def activate_user(user_id):
user = User.from_id(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
organisation_id = session.get('organisation_id')
activated_user = user.activate()
activated_user.login()
invited_user = InvitedUser.from_session()
if invited_user:
service_id = _add_invited_user_to_service(invited_user)
service = Service.from_id(service_id)
if service.has_permission('broadcast'):
return redirect(
url_for('main.broadcast_tour',
service_id=service.id,
step_index=1))
return redirect(
url_for('main.service_dashboard', service_id=service_id))
invited_org_user = InvitedOrgUser.from_session()
if invited_org_user:
user_api_client.add_user_to_organisation(invited_org_user.organisation,
session['user_details']['id'])
if organisation_id:
return redirect(
url_for('main.organisation_dashboard', org_id=organisation_id))
else:
return redirect(url_for('main.add_service', first='first'))
def test_invited_user_from_session_uses_id(client, mocker,
mock_get_invited_user_by_id):
session_dict = {'invited_user_id': USER_ONE_ID}
mocker.patch.dict('app.models.user.session',
values=session_dict,
clear=True)
assert InvitedUser.from_session().id == USER_ONE_ID
mock_get_invited_user_by_id.assert_called_once_with(USER_ONE_ID)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for("main.show_accounts_or_dashboard"))
form = LoginForm()
if form.validate_on_submit():
login_data = {
"user-agent": request.headers["User-Agent"],
"location": _geolocate_ip(get_remote_addr(request)),
}
user = User.from_email_address_and_password_or_none(form.email_address.data, form.password.data, login_data)
if user and user.locked:
flash(
_("Your account has been locked after {} sign-in attempts. Please email us at [email protected]").format(
user.max_failed_login_count
)
)
abort(400)
if user and user.state == "pending":
return redirect(url_for("main.resend_email_verification"))
if user and session.get("invited_user"):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower():
flash(_("You cannot accept an invite for another person."))
session.pop("invited_user", None)
abort(403)
else:
invited_user.accept_invite()
requires_email_login = user and user.requires_email_login
if user and user.sign_in():
if user.sms_auth and not requires_email_login:
return redirect(url_for(".two_factor_sms_sent", next=request.args.get("next")))
if user.email_auth or requires_email_login:
args = {"requires_email_login": True} if requires_email_login else {}
return redirect(url_for(".two_factor_email_sent", **args))
# Vague error message for login in case of user not known, inactive or password not verified
flash(_("The email address or password you entered is incorrect."))
other_device = current_user.logged_in_elsewhere()
return render_template(
"views/signin.html",
form=form,
again=bool(request.args.get("next")),
other_device=other_device,
)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.show_accounts_or_dashboard'))
form = LoginForm()
password_reset_url = url_for('.forgot_password',
next=request.args.get('next'))
redirect_url = request.args.get('next')
if form.validate_on_submit():
user = User.from_email_address_and_password_or_none(
form.email_address.data, form.password.data)
if user and user.state == 'pending':
return redirect(
url_for('main.resend_email_verification', next=redirect_url))
if user and session.get('invited_user'):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower(
):
flash("You cannot accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invited_user.accept_invite()
if user and user.sign_in():
if user.sms_auth:
return redirect(url_for('.two_factor', next=redirect_url))
if user.email_auth:
return redirect(
url_for('.two_factor_email_sent', next=redirect_url))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(
Markup(
(f"The email address or password you entered is incorrect."
f" <a href={password_reset_url}>Forgotten your password?</a>"
)))
other_device = current_user.logged_in_elsewhere()
return render_template('views/signin.html',
form=form,
again=bool(redirect_url),
other_device=other_device,
password_reset_url=password_reset_url)
def sign_in():
if current_user and current_user.is_authenticated:
return redirect(url_for('main.show_accounts_or_dashboard'))
form = LoginForm()
if form.validate_on_submit():
login_data = {
"user-agent": request.headers["User-Agent"],
"location": _geolocate_ip(request.remote_addr)
}
user = User.from_email_address_and_password_or_none(
form.email_address.data, form.password.data, login_data)
if user and user.state == 'pending':
return redirect(url_for('main.resend_email_verification'))
if user and session.get('invited_user'):
invited_user = InvitedUser.from_session()
if user.email_address.lower() != invited_user.email_address.lower(
):
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invited_user.accept_invite()
if user and user.sign_in():
if user.sms_auth:
return redirect(
url_for('.two_factor', next=request.args.get('next')))
if user.email_auth:
return redirect(url_for('.two_factor_email_sent'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash(_("The email address or password you entered is incorrect."))
other_device = current_user.logged_in_elsewhere()
return render_template('views/signin.html',
form=form,
again=bool(request.args.get('next')),
other_device=other_device)
def register_from_invite():
invited_user = InvitedUser.from_session()
if not invited_user:
abort(404)
form = RegisterUserFromInviteForm(invited_user)
if form.validate_on_submit():
if form.service.data != invited_user.service or form.email_address.data != invited_user.email_address:
abort(400)
_do_registration(form,
send_email=False,
send_sms=invited_user.sms_auth)
invited_user.accept_invite()
if invited_user.sms_auth:
return redirect(url_for('main.verify'))
else:
# we've already proven this user has email because they clicked the invite link,
# so just activate them straight away
return activate_user(session['user_details']['id'])
return render_template('views/register-from-invite.html',
invited_user=invited_user,
form=form)
def test_invited_user_from_session_returns_none_if_nothing_present(
client, mocker):
mocker.patch.dict('app.models.user.session', values={}, clear=True)
assert InvitedUser.from_session() is None