def update_invite(id):
timenow = datetime.datetime.utcnow()
action = request.json['action'].lower()
invitation = invites.find_one({'id': id})
if invitation:
max_time_allowed = invitation.get('max_time_allowed') \
or backend_config.get('invitation').get('max_time_allowed')
recipient = invitation['recipient']
recipient_name = invitation['recipient_name']
sender = invitation['sender']
sender_name = invitation['sender_name']
sent_on = invitation['sent_on']
accepted_on = invitation['accepted_on']
expire_on = invitation['expire_on']
user = users.find_one({'email': recipient})
if user is None:
return jsonify(success=False, reason="user-not-created")
if accepted_on is not None:
return jsonify(success=False, reason="invitation-has-been-used")
if not action in ('resend', 'accept', 'decline'):
return jsonify(success=False, reason='invalid-action')
if action == 'resend':
new_id = str(uuid.uuid4())
base_url = request.json['base_url']
backend_utils.send_invite(recipient, recipient_name, sender, sender_name, base_url, new_id)
# generate new record
sent_on = datetime.datetime.utcnow()
expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed)
invitation['id'] = new_id
invitation['sent_on'] = sent_on
invitation['expire_on'] = expire_on
invites.update({'id': id}, {'$set':
{'sent_on': invitation['sent_on'],
'id': invitation['id']}})
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'accept':
# if time now is ahead of expire_on, the delta is negative
if (expire_on - timenow).seconds < 0:
invitation['status'] = 'expired'
invites.update({'id': id}, {'$set': {'status': 'expired'}})
return jsonify(success=False, reason='invitation-expired')
else:
invitation['status'] = 'used'
invitation['accepted_on'] = datetime.datetime.utcnow()
invites.update({'id': id},{'$set':
{'accepted_on': invitation['accepted_on'],
'status': 'used'}})
users.update({'email': recipient}, {'$set':
{'status': 'active'}})
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'decline':
invitation['status'] = 'declined'
invites.update({'id': id}, {'$set': {'status': 'decline'}})
return jsonify(success=True, invite=sanitize_invite(invitation))
else:
return jsonify(success=False, reason='invitation-does-not-exist')
def update_user(user_email):
new_user = request.json
# Verify the incoming user: user must exist, groups must exist, role must exist
old_user = users.find_one({'email': user_email})
if old_user is None:
return jsonify(success=False, reason='unknown-user')
old_user['groups'] = _find_groups_for_user(user_email)
old_user['sites'] = _find_sites_for_user(user_email)
if 'groups' in new_user:
for group_name in new_user.get('groups', []):
if not _check_group_exists(group_name):
return jsonify(success=False, reason='unknown-group')
if 'role' in new_user:
if new_user["role"] not in ("user", "administrator"):
return jsonify(success=False, reason="invalid-role")
if 'status' in new_user:
if new_user['status'] not in ('active', 'banned'):
return jsonify(success=False, reason='unknown-status-option')
# Update the group memberships
if 'groups' in new_user:
# Add new groups
for group_name in new_user.get('groups', []):
if group_name not in old_user['groups']:
groups.update({'name': group_name},
{'$addToSet': {
'users': user_email
}})
# Remove old groups
for group_name in old_user['groups']:
if group_name not in new_user.get('groups', []):
groups.update({'name': group_name},
{'$pull': {
'users': user_email
}})
# Modify the user
changes = {}
if 'name' in new_user:
changes['name'] = new_user['name']
if 'role' in new_user:
changes['role'] = new_user['role']
if 'groups' in new_user:
changes['groups'] = new_user['groups']
if 'status' in new_user:
changes['status'] = new_user['status']
users.update({'email': user_email}, {'$set': changes})
# Return the updated user
user = users.find_one({'email': user_email})
if not user:
return jsonify(success=False, reason='unknown-user')
user['groups'] = _find_groups_for_user(user_email)
return jsonify(success=True, user=sanitize_user(user))
def login_user():
email = request.json['email']
user = users.find_one({'email': email})
