def test_returns_value_from_cache(
app_,
mocker,
expected_cache_get_calls,
cache_value,
expected_return_value,
expected_api_calls,
expected_cache_set_calls,
):
mock_redis_get = mocker.patch(
'app.extensions.RedisClient.get',
return_value=cache_value,
)
mock_api_get = mocker.patch(
'app.notify_client.NotifyAdminAPIClient.get',
return_value={'data': 'from api'},
)
mock_redis_set = mocker.patch('app.extensions.RedisClient.set', )
user_api_client.get_user(user_id)
assert mock_redis_get.call_args_list == expected_cache_get_calls
assert mock_api_get.call_args_list == expected_api_calls
assert mock_redis_set.call_args_list == expected_cache_set_calls
def test_returns_value_from_cache(
app_,
mocker,
expected_cache_get_calls,
cache_value,
expected_return_value,
expected_api_calls,
expected_cache_set_calls,
):
mock_redis_get = mocker.patch(
'app.extensions.RedisClient.get',
return_value=cache_value,
)
mock_api_get = mocker.patch(
'app.notify_client.NotifyAdminAPIClient.get',
return_value={'data': 'from api'},
)
mock_redis_set = mocker.patch('app.extensions.RedisClient.set', )
mock_model = mocker.patch(
'app.models.user.User.__init__',
return_value=None,
)
user_api_client.get_user(user_id)
mock_model.assert_called_once_with(
expected_return_value,
max_failed_login_count=10,
)
assert mock_redis_get.call_args_list == expected_cache_get_calls
assert mock_api_get.call_args_list == expected_api_calls
assert mock_redis_set.call_args_list == expected_cache_set_calls
def remove_user_from_organisation(org_id, user_id):
user = user_api_client.get_user(user_id)
if request.method == 'POST':
try:
organisations_client.remove_user_from_organisation(org_id, user_id)
except HTTPError as e:
msg = "You cannot remove the only user for a service"
if e.status_code == 400 and msg in e.message:
flash(msg, 'info')
return redirect(url_for(
'.manage_org_users',
org_id=org_id))
else:
abort(500, e)
return redirect(url_for(
'.manage_org_users',
org_id=org_id
))
flash('Are you sure you want to remove {}?'.format(user.name), 'remove')
return render_template(
'views/organisations/organisation/users/user/index.html',
user=user,
)
def edit_user_permissions(service_id, user_id):
# TODO we should probably using the service id here in the get user
# call as well. eg. /user/<user_id>?&service=service_id
user = user_api_client.get_user(user_id)
# Need to make the email address read only, or a disabled field?
# Do it through the template or the form class?
form = PermissionsForm(
**{
role: user.has_permissions(permissions=permissions)
for role, permissions in roles.items()
})
if form.validate_on_submit():
user_api_client.set_user_permissions(
user_id,
service_id,
permissions=set(
chain.from_iterable(permissions
for role, permissions in roles.items()
if form[role].data)) | {'view_activity'})
return redirect(url_for('.manage_users', service_id=service_id))
return render_template('views/edit-user-permissions.html',
user=user,
form=form)
def log_in_user(user_id):
user = user_api_client.get_user(user_id)
if should_reverify_email(user.email_last_verified_at, user.created_at,
user.auth_type):
user_api_client.send_reverify_email(user.id, user.email_address)
return redirect(url_for('main.reverify_email'))
if should_rotate_password(user.password_changed_at):
return redirect(url_for('main.rotate_password'))
try:
# the user will have a new current_session_id set by the API
# store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
# check if password needs to be updated
if 'password' in session.get('user_details', {}):
user = user_api_client.update_password(
user.id, password=session['user_details']['password'])
flash('Your password has been updated', 'default_with_tick')
# check if email last verified date needs to be updated
if 'set_last_verified_at' in session.get('user_details', {}):
user_api_client.set_email_last_verified_at(user_id)
flash('Thanks for verifying your email address',
'default_with_tick')
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
finally:
# get rid of anything in the session that we don't expect to have been set during register/sign in flow
session.pop('user_details', None)
session.pop('file_uploads', None)
return redirect_when_logged_in(user_id)
def edit_user_permissions(service_id, user_id):
service_has_email_auth = current_service.has_permission('email_auth')
# TODO we should probably using the service id here in the get user
# call as well. eg. /user/<user_id>?&service=service_id
user = user_api_client.get_user(user_id)
user_has_no_mobile_number = user.mobile_number is None
form = PermissionsForm.from_user(user, service_id)
if form.validate_on_submit():
user_api_client.set_user_permissions(
