def test_lock_respondent_account_fail(self):
with responses.RequestsMock() as rsps:
rsps.add(rsps.PUT,
url_notify_party_and_respondent_account_locked,
status=400)
with app.app_context():
with self.assertRaises(ApiError):
party_controller.notify_party_and_respondent_account_locked(
respondent_party['id'],
respondent_party['emailAddress'],
status='ACTIVE')
def test_lock_respondent_account_success(self):
with responses.RequestsMock() as rsps:
rsps.add(rsps.PUT,
url_notify_party_and_respondent_account_locked,
status=200)
with app.app_context():
try:
party_controller.notify_party_and_respondent_account_locked(
respondent_party['id'],
respondent_party['emailAddress'],
status='ACTIVE')
except ApiError:
self.fail(
'Change respondent status fail to PUT your request')
def test_notify_account_error(self, mock_object):
self.app = create_app_object()
self.app.testing = True
mock_object.put(url_notify_party_and_respondent_account_locked,
json={
'respondent_id':
'f956e8ae-6e0f-4414-b0cf-a07c1aa3e37b',
'status_change': 'SUSPENDED',
'email_address': '*****@*****.**'
},
status_code=500)
with self.app.app_context():
with self.assertRaises(ApiError):
notify_party_and_respondent_account_locked(
respondent_id='f956e8ae-6e0f-4414-b0cf-a07c1aa3e37b',
email_address='*****@*****.**')
def test_notify_account_error(self, mock_request):
mock_request.get(url_banner_api, status_code=404)
self.app = create_app_object()
self.app.testing = True
mock_request.put(
url_notify_party_and_respondent_account_locked,
json={
"respondent_id": "f956e8ae-6e0f-4414-b0cf-a07c1aa3e37b",
"status_change": "SUSPENDED",
"email_address": "*****@*****.**",
},
status_code=500,
)
with self.app.app_context():
with self.assertRaises(ApiError):
notify_party_and_respondent_account_locked(
respondent_id="f956e8ae-6e0f-4414-b0cf-a07c1aa3e37b",
email_address="*****@*****.**")
def login(): # noqa: C901
form = LoginForm(request.form)
form.username.data = form.username.data.strip()
account_activated = request.args.get('account_activated', None)
secure = app.config['WTF_CSRF_ENABLED']
if request.method == 'POST' and form.validate():
username = form.username.data
password = request.form.get('password')
bound_logger = logger.bind(email=obfuscate_email(username))
bound_logger.info("Attempting to find user in auth service")
try:
auth_controller.sign_in(username, password)
except AuthError as exc:
error_message = exc.auth_error
party_json = party_controller.get_respondent_by_email(username)
party_id = party_json.get('id') if party_json else None
bound_logger = bound_logger.bind(party_id=party_id)
if USER_ACCOUNT_LOCKED in error_message: # pylint: disable=no-else-return
if not party_id:
bound_logger.error("Respondent account locked in auth but doesn't exist in party")
return render_template('sign-in/sign-in.html', form=form, data={"error": {"type": "failed"}})
bound_logger.info('User account is locked on the Auth server', status=party_json['status'])
if party_json['status'] == 'ACTIVE' or party_json['status'] == 'CREATED':
notify_party_and_respondent_account_locked(respondent_id=party_id,
email_address=username,
status='SUSPENDED')
return render_template('sign-in/sign-in.account-locked.html', form=form)
elif NOT_VERIFIED_ERROR in error_message:
bound_logger.info('User account is not verified on the Auth server')
return render_template('sign-in/sign-in.account-not-verified.html', party_id=party_id)
elif BAD_AUTH_ERROR in error_message:
bound_logger.info('Bad credentials provided')
elif UNKNOWN_ACCOUNT_ERROR in error_message:
bound_logger.info('User account does not exist in auth service')
else:
bound_logger.error('Unexpected error was returned from Auth service', auth_error=error_message)
return render_template('sign-in/sign-in.html', form=form, data={"error": {"type": "failed"}}, next=request.args.get('next'))
bound_logger.info("Successfully found user in auth service. Attempting to find user in party service")
party_json = party_controller.get_respondent_by_email(username)
if not party_json or 'id' not in party_json:
bound_logger.error("Respondent has an account in auth but not in party")
return render_template('sign-in/sign-in.html', form=form, data={"error": {"type": "failed"}})
party_id = party_json['id']
bound_logger = bound_logger.bind(party_id=party_id)
if request.args.get('next'):
response = make_response(redirect(request.args.get('next')))
else:
response = make_response(redirect(url_for('surveys_bp.get_survey_list', tag='todo', _external=True,
_scheme=getenv('SCHEME', 'http'))))
bound_logger.info("Successfully found user in party service")
bound_logger.info('Creating session')
session = Session.from_party_id(party_id)
response.set_cookie('authorization',
value=session.session_key,
expires=session.get_expires_in(),
secure=secure,
httponly=secure)
count = conversation_controller.get_message_count_from_api(session)
session.set_unread_message_total(count)
bound_logger.info('Successfully created session', session_key=session.session_key)
return response
template_data = {
"error": {
"type": form.errors,
"logged_in": "False"
},
'account_activated': account_activated
}
if request.args.get('next'):
return render_template('sign-in/sign-in.html', form=form, data=template_data,
next=request.args.get('next'))
return render_template('sign-in/sign-in.html', form=form, data=template_data)
def login():
form = LoginForm(request.form)
form.username.data = form.username.data.strip()
account_activated = request.args.get('account_activated', None)
if request.method == 'POST' and form.validate():
username = form.username.data
password = request.form.get('password')
party_json = party_controller.get_respondent_by_email(username)
if not party_json or 'id' not in party_json:
logger.info(
'Respondent not able to sign in as they don\'t have an active account in the system.'