if user:
if user['status'] == 'active':
timestamp = datetime.datetime.utcnow()
users.update({'email': email}, {'$set': {'last_login': timestamp}})
user = users.find_one({'email': email})
return jsonify(success=True, user=sanitize_user(user))
else:
return jsonify(success=False, reason=user['status'])
else:
return jsonify(success=False, reason='user-does-not-exist')
def login_user():
email = request.json['email']
user = users.find_one({'email': email})
if user:
if user['status'] == 'active':
timestamp = datetime.datetime.utcnow()
users.update({'email': email}, {'$set': {'last_login': timestamp}})
user = users.find_one({'email': email})
return jsonify(success=True, user=sanitize_user(user))
else:
return jsonify(success=False, reason=user['status'])
else:
return jsonify(success=False, reason='user-does-not-exist')
def update_user(user_email):
new_user = request.json
# Verify the incoming user: user must exist, groups must exist, role must exist
old_user = users.find_one({'email': user_email})
if old_user is None:
return jsonify(success=False, reason='unknown-user')
old_user['groups'] = _find_groups_for_user(user_email)
old_user['sites'] = _find_sites_for_user(user_email)
if 'groups' in new_user:
for group_name in new_user.get('groups', []):
if not _check_group_exists(group_name):
return jsonify(success=False, reason='unknown-group')
if 'role' in new_user:
if new_user["role"] not in ("user", "administrator"):
return jsonify(success=False, reason="invalid-role")
if 'status' in new_user:
if new_user['status'] not in ('active', 'banned'):
return jsonify(success=False, reason='unknown-status-option')
# Update the group memberships
if 'groups' in new_user:
# Add new groups
for group_name in new_user.get('groups', []):
if group_name not in old_user['groups']:
groups.update({'name':group_name},{'$addToSet': {'users': user_email}})
# Remove old groups
for group_name in old_user['groups']:
if group_name not in new_user.get('groups', []):
groups.update({'name':group_name},{'$pull': {'users': user_email}})
# Modify the user
changes = {}
if 'name' in new_user:
changes['name'] = new_user['name']
if 'role' in new_user:
changes['role'] = new_user['role']
if 'groups' in new_user:
changes['groups'] = new_user['groups']
if 'status' in new_user:
changes['status'] = new_user['status']
users.update({'email': user_email}, {'$set': changes})
# Return the updated user
user = users.find_one({'email': user_email})
if not user:
return jsonify(success=False, reason='unknown-user')
user['groups'] = _find_groups_for_user(user_email)
return jsonify(success=True, user=sanitize_user(user))
def update_invite(id):
timenow = datetime.datetime.utcnow()
action = request.json['action'].lower()
invitation = invites.find_one({'id': id})
if invitation:
max_time_allowed = invitation.get('max_time_allowed') \
or backend_config.get('invitation').get('max_time_allowed')
recipient = invitation['recipient']
recipient_name = invitation['recipient_name']
sender = invitation['sender']
sender_name = invitation['sender_name']
sent_on = invitation['sent_on']
accepted_on = invitation['accepted_on']
expire_on = invitation['expire_on']
user = users.find_one({'email': recipient})
if user is None:
return jsonify(success=False, reason="user-not-created")
if accepted_on is not None:
return jsonify(success=False, reason="invitation-has-been-used")
if not action in ('resend', 'accept', 'decline'):
return jsonify(success=False, reason='invalid-action')
if action == 'resend':
new_id = str(uuid.uuid4())
base_url = request.json['base_url']
send_email('invite', invitation, extra_data={'base_url': base_url})
# generate new record
sent_on = datetime.datetime.utcnow()
expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed)
invitation['id'] = new_id
invitation['sent_on'] = sent_on
invitation['expire_on'] = expire_on
invites.update({'id': id}, {'$set':
{'sent_on': invitation['sent_on'],
'id': invitation['id']}})
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'accept':
# if time now is ahead of expire_on, the delta is negative
if (expire_on - timenow).seconds < 0:
invitation['status'] = 'expired'
invites.update({'id': id}, {'$set': {'status': 'expired'}})
return jsonify(success=False, reason='invitation-expired')
else:
invitation['status'] = 'used'
invitation['accepted_on'] = datetime.datetime.utcnow()
invites.update({'id': id},{'$set':
{'accepted_on': invitation['accepted_on'],
'status': 'used'}})
users.update({'email': recipient}, {'$set':
{'status': 'active', \
'email': request.json['login']}})
if invitation['recipient'] != request.json['login']:
update_group_association(invitation['recipient'], request.json['login'])
# if user's persona email is different
invitation['recipient'] = request.json['login']
# notify inviter if he chooses to receive such notification
if "accept" in invitation['notify_when']:
send_email('accept', invitation)
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'decline':
invitation['status'] = 'declined'
invites.update({'id': id}, {'$set': {'status': 'declined'}})
users.remove(user)
remove_group_association(invitation['recipient'])
# notify inviter if he chooses to
if "decline" in invitation['notify_when']:
send_email('decline', invitation)
return jsonify(success=True, invite=sanitize_invite(invitation))
else:
return jsonify(success=False, reason='invitation-does-not-exist')
def update_invite(id):
timenow = datetime.datetime.utcnow()
action = request.json['action'].lower()
invitation = invites.find_one({'id': id})
if invitation:
max_time_allowed = invitation.get('max_time_allowed') \
or backend_config.get('invitation').get('max_time_allowed')
recipient = invitation['recipient']
recipient_name = invitation['recipient_name']
sender = invitation['sender']
sender_name = invitation['sender_name']
sent_on = invitation['sent_on']
accepted_on = invitation['accepted_on']
expire_on = invitation['expire_on']
user = users.find_one({'email': recipient})
if user is None:
return jsonify(success=False, reason="user-not-created")
if accepted_on is not None:
return jsonify(success=False, reason="invitation-has-been-used")
if not action in ('resend', 'accept', 'decline'):
return jsonify(success=False, reason='invalid-action')
if action == 'resend':
new_id = str(uuid.uuid4())
base_url = request.json['base_url']
send_email('invite', invitation, extra_data={'base_url': base_url})
# generate new record
sent_on = datetime.datetime.utcnow()
expire_on = sent_on + datetime.timedelta(seconds=max_time_allowed)
invitation['id'] = new_id
invitation['sent_on'] = sent_on
invitation['expire_on'] = expire_on
invites.update({'id': id}, {
'$set': {
'sent_on': invitation['sent_on'],
'id': invitation['id']
}
})
return jsonify(success=True, invite=sanitize_invite(invitation))
elif action == 'accept':
# if time now is ahead of expire_on, the delta is negative
if (expire_on - timenow).seconds < 0:
invitation['status'] = 'expired'
invites.update({'id': id}, {'$set': {'status': 'expired'}})
return jsonify(success=False, reason='invitation-expired')
else:
invitation['status'] = 'used'
invitation['accepted_on'] = datetime.datetime.utcnow()
invites.update({'id': id}, {
'$set': {
'accepted_on': invitation['accepted_on'],
'status': 'used'
}
})
users.update({'email': recipient}, {'$set':
{'status': 'active', \
'email': request.json['login']}})
if invitation['recipient'] != request.json['login']:
update_group_association(invitation['recipient'],
request.json['login'])
# if user's persona email is different
invitation['recipient'] = request.json['login']
# notify inviter if he chooses to receive such notification
if "accept" in invitation['notify_when']:
send_email('accept', invitation)
return jsonify(success=True,
invite=sanitize_invite(invitation))
elif action == 'decline':
invitation['status'] = 'declined'
invites.update({'id': id}, {'$set': {'status': 'declined'}})
users.remove(user)
remove_group_association(invitation['recipient'])
# notify inviter if he chooses to
if "decline" in invitation['notify_when']:
send_email('decline', invitation)
return jsonify(success=True, invite=sanitize_invite(invitation))
else:
return jsonify(success=False, reason='invitation-does-not-exist')
