def letter_proof_user():
description = """\
Apply verification returned by eduid-idproofing-letter after failure. The JSON data is found in the
eduid-idproofing-letter log after a users successful verification.
Example:
'letter_proof_user eppn idproofing-letter-json-data'
"""
usage = "usage: %prog eppn idproofing-letter-json-data"
parser = optparse.OptionParser(
usage=usage,
description=textwrap.dedent(description)
)
options, args = parser.parse_args(sys.argv[1:])
if not len(args) == 2:
print('Two arguments required')
print(usage)
return 2
env = bootstrap(default_config_file)
eppn = args[0]
data = args[1]
rdata = json.loads(data)
user = _get_user_by_eppn(env['request'], eppn, legacy_user=False)
if not user.nins.to_list() and rdata.get('verified', False):
# Save data from successful verification call for later addition to user proofing collection
rdata['created_ts'] = datetime.utcfromtimestamp(int(rdata['created_ts']))
rdata['verified_ts'] = datetime.utcfromtimestamp(int(rdata['verified_ts']))
user = DashboardUser(data = user.to_dict())
user.add_letter_proofing_data(rdata)
# Look up users official address at the time of verification per Kantara requirements
print "Looking up address via Navet for user {!r}.".format(user)
user_postal_address = env['request'].msgrelay.get_full_postal_address(rdata['number'])
print "Finished looking up address via Navet for user {!r}.".format(user)
proofing_data = LetterProofing(user, rdata['number'], rdata['official_address'],
rdata['transaction_id'], user_postal_address)
# Log verification event and fail if that goes wrong
print "Logging proofing data for user {!r}.".format(user)
if env['request'].idproofinglog.log_verification(proofing_data):
print "Finished logging proofing data for user {!r}.".format(user)
try:
# This is a hack to reuse the existing proofing functionality, the users code is
# verified by the micro service
set_nin_verified(env['request'], user, rdata['number'])
try:
env['request'].context.save_dashboard_user(user)
except UserOutOfSync:
print 'Verified norEduPersonNIN NOT saved for user {!r}. User out of sync.'.format(user)
raise
save_as_verified(env['request'], 'norEduPersonNIN', user, rdata['number'])
print "Verified NIN by physical letter saved for user {!r}.".format(user)
except UserOutOfSync:
print "Verified NIN by physical letter NOT saved for user {!r}. User out of sync.".format(user)
else:
print 'You have successfully verified the identity for user {!r}'.format(user)
else:
print 'User {!r} already has verified NIN ({!s}).'.format(user, user.nins)
def finish_letter_action(self, data, post_data):
"""
Contact the eduid-idproofing-letter service and give it the code the user supplied.
If the letter proofing service approves of the code, this code does the following:
* Put together some LetterProofing data with information about the user, the vetting, the
users registered address etc. (Kantara requirement)
* Log what the letter proofing service returned on the user (we put it there for now...)
* Upgrade the NIN in question to verified=True
* Mark the verification code as used
:returns: status, message in a dict
:rtype: dict
"""
nin, index = data.split()
index = int(index)
settings = self.request.registry.settings
letter_url = settings.get('letter_service_url')
verify_letter_url = urlparse.urljoin(letter_url, 'verify-code')
code = post_data['verification_code']
self.user = get_session_user(self.request)
# small helper function to make rest of the function more readable
def make_result(result, msg):
return dict(result = result, message = msg)
data = {'eppn': self.user.eppn,
'verification_code': code}
logger.info("Posting letter verification code for user {!r}.".format(self.user))
response = requests.post(verify_letter_url, data=data)
logger.info("Received response from idproofing-letter after posting verification code "
"for user {!r}.".format(self.user))
if response.status_code != 200:
# Do nothing, just return above error message and log microservice return code
logger.info("Received status code {!s} from idproofing-letter after posting verification code "
"for user {!r}.".format(response.status_code, self.user))
return make_result('error', _('There was a problem with the letter service. '
'Please try again later.'))
rdata = response.json().get('data', {})
if not (rdata.get('verified', False) and nin == rdata.get('number', None)):
log.info('User {!r} supplied wrong letter verification code or nin did not match.'.format(
self.user))
log.debug('NIN in dashboard: {!s}, NIN in idproofing-letter: {!s}'.format(
nin, rdata.get('number', None)))
return make_result('error', _('Your verification code seems to be wrong, please try again.'))