user_id,
service_id,
permissions=form.permissions,
)
if service_has_email_auth:
user_api_client.update_user_attribute(
user_id, auth_type=form.login_authentication.data)
return redirect(url_for('.manage_users', service_id=service_id))
return render_template('views/edit-user-permissions.html',
user=user,
form=form,
service_has_email_auth=service_has_email_auth,
user_has_no_mobile_number=user_has_no_mobile_number)
def edit_user_org_permissions(org_id, user_id):
user = user_api_client.get_user(user_id)
return render_template(
'views/organisations/organisation/users/user/index.html',
user=user
)
def user_profile_mobile_number_confirm():
# Validate verify code for form
def _check_code(cde):
return user_api_client.check_verify_code(current_user.id, cde, 'sms')
if NEW_MOBILE_PASSWORD_CONFIRMED not in session:
return redirect(url_for('.user_profile_mobile_number'))
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
user = user_api_client.get_user(current_user.id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
mobile_number = session[NEW_MOBILE]
del session[NEW_MOBILE]
del session[NEW_MOBILE_PASSWORD_CONFIRMED]
user_api_client.update_user_attribute(current_user.id, mobile_number=mobile_number)
return redirect(url_for('.user_profile'))
return render_template(
'views/user-profile/confirm.html',
form_field=form.sms_code,
thing='mobile number'
)
def two_factor():
user_id = session['user_details']['id']
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, "sms")
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
try:
user = user_api_client.get_user(user_id)
services = service_api_client.get_services({'user_id': str(user_id)}).get('data', [])
# Check if coming from new password page
if 'password' in session['user_details']:
user.set_password(session['user_details']['password'])
user.reset_failed_login_count()
user_api_client.update_user(user)
login_user(user, remember=True)
finally:
del session['user_details']
next_url = request.args.get('next')
if next_url and _is_safe_redirect_url(next_url):
return redirect(next_url)
if current_user.platform_admin:
return redirect(url_for('main.show_all_services'))
if len(services) == 1:
return redirect(url_for('main.service_dashboard', service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
return render_template('views/two-factor.html', form=form)
def verify_email(token):
try:
token_data = check_token(
token,
current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['EMAIL_EXPIRY_SECONDS']
)
except SignatureExpired:
flash("The link in the email we sent you has expired. We've sent you a new one.")
return redirect(url_for('main.resend_email_verification'))
# token contains json blob of format: {'user_id': '...', 'secret_code': '...'} (secret_code is unused)
token_data = json.loads(token_data)
user = user_api_client.get_user(token_data['user_id'])
if not user:
abort(404)
if user.is_active:
flash("That verification link has expired.")
return redirect(url_for('main.sign_in'))
session['user_details'] = {"email": user.email_address, "id": user.id}
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
return redirect(url_for('main.verify'))
def activate_user(user_id):
user = user_api_client.get_user(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
return redirect(url_for('main.add_service', first='first'))
def remove_user_from_service(service_id, user_id):
user = user_api_client.get_user(user_id)
# Need to make the email address read only, or a disabled field?
# Do it through the template or the form class?
form = PermissionsForm(**{
role: user.has_permissions(permissions=permissions) for role, permissions in roles.items()
})
if request.method == 'POST':
try:
service_api_client.remove_user_from_service(service_id, user_id)
except HTTPError as e:
msg = "You cannot remove the only user for a service"
if e.status_code == 400 and msg in e.message:
flash(msg, 'info')
return redirect(url_for(
'.manage_users',
service_id=service_id))
else:
abort(500, e)
return redirect(url_for(
'.manage_users',
service_id=service_id
))
flash('Are you sure you want to remove {}?'.format(user.name), 'remove')
return render_template(
'views/edit-user-permissions.html',
user=user,
form=form
)
def verify_email(token):
try:
token_data = check_token(token,
current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['EMAIL_EXPIRY_SECONDS'])
token_data = json.loads(token_data)
verified = user_api_client.check_verify_code(token_data['user_id'], token_data['secret_code'], 'email')
user = user_api_client.get_user(token_data['user_id'])
if not user:
abort(404)
if user.is_active:
flash("That verification link has expired.")
