2016-03-17 13:07:52 +00:00
|
|
|
import json
|
|
|
|
|
|
2016-01-05 17:08:50 +00:00
|
|
|
from flask import (
|
2018-02-20 11:22:17 +00:00
|
|
|
abort,
|
|
|
|
|
current_app,
|
|
|
|
|
flash,
|
2016-01-19 22:47:42 +00:00
|
|
|
redirect,
|
2018-02-20 11:22:17 +00:00
|
|
|
render_template,
|
2016-01-19 22:47:42 +00:00
|
|
|
session,
|
2016-03-17 13:07:52 +00:00
|
|
|
url_for,
|
2016-01-19 22:47:42 +00:00
|
|
|
)
|
2018-02-20 11:22:17 +00:00
|
|
|
from itsdangerous import SignatureExpired
|
2016-04-14 12:00:55 +01:00
|
|
|
from notifications_utils.url_safe_token import check_token
|
2016-03-17 13:07:52 +00:00
|
|
|
|
2018-02-20 11:22:17 +00:00
|
|
|
from app import user_api_client
|
2015-12-07 16:08:30 +00:00
|
|
|
from app.main import main
|
2016-03-17 13:07:52 +00:00
|
|
|
from app.main.forms import TwoFactorForm
|
2020-08-03 13:37:34 +01:00
|
|
|
from app.models.service import Service
|
store invited org user ids in session
first of a two step process to remove invited user objects from the
session. we're removing them because they're of variable size, and with
a lot of folder permissions they can cause the session to exceed the 4kb
cookie size limit and not save properly.
this commit looks at invited org users only.
in this step, start saving the invited org user's id to the
session alongside the session object. Then, if the invited_org_user_id
is present in the next step of the invite flow, fetch the user object
from the API instead of from the session. If it's not present (due to a
session set by an older instance of the admin app), then just use the
old code to get the entire object out of the session.
For invites where the user is small enough to persist to the cookie,
this will still save both the old and the new way, but will always make
an extra check to the API, I think this minor performance hit is totally
fine. For invites where the user is too big to persist, they'll still
fail for now, and will need to wait until the next PR comes along and
stops saving the large invited user object to the session entirely.
2021-03-08 10:01:12 +00:00
|
|
|
from app.models.user import InvitedOrgUser, InvitedUser, User
|
2021-06-14 11:09:42 +01:00
|
|
|
from app.utils.login import redirect_to_sign_in
|
2016-03-17 13:07:52 +00:00
|
|
|
|
2015-12-04 16:21:01 +00:00
|
|
|
|
2016-01-05 17:08:50 +00:00
|
|
|
@main.route('/verify', methods=['GET', 'POST'])
|
2016-06-17 11:36:30 +01:00
|
|
|
@redirect_to_sign_in
|
2016-01-05 17:08:50 +00:00
|
|
|
def verify():
|
2016-01-19 22:47:42 +00:00
|
|
|
user_id = session['user_details']['id']
|
|
|
|
|
|
2016-03-17 13:07:52 +00:00
|
|
|
def _check_code(code):
|
|
|
|
|
return user_api_client.check_verify_code(user_id, code, 'sms')
|
2016-03-10 14:48:33 +00:00
|
|
|
|
2016-03-17 13:07:52 +00:00
|
|
|
form = TwoFactorForm(_check_code)
|
2016-03-11 16:36:15 +00:00
|
|
|
|
2016-01-27 12:22:32 +00:00
|
|
|
if form.validate_on_submit():
|
2016-01-20 15:13:15 +00:00
|
|
|
try:
|
2017-11-10 12:35:21 +00:00
|
|
|
return activate_user(user_id)
|
2016-01-28 11:34:15 +00:00
|
|
|
finally:
|
2016-03-10 14:48:33 +00:00
|
|
|
session.pop('user_details', None)
|
2016-01-19 22:47:42 +00:00
|
|
|
|
2021-05-14 19:15:12 +01:00
|
|
|
return render_template('views/two-factor-sms.html', form=form)
|
2016-03-17 13:07:52 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@main.route('/verify-email/<token>')
|
|
|
|
|
def verify_email(token):
|
|
|
|
|
try:
|
2017-11-01 14:39:14 +00:00
|
|
|
token_data = check_token(
|
|
|
|
|
token,
|
|
|
|
|
current_app.config['SECRET_KEY'],
|
|
|
|
|
current_app.config['DANGEROUS_SALT'],
|
|
|
|
|
current_app.config['EMAIL_EXPIRY_SECONDS']
|
|
|
|
|
)
|
2016-03-17 13:07:52 +00:00
|
|
|
except SignatureExpired:
|
2017-11-01 14:39:14 +00:00
|
|
|
flash("The link in the email we sent you has expired. We've sent you a new one.")
|
2016-03-17 13:07:52 +00:00
|
|
|
return redirect(url_for('main.resend_email_verification'))
|
2017-11-01 14:39:14 +00:00
|
|
|
|
|
|
|
|
# token contains json blob of format: {'user_id': '...', 'secret_code': '...'} (secret_code is unused)
|
|
|
|
|
token_data = json.loads(token_data)
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
user = User.from_id(token_data['user_id'])
|
2017-11-01 14:39:14 +00:00
|
|
|
if not user:
|
|
|
|
|
abort(404)
|
|
|
|
|
|
|
|
|
|
if user.is_active:
|
|
|
|
|
flash("That verification link has expired.")