# Save data from successful verification call for later addition to user proofing collection.
# Convert self.user to a DashboardUser manually instead of letting save_dashboard_user do
# it to get access to add_letter_proofing_data().
user = DashboardUser(data = self.user.to_dict())
rdata['created_ts'] = datetime.utcfromtimestamp(int(rdata['created_ts']))
rdata['verified_ts'] = datetime.utcfromtimestamp(int(rdata['verified_ts']))
user.add_letter_proofing_data(rdata)
# Look up users official address at the time of verification per Kantara requirements
logger.info("Looking up address via Navet for user {!r}.".format(self.user))
user_postal_address = self.request.msgrelay.get_full_postal_address(rdata['number'])
logger.info("Finished looking up address via Navet for user {!r}.".format(self.user))
proofing_data = LetterProofing(self.user, rdata['number'], rdata['official_address'],
rdata['transaction_id'], user_postal_address)
# Log verification event and fail if that goes wrong
logger.info("Logging proofing data for user {!r}.".format(self.user))
if not self.request.idproofinglog.log_verification(proofing_data):
log.error('Logging of letter proofing data for user {!r} failed.'.format(self.user))
return make_result('error', _('Sorry, we are experiencing temporary technical '
'problems, please try again later.'))
logger.info("Finished logging proofing data for user {!r}.".format(self.user))
# This is a hack to reuse the existing proofing functionality, the users code has
# already been verified by the micro service but we decided the dashboard could
# continue 'upgrading' the users until we've made the planned proofing consumer
set_nin_verified(self.request, user, nin)
try:
self.request.context.save_dashboard_user(user)
except UserOutOfSync:
log.error("Verified norEduPersonNIN NOT saved for user {!r}. User out of sync.".format(
self.user))
return self.sync_user()
self.user = user
# Finally mark the verification as used
save_as_verified(self.request, 'norEduPersonNIN', self.user, nin)
logger.info("Verified NIN by physical letter saved for user {!r}.".format(
self.user))
return make_result('success', _('You have successfully verified your identity'))
def letter_proof_user():
description = """\
Apply verification returned by eduid-idproofing-letter after failure. The JSON data is found in the
eduid-idproofing-letter log after a users successful verification.
Example:
'letter_proof_user eppn idproofing-letter-json-data'
"""
usage = "usage: %prog eppn idproofing-letter-json-data"
parser = optparse.OptionParser(usage=usage,
description=textwrap.dedent(description))
options, args = parser.parse_args(sys.argv[1:])
if not len(args) == 2:
print('Two arguments required')
print(usage)
return 2
env = bootstrap(default_config_file)
eppn = args[0]
data = args[1]
rdata = json.loads(data)
user = _get_user_by_eppn(env['request'], eppn, legacy_user=False)
if not user.nins.to_list() and rdata.get('verified', False):
# Save data from successful verification call for later addition to user proofing collection
rdata['created_ts'] = datetime.utcfromtimestamp(
int(rdata['created_ts']))
rdata['verified_ts'] = datetime.utcfromtimestamp(
int(rdata['verified_ts']))
user = DashboardUser(data=user.to_dict())
user.add_letter_proofing_data(rdata)
# Look up users official address at the time of verification per Kantara requirements
print "Looking up address via Navet for user {!r}.".format(user)
user_postal_address = env['request'].msgrelay.get_full_postal_address(
rdata['number'])
print "Finished looking up address via Navet for user {!r}.".format(
user)
proofing_data = LetterProofing(user, rdata['number'],
rdata['official_address'],
rdata['transaction_id'],
user_postal_address)
# Log verification event and fail if that goes wrong
print "Logging proofing data for user {!r}.".format(user)
if env['request'].idproofinglog.log_verification(proofing_data):
print "Finished logging proofing data for user {!r}.".format(user)
try:
# This is a hack to reuse the existing proofing functionality, the users code is
# verified by the micro service
set_nin_verified(env['request'], user, rdata['number'])
try:
env['request'].context.save_dashboard_user(user)
except UserOutOfSync:
print 'Verified norEduPersonNIN NOT saved for user {!r}. User out of sync.'.format(
user)
raise
save_as_verified(env['request'], 'norEduPersonNIN', user,
rdata['number'])
print "Verified NIN by physical letter saved for user {!r}.".format(
user)
except UserOutOfSync:
print "Verified NIN by physical letter NOT saved for user {!r}. User out of sync.".format(
user)
else:
print 'You have successfully verified the identity for user {!r}'.format(
user)
else:
print 'User {!r} already has verified NIN ({!s}).'.format(
user, user.nins)
def finish_letter_action(self, data, post_data):
"""
Contact the eduid-idproofing-letter service and give it the code the user supplied.