return redirect(url_for('main.sign_in'))
session['user_details'] = {"email": user.email_address, "id": user.id}
if verified[0]:
user_api_client.send_verify_code(user.id, 'sms', user.mobile_number)
return redirect('verify')
else:
if verified[1] == 'Code has expired':
flash("The link in the email we sent you has expired. We've sent you a new one.")
return redirect(url_for('main.resend_email_verification'))
else:
message = "There was a problem verifying your account. Error message: '{}'".format(verified[1])
flash(message)
return redirect(url_for('main.index'))
except SignatureExpired:
flash('The link in the email we sent you has expired')
return redirect(url_for('main.resend_email_verification'))
def edit_user_permissions(service_id, user_id):
service_has_email_auth = 'email_auth' in current_service['permissions']
# TODO we should probably using the service id here in the get user
# call as well. eg. /user/<user_id>?&service=service_id
user = user_api_client.get_user(user_id)
user_has_no_mobile_number = user.mobile_number is None
form = PermissionsForm(**{
role: user.has_permission_for_service(service_id, role)
for role in roles.keys()
},
login_authentication=user.auth_type)
if form.validate_on_submit():
user_api_client.set_user_permissions(
user_id,
service_id,
permissions=set(get_permissions_from_form(form)),
)
if service_has_email_auth:
user_api_client.update_user_attribute(
user_id, auth_type=form.login_authentication.data)
return redirect(url_for('.manage_users', service_id=service_id))
return render_template('views/edit-user-permissions.html',
user=user,
form=form,
service_has_email_auth=service_has_email_auth,
user_has_no_mobile_number=user_has_no_mobile_number)
def remove_user_from_service(service_id, user_id):
user = user_api_client.get_user(user_id)
# Need to make the email address read only, or a disabled field?
# Do it through the template or the form class?
form = PermissionsForm(
**{
role: user.has_permission_for_service(service_id, role)
for role in roles.keys()
})
if request.method == 'POST':
try:
service_api_client.remove_user_from_service(service_id, user_id)
except HTTPError as e:
msg = "You cannot remove the only user for a service"
if e.status_code == 400 and msg in e.message:
flash(msg, 'info')
return redirect(url_for('.manage_users',
service_id=service_id))
else:
abort(500, e)
return redirect(url_for('.manage_users', service_id=service_id))
flash('Are you sure you want to remove {}?'.format(user.name), 'remove')
return render_template('views/edit-user-permissions.html',
user=user,
form=form)
def _add_invited_user_to_service(invited_user):
invitation = InvitedUser(**invited_user)
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id,
invitation.permissions,
invitation.folder_permissions)
return service_id
def _add_invited_user_to_service(invited_user):
invitation = InvitedUser(**invited_user)
# if invited user add to service and redirect to dashboard
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id, invitation.permissions)
invite_api_client.accept_invite(service_id, invitation.id)
return service_id
def user_information(user_id):
user = user_api_client.get_user(user_id)
services = user_api_client.get_services_for_user(user)
return render_template(
'views/find-users/user-information.html',
user=user,
services=services,
)
def _add_invited_user_to_service(invited_user):
invitation = InvitedUser(**invited_user)
# if invited user add to service and redirect to dashboard
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id,
invitation.permissions)
invite_api_client.accept_invite(service_id, invitation.id)
return service_id
def activate_user(user_id):
user = user_api_client.get_user(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
organisation_id = session.get('organisation_id', None)
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
if organisation_id:
return redirect(url_for('main.organisation_dashboard', org_id=organisation_id))
else:
return redirect(url_for('main.add_service', first='first'))
def user_profile_email_confirm(token):
token_data = check_token(token, current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['EMAIL_EXPIRY_SECONDS'])
token_data = json.loads(token_data)
user_id = token_data['user_id']
new_email = token_data['email']
user = user_api_client.get_user(user_id)
user.email_address = new_email
user_api_client.update_user(user)
session.pop(NEW_EMAIL, None)
return redirect(url_for('.user_profile'))
def accept_invite(token):
invited_user = invite_api_client.check_token(token)
if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
return render_template('views/cancelled-invitation.html',
from_user=from_user.name,
service_name=service['name'])
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(
url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(
invited_user.email_address)
service_users = user_api_client.get_users_for_service(invited_user.service)
if existing_user:
invite_api_client.accept_invite(invited_user.service, invited_user.id)
if existing_user in service_users:
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))
def log_in_user(user_id):
try:
user = user_api_client.get_user(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
# Check if coming from new password page
if 'password' in session.get('user_details', {}):
user = user_api_client.update_password(
user.id, password=session['user_details']['password'])
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
finally:
session.pop("user_details", None)
return redirect_when_logged_in(user_id)
def add_service():
invited_user = session.get('invited_user')
if invited_user:
invitation = InvitedUser(**invited_user)
# if invited user add to service and redirect to dashboard
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id,
invitation.permissions)
invite_api_client.accept_invite(service_id, invitation.id)
return redirect(
url_for('main.service_dashboard', service_id=service_id))
form = AddServiceForm(service_api_client.find_all_service_email_from)
heading = 'Which service do you want to set up notifications for?'
