def wrapped(*args, **kwargs):
sess = GlobalDB.db().session
try:
req_args = {
'agency_code':
RequestDictionary.derive(request).get('agency_code', None),
'existing_submission_id':
RequestDictionary.derive(request).get(
'existing_submission_id', None)
}
except (ValueError, TypeError) as e:
raise ResponseException(e, StatusCode.CLIENT_ERROR)
except BadRequest:
raise ResponseException(
'Bad request: agency_code or existing_submission_id not included properly',
StatusCode.CLIENT_ERROR)
if req_args['agency_code'] is None and req_args[
'existing_submission_id'] is None:
raise ResponseException(
'Missing required parameter: agency_code or existing_submission_id',
StatusCode.CLIENT_ERROR)
if not isinstance(req_args['agency_code'], str) and not isinstance(
req_args['existing_submission_id'], str):
raise ResponseException(
'Bad request: agency_code or existing_submission_id' +
'required and must be strings', StatusCode.CLIENT_ERROR)
if req_args['existing_submission_id'] is not None:
check_existing_submission_perms(
perm, req_args['existing_submission_id'])
else:
sub_tier_agency = sess.query(SubTierAgency).\
filter(SubTierAgency.sub_tier_agency_code == req_args['agency_code']).one_or_none()
if sub_tier_agency is None:
raise ResponseException(
'sub_tier_agency must be a valid sub_tier_agency_code',
StatusCode.CLIENT_ERROR)
cgac_code = sub_tier_agency.cgac.cgac_code if sub_tier_agency.cgac_id else None
frec_code = sub_tier_agency.frec.frec_code if sub_tier_agency.frec_id else None
if not active_user_can(
perm, cgac_code=cgac_code, frec_code=frec_code):
raise ResponseException(
"User does not have permissions to write to that subtier agency",
StatusCode.PERMISSION_DENIED)
return fn(*args, **kwargs)
def list_users_with_status(self):
""" List all users with the specified status. Associated request body must have key 'status' """
request_dict = RequestDictionary.derive(self.request)
try:
if 'status' not in request_dict:
# Missing a required field, return 400
raise ResponseException(
"Request body must include status", StatusCode.CLIENT_ERROR)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
sess = GlobalDB.db().session
try:
users = sess.query(User).filter_by(
user_status_id=USER_STATUS_DICT[request_dict['status']]
).all()
except ValueError as exc:
# Client provided a bad status
return JsonResponse.error(exc, StatusCode.CLIENT_ERROR)
user_info = []
for user in users:
agency_name = sess.query(CGAC.agency_name).\
filter(CGAC.cgac_code == user.cgac_code).\
one_or_none()
this_info = {"name":user.name, "title":user.title, "agency_name":agency_name, "cgac_code":user.cgac_code,
"email":user.email, "id":user.user_id }
user_info.append(this_info)
return JsonResponse.create(StatusCode.OK,{"users":user_info})
def email_users(self, system_email):
""" Send email notification to list of users
Args:
system_email: the address of the system to send the email from
Returns:
A JsonReponse containing a message that the email sent successfully or the details of the missing
parameters
"""
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
required = ('users', 'submission_id', 'email_template')
try:
if any(field not in request_dict for field in required):
raise ResponseException(
"Email users route requires users, email_template, and submission_id",
StatusCode.CLIENT_ERROR)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
user_ids = request_dict['users']
submission_id = request_dict['submission_id']
# Check if submission id is valid
_, agency_name = sess.query(Submission.submission_id, CGAC.agency_name).\
join(CGAC, Submission.cgac_code == CGAC.cgac_code).filter(Submission.submission_id == submission_id).one()
if not agency_name:
_, agency_name = sess.query(Submission.submission_id, FREC.agency_name).\
join(FREC, Submission.frec_code == FREC.frec_code).\
filter(Submission.submission_id == submission_id).one()
template_type = request_dict['email_template']
# Check if email template type is valid
get_email_template(template_type)
users = []
link = "".join(
[AccountHandler.FRONT_END, '#/reviewData/',
str(submission_id)])
email_template = {
'[REV_USER_NAME]': g.user.name,
'[REV_AGENCY]': agency_name,
'[REV_URL]': link
}
for user_id in user_ids:
# Check if user id is valid, if so add User object to array
users.append(
sess.query(User).filter(User.user_id == user_id).one())
for user in users:
new_email = SesEmail(user.email,
system_email,
template_type=template_type,
parameters=email_template)
new_email.send()
return JsonResponse.create(StatusCode.OK,
{"message": "Emails successfully sent"})
def set_skip_guide(self):
""" Set current user's skip guide parameter
Returns:
JsonResponse object containing results of setting the skip guide or details of the error that occurred.
