def create_invitation(invitation_info: Dict, user, token_info: Dict, invitation_origin): """Create a new invitation.""" # Ensure that the current user is OWNER or ADMIN on each org being invited to context_path = CONFIG.AUTH_WEB_TOKEN_CONFIRM_PATH for membership in invitation_info['membership']: org_id = membership['orgId'] if invitation_info.get( 'type') == InvitationType.DIRECTOR_SEARCH.value: check_auth(token_info, org_id=org_id, equals_role=STAFF_ADMIN) else: check_auth(token_info, org_id=org_id, one_of_roles=(OWNER, ADMIN)) # TODO doesnt work when invited to multiple teams.. Re-work the logic when multiple teams introduced org_name = OrgModel.find_by_org_id( invitation_info['membership'][0]['orgId']).name invitation = InvitationModel.create_from_dict(invitation_info, user.identifier) confirmation_token = Invitation.generate_confirmation_token( invitation.id, invitation.type) invitation.token = confirmation_token invitation.save() Invitation.send_invitation( invitation, org_name, user.as_dict(), '{}/{}'.format(invitation_origin, context_path)) return Invitation(invitation)
def create_invitation(invitation_info: Dict, user, token_info: Dict, invitation_origin): """Create a new invitation.""" # Ensure that the current user is ADMIN or COORDINATOR on each org being invited to context_path = CONFIG.AUTH_WEB_TOKEN_CONFIRM_PATH org_id = invitation_info['membership'][0]['orgId'] # get the org and check the access_type org = OrgModel.find_by_org_id(org_id) if not org: raise BusinessException(Error.DATA_NOT_FOUND, None) check_auth(token_info, org_id=org_id, one_of_roles=(ADMIN, COORDINATOR, STAFF)) org_name = org.name invitation_type = InvitationType.DIRECTOR_SEARCH.value if org.access_type == AccessType.ANONYMOUS.value \ else InvitationType.STANDARD.value if org.access_type == AccessType.ANONYMOUS.value: # anonymous account never get bceid or bcsc choices mandatory_login_source = LoginSource.BCROS.value else: default_login_option_based_on_accesstype = LoginSource.BCSC.value if \ org.access_type == AccessType.REGULAR.value else LoginSource.BCEID.value role = invitation_info['membership'][0]['membershipType'] account_login_options = AccountLoginOptionsModel.find_active_by_org_id(org.id) mandatory_login_source = LoginSource.BCSC.value if \ role == ADMIN else getattr(account_login_options, 'login_source', default_login_option_based_on_accesstype) invitation = InvitationModel.create_from_dict(invitation_info, user.identifier, invitation_type) confirmation_token = Invitation.generate_confirmation_token(invitation.id, invitation.type) invitation.token = confirmation_token invitation.login_source = mandatory_login_source invitation.save() Invitation.send_invitation(invitation, org_name, user.as_dict(), '{}/{}'.format(invitation_origin, context_path), mandatory_login_source) return Invitation(invitation)
def create_invitation(invitation_info: Dict, user, token_info: Dict, invitation_origin): """Create a new invitation.""" # Ensure that the current user is OWNER or ADMIN on each org being invited to context_path = CONFIG.AUTH_WEB_TOKEN_CONFIRM_PATH org_id = invitation_info['membership'][0]['orgId'] # get the org and check the access_type org = OrgModel.find_by_org_id(org_id) if not org: raise BusinessException(Error.DATA_NOT_FOUND, None) if org.access_type == AccessType.ANONYMOUS.value: check_auth(token_info, org_id=org_id, equals_role=STAFF_ADMIN) elif org.access_type == AccessType.BCSC.value: check_auth(token_info, org_id=org_id, one_of_roles=(OWNER, ADMIN)) org_name = org.name invitation_type = InvitationType.DIRECTOR_SEARCH.value if org.access_type == AccessType.ANONYMOUS.value \ else InvitationType.STANDARD.value invitation = InvitationModel.create_from_dict(invitation_info, user.identifier, invitation_type) confirmation_token = Invitation.generate_confirmation_token( invitation.id, invitation.type) invitation.token = confirmation_token invitation.save() Invitation.send_invitation( invitation, org_name, user.as_dict(), '{}/{}'.format(invitation_origin, context_path)) return Invitation(invitation)
def test_create_from_dict_no_schema(session): # pylint:disable=unused-argument """Assert that an Entity can not be created without schema.""" user = User(username='******', keycloak_guid='1b20db59-19a0-4727-affe-c6f64309fd04') session.add(user) session.commit() result_invitation = InvitationModel.create_from_dict( None, user.id, 'STANDARD') assert result_invitation is None
def test_send_invitation_exception(session, notify_mock, keycloak_mock): # pylint:disable=unused-argument """Send an existing invitation with exception.""" user = factory_user_model(TestUserInfo.user_test) user_dictionary = User(user).as_dict() org = OrgService.create_org(TestOrgInfo.org1, user_id=user.id) org_dictionary = org.as_dict() invitation_info = factory_invitation(org_dictionary['id']) invitation = InvitationModel.create_from_dict(invitation_info, user.id, 'STANDARD') with patch.object(notification, 'send_email', return_value=False): with pytest.raises(BusinessException) as exception: InvitationService.send_invitation(invitation, org_dictionary['name'], user_dictionary, '', '') assert exception.value.code == Error.FAILED_INVITATION.name