if form.validate_on_submit():
email_from = email_safe(form.name.data)
service_id = service_api_client.create_service(
service_name=form.name.data,
active=False,
message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'],
restricted=True,
user_id=session['user_id'],
email_from=email_from)
session['service_id'] = service_id
if (len(
service_api_client.get_services({
'user_id': session['user_id']
}).get('data', [])) > 1):
return redirect(
url_for('main.service_dashboard', service_id=service_id))
example_sms_template = service_api_client.create_service_template(
'Example text message template', 'sms',
'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).',
service_id)
return redirect(
url_for('main.send_test',
service_id=service_id,
template_id=example_sms_template['data']['id'],
help=1))
else:
return render_template('views/add-service.html',
form=form,
heading=heading)
def accept_org_invite(token):
invited_org_user = org_invite_api_client.check_token(token)
if not current_user.is_anonymous and current_user.email_address.lower(
) != invited_org_user.email_address.lower():
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_org_user.status == 'cancelled':
invited_by = user_api_client.get_user(invited_org_user.invited_by)
organisation = organisations_client.get_organisation(
invited_org_user.organisation)
return render_template('views/cancelled-invitation.html',
from_user=invited_by.name,
organisation_name=organisation['name'])
if invited_org_user.status == 'accepted':
session.pop('invited_org_user', None)
return redirect(
url_for('main.organisation_dashboard',
org_id=invited_org_user.organisation))
session['invited_org_user'] = invited_org_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(
invited_org_user.email_address)
organisation_users = user_api_client.get_users_for_organisation(
invited_org_user.organisation)
if existing_user:
org_invite_api_client.accept_invite(invited_org_user.organisation,
invited_org_user.id)
if existing_user not in organisation_users:
user_api_client.add_user_to_organisation(
invited_org_user.organisation, existing_user.id)
return redirect(
url_for('main.organisation_dashboard',
org_id=invited_org_user.organisation))
else:
return redirect(url_for('main.register_from_org_invite'))
def log_in_user(user_id):
try:
user = user_api_client.get_user(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
# Check if coming from new password page
if 'password' in session.get('user_details', {}):
user = user_api_client.update_password(
user.id, password=session['user_details']['password'])
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
finally:
# get rid of anything in the session that we don't expect to have been set during register/sign in flow
session.pop("user_details", None)
session.pop("file_uploads", None)
return redirect_when_logged_in(user_id)
def add_service():
invited_user = session.get('invited_user')
if invited_user:
invitation = InvitedUser(**invited_user)
# if invited user add to service and redirect to dashboard
user = user_api_client.get_user(session['user_id'])
service_id = invited_user['service']
user_api_client.add_user_to_service(service_id, user.id, invitation.permissions)
invite_api_client.accept_invite(service_id, invitation.id)
return redirect(url_for('main.service_dashboard', service_id=service_id))
form = AddServiceForm(service_api_client.find_all_service_email_from)
heading = 'Which service do you want to set up notifications for?'
