def send_recovery_message(request):
"""
Send a recovery message to an email address.
required form parameter: email
If email not provided or not syntactically correct, returns 400.
If email not known, returns 404.
Otherwise, queues a task to send the message and returns 200.
"""
email = process_email(request.POST.get("email"))
if not email:
return invalid_email_response()
if email_is_blocked(email):
# don't let on there's a problem
return HttpResponseJSON({"status": "ok"})
try:
user_data = get_user_data(email=email)
except NewsletterException as e:
return newsletter_exception_response(e)
if not user_data:
return HttpResponseJSON(
{
"status": "error",
"desc": "Email address not known",
"code": errors.BASKET_UNKNOWN_EMAIL,
},
404,
) # Note: Bedrock looks for this 404
send_recovery_message_task.delay(email)
return HttpResponseJSON({"status": "ok"})
def send_recovery_message(request):
"""
Send a recovery message to an email address.
required form parameter: email
If email not provided or not syntactically correct, returns 400.
If email not known, returns 404.
Otherwise, queues a task to send the message and returns 200.
"""
email = process_email(request.POST.get('email'))
if not email:
return invalid_email_response()
if email_is_blocked(email):
# don't let on there's a problem
return HttpResponseJSON({'status': 'ok'})
try:
user_data = get_user_data(email=email)
except NewsletterException as e:
return newsletter_exception_response(e)
if not user_data:
return HttpResponseJSON({
'status': 'error',
'desc': 'Email address not known',
'code': errors.BASKET_UNKNOWN_EMAIL,
}, 404) # Note: Bedrock looks for this 404
send_recovery_message_task.delay(email)
return HttpResponseJSON({'status': 'ok'})
def lookup_user(request):
"""Lookup a user in Exact Target given email or token (not both).
To look up by email, a valid API key are required.
If email and token are both provided, an error is returned rather
than trying to define all the possible behaviors.
SSL is always required when using this call. If no SSL, it'll fail
with 401 and an appropriate message in the response body.
Response content is always JSON.
If user is not found, returns a 404 status and json is::
{
'status': 'error',
'desc': 'No such user'
}
(If you need to distinguish user not found from an error calling
the API, check the response content.)
If a required, valid API key is not provided, status is 401 Unauthorized.
The API key can be provided either as a GET query parameter ``api-key``
or a request header ``X-api-key``. If it's provided as a query parameter,
any request header is ignored.
For other errors, similarly
response status is 4xx and the json 'desc' says what's wrong.
Otherwise, status is 200 and json is the return value from
`get_user_data`. See that method for details.
Note that because this method always calls Exact Target one or
more times, it can be slower than some other Basket APIs, and will
fail if ET is down.
"""
if settings.MAINTENANCE_MODE and not settings.MAINTENANCE_READ_ONLY:
# can't return user data during maintenance
return HttpResponseJSON(
{
"status": "error",
"desc": "user data is not available in maintenance mode",
"code": errors.BASKET_NETWORK_FAILURE,
},
400,
)
token = request.GET.get("token", None)
email = request.GET.get("email", None)
get_fxa = "fxa" in request.GET
if (not email and not token) or (email and token):
return HttpResponseJSON(
{
"status": "error",
"desc": MSG_EMAIL_OR_TOKEN_REQUIRED,
"code": errors.BASKET_USAGE_ERROR,
},
400,
)
if email and not is_authorized(request, email):
return HttpResponseJSON(
{
"status": "error",
"desc": "Using lookup_user with `email`, you need to pass a "
"valid `api-key` or FxA OAuth Autorization header.",
"code": errors.BASKET_AUTH_ERROR,
},
401,
)
if email:
email = process_email(email)
if not email:
return invalid_email_response()
try:
user_data = get_user_data(token=token, email=email, get_fxa=get_fxa)
except NewsletterException as e:
return newsletter_exception_response(e)
status_code = 200
if not user_data:
code = errors.BASKET_UNKNOWN_TOKEN if token else errors.BASKET_UNKNOWN_EMAIL
user_data = {
"status": "error",
"desc": MSG_USER_NOT_FOUND,
"code": code,
}
status_code = 404
return HttpResponseJSON(user_data, status_code)
def update_user_task(request,
api_call_type,
data=None,
optin=False,
sync=False):
"""Call the update_user task async with the right parameters.