Possible errors include the request not containing a skip_guide parameter or it not being a boolean
value
"""
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
try:
if 'skip_guide' not in request_dict:
raise ResponseException(
"Must include skip_guide parameter",
StatusCode.CLIENT_ERROR
)
skip_guide = str(request_dict['skip_guide']).lower()
if skip_guide not in ("true", "false"):
raise ResponseException(
"skip_guide must be true or false",
StatusCode.CLIENT_ERROR
)
g.user.skip_guide = skip_guide == "true"
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
sess.commit()
return JsonResponse.create(StatusCode.OK, {"message": "skip_guide set successfully", "skip_guide": skip_guide})
def list_users(self):
""" List all users ordered by status. Associated request body must have key 'filter_by' """
request_dict = RequestDictionary.derive(
self.request, optional_request=True)
user_status = request_dict.get('status', 'all')
sess = GlobalDB.db().session
try:
user_query = sess.query(User)
if user_status != "all":
user_query = user_query.filter(User.user_status_id == USER_STATUS_DICT[user_status])
users = user_query.all()
except ValueError as exc:
# Client provided a bad status
return JsonResponse.error(exc, StatusCode.CLIENT_ERROR)
user_info = []
for user in users:
agency_name = sess.query(CGAC.agency_name).\
filter(CGAC.cgac_code == user.cgac_code).\
one_or_none()
thisInfo = {"name":user.name, "title":user.title, "agency_name":agency_name, "cgac_code":user.cgac_code,
"email":user.email, "id":user.user_id, "is_active":user.is_active,
"permission": PERMISSION_TYPE_DICT_ID.get(user.permission_type_id), "status": user.user_status.name}
user_info.append(thisInfo)
return JsonResponse.create(StatusCode.OK,{"users":user_info})
def reset_password(self,system_email,session):
"""
Remove old password and email user a token to set a new password. Request should have key "email"
arguments:
system_email -- (string) email used to send messages
session -- (Session) object from flask
"""
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
try:
if 'email' not in request_dict:
# Don't have the keys we need in request
raise ResponseException(
"Reset password route requires key 'email'",
StatusCode.CLIENT_ERROR
)
user = sess.query(User).filter(
func.lower(User.email) == func.lower(request_dict['email'])
).one()
except Exception as exc:
return JsonResponse.error(exc, StatusCode.CLIENT_ERROR)
email = request_dict['email']
LoginSession.logout(session)
self.send_reset_password_email(user, system_email, email)
# Return success message
return JsonResponse.create(StatusCode.OK,{"message":"Password reset"})
def upload_fabs_file():
if "multipart/form-data" not in request.headers['Content-Type']:
return JsonResponse.error(ValueError("Request must be a multipart/form-data type"), StatusCode.CLIENT_ERROR)
params = RequestDictionary.derive(request)
fabs = params.get('_files', {}).get('fabs', None)
file_manager = FileHandler(request, is_local=is_local, server_path=server_path)
return file_manager.upload_fabs_file(fabs)
def checkPasswordToken(self,session):
"""
Checks the password token if its valid
arguments:
session -- (Session) object from flask
return the reponse object with a error code and a message
"""
request_fields = RequestDictionary.derive(self.request)
try:
if 'token' not in request_fields:
raise ResponseException(
"Request body must include token", StatusCode.CLIENT_ERROR)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
token = request_fields['token']
# Save token to be deleted after reset
session["token"] = token
success, message, errorCode = sesEmail.check_token(token, "password_reset")
if success:
#mark session that password can be filled out
LoginSession.reset_password(session)
return JsonResponse.create(StatusCode.OK,{"email":message,"errorCode":errorCode,"message":"success"})
else:
#failure but alert UI of issue
return JsonResponse.create(StatusCode.OK,{"errorCode":errorCode,"message":message})
def set_skip_guide(self):
""" Set current user's skip guide parameter
Returns:
JsonResponse object containing results of setting the skip guide or details of the error that occurred.