if form.validate_on_submit():
email_from = email_safe(form.name.data)
service_id = service_api_client.create_service(service_name=form.name.data,
active=False,
message_limit=current_app.config['DEFAULT_SERVICE_LIMIT'],
restricted=True,
user_id=session['user_id'],
email_from=email_from)
session['service_id'] = service_id
if (len(service_api_client.get_services({'user_id': session['user_id']}).get('data', [])) > 1):
return redirect(url_for('main.service_dashboard', service_id=service_id))
example_sms_template = service_api_client.create_service_template(
'Example text message template',
'sms',
'Hey ((name)), I’m trying out Notify. Today is ((day of week)) and my favourite colour is ((colour)).',
service_id
)
return redirect(url_for(
'main.send_test',
service_id=service_id,
template_id=example_sms_template['data']['id'],
help=1
))
else:
return render_template(
'views/add-service.html',
form=form,
heading=heading
)
def verify():
user_id = session['user_details']['id']
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, 'sms')
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
try:
user = user_api_client.get_user(user_id)
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
return redirect(url_for('main.add_service', first='first'))
finally:
session.pop('user_details', None)
return render_template('views/two-factor.html', form=form)
def verify():
user_id = session['user_details']['id']
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, 'sms')
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
try:
user = user_api_client.get_user(user_id)
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
return redirect(url_for('main.add_service', first='first'))
finally:
session.pop('user_details', None)
return render_template('views/two-factor.html', form=form)
def accept_invite(token):
invited_user = invite_api_client.check_token(token)
if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(
current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
return render_template('views/cancelled-invitation.html',
from_user=from_user.name,
service_name=service['name'])
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(invited_user.email_address)
service_users = user_api_client.get_users_for_service(invited_user.service)
if existing_user:
invite_api_client.accept_invite(invited_user.service, invited_user.id)
if existing_user in service_users:
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
else:
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))
def remove_user_from_service(service_id, user_id):
user = user_api_client.get_user(user_id)
form = PermissionsForm.from_user(user, service_id)
if request.method == 'POST':
try:
service_api_client.remove_user_from_service(service_id, user_id)
except HTTPError as e:
msg = "You cannot remove the only user for a service"
if e.status_code == 400 and msg in e.message:
flash(msg, 'info')
return redirect(url_for('.manage_users',
service_id=service_id))
else:
abort(500, e)
return redirect(url_for('.manage_users', service_id=service_id))
flash('Are you sure you want to remove {}?'.format(user.name), 'remove')
return render_template('views/edit-user-permissions.html',
user=user,
form=form)
def two_factor():
user_id = session['user_details']['id']
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, "sms")
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
try:
user = user_api_client.get_user(user_id)
services = service_api_client.get_services({
'user_id': str(user_id)
}).get('data', [])
# Check if coming from new password page
if 'password' in session['user_details']:
user.set_password(session['user_details']['password'])
user.reset_failed_login_count()
user_api_client.update_user(user)
activated_user = user_api_client.activate_user(user)
login_user(activated_user, remember=True)
finally:
del session['user_details']
next_url = request.args.get('next')
if next_url and _is_safe_redirect_url(next_url):
return redirect(next_url)
if current_user.platform_admin:
return redirect(url_for('main.show_all_services'))
if len(services) == 1:
return redirect(
url_for('main.service_dashboard',
service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
return render_template('views/two-factor.html', form=form)
def verify_email(token):
try:
token_data = check_token(token, current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['EMAIL_EXPIRY_SECONDS'])
token_data = json.loads(token_data)
verified = user_api_client.check_verify_code(token_data['user_id'],
token_data['secret_code'],
'email')
user = user_api_client.get_user(token_data['user_id'])
if not user:
abort(404)
if user.is_active:
flash("That verification link has expired.")
return redirect(url_for('main.sign_in'))
session['user_details'] = {"email": user.email_address, "id": user.id}
if verified[0]:
user_api_client.send_verify_code(user.id, 'sms',
user.mobile_number)
return redirect('verify')
else:
if verified[1] == 'Code has expired':
flash(
"The link in the email we sent you has expired. We've sent you a new one."
)
return redirect(url_for('main.resend_email_verification'))
else:
message = "There was a problem verifying your account. Error message: '{}'".format(
verified[1])
flash(message)
return redirect(url_for('main.index'))
except SignatureExpired:
flash('The link in the email we sent you has expired')
return redirect(url_for('main.resend_email_verification'))
def activate_user(user_id):
user = user_api_client.get_user(user_id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
organisation_id = session.get('organisation_id')
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
invited_user = session.get('invited_user')
if invited_user:
service_id = _add_invited_user_to_service(invited_user)
return redirect(
url_for('main.service_dashboard', service_id=service_id))
invited_org_user = session.get('invited_org_user')
if invited_org_user:
user_api_client.add_user_to_organisation(
invited_org_user['organisation'], session['user_details']['id'])
if organisation_id:
return redirect(
url_for('main.organisation_dashboard', org_id=organisation_id))
else:
return redirect(url_for('main.add_service', first='first'))
def reverify_email_token(token):
try:
token_data = check_token(token, current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['EMAIL_EXPIRY_SECONDS'])
except SignatureExpired:
flash(
'The link in the email we sent you has expired. We\'ve sent you a new one.'