If sync==True, be sure to include the token in the response.
Otherwise, basket can just do everything in the background.
"""
data = data or request.POST.dict()
newsletters = parse_newsletters_csv(data.get("newsletters"))
if newsletters:
if api_call_type == SUBSCRIBE:
all_newsletters = (newsletter_and_group_slugs() +
get_transactional_message_ids())
else:
all_newsletters = newsletter_slugs()
private_newsletters = newsletter_private_slugs()
for nl in newsletters:
if nl not in all_newsletters:
return HttpResponseJSON(
{
"status": "error",
"desc": "invalid newsletter",
"code": errors.BASKET_INVALID_NEWSLETTER,
},
400,
)
if api_call_type != UNSUBSCRIBE and nl in private_newsletters:
if not is_authorized(request, data.get("email")):
return HttpResponseJSON(
{
"status": "error",
"desc":
"private newsletter subscription requires a valid API key or OAuth",
"code": errors.BASKET_AUTH_ERROR,
},
401,
)
if "lang" in data:
if not language_code_is_valid(data["lang"]):
data["lang"] = "en"
elif "accept_lang" in data:
lang = get_best_language(get_accept_languages(data["accept_lang"]))
if lang:
data["lang"] = lang
del data["accept_lang"]
# if lang not provided get the best one from the accept-language header
else:
lang = get_best_request_lang(request)
if lang:
data["lang"] = lang
# now ensure that if we do have a lang that it's a supported one
if "lang" in data:
data["lang"] = get_best_supported_lang(data["lang"])
email = data.get("email")
token = data.get("token")
if not (email or token):
return HttpResponseJSON(
{
"status": "error",
"desc": MSG_EMAIL_OR_TOKEN_REQUIRED,
"code": errors.BASKET_USAGE_ERROR,
},
400,
)
if optin:
data["optin"] = True
if api_call_type == SUBSCRIBE and email and data.get("newsletters"):
# only rate limit here so we don't rate limit errors.
if is_ratelimited(
request,
group="basket.news.views.update_user_task.subscribe",
key=lambda x, y: "%s-%s" % (data["newsletters"], email),
rate=EMAIL_SUBSCRIBE_RATE_LIMIT,
increment=True,
):
raise Ratelimited()
if api_call_type == SET and token and data.get("newsletters"):
# only rate limit here so we don't rate limit errors.
if is_ratelimited(
request,
group="basket.news.views.update_user_task.set",
key=lambda x, y: "%s-%s" % (data["newsletters"], token),
rate=EMAIL_SUBSCRIBE_RATE_LIMIT,
increment=True,
):
raise Ratelimited()
if sync:
statsd.incr("news.views.subscribe.sync")
if settings.MAINTENANCE_MODE and not settings.MAINTENANCE_READ_ONLY:
# save what we can
upsert_user.delay(api_call_type, data, start_time=time())
# have to error since we can't return a token
return HttpResponseJSON(
{
"status": "error",
"desc": "sync is not available in maintenance mode",
"code": errors.BASKET_NETWORK_FAILURE,
},
400,
)
try:
user_data = get_user_data(email=email, token=token)
except NewsletterException as e:
return newsletter_exception_response(e)
if not user_data:
if not email:
# must have email to create a user
return HttpResponseJSON(
{
"status": "error",
"desc": MSG_EMAIL_OR_TOKEN_REQUIRED,
"code": errors.BASKET_USAGE_ERROR,
},
400,
)
token, created = upsert_contact(api_call_type, data, user_data)
return HttpResponseJSON({
"status": "ok",
"token": token,
"created": created
})
else:
upsert_user.delay(api_call_type, data, start_time=time())
return HttpResponseJSON({"status": "ok"})
def update_user_task(request, api_call_type, data=None, optin=False, sync=False):
"""Call the update_user task async with the right parameters.
If sync==True, be sure to include the token in the response.
Otherwise, basket can just do everything in the background.
