diff --git a/app/main/views/register.py b/app/main/views/register.py index 2c97fe1b7..5d9e18ab1 100644 --- a/app/main/views/register.py +++ b/app/main/views/register.py @@ -164,7 +164,7 @@ def set_up_your_profile(): abort(403, "Login.gov state not detected #invites") state_key = f"login-state-{unquote(state)}" - current_app.logger.debug(hilite(f"Register tries to fetch state_key {state_key}")) + debug_msg(f"Register tries to fetch state_key {state_key}") stored_state = unquote(redis_client.get(state_key).decode("utf8")) if state != stored_state: @@ -189,18 +189,10 @@ def set_up_your_profile(): invite_data = redis_client.get(f"invitedata-{state}") # TODO fails here. invite_data = json.loads(invite_data) - current_app.logger.debug(hilite(f"HERE IS INVITE DATA {invite_data}")) - is_org_invite = False - if invite_data.get("invited_user_id"): - invited_user_id = invite_data["invited_user_id"] - invited_user_email_address = get_invited_user_email_address(invited_user_id) - else: - invited_user_id = invite_data["id"] - is_org_invite = True - invited_user_email_address = get_invited_org_user_email_address( - invited_user_id - ) + is_org_invite, invited_user_id, invited_user_email_address = ( + process_invited_user(invite_data) + ) current_app.logger.info( f"#invites: does user email match expected? {user_email == invited_user_email_address}" @@ -326,8 +318,6 @@ def invited_user_accept_invite(invited_user_id): def invited_org_user_accept_invite(invited_user_id): invited_user = InvitedOrgUser.by_id(invited_user_id) - current_app.logger.debug(hilite(f"INVITED ORG USER {invited_user.serialize()}")) - if invited_user.status == InvitedUserStatus.EXPIRED: current_app.logger.error("User invitation has expired") flash( @@ -347,3 +337,17 @@ def invited_org_user_accept_invite(invited_user_id): def debug_msg(msg): current_app.logger.debug(hilite(msg)) + + +def process_invited_user(invite_data): + is_org_invite = False + if invite_data.get("invited_user_id"): + invited_user_id = invite_data["invited_user_id"] + + invited_user_email_address = get_invited_user_email_address(invited_user_id) + else: + invited_user_id = invite_data["id"] + is_org_invite = True + invited_user_email_address = get_invited_org_user_email_address(invited_user_id) + + return is_org_invite, invited_user_id, invited_user_email_address diff --git a/app/models/user.py b/app/models/user.py index 7aee7c864..cf4eed5a2 100644 --- a/app/models/user.py +++ b/app/models/user.py @@ -202,7 +202,6 @@ class User(JSONModel, UserMixin): @property def is_gov_user(self): is_gov = is_gov_user(self.email_address) - # current_app.logger.info(f"User {self.id} is_gov_user: {is_gov}") return is_gov @property @@ -211,9 +210,6 @@ class User(JSONModel, UserMixin): @property def platform_admin(self): - # current_app.logger.warning( - # f"Checking User {self.id} for platform admin: {self._platform_admin}" - # ) return self._platform_admin and not session.get( "disable_platform_admin_view", False ) @@ -243,27 +239,17 @@ class User(JSONModel, UserMixin): # we shouldn't have any pages that require permissions, but don't specify a service or organization. # use @user_is_platform_admin for platform admin only pages # raise NotImplementedError - # current_app.logger.warning(f"VIEW ARGS ARE {request.view_args}") pass # platform admins should be able to do most things (except eg send messages, or create api keys) if self.platform_admin and not restrict_admin_usage: - current_app.logger.debug( - "has_permissions is true because user is platform_admin" - ) return True if org_id: value = self.belongs_to_organization(org_id) - if not value: - - # TODO this is sketch! Fix this! - # This is temporary to restore org invite functionality only - # self.add_to_organization(org_id) - value = self.belongs_to_organization(org_id) - current_app.logger.debug( - f"has_permissions returns org: {org_id} returning {value}" - ) + current_app.logger.debug( + f"has_permissions returns org: {org_id} returning {value}" + ) return value if not permissions and self.belongs_to_service(service_id): @@ -323,11 +309,6 @@ class User(JSONModel, UserMixin): abort(403) def belongs_to_organization(self, organization_id): - - # TODO