)
return redirect(url_for('main.resend_email_reverification'))
token_data = json.loads(token_data)
user = user_api_client.get_user(token_data['user_id'])
if not user:
abort(404)
session['user_details'] = {
'email': user.email_address,
'id': user.id,
'set_last_verified_at': True,
}
return log_in_user(user.id)
def edit_user_permissions(service_id, user_id):
# TODO we should probably using the service id here in the get user
# call as well. eg. /user/<user_id>?&service=service_id
user = user_api_client.get_user(user_id)
# Need to make the email address read only, or a disabled field?
# Do it through the template or the form class?
form = PermissionsForm(**{
role: user.has_permissions(permissions=permissions) for role, permissions in roles.items()
})
if form.validate_on_submit():
user_api_client.set_user_permissions(
user_id, service_id,
permissions=set(chain.from_iterable(
permissions for role, permissions in roles.items() if form[role].data
)) | {'view_activity'}
)
return redirect(url_for('.manage_users', service_id=service_id))
return render_template(
'views/edit-user-permissions.html',
user=user,
form=form
)
def accept_invite(token):
try:
check_token(token, current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['INVITATION_EXPIRY_SECONDS'])
except SignatureExpired:
errors = [
'Your invitation to GOV.UK Notify has expired. '
'Please ask the person that invited you to send you another one'
]
return render_template("error/400.html", message=errors), 400
invited_user = invite_api_client.check_token(token)
if not current_user.is_anonymous and current_user.email_address.lower(
) != invited_user.email_address.lower():
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
return render_template('views/cancelled-invitation.html',
from_user=from_user.name,
service_name=service['name'])
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(
url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(
invited_user.email_address)
service_users = user_api_client.get_users_for_service(invited_user.service)
if existing_user:
invite_api_client.accept_invite(invited_user.service, invited_user.id)
if existing_user in service_users:
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
service = service_api_client.get_service(
invited_user.service)['data']
# if the service you're being added to can modify auth type, then check if this is relevant
if 'email_auth' in service['permissions'] and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number
and invited_user.auth_type == 'sms_auth') or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == 'email_auth'):
user_api_client.update_user_attribute(
existing_user.id, auth_type=invited_user.auth_type)
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))
def accept_invite(token):
try:
invited_user = invite_api_client.check_token(token)
except HTTPError as e:
if e.status_code == 400 and 'invitation' in e.message:
flash(e.message['invitation'])
return redirect(url_for('main.sign_in'))
else:
raise e
if not current_user.is_anonymous and current_user.email_address.lower(
) != invited_user.email_address.lower():
message = Markup("""
You’re signed in as {}.
This invite is for another email address.
<a href={}>Sign out</a> and click the link again to accept this invite.
""".format(current_user.email_address,
url_for("main.sign_out", _external=True)))
flash(message=message)
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
return render_template('views/cancelled-invitation.html',
from_user=from_user.name,
service_name=service['name'])
if invited_user.status == 'accepted':
session.pop('invited_user', None)
return redirect(
url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
existing_user = user_api_client.get_user_by_email_or_none(
invited_user.email_address)
service_users = user_api_client.get_users_for_service(invited_user.service)
if existing_user:
invite_api_client.accept_invite(invited_user.service, invited_user.id)
if existing_user in service_users:
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
service = service_api_client.get_service(
invited_user.service)['data']
# if the service you're being added to can modify auth type, then check if this is relevant
if 'email_auth' in service['permissions'] and (
# they have a phone number, we want them to start using it. if they dont have a mobile we just
# ignore that option of the invite
(existing_user.mobile_number
and invited_user.auth_type == 'sms_auth') or
# we want them to start sending emails. it's always valid, so lets always update
invited_user.auth_type == 'email_auth'):
user_api_client.update_user_attribute(
existing_user.id, auth_type=invited_user.auth_type)
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
return redirect(
url_for('main.service_dashboard',
service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))
