mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-05 02:42:26 -05:00
Merge branch 'master' into email_from_uniqueness
This commit is contained in:
Rebecca Law
@@ -3,7 +3,8 @@ from flask import (
|
||||
url_for,
|
||||
session,
|
||||
flash,
|
||||
render_template
|
||||
render_template,
|
||||
abort
|
||||
)
|
||||
|
||||
|
||||
@@ -17,11 +18,18 @@ from app import (
|
||||
service_api_client
|
||||
)
|
||||
|
||||
from flask_login import current_user
|
||||
|
||||
|
||||
@main.route("/invitation/<token>")
|
||||
def accept_invite(token):
|
||||
|
||||
invited_user = invite_api_client.check_token(token)
|
||||
|
||||
if not current_user.is_anonymous() and current_user.email_address != invited_user.email_address:
|
||||
flash("You can't accept an invite for another person.")
|
||||
abort(403)
|
||||
|
||||
if invited_user.status == 'cancelled':
|
||||
from_user = user_api_client.get_user(invited_user.from_user)
|
||||
service = service_api_client.get_service(invited_user.service)['data']
|
||||
@@ -31,7 +39,6 @@ def accept_invite(token):
|
||||
|
||||
if invited_user.status == 'accepted':
|
||||
session.pop('invited_user', None)
|
||||
flash('You have already accepted this invitation', 'default')
|
||||
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
|
||||
|
||||
session['invited_user'] = invited_user.serialize()
|
||||
@@ -41,15 +48,11 @@ def accept_invite(token):
|
||||
|
||||
if existing_user:
|
||||
if existing_user in service_users:
|
||||
session.pop('invited_user', None)
|
||||
flash('You have already accepted an invitation to this service', 'default')
|
||||
invite_api_client.accept_invite(invited_user.service, invited_user.id)
|
||||
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
|
||||
else:
|
||||
user_api_client.add_user_to_service(invited_user.service,
|
||||
existing_user.id,
|
||||
invited_user.permissions)
|
||||
invite_api_client.accept_invite(invited_user.service, invited_user.id)
|
||||
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
|
||||
else:
|
||||
return redirect(url_for('main.register_from_invite'))
|
||||
|
||||
@@ -4,7 +4,8 @@ from flask import (
|
||||
url_for,
|
||||
session,
|
||||
flash,
|
||||
request
|
||||
request,
|
||||
abort
|
||||
)
|
||||
|
||||
from flask.ext.login import (
|
||||
@@ -13,26 +14,40 @@ from flask.ext.login import (
|
||||
confirm_login
|
||||
)
|
||||
|
||||
from app import (
|
||||
user_api_client,
|
||||
invite_api_client,
|
||||
service_api_client
|
||||
)
|
||||
|
||||
|
||||
from app.main import main
|
||||
|
||||
from app import (user_api_client, service_api_client)
|
||||
|
||||
|
||||
from app.main.forms import LoginForm
|
||||
|
||||
|
||||
@main.route('/sign-in', methods=(['GET', 'POST']))
|
||||
def sign_in():
|
||||
|
||||
if current_user and current_user.is_authenticated():
|
||||
return redirect(url_for('main.choose_service'))
|
||||
|
||||
form = LoginForm()
|
||||
if form.validate_on_submit():
|
||||
|
||||
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
|
||||
user = _get_and_verify_user(user, form.password.data)
|
||||
if user and user.state == 'pending':
|
||||
flash("You haven't verified your email or mobile number yet.")
|
||||
return redirect(url_for('main.sign_in'))
|
||||
|
||||
if user and session.get('invited_user'):
|
||||
invited_user = session.get('invited_user')
|
||||
if user.email_address != invited_user['email_address']:
|
||||
flash("You can't accept an invite for another person.")
|
||||
session.pop('invited_user', None)
|
||||
abort(403)
|
||||
else:
|
||||
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
|
||||
if user:
|
||||
# Remember me login
|
||||
if not login_fresh() and \
|
||||
@@ -56,11 +71,6 @@ def sign_in():
|
||||
# Vague error message for login in case of user not known, locked, inactive or password not verified
|
||||
flash('Username or password is incorrect')
|
||||
|
||||
invited_user = session.get('invited_user')
|
||||
if invited_user:
|
||||
message = 'You already have an account with GOV.UK Notify. Sign in to your account to accept this invitation.'
|
||||
flash(message, 'default')
|
||||
|
||||
return render_template('views/signin.html', form=form)
|
||||
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{% extends "withoutnav_template.html" %}
|
||||
{% block page_title %}Page not found{% endblock %}
|
||||
{% block page_title %}Forbidden{% endblock %}
|
||||
{% block maincolumn_content %}
|
||||
<div class="grid-row">
|
||||
<div class="column-two-thirds">
|
||||
|
||||
Reference in New Issue
Block a user