"""
data = data or request.POST.dict()
newsletters = parse_newsletters_csv(data.get('newsletters'))
if newsletters:
if api_call_type == SUBSCRIBE:
all_newsletters = newsletter_and_group_slugs() + get_transactional_message_ids()
else:
all_newsletters = newsletter_slugs()
private_newsletters = newsletter_private_slugs()
for nl in newsletters:
if nl not in all_newsletters:
return HttpResponseJSON({
'status': 'error',
'desc': 'invalid newsletter',
'code': errors.BASKET_INVALID_NEWSLETTER,
}, 400)
if api_call_type != UNSUBSCRIBE and nl in private_newsletters:
if not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'private newsletter subscription requires a valid API key',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
if 'lang' in data:
if not language_code_is_valid(data['lang']):
data['lang'] = 'en'
elif 'accept_lang' in data:
lang = get_best_language(get_accept_languages(data['accept_lang']))
if lang:
data['lang'] = lang
del data['accept_lang']
else:
data['lang'] = 'en'
# if lang not provided get the best one from the accept-language header
else:
data['lang'] = get_best_request_lang(request) or 'en'
email = data.get('email')
token = data.get('token')
if not (email or token):
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if optin:
data['optin'] = True
if api_call_type == SUBSCRIBE and email and data.get('newsletters'):
# only rate limit here so we don't rate limit errors.
if is_ratelimited(request, group='basket.news.views.update_user_task.subscribe',
key=lambda x, y: '%s-%s' % (data['newsletters'], email),
rate=EMAIL_SUBSCRIBE_RATE_LIMIT, increment=True):
raise Ratelimited()
if api_call_type == SET and token and data.get('newsletters'):
# only rate limit here so we don't rate limit errors.
if is_ratelimited(request, group='basket.news.views.update_user_task.set',
key=lambda x, y: '%s-%s' % (data['newsletters'], token),
rate=EMAIL_SUBSCRIBE_RATE_LIMIT, increment=True):
raise Ratelimited()
if sync:
statsd.incr('news.views.subscribe.sync')
if settings.MAINTENANCE_MODE and not settings.MAINTENANCE_READ_ONLY:
# save what we can
upsert_user.delay(api_call_type, data, start_time=time())
# have to error since we can't return a token
return HttpResponseJSON({
'status': 'error',
'desc': 'sync is not available in maintenance mode',
'code': errors.BASKET_NETWORK_FAILURE,
}, 400)
try:
user_data = get_user_data(email=email, token=token)
except NewsletterException as e:
return newsletter_exception_response(e)
if not user_data:
if not email:
# must have email to create a user
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
token, created = upsert_contact(api_call_type, data, user_data)
return HttpResponseJSON({
'status': 'ok',
'token': token,
'created': created,
})
else:
upsert_user.delay(api_call_type, data, start_time=time())
return HttpResponseJSON({
'status': 'ok',
})
def lookup_user(request):
"""Lookup a user in Exact Target given email or token (not both).
To look up by email, a valid API key are required.
If email and token are both provided, an error is returned rather
than trying to define all the possible behaviors.
SSL is always required when using this call. If no SSL, it'll fail
with 401 and an appropriate message in the response body.
Response content is always JSON.
If user is not found, returns a 404 status and json is::
{
'status': 'error',
'desc': 'No such user'
}
(If you need to distinguish user not found from an error calling
the API, check the response content.)
If a required, valid API key is not provided, status is 401 Unauthorized.
The API key can be provided either as a GET query parameter ``api-key``
or a request header ``X-api-key``. If it's provided as a query parameter,
any request header is ignored.
For other errors, similarly
response status is 4xx and the json 'desc' says what's wrong.
Otherwise, status is 200 and json is the return value from
`get_user_data`. See that method for details.
Note that because this method always calls Exact Target one or
more times, it can be slower than some other Basket APIs, and will
fail if ET is down.