this is sketch! Fix this! - # This is temporary to restore org invite functionality only - # if str(organization_id) not in self.organization_ids: - # self.add_to_organization(organization_id) return str(organization_id) in self.organization_ids @property @@ -575,17 +556,11 @@ class InvitedUser(JSONModel): return cls.by_id(invited_user_id) if invited_user_id else None def has_permissions(self, *permissions): - # current_app.logger.warning( - # f"Checking invited user {self.id} for permissions: {permissions}" - # ) if self.status == InvitedUserStatus.CANCELLED: return False return set(self.permissions) > set(permissions) def has_permission_for_service(self, service_id, permission): - # current_app.logger.warn( - # f"Checking invited user {self.id} for permission: {permission} on service {service_id}" - # ) if self.status == InvitedUserStatus.CANCELLED: return False return self.service == service_id and permission in self.permissions diff --git a/app/notify_client/org_invite_api_client.py b/app/notify_client/org_invite_api_client.py index 1018fb637..d026dcfd7 100644 --- a/app/notify_client/org_invite_api_client.py +++ b/app/notify_client/org_invite_api_client.py @@ -7,7 +7,6 @@ from flask import current_app, request from app import redis_client from app.enums import InvitedOrgUserStatus from app.notify_client import NotifyAdminAPIClient, _attach_current_user -from app.utils import hilite from notifications_utils.url_safe_token import generate_token @@ -34,23 +33,16 @@ class OrgInviteApiClient(NotifyAdminAPIClient): ) state_key = f"login-state-{unquote(state)}" redis_client.set(state_key, state, ex=ttl) - current_app.logger.debug( - hilite(f"SET THE STATE KEY TO {state} with state_key {state_key}") - ) # make and store the nonce nonce = secrets.token_urlsafe() nonce_key = f"login-nonce-{unquote(nonce)}" redis_client.set(nonce_key, nonce, ex=ttl) # save the nonce to redis. - current_app.logger.debug( - hilite(f"SET THE STATE KEY TO {state} with state_key {state_key}") - ) data["nonce"] = nonce # This is passed to api for the invite url. data["state"] = state # This is passed to api for the invite url. resp = self.post(url="/organization/{}/invite".format(org_id), data=data) - current_app.logger.debug(hilite(f"RESP is {resp}")) invite_data_key = f"invitedata-{unquote(state)}" # For historical reasons 'invite' signifies a service invite @@ -61,9 +53,6 @@ class OrgInviteApiClient(NotifyAdminAPIClient): redis_invite_data = resp["data"] redis_invite_data = json.dumps(redis_invite_data) redis_client.set(invite_data_key, redis_invite_data, ex=ttl) - current_app.logger.debug( - hilite(f"SET invite_data_key {invite_data_key} to {redis_invite_data}") - ) return resp["data"] diff --git a/tests/app/main/views/test_register.py b/tests/app/main/views/test_register.py index d6bbf2753..89c01acfa 100644 --- a/tests/app/main/views/test_register.py +++ b/tests/app/main/views/test_register.py @@ -6,7 +6,7 @@ import pytest from flask import url_for from app.enums import ServicePermission -from app.main.views.register import check_invited_user_email_address_matches_expected +from app.main.views.register import check_invited_user_email_address_matches_expected, process_invited_user from app.models.user import User @@ -446,3 +446,24 @@ def test_decode_state(encoded_invite_data): "permissions": ["manage_everything"], "service_id": "service", } + +#@pytest.mark.parametrize( +# ("user_services", "user_organizations", "expected_status", "organization_checked"), +# [ +# ([SERVICE_ONE_ID], [], 200, False), + +@pytest.mark.parametrize( + ("invite_data", "expected_is_org_invite", "expected_user_id"), + [ + ({"invited_user_id": "service_p"}, False, "service_p"), + ({"id": "org_p"}, True, "org_p"), + ] +) +def test_process_invited_user(invite_data, expected_is_org_invite, expected_user_id, mocker): + + mocker.patch("app.main.views.register.get_invited_user_email_address") + mocker.patch("app.main.views.register.get_invited_org_user_email_address") + + is_org_invite, invited_user_id, _ = process_invited_user(invite_data) + assert expected_is_org_invite == is_org_invite + assert expected_user_id == invited_user_id