Possible errors include the request not containing a skip_guide parameter or it not being a boolean
value
"""
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
try:
if 'skip_guide' not in request_dict:
raise ResponseException("Must include skip_guide parameter",
StatusCode.CLIENT_ERROR)
skip_guide = str(request_dict['skip_guide']).lower()
if skip_guide not in ("true", "false"):
raise ResponseException("skip_guide must be true or false",
StatusCode.CLIENT_ERROR)
g.user.skip_guide = skip_guide == "true"
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
sess.commit()
return JsonResponse.create(StatusCode.OK, {
"message": "skip_guide set successfully",
"skip_guide": skip_guide
})
def upload_fabs_file():
if "multipart/form-data" not in request.headers['Content-Type']:
return JsonResponse.error(ValueError("Request must be a multipart/form-data type"), StatusCode.CLIENT_ERROR)
params = RequestDictionary.derive(request)
fabs = params.get('_files', {}).get('fabs', None)
file_manager = FileHandler(request, is_local=is_local, server_path=server_path)
return file_manager.upload_fabs_file(fabs)
def set_new_password(self, session):
""" Set a new password for a user, request should have keys "user_email" and "password" """
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
required = ('user_email', 'password')
try:
if any(field not in request_dict for field in required):
# Don't have the keys we need in request
raise ResponseException(
"Set password route requires keys user_email and password",
StatusCode.CLIENT_ERROR
)
if not self.checkPassword(request_dict['password']):
raise ResponseException(
"Invalid Password", StatusCode.CLIENT_ERROR)
except ResponseException as exc:
return JsonResponse.error(exc,exc.status)
# Get user from email
user = sess.query(User).filter(
func.lower(User.email) == func.lower(request_dict["user_email"])
).one()
# Set new password
set_user_password(user,request_dict["password"],self.bcrypt)
# Invalidate token
oldToken = sess.query(EmailToken).filter(EmailToken.token == session["token"]).one()
sess.delete(oldToken)
sess.commit()
session["reset"] = None
# Return success message
return JsonResponse.create(StatusCode.OK,{"message":"Password successfully changed"})
def wrapped(*args, **kwargs):
sess = GlobalDB.db().session
try:
req_args = {
'agency_code': RequestDictionary.derive(request).get('agency_code', None),
'existing_submission_id': RequestDictionary.derive(request).get('existing_submission_id', None)
}
except (ValueError, TypeError) as e:
raise ResponseException(e, StatusCode.CLIENT_ERROR)
except BadRequest as e:
raise ResponseException('Bad request: agency_code or existing_submission_id not included properly',
StatusCode.CLIENT_ERROR)
if req_args['agency_code'] is None and req_args['existing_submission_id'] is None:
raise ResponseException('Missing required parameter: agency_code or existing_submission_id',
StatusCode.CLIENT_ERROR)
if not isinstance(req_args['agency_code'], str) and not isinstance(req_args['existing_submission_id'], str):
raise ResponseException('Bad request: agency_code or existing_submission_id' +
'required and must be strings', StatusCode.CLIENT_ERROR)
if req_args['existing_submission_id'] is not None:
check_existing_submission_perms(perm, req_args['existing_submission_id'])
else:
sub_tier_agency = sess.query(SubTierAgency).\
filter(SubTierAgency.sub_tier_agency_code == req_args['agency_code']).one_or_none()
if sub_tier_agency is None:
raise ResponseException('sub_tier_agency must be a valid sub_tier_agency_code',
StatusCode.CLIENT_ERROR)
cgac_code = sub_tier_agency.cgac.cgac_code if sub_tier_agency.cgac_id else None
frec_code = sub_tier_agency.frec.frec_code if sub_tier_agency.frec_id else None
if not current_user_can(perm, cgac_code=cgac_code, frec_code=frec_code):
raise ResponseException("User does not have permissions to write to that subtier agency",
StatusCode.PERMISSION_DENIED)
return fn(*args, **kwargs)
def create_email_confirmation(self,system_email):
"""
Creates user record and email
arguments:
system_email -- (string) email used to send messages
"""
sess = GlobalDB.db().session
request_fields = RequestDictionary.derive(self.request)
try:
if 'email' not in request_fields:
raise ResponseException(
"Request body must include email", StatusCode.CLIENT_ERROR)
email = request_fields['email']
if not re.match("[^@]+@[^@]+\.[^@]+",email):
raise ValueError("Invalid Email Format")
except (ResponseException, ValueError) as exc:
return JsonResponse.error(exc, StatusCode.CLIENT_ERROR)
try :
user = sess.query(User).filter(
func.lower(User.email) == func.lower(request_fields['email'])
).one()
except NoResultFound:
# Create user with specified email if none is found
user = User(email=email)
user.user_status_id = USER_STATUS_DICT["awaiting_confirmation"]
user.permissions = 0
sess.add(user)
sess.commit()
else:
try:
good_statuses = (USER_STATUS_DICT["awaiting_confirmation"],
USER_STATUS_DICT["email_confirmed"])
if user.user_status_id not in good_statuses:
raise ResponseException(
"User already registered", StatusCode.CLIENT_ERROR)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
email_token = sesEmail.createToken(email, "validate_email")
link= "".join([AccountHandler.FRONT_END,'#/registration/',email_token])
email_template = {'[USER]': email, '[URL]':link}
new_email = sesEmail(email, system_email,templateType="validate_email",parameters=email_template)
new_email.send()
return JsonResponse.create(StatusCode.OK,{"message":"Email Sent"})
def deleteUser(self):
""" Deletes user specified by 'email' in request """
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
try:
if 'email' not in request_dict:
# missing required fields, return 400
raise ResponseException(
"Request body must include email of user to be deleted",
StatusCode.CLIENT_ERROR
)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
email = request_dict['email']
sess.query(User).filter(User.email == email).delete()
sess.commit()
return JsonResponse.create(StatusCode.OK,{"message":"success"})
def check_email_confirmation_token(self,session):
"""
Creates user record and email
arguments:
session -- (Session) object from flask
return the response object with a error code and a message
"""
sess = GlobalDB.db().session
request_fields = RequestDictionary.derive(self.request)
try:
if 'token' not in request_fields:
raise ResponseException(
"Request body must include token",
StatusCode.CLIENT_ERROR
)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
token = request_fields['token']
session["token"] = token
success, message, errorCode = sesEmail.check_token(token, "validate_email")
if success:
#mark session that email can be filled out
LoginSession.register(session)
#remove token so it cant be used again
# The following lines are commented out for issues with registration email links bouncing users back
# to the original email input page instead of the registration page
# oldToken = sess.query(EmailToken).filter(EmailToken.token == session["token"]).one()
# sess.delete(oldToken)
# sess.commit()
#set the status only if current status is awaiting confirmation
user = sess.query(User).filter(func.lower(User.email) == func.lower(message)).one()
if user.user_status_id == USER_STATUS_DICT["awaiting_confirmation"]:
user.user_status_id = USER_STATUS_DICT["email_confirmed"]
sess.commit()
return JsonResponse.create(StatusCode.OK,{"email":message,"errorCode":errorCode,"message":"success"})
else:
#failure but alert UI of issue
return JsonResponse.create(StatusCode.OK,{"errorCode":errorCode,"message":message})
def email_users(self, system_email):
""" Send email notification to list of users """
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
required = ('users', 'submission_id', 'email_template')
try:
if any(field not in request_dict for field in required):
raise ResponseException(
"Email users route requires users, email_template, and "
"submission_id", StatusCode.CLIENT_ERROR
)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
user_ids = request_dict['users']
submission_id = request_dict['submission_id']
# Check if submission id is valid
_, agency_name = sess.query(Submission.submission_id, CGAC.agency_name)\
.join(CGAC, Submission.cgac_code == CGAC.cgac_code)\
.filter(Submission.submission_id == submission_id).one()
if not agency_name:
_, agency_name = sess.query(Submission.submission_id, FREC.agency_name) \
.join(FREC, Submission.frec_code == FREC.frec_code) \
.filter(Submission.submission_id == submission_id).one()
template_type = request_dict['email_template']
# Check if email template type is valid
get_email_template(template_type)
users = []
link = "".join([AccountHandler.FRONT_END, '#/reviewData/', str(submission_id)])
email_template = {'[REV_USER_NAME]': g.user.name, '[REV_AGENCY]': agency_name, '[REV_URL]': link}
for user_id in user_ids:
# Check if user id is valid, if so add User object to array
users.append(sess.query(User).filter(User.user_id == user_id).one())
for user in users:
new_email = SesEmail(user.email, system_email, template_type=template_type, parameters=email_template)
new_email.send()
return JsonResponse.create(StatusCode.OK, {"message": "Emails successfully sent"})
def set_skip_guide(self):
""" Set current user's skip guide parameter """
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
try:
if 'skip_guide' not in request_dict:
raise ResponseException("Must include skip_guide parameter",
StatusCode.CLIENT_ERROR)
skip_guide = str(request_dict['skip_guide']).lower()
if skip_guide not in ("true", "false"):
raise ResponseException("skip_guide must be true or false",
StatusCode.CLIENT_ERROR)
g.user.skip_guide = skip_guide == "true"
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
sess.commit()
return JsonResponse.create(StatusCode.OK, {
"message": "skip_guide set successfully",
"skip_guide": skip_guide
})
def set_skip_guide(self):
""" Set current user's skip guide parameter """
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
try:
if 'skip_guide' not in request_dict:
raise ResponseException(
"Must include skip_guide parameter",
StatusCode.CLIENT_ERROR
)
skip_guide = str(request_dict['skip_guide']).lower()
if skip_guide not in ("true", "false"):
raise ResponseException(
"skip_guide must be true or false",
StatusCode.CLIENT_ERROR
)
g.user.skip_guide = skip_guide == "true"
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
sess.commit()
return JsonResponse.create(StatusCode.OK, {"message": "skip_guide set successfully", "skip_guide": skip_guide})
def email_users(self, system_email, session):
""" Send email notification to list of users """
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
required = ('users', 'submission_id', 'email_template')
try:
if any(field not in request_dict for field in required):
raise ResponseException(
"Email users route requires users, email_template, and "
"submission_id", StatusCode.CLIENT_ERROR
)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
current_user = sess.query(User).filter(User.user_id == session["name"]).one()
user_ids = request_dict['users']
submission_id = request_dict['submission_id']
# Check if submission id is valid
sess.query(Submission).filter_by(submission_id=submission_id).one()
template_type = request_dict['email_template']
# Check if email template type is valid
get_email_template(template_type)
users = []
link = "".join([AccountHandler.FRONT_END, '#/reviewData/', str(submission_id)])
email_template = {'[REV_USER_NAME]': current_user.name, '[REV_URL]': link}
for user_id in user_ids:
# Check if user id is valid, if so add User object to array
users.append(sess.query(User).filter(User.user_id == user_id).one())
for user in users:
new_email = sesEmail(user.email, system_email, templateType=template_type, parameters=email_template)
new_email.send()
return JsonResponse.create(StatusCode.OK, {"message": "Emails successfully sent"})
def set_skip_guide(self, session):
""" Set current user's skip guide parameter """
sess = GlobalDB.db().session
user = sess.query(User).filter(User.user_id == session["name"]).one()
request_dict = RequestDictionary.derive(self.request)
try:
if 'skip_guide' not in request_dict:
raise ResponseException(
"Must include skip_guide parameter",
StatusCode.CLIENT_ERROR
)
skip_guide = request_dict['skip_guide']
if isinstance(skip_guide, bool): # e.g. from JSON
user.skip_guide = skip_guide
elif isinstance(skip_guide, str):
# param is a string, allow "true" or "false"
if skip_guide.lower() == "true":
user.skip_guide = True
elif skip_guide.lower() == "false":
user.skip_guide = False
else:
raise ResponseException(
"skip_guide must be true or false",
StatusCode.CLIENT_ERROR
)
else:
raise ResponseException(
"skip_guide must be a boolean", StatusCode.CLIENT_ERROR)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
sess.commit()
return JsonResponse.create(
StatusCode.OK,
{"message": "skip_guide set successfully",
"skip_guide":skip_guide}
)
def update_user(self, system_email):
"""
Update editable fields for specified user. Editable fields for a user:
* is_active
* user_status_id
Args:
system_email: address the email is sent from
Request body should contain the following keys:
* uid (integer)
* status (string)
* is_active (boolean)
Returns: JSON response object with either an exception or success message
"""
sess = GlobalDB.db().session
request_dict = RequestDictionary.derive(self.request)
try:
editable_fields = ('status', 'permissions', 'is_active')
has_editable = any(key in request_dict for key in editable_fields)
if 'uid' not in request_dict or not has_editable:
# missing required fields, return 400
raise ResponseException(
"Request body must include uid and at least one of the "
"following: status, permissions, is_active",
StatusCode.CLIENT_ERROR
)
# Find user that matches specified uid
user = sess.query(User).filter_by(
user_id=int(request_dict['uid'])).one_or_none()
if user is None:
raise ResponseException(
"No users with that uid", StatusCode.CLIENT_ERROR)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
