From 79393c97efe56a9470ae36f7ae497aab14cb1a23 Mon Sep 17 00:00:00 2001 From: chrisw Date: Fri, 10 Nov 2017 12:35:21 +0000 Subject: [PATCH] Updated invite email auth user flow --- app/main/forms.py | 19 +++++++++++++++---- app/main/views/register.py | 12 +++++++++--- app/main/views/verify.py | 16 ++++++++++------ 3 files changed, 34 insertions(+), 13 deletions(-) diff --git a/app/main/forms.py b/app/main/forms.py index 5c3c389ca..d5e680309 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -109,7 +109,8 @@ class UKMobileNumber(TelField): class InternationalPhoneNumber(TelField): def pre_validate(self, form): try: - validate_phone_number(self.data, international=True) + if self.data: + validate_phone_number(self.data, international=True) except InvalidPhoneError as e: raise ValidationError(str(e)) @@ -173,13 +174,23 @@ class RegisterUserForm(Form): class RegisterUserFromInviteForm(Form): - name = StringField('Full name', - validators=[DataRequired(message='Can’t be empty')]) - mobile_number = international_phone_number() + def __init__(self, auth_type, *args, **kwargs): + self.auth_type = auth_type + super().__init__(*args, **kwargs) + + name = StringField( + 'Full name', + validators=[DataRequired(message='Can’t be empty')] + ) + mobile_number = InternationalPhoneNumber('Mobile number', validators=[]) password = password() service = HiddenField('service') email_address = HiddenField('email_address') + def validate_mobile_number(self, field): + if self.auth_type == 'sms_auth' and not field.data: + raise ValidationError('Can’t be empty') + class PermissionsForm(Form): send_messages = BooleanField("Send messages from existing templates") diff --git a/app/main/views/register.py b/app/main/views/register.py index 5e7f9d062..523a65cc2 100644 --- a/app/main/views/register.py +++ b/app/main/views/register.py @@ -19,6 +19,7 @@ from app.main.forms import ( RegisterUserForm, RegisterUserFromInviteForm ) +from app.main.views.verify import activate_user from app import ( user_api_client, @@ -41,17 +42,22 @@ def register(): @main.route('/register-from-invite', methods=['GET', 'POST']) def register_from_invite(): - form = RegisterUserFromInviteForm() invited_user = session.get('invited_user') + form = RegisterUserFromInviteForm(invited_user['auth_type']) if not invited_user: abort(404) if form.validate_on_submit(): if form.service.data != invited_user['service'] or form.email_address.data != invited_user['email_address']: abort(400) - _do_registration(form, send_email=False) + _do_registration(form, send_email=False, send_sms=invited_user['auth_type'] == 'sms_auth') invite_api_client.accept_invite(invited_user['service'], invited_user['id']) - return redirect(url_for('main.verify')) + if invited_user['auth_type'] == 'sms_auth': + return redirect(url_for('main.verify')) + else: + # we've already proven this user has email because they clicked the invite link, + # so just activate them straight away + return activate_user(session['user_details']['id']) form.service.data = invited_user['service'] form.email_address.data = invited_user['email_address'] diff --git a/app/main/views/verify.py b/app/main/views/verify.py index e94af163e..1b3bd70fb 100644 --- a/app/main/views/verify.py +++ b/app/main/views/verify.py @@ -35,12 +35,7 @@ def verify(): if form.validate_on_submit(): try: - user = user_api_client.get_user(user_id) - # the user will have a new current_session_id set by the API - store it in the cookie for future requests - session['current_session_id'] = user.current_session_id - activated_user = user_api_client.activate_user(user) - login_user(activated