def test_lock_respondent_account_fail(self): with responses.RequestsMock() as rsps: rsps.add(rsps.PUT, url_notify_party_and_respondent_account_locked, status=400) with app.app_context(): with self.assertRaises(ApiError): party_controller.notify_party_and_respondent_account_locked( respondent_party['id'], respondent_party['emailAddress'], status='ACTIVE')
def test_lock_respondent_account_success(self): with responses.RequestsMock() as rsps: rsps.add(rsps.PUT, url_notify_party_and_respondent_account_locked, status=200) with app.app_context(): try: party_controller.notify_party_and_respondent_account_locked( respondent_party['id'], respondent_party['emailAddress'], status='ACTIVE') except ApiError: self.fail( 'Change respondent status fail to PUT your request')
def test_notify_account_error(self, mock_object): self.app = create_app_object() self.app.testing = True mock_object.put(url_notify_party_and_respondent_account_locked, json={ 'respondent_id': 'f956e8ae-6e0f-4414-b0cf-a07c1aa3e37b', 'status_change': 'SUSPENDED', 'email_address': '*****@*****.**' }, status_code=500) with self.app.app_context(): with self.assertRaises(ApiError): notify_party_and_respondent_account_locked( respondent_id='f956e8ae-6e0f-4414-b0cf-a07c1aa3e37b', email_address='*****@*****.**')
def test_notify_account_error(self, mock_request): mock_request.get(url_banner_api, status_code=404) self.app = create_app_object() self.app.testing = True mock_request.put( url_notify_party_and_respondent_account_locked, json={ "respondent_id": "f956e8ae-6e0f-4414-b0cf-a07c1aa3e37b", "status_change": "SUSPENDED", "email_address": "*****@*****.**", }, status_code=500, ) with self.app.app_context(): with self.assertRaises(ApiError): notify_party_and_respondent_account_locked( respondent_id="f956e8ae-6e0f-4414-b0cf-a07c1aa3e37b", email_address="*****@*****.**")
def login(): # noqa: C901 form = LoginForm(request.form) form.username.data = form.username.data.strip() account_activated = request.args.get('account_activated', None) secure = app.config['WTF_CSRF_ENABLED'] if request.method == 'POST' and form.validate(): username = form.username.data password = request.form.get('password') bound_logger = logger.bind(email=obfuscate_email(username)) bound_logger.info("Attempting to find user in auth service") try: auth_controller.sign_in(username, password) except AuthError as exc: error_message = exc.auth_error party_json = party_controller.get_respondent_by_email(username) party_id = party_json.get('id') if party_json else None bound_logger = bound_logger.bind(party_id=party_id) if USER_ACCOUNT_LOCKED in error_message: # pylint: disable=no-else-return if not party_id: bound_logger.error("Respondent account locked in auth but doesn't exist in party") return render_template('sign-in/sign-in.html', form=form, data={"error": {"type": "failed"}}) bound_logger.info('User account is locked on the Auth server', status=party_json['status']) if party_json['status'] == 'ACTIVE' or party_json['status'] == 'CREATED': notify_party_and_respondent_account_locked(respondent_id=party_id, email_address=username, status='SUSPENDED') return render_template('sign-in/sign-in.account-locked.html', form=form) elif NOT_VERIFIED_ERROR in error_message: bound_logger.info('User account is not verified on the Auth server') return render_template('sign-in/sign-in.account-not-verified.html', party_id=party_id) elif BAD_AUTH_ERROR in error_message: bound_logger.info('Bad credentials provided') elif UNKNOWN_ACCOUNT_ERROR in error_message: bound_logger.info('User account does not exist in auth service') else: bound_logger.error('Unexpected error was returned from Auth service', auth_error=error_message) return render_template('sign-in/sign-in.html', form=form, data={"error": {"type": "failed"}}, next=request.args.get('next')) bound_logger.info("Successfully found user in auth service. Attempting to find user in party service") party_json = party_controller.get_respondent_by_email(username) if not party_json or 'id' not in party_json: bound_logger.error("Respondent has an account in auth but not in party") return render_template('sign-in/sign-in.html', form=form, data={"error": {"type": "failed"}}) party_id = party_json['id'] bound_logger = bound_logger.bind(party_id=party_id) if request.args.get('next'): response = make_response(redirect(request.args.get('next'))) else: response = make_response(redirect(url_for('surveys_bp.get_survey_list', tag='todo', _external=True, _scheme=getenv('SCHEME', 'http')))) bound_logger.info("Successfully found user in party service") bound_logger.info('Creating session') session = Session.from_party_id(party_id) response.set_cookie('authorization', value=session.session_key, expires=session.get_expires_in(), secure=secure, httponly=secure) count = conversation_controller.get_message_count_from_api(session) session.set_unread_message_total(count) bound_logger.info('Successfully created session', session_key=session.session_key) return response template_data = { "error": { "type": form.errors, "logged_in": "False" }, 'account_activated': account_activated } if request.args.get('next'): return render_template('sign-in/sign-in.html', form=form, data=template_data, next=request.args.get('next')) return render_template('sign-in/sign-in.html', form=form, data=template_data)