if 'status' in request_dict:
#check if the user is waiting
if user.user_status_id == USER_STATUS_DICT["awaiting_approval"]:
if request_dict['status'] == 'approved':
# Grant agency_user permission to newly approved users
user.permission_type_id = PERMISSION_TYPE_DICT['reader']
sess.merge(user)
sess.commit()
link = AccountHandler.FRONT_END
email_template = {'[URL]':link,'[EMAIL]':system_email}
new_email = sesEmail(user.email, system_email,templateType="account_approved",parameters=email_template)
new_email.send()
elif request_dict['status'] == 'denied':
email_template = {}
new_email = sesEmail(user.email, system_email,templateType="account_rejected",parameters=email_template)
new_email.send()
# Change user's status
try:
user.user_status_id = USER_STATUS_DICT[request_dict['status']]
except ValueError as e:
# In this case having a bad status name is a client error
raise ResponseException(str(e), StatusCode.CLIENT_ERROR, ValueError)
sess.commit()
# Activate/deactivate user
if 'is_active' in request_dict:
is_active = bool(request_dict['is_active'])
user.is_active = is_active
sess.commit()
return JsonResponse.create(StatusCode.OK, {"message": "User successfully updated"})
def register(self,system_email,session):
"""
Save user's information into user database. Associated request body should have keys 'email', 'name', 'cgac_code', and 'title'
arguments:
system_email -- (string) email used to send messages
session -- (Session) object from flask
Returns message that registration is successful or error message that fields are not valid
"""
def ThreadedFunction (username="", title="", cgac_code="", user_email="" , link="") :
"""
This inner function sends emails in a new thread as there could be lots of admins
username -- (string) the name of the user
title -- (string) the title of the user
cgac_code -- (string) the agency of the user
user_email -- (string) the email of the user
link -- (string) the broker email link
"""
agency_name = sess.query(CGAC.agency_name).\
filter(CGAC.cgac_code == cgac_code).\
one_or_none()
agency_name = "Unknown" if agency_name is None else agency_name
for user in sess.query(User).filter_by(permission_type_id=PERMISSION_TYPE_DICT['website_admin']):
email_template = {'[REG_NAME]': username, '[REG_TITLE]':title, '[REG_AGENCY_NAME]':agency_name,
'[REG_CGAC_CODE]': cgac_code,'[REG_EMAIL]' : user_email,'[URL]':link}
new_email = sesEmail(user.email, system_email,templateType="account_creation",parameters=email_template)
new_email.send()
sess = GlobalDB.db().session
request_fields = RequestDictionary.derive(self.request)
try:
required = ('email', 'name', 'cgac_code', 'title', 'password')
if any(field not in request_fields for field in required):
# Missing a required field, return 400
raise ResponseException(
"Request body must include email, name, cgac_code, "
"title, and password", StatusCode.CLIENT_ERROR
)
if not self.checkPassword(request_fields["password"]):
raise ResponseException(
"Invalid Password", StatusCode.CLIENT_ERROR)
# Find user that matches specified email
user = sess.query(User).filter(
func.lower(User.email) == func.lower(request_fields['email'])
).one_or_none()
if user is None:
raise ResponseException(
"No users with that email", StatusCode.CLIENT_ERROR)
# Check that user's status is before submission of registration
bad_statuses = (USER_STATUS_DICT["awaiting_confirmation"], USER_STATUS_DICT["email_confirmed"])
if user.user_status_id not in bad_statuses:
# Do not allow duplicate registrations
raise ResponseException(
"User already registered", StatusCode.CLIENT_ERROR)
# Add user info to database
user.name = request_fields['name']
user.cgac_code = request_fields['cgac_code']
user.title = request_fields['title']
sess.commit()
set_user_password(user, request_fields['password'], self.bcrypt)
except ResponseException as exc:
return JsonResponse.error(exc, exc.status)
user_link= "".join([AccountHandler.FRONT_END, '#/login?redirect=/admin'])
# Send email to approver list
email_thread = Thread(target=ThreadedFunction, kwargs=dict(username=user.name,title=user.title,cgac_code=user.cgac_code,user_email=user.email,link=user_link))
email_thread.start()
#email user
email_template = {'[EMAIL]' : system_email}
new_email = sesEmail(user.email, system_email,templateType="account_creation_user",parameters=email_template)
new_email.send()
# Logout and delete token
LoginSession.logout(session)
oldToken = sess.query(EmailToken).filter(EmailToken.token == session["token"]).one()
sess.delete(oldToken)
# Mark user as awaiting approval
user.user_status_id = USER_STATUS_DICT["awaiting_approval"]
sess.commit()
return JsonResponse.create(StatusCode.OK,{"message":"Registration successful"})
