def make_new_user_and_token(name='francine', tier='superadmin'):
user = User()
user.create_admin_auth(email=name + '@withsempo.com',
password='******',
tier=tier)
user.organisations.append(create_organisation)
user.default_organisation = create_organisation
user.is_activated = True
user.set_TFA_secret()
user.TFA_enabled = True
db.session.commit()
return user, get_complete_auth_token(user)
def get_or_create_admin_user(email, password, admin_organisation):
instance = User.query.filter_by(
email=str(email).lower()).first()
if instance:
return instance
else:
user = User(first_name='Admin', last_name='user')
user.create_admin_auth(
email=email,
password=password,
tier='sempoadmin',
organisation=admin_organisation
)
user.is_activated = True
db.session.add(user)
return user
def post(self):
# get the post data
post_data = request.get_json()
email = post_data.get('email') or post_data.get('username')
password = post_data.get('password')
phone = post_data.get('phone')
referral_code = post_data.get('referral_code')
if phone is not None:
# this is a registration from a mobile device THUS a vendor or recipient.
response_object, response_code = UserUtils.proccess_create_or_modify_user_request(
post_data,
is_self_sign_up=True,
)
if response_code == 200:
db.session.commit()
return make_response(jsonify(response_object)), response_code
email_ok = False
whitelisted_emails = EmailWhitelist.query\
.filter_by(referral_code=referral_code, used=False) \
.execution_options(show_all=True).all()
selected_whitelist_item = None
exact_match = False
tier = None
sempoadmin_emails = current_app.config['SEMPOADMIN_EMAILS']
if sempoadmin_emails != [''] and email in sempoadmin_emails:
email_ok = True
tier = 'sempoadmin'
for whitelisted in whitelisted_emails:
if whitelisted.allow_partial_match and whitelisted.email in email:
email_ok = True
tier = whitelisted.tier
selected_whitelist_item = whitelisted
exact_match = False
continue
elif whitelisted.email == email:
email_ok = True
whitelisted.used = True
tier = whitelisted.tier
selected_whitelist_item = whitelisted
exact_match = True
continue
if not email_ok:
response_object = {
'status': 'fail',
'message': 'Invalid email domain.',
}
return make_response(jsonify(response_object)), 403
if len(password) < 7:
response_object = {
'status': 'fail',
'message': 'Password must be at least 6 characters long',
}
return make_response(jsonify(response_object)), 403
# check if user already exists
user = User.query.filter_by(email=email).execution_options(show_all=True).first()
if user:
response_object = {
'status': 'fail',
'message': 'User already exists. Please Log in.',
}
return make_response(jsonify(response_object)), 403
if tier is None:
tier = 'subadmin'
if selected_whitelist_item:
organisation = selected_whitelist_item.organisation
else:
organisation = Organisation.master_organisation()
user = User(blockchain_address=organisation.primary_blockchain_address)
user.create_admin_auth(email, password, tier, organisation)
# insert the user
db.session.add(user)
db.session.flush()
if exact_match:
user.is_activated = True
auth_token = user.encode_auth_token()
# Possible Outcomes:
# TFA required, but not set up
# TFA not required
tfa_response_oject = tfa_logic(user, tfa_token=None)
if tfa_response_oject:
tfa_response_oject['auth_token'] = auth_token.decode()
db.session.commit() # need this here to commit a created user to the db
return make_response(jsonify(tfa_response_oject)), 401
# Update the last_seen TS for this user
user.update_last_seen_ts()
response_object = create_user_response_object(user, auth_token, 'Successfully activated.')
db.session.commit()
return make_response(jsonify(response_object)), 201
activation_token = user.encode_single_use_JWS('A')
send_activation_email(activation_token, email)
db.session.commit()
# generate the auth token
response_object = {
'status': 'success',
'message': 'Successfully registered. You must activate your email.',
}
return make_response(jsonify(response_object)), 201
def change_initial_pin(user: User, new_pin):
user.is_activated = True
change_pin(user, new_pin)