|
|
|
|
|
return redirect(url_for('main.sign_in'))
|
|
|
|
|
|
|
|
|
|
session['user_details'] = {"email": user.email_address, "id": user.id}
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
user.send_verify_code()
|
2019-03-21 16:41:22 +00:00
|
|
|
return redirect(url_for('main.verify'))
|
2017-11-10 12:35:21 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def activate_user(user_id):
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
user = User.from_id(user_id)
|
2017-11-10 12:35:21 +00:00
|
|
|
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
|
|
|
|
|
session['current_session_id'] = user.current_session_id
|
2019-01-18 16:13:29 +00:00
|
|
|
organisation_id = session.get('organisation_id')
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
activated_user = user.activate()
|
|
|
|
|
activated_user.login()
|
2019-01-18 16:13:29 +00:00
|
|
|
|
2021-03-08 12:51:35 +00:00
|
|
|
invited_user = InvitedUser.from_session()
|
2019-01-18 16:13:29 +00:00
|
|
|
if invited_user:
|
|
|
|
|
service_id = _add_invited_user_to_service(invited_user)
|
2020-08-03 13:37:34 +01:00
|
|
|
service = Service.from_id(service_id)
|
|
|
|
|
if service.has_permission('broadcast'):
|
2021-05-19 10:56:13 +01:00
|
|
|
if service.live:
|
|
|
|
|
return redirect(url_for('main.broadcast_tour_live', service_id=service.id, step_index=1))
|
|
|
|
|
else:
|
|
|
|
|
return redirect(url_for('main.broadcast_tour', service_id=service.id, step_index=1))
|
2019-01-18 16:13:29 +00:00
|
|
|
return redirect(url_for('main.service_dashboard', service_id=service_id))
|
|
|
|
|
|
store invited org user ids in session
first of a two step process to remove invited user objects from the
session. we're removing them because they're of variable size, and with
a lot of folder permissions they can cause the session to exceed the 4kb
cookie size limit and not save properly.
this commit looks at invited org users only.
in this step, start saving the invited org user's id to the
session alongside the session object. Then, if the invited_org_user_id
is present in the next step of the invite flow, fetch the user object
from the API instead of from the session. If it's not present (due to a
session set by an older instance of the admin app), then just use the
old code to get the entire object out of the session.
For invites where the user is small enough to persist to the cookie,
this will still save both the old and the new way, but will always make
an extra check to the API, I think this minor performance hit is totally
fine. For invites where the user is too big to persist, they'll still
fail for now, and will need to wait until the next PR comes along and
stops saving the large invited user object to the session entirely.
2021-03-08 10:01:12 +00:00
|
|
|
invited_org_user = InvitedOrgUser.from_session()
|
2019-01-18 16:13:29 +00:00
|
|
|
if invited_org_user:
|
store invited org user ids in session
first of a two step process to remove invited user objects from the
session. we're removing them because they're of variable size, and with
a lot of folder permissions they can cause the session to exceed the 4kb
cookie size limit and not save properly.
this commit looks at invited org users only.
in this step, start saving the invited org user's id to the
session alongside the session object. Then, if the invited_org_user_id
is present in the next step of the invite flow, fetch the user object
from the API instead of from the session. If it's not present (due to a
session set by an older instance of the admin app), then just use the
old code to get the entire object out of the session.
For invites where the user is small enough to persist to the cookie,
this will still save both the old and the new way, but will always make
an extra check to the API, I think this minor performance hit is totally
fine. For invites where the user is too big to persist, they'll still
fail for now, and will need to wait until the next PR comes along and
stops saving the large invited user object to the session entirely.
2021-03-08 10:01:12 +00:00
|
|
|
user_api_client.add_user_to_organisation(invited_org_user.organisation, session['user_details']['id'])
|
2019-01-18 16:13:29 +00:00
|
|
|
|
2018-02-19 16:53:29 +00:00
|
|
|
if organisation_id:
|
|
|
|
|
return redirect(url_for('main.organisation_dashboard', org_id=organisation_id))
|
|
|
|
|
else:
|
|
|
|
|
return redirect(url_for('main.add_service', first='first'))
|
2019-01-18 16:13:29 +00:00
|
|
|
|
|
|
|
|
|
2021-03-08 12:51:35 +00:00
|
|
|
def _add_invited_user_to_service(invitation):
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
user = User.from_id(session['user_id'])
|
2021-03-08 12:51:35 +00:00
|
|
|
service_id = invitation.service
|
2021-03-05 12:19:36 +00:00
|
|
|
user.add_to_service(
|
|
|
|
|
service_id,
|
|
|
|
|
invitation.permissions,
|
|
|
|
|
invitation.folder_permissions,
|
|
|
|
|
invitation.from_user.id,
|
|
|
|
|
)
|
2019-01-18 16:13:29 +00:00
|
|
|
return service_id
|