def login(): form = LoginForm(request.form) form.username.data = form.username.data.strip() account_activated = request.args.get('account_activated', None) if request.method == 'POST' and form.validate(): username = form.username.data password = request.form.get('password') party_json = party_controller.get_respondent_by_email(username) if not party_json or 'id' not in party_json: logger.info( 'Respondent not able to sign in as they don\'t have an active account in the system.' ) return render_template('sign-in/sign-in.html', form=form, data={"error": { "type": "failed" }}) party_id = party_json['id'] try: oauth2_token = oauth_controller.sign_in(username, password) except OAuth2Error as exc: error_message = exc.oauth2_error if USER_ACCOUNT_LOCKED in error_message: logger.info('User account is locked on the OAuth2 server', party_id=party_id) if party_json['status'] == 'ACTIVE' or party_json[ 'status'] == 'CREATED': notify_party_and_respondent_account_locked( respondent_id=party_id, email_address=username, status='SUSPENDED') return render_template('sign-in/sign-in.account-locked.html', form=form) elif BAD_AUTH_ERROR in error_message: return render_template('sign-in/sign-in.html', form=form, data={"error": { "type": "failed" }}) elif NOT_VERIFIED_ERROR in error_message: logger.info( 'User account is not verified on the OAuth2 server') return render_template( 'sign-in/sign-in.account-not-verified.html', party_id=party_id, email=username) else: logger.info( 'OAuth 2 server generated 401 which is not understood', oauth2_error=error_message) return render_template('sign-in/sign-in.html', form=form, data={"error": { "type": "failed" }}) # Take our raw token and add a UTC timestamp to the expires_at attribute data_dict = {**oauth2_token, 'party_id': party_id} data_dict_for_jwt_token = timestamp_token(data_dict) encoded_jwt_token = encode(data_dict_for_jwt_token) response = make_response( redirect( url_for('surveys_bp.get_survey_list', tag='todo', _external=True, _scheme=getenv('SCHEME', 'http')))) session = SessionHandler() logger.info('Creating session', party_id=party_id) session.create_session(encoded_jwt_token) response.set_cookie('authorization', value=session.session_key, expires=data_dict_for_jwt_token['expires_at']) logger.info('Successfully created session', party_id=party_id, session_key=session.session_key) return response template_data = { "error": { "type": form.errors, "logged_in": "False" }, 'account_activated': account_activated } return render_template('sign-in/sign-in.html', form=form, data=template_data)
def login(): # noqa: C901 form = LoginForm(request.form) if form.username.data is not None: form.username.data = form.username.data.strip() if request.method == "POST" and form.validate(): username = form.username.data password = request.form.get("password") bound_logger = logger.bind(email=obfuscate_email(username)) bound_logger.info("Attempting to find user in auth service") try: auth_controller.sign_in(username, password) except AuthError as exc: error_message = exc.auth_error party_json = party_controller.get_respondent_by_email(username) party_id = party_json.get("id") if party_json else None bound_logger = bound_logger.bind(party_id=party_id) if USER_ACCOUNT_LOCKED in error_message: if not party_id: bound_logger.error( "Respondent account locked in auth but doesn't exist in party" ) return render_template("sign-in/sign-in.html", form=form, data={"error": { "type": "failed" }}) bound_logger.info("User account is locked on the Auth server", status=party_json["status"]) if party_json["status"] == "ACTIVE" or party_json[ "status"] == "CREATED": notify_party_and_respondent_account_locked( respondent_id=party_id, email_address=username, status="SUSPENDED") return render_template("sign-in/sign-in.account-locked.html", form=form) elif NOT_VERIFIED_ERROR in error_message: bound_logger.info( "User account is not verified on the Auth server") return render_template( "sign-in/sign-in.account-not-verified.html", party_id=party_id) elif BAD_AUTH_ERROR in error_message: bound_logger.info("Bad credentials provided") elif UNKNOWN_ACCOUNT_ERROR in error_message: bound_logger.info( "User account does not exist in auth service") elif USER_ACCOUNT_DELETED in error_message: bound_logger.info("User account is marked for deletion") else: bound_logger.error( "Unexpected error was returned from Auth service", auth_error=error_message) logger.unbind("email") return render_template("sign-in/sign-in.html", form=form, data={"error": { "type": "failed" }}) bound_logger.info( "Successfully found user in auth service. Attempting to find user in party service" ) party_json = party_controller.get_respondent_by_email(username) if not party_json or "id" not in party_json: bound_logger.error( "Respondent has an account in auth but not in party") return render_template("sign-in/sign-in.html", form=form, data={"error": { "type": "failed" }}) party_id = party_json["id"] bound_logger = bound_logger.bind(party_id=party_id) if session.get("next"): response = make_response(redirect(session.get("next"))) session.pop("next") else: response = make_response( redirect( url_for("surveys_bp.get_survey_list", tag="todo", _external=True, _scheme=getenv("SCHEME", "http")))) bound_logger.info("Successfully found user in party service") bound_logger.info("Creating session") redis_session = Session.from_party_id(party_id) secure = app.config["WTF_CSRF_ENABLED"] response.set_cookie( "authorization", value=redis_session.session_key, expires=redis_session.get_expires_in(), secure=secure, httponly=secure, samesite="strict", ) count = conversation_controller.get_message_count_from_api( redis_session) redis_session.set_unread_message_total(count) bound_logger.info("Successfully created session", session_key=redis_session.session_key) bound_logger.unbind("email") return response account_activated = request.args.get("account_activated", None) template_data = { "error": { "type": form.errors, "logged_in": "False" }, "account_activated": account_activated } return render_template("sign-in/sign-in.html", form=form, data=template_data)