)
return render_template('sign-in/sign-in.html',
form=form,
data={"error": {
"type": "failed"
}})
party_id = party_json['id']
try:
oauth2_token = oauth_controller.sign_in(username, password)
except OAuth2Error as exc:
error_message = exc.oauth2_error
if USER_ACCOUNT_LOCKED in error_message:
logger.info('User account is locked on the OAuth2 server',
party_id=party_id)
if party_json['status'] == 'ACTIVE' or party_json[
'status'] == 'CREATED':
notify_party_and_respondent_account_locked(
respondent_id=party_id,
email_address=username,
status='SUSPENDED')
return render_template('sign-in/sign-in.account-locked.html',
form=form)
elif BAD_AUTH_ERROR in error_message:
return render_template('sign-in/sign-in.html',
form=form,
data={"error": {
"type": "failed"
}})
elif NOT_VERIFIED_ERROR in error_message:
logger.info(
'User account is not verified on the OAuth2 server')
return render_template(
'sign-in/sign-in.account-not-verified.html',
party_id=party_id,
email=username)
else:
logger.info(
'OAuth 2 server generated 401 which is not understood',
oauth2_error=error_message)
return render_template('sign-in/sign-in.html',
form=form,
data={"error": {
"type": "failed"
}})
# Take our raw token and add a UTC timestamp to the expires_at attribute
data_dict = {**oauth2_token, 'party_id': party_id}
data_dict_for_jwt_token = timestamp_token(data_dict)
encoded_jwt_token = encode(data_dict_for_jwt_token)
response = make_response(
redirect(
url_for('surveys_bp.get_survey_list',
tag='todo',
_external=True,
_scheme=getenv('SCHEME', 'http'))))
session = SessionHandler()
logger.info('Creating session', party_id=party_id)
session.create_session(encoded_jwt_token)
response.set_cookie('authorization',
value=session.session_key,
expires=data_dict_for_jwt_token['expires_at'])
logger.info('Successfully created session',
party_id=party_id,
session_key=session.session_key)
return response
template_data = {
"error": {
"type": form.errors,
"logged_in": "False"
},
'account_activated': account_activated
}
return render_template('sign-in/sign-in.html',
form=form,
data=template_data)
def login(): # noqa: C901
form = LoginForm(request.form)
if form.username.data is not None:
form.username.data = form.username.data.strip()
if request.method == "POST" and form.validate():
username = form.username.data
password = request.form.get("password")
bound_logger = logger.bind(email=obfuscate_email(username))
bound_logger.info("Attempting to find user in auth service")
try:
auth_controller.sign_in(username, password)
except AuthError as exc:
error_message = exc.auth_error
party_json = party_controller.get_respondent_by_email(username)
party_id = party_json.get("id") if party_json else None
bound_logger = bound_logger.bind(party_id=party_id)
if USER_ACCOUNT_LOCKED in error_message:
if not party_id:
bound_logger.error(
"Respondent account locked in auth but doesn't exist in party"
)
return render_template("sign-in/sign-in.html",
form=form,
data={"error": {
"type": "failed"
}})
bound_logger.info("User account is locked on the Auth server",
status=party_json["status"])
if party_json["status"] == "ACTIVE" or party_json[
"status"] == "CREATED":
notify_party_and_respondent_account_locked(
respondent_id=party_id,
email_address=username,
status="SUSPENDED")
return render_template("sign-in/sign-in.account-locked.html",
form=form)
elif NOT_VERIFIED_ERROR in error_message:
bound_logger.info(
"User account is not verified on the Auth server")
return render_template(
"sign-in/sign-in.account-not-verified.html",
party_id=party_id)
elif BAD_AUTH_ERROR in error_message:
bound_logger.info("Bad credentials provided")
elif UNKNOWN_ACCOUNT_ERROR in error_message:
bound_logger.info(
"User account does not exist in auth service")
elif USER_ACCOUNT_DELETED in error_message:
bound_logger.info("User account is marked for deletion")
else:
bound_logger.error(
"Unexpected error was returned from Auth service",
auth_error=error_message)
logger.unbind("email")
return render_template("sign-in/sign-in.html",
form=form,
data={"error": {
"type": "failed"
}})
bound_logger.info(
"Successfully found user in auth service. Attempting to find user in party service"
)
party_json = party_controller.get_respondent_by_email(username)
if not party_json or "id" not in party_json:
bound_logger.error(
"Respondent has an account in auth but not in party")
return render_template("sign-in/sign-in.html",
form=form,
data={"error": {
"type": "failed"
}})
party_id = party_json["id"]
bound_logger = bound_logger.bind(party_id=party_id)
if session.get("next"):
response = make_response(redirect(session.get("next")))
session.pop("next")
else:
response = make_response(
redirect(
url_for("surveys_bp.get_survey_list",
tag="todo",
_external=True,
_scheme=getenv("SCHEME", "http"))))
bound_logger.info("Successfully found user in party service")
bound_logger.info("Creating session")
redis_session = Session.from_party_id(party_id)
secure = app.config["WTF_CSRF_ENABLED"]
response.set_cookie(
"authorization",
value=redis_session.session_key,
expires=redis_session.get_expires_in(),
secure=secure,
httponly=secure,
samesite="strict",
)
count = conversation_controller.get_message_count_from_api(
redis_session)
redis_session.set_unread_message_total(count)
bound_logger.info("Successfully created session",
session_key=redis_session.session_key)
bound_logger.unbind("email")
return response
account_activated = request.args.get("account_activated", None)
template_data = {
"error": {
"type": form.errors,
"logged_in": "False"
},
"account_activated": account_activated
}
return render_template("sign-in/sign-in.html",
form=form,
data=template_data)