"""
if settings.MAINTENANCE_MODE and not settings.MAINTENANCE_READ_ONLY:
# can't return user data during maintenance
return HttpResponseJSON({
'status': 'error',
'desc': 'user data is not available in maintenance mode',
'code': errors.BASKET_NETWORK_FAILURE,
}, 400)
token = request.GET.get('token', None)
email = request.GET.get('email', None)
if (not email and not token) or (email and token):
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if email and not has_valid_api_key(request):
return HttpResponseJSON({
'status': 'error',
'desc': 'Using lookup_user with `email`, you need to pass a '
'valid `api-key` GET parameter or X-api-key header',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
if email:
email = process_email(email)
if not email:
return invalid_email_response()
try:
user_data = get_user_data(token=token, email=email)
except NewsletterException as e:
return newsletter_exception_response(e)
status_code = 200
if not user_data:
code = errors.BASKET_UNKNOWN_TOKEN if token else errors.BASKET_UNKNOWN_EMAIL
user_data = {
'status': 'error',
'desc': MSG_USER_NOT_FOUND,
'code': code,
}
status_code = 404
return HttpResponseJSON(user_data, status_code)
def update_user_task(request, api_call_type, data=None, optin=False, sync=False):
"""Call the update_user task async with the right parameters.
If sync==True, be sure to include the token in the response.
Otherwise, basket can just do everything in the background.
"""
data = data or request.POST.dict()
newsletters = parse_newsletters_csv(data.get('newsletters'))
if newsletters:
if api_call_type == SUBSCRIBE:
all_newsletters = newsletter_and_group_slugs() + get_transactional_message_ids()
else:
all_newsletters = newsletter_slugs()
private_newsletters = newsletter_private_slugs()
for nl in newsletters:
if nl not in all_newsletters:
return HttpResponseJSON({
'status': 'error',
'desc': 'invalid newsletter',
'code': errors.BASKET_INVALID_NEWSLETTER,
}, 400)
if api_call_type != UNSUBSCRIBE and nl in private_newsletters:
if not is_authorized(request, data.get('email')):
return HttpResponseJSON({
'status': 'error',
'desc': 'private newsletter subscription requires a valid API key or OAuth',
'code': errors.BASKET_AUTH_ERROR,
}, 401)
if 'lang' in data:
if not language_code_is_valid(data['lang']):
data['lang'] = 'en'
elif 'accept_lang' in data:
lang = get_best_language(get_accept_languages(data['accept_lang']))
if lang:
data['lang'] = lang
del data['accept_lang']
# if lang not provided get the best one from the accept-language header
else:
lang = get_best_request_lang(request)
if lang:
data['lang'] = lang
email = data.get('email')
token = data.get('token')
if not (email or token):
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
if optin:
data['optin'] = True
if api_call_type == SUBSCRIBE and email and data.get('newsletters'):
# only rate limit here so we don't rate limit errors.
if is_ratelimited(request, group='basket.news.views.update_user_task.subscribe',
key=lambda x, y: '%s-%s' % (data['newsletters'], email),
rate=EMAIL_SUBSCRIBE_RATE_LIMIT, increment=True):
raise Ratelimited()
if api_call_type == SET and token and data.get('newsletters'):
# only rate limit here so we don't rate limit errors.
if is_ratelimited(request, group='basket.news.views.update_user_task.set',
key=lambda x, y: '%s-%s' % (data['newsletters'], token),
rate=EMAIL_SUBSCRIBE_RATE_LIMIT, increment=True):
raise Ratelimited()
if sync:
statsd.incr('news.views.subscribe.sync')
if settings.MAINTENANCE_MODE and not settings.MAINTENANCE_READ_ONLY:
# save what we can
upsert_user.delay(api_call_type, data, start_time=time())
# have to error since we can't return a token
return HttpResponseJSON({
'status': 'error',
'desc': 'sync is not available in maintenance mode',
'code': errors.BASKET_NETWORK_FAILURE,
}, 400)
try:
user_data = get_user_data(email=email, token=token)
except NewsletterException as e:
return newsletter_exception_response(e)
if not user_data:
if not email:
# must have email to create a user
return HttpResponseJSON({
'status': 'error',
'desc': MSG_EMAIL_OR_TOKEN_REQUIRED,
'code': errors.BASKET_USAGE_ERROR,
}, 400)
token, created = upsert_contact(api_call_type, data, user_data)
return HttpResponseJSON({
'status': 'ok',
'token': token,
'created': created,
})
else:
upsert_user.delay(api_call_type, data, start_time=time())
return HttpResponseJSON({
'status': 'ok',
})