def create_invitation(invitation_info: Dict, user, # pylint: disable=too-many-locals token_info: Dict, invitation_origin): """Create a new invitation.""" # Ensure that the current user is ADMIN or COORDINATOR on each org being invited to context_path = CONFIG.AUTH_WEB_TOKEN_CONFIRM_PATH org_id = invitation_info['membership'][0]['orgId'] # get the org and check the access_type org: OrgModel = OrgModel.find_by_org_id(org_id) if not org: raise BusinessException(Error.DATA_NOT_FOUND, None) check_auth(token_info, org_id=org_id, one_of_roles=(ADMIN, COORDINATOR, STAFF)) org_name = org.name invitation_type = Invitation._get_inv_type(org) if org.access_type == AccessType.ANONYMOUS.value: # anonymous account never get bceid or bcsc choices mandatory_login_source = LoginSource.BCROS.value elif org.access_type == AccessType.GOVM.value: mandatory_login_source = LoginSource.STAFF.value else: default_login_option_based_on_accesstype = LoginSource.BCSC.value if \ org.access_type == AccessType.REGULAR.value else LoginSource.BCEID.value role = invitation_info['membership'][0]['membershipType'] account_login_options = AccountLoginOptionsModel.find_active_by_org_id(org.id) mandatory_login_source = LoginSource.BCSC.value if \ role == ADMIN else getattr(account_login_options, 'login_source', default_login_option_based_on_accesstype) invitation = InvitationModel.create_from_dict(invitation_info, user.identifier, invitation_type) confirmation_token = Invitation.generate_confirmation_token(invitation.id, invitation.type) invitation.token = confirmation_token invitation.login_source = mandatory_login_source invitation.save() Invitation.send_invitation(invitation, org_name, user.as_dict(), '{}/{}'.format(invitation_origin, context_path), mandatory_login_source, org_status=org.status_code) # notify admin if staff adds team members is_staff_access = token_info and 'staff' in token_info.get('realm_access', {}).get('roles', None) if is_staff_access and invitation_type == InvitationType.STANDARD.value: publish_to_mailer('teamMemberInvited', org_id) return Invitation(invitation)
def test_create_from_dict(session): # pylint:disable=unused-argument """Assert that an Entity can be created from schema.""" user = User(username='******', roles='{edit, uma_authorization, staff}', keycloak_guid='1b20db59-19a0-4727-affe-c6f64309fd04') session.add(user) session.commit() org_type = OrgTypeModel(code='TEST', desc='Test') session.add(org_type) session.commit() org_status = OrgStatusModel(code='TEST', desc='Test') session.add(org_status) session.commit() preferred_payment = PaymentTypeModel(code='TEST', desc='Test') session.add(preferred_payment) session.commit() org = OrgModel() org.name = 'Test Org' org.org_type = org_type org.org_status = org_status org.preferred_payment = preferred_payment org.save() invitation_info = { 'recipientEmail': '*****@*****.**', 'membership': [{ 'membershipType': 'USER', 'orgId': org.id }] } result_invitation = InvitationModel.create_from_dict( invitation_info, user.id, 'STANDARD') assert result_invitation.id is not None
def create_invitation(invitation_info: Dict, user, invitation_origin, **kwargs): # pylint: disable=too-many-locals """Create a new invitation.""" user_from_context: UserContext = kwargs['user_context'] # Ensure that the current user is ADMIN or COORDINATOR on each org being invited to context_path = CONFIG.AUTH_WEB_TOKEN_CONFIRM_PATH org_id = invitation_info['membership'][0]['orgId'] # get the org and check the access_type org: OrgModel = OrgModel.find_by_org_id(org_id) if not org: raise BusinessException(Error.DATA_NOT_FOUND, None) check_auth(org_id=org_id, one_of_roles=(ADMIN, COORDINATOR, STAFF)) org_name = org.name invitation_type = Invitation._get_inv_type(org) if org.access_type == AccessType.ANONYMOUS.value: # anonymous account never get bceid or bcsc choices mandatory_login_source = LoginSource.BCROS.value elif org.access_type == AccessType.GOVM.value: mandatory_login_source = LoginSource.STAFF.value else: default_login_option_based_on_accesstype = LoginSource.BCSC.value if \ org.access_type == AccessType.REGULAR.value else LoginSource.BCEID.value role = invitation_info['membership'][0]['membershipType'] account_login_options = AccountLoginOptionsModel.find_active_by_org_id( org.id) mandatory_login_source = LoginSource.BCSC.value if \ role == ADMIN else getattr(account_login_options, 'login_source', default_login_option_based_on_accesstype) invitation = InvitationModel.create_from_dict(invitation_info, user.identifier, invitation_type) confirmation_token = Invitation.generate_confirmation_token( invitation.id, invitation.type) invitation.token = confirmation_token invitation.login_source = mandatory_login_source invitation.save() Invitation.send_invitation(invitation, org_name, org.id, user.as_dict(), '{}/{}'.format(invitation_origin, context_path), mandatory_login_source, org_status=org.status_code) # notify admin if staff adds team members if user_from_context.is_staff( ) and invitation_type == InvitationType.STANDARD.value: try: current_app.logger.debug( '<send_team_member_invitation_notification') publish_to_mailer(notification_type='teamMemberInvited', org_id=org_id) current_app.logger.debug( 'send_team_member_invitation_notification>') except Exception as e: # noqa=B901 current_app.logger.error( '<send_team_member_invitation_notification failed') raise BusinessException(Error.FAILED_NOTIFICATION, None) from e return Invitation(invitation)