If the letter proofing service approves of the code, this code does the following:
* Put together some LetterProofing data with information about the user, the vetting, the
users registered address etc. (Kantara requirement)
* Log what the letter proofing service returned on the user (we put it there for now...)
* Upgrade the NIN in question to verified=True
* Mark the verification code as used
:returns: status, message in a dict
:rtype: dict
"""
nin, index = data.split()
index = int(index)
settings = self.request.registry.settings
letter_url = settings.get('letter_service_url')
verify_letter_url = urlappend(letter_url, 'verify-code')
code = post_data['verification_code']
self.user = get_session_user(self.request)
# small helper function to make rest of the function more readable
def make_result(result, msg):
return dict(result = result, message = msg)
data = {'eppn': self.user.eppn,
'verification_code': code}
logger.info("Posting letter verification code for user {!r}.".format(self.user))
response = requests.post(verify_letter_url, data=data)
logger.info("Received response from idproofing-letter after posting verification code "
"for user {!r}.".format(self.user))
if response.status_code != 200:
# Do nothing, just return above error message and log microservice return code
logger.info("Received status code {!s} from idproofing-letter after posting verification code "
"for user {!r}.".format(response.status_code, self.user))
return make_result('error', _('There was a problem with the letter service. '
'Please try again later.'))
rdata = response.json().get('data', {})
if not (rdata.get('verified', False) and nin == rdata.get('number', None)):
log.info('User {!r} supplied wrong letter verification code or nin did not match.'.format(
self.user))
log.debug('NIN in dashboard: {!s}, NIN in idproofing-letter: {!s}'.format(
nin, rdata.get('number', None)))
return make_result('error', _('Your verification code seems to be wrong, please try again.'))
# Save data from successful verification call for later addition to user proofing collection.
# Convert self.user to a DashboardUser manually instead of letting save_dashboard_user do
# it to get access to add_letter_proofing_data().
user = DashboardUser(data = self.user.to_dict())
rdata['created_ts'] = datetime.utcfromtimestamp(int(rdata['created_ts']))
rdata['verified_ts'] = datetime.utcfromtimestamp(int(rdata['verified_ts']))
user.add_letter_proofing_data(rdata)
# Look up users official address at the time of verification per Kantara requirements
logger.info("Looking up address via Navet for user {!r}.".format(self.user))
user_postal_address = self.request.msgrelay.get_full_postal_address(rdata['number'])
logger.info("Finished looking up address via Navet for user {!r}.".format(self.user))
proofing_data = LetterProofing(self.user, rdata['number'], rdata['official_address'],
rdata['transaction_id'], user_postal_address)
# Log verification event and fail if that goes wrong
logger.info("Logging proofing data for user {!r}.".format(self.user))
if not self.request.idproofinglog.log_verification(proofing_data):
log.error('Logging of letter proofing data for user {!r} failed.'.format(self.user))
return make_result('error', _('Sorry, we are experiencing temporary technical '
'problems, please try again later.'))
logger.info("Finished logging proofing data for user {!r}.".format(self.user))
# This is a hack to reuse the existing proofing functionality, the users code has
# already been verified by the micro service but we decided the dashboard could
# continue 'upgrading' the users until we've made the planned proofing consumer
set_nin_verified(self.request, user, nin)
try:
self.request.context.save_dashboard_user(user)
except UserOutOfSync:
log.error("Verified norEduPersonNIN NOT saved for user {!r}. User out of sync.".format(
self.user))
return self.sync_user()
self.user = user
# Finally mark the verification as used
save_as_verified(self.request, 'norEduPersonNIN', self.user, nin)
logger.info("Verified NIN by physical letter saved for user {!r}.".format(
self.user))
return make_result('success', _('You have successfully verified your identity'))