in invitation['notify_when']: send_email('accept', invitation) return jsonify(success=True, invite=sanitize_invite(invitation)) elif action == 'decline': invitation['status'] = 'declined' invites.update({'id': id}, {'$set': {'status': 'declined'}}) users.remove(user) remove_group_association(invitation['recipient']) # notify inviter if he chooses to if "decline" in invitation['notify_when']: send_email('decline', invitation) return jsonify(success=True, invite=sanitize_invite(invitation)) else: return jsonify(success=False, reason='invitation-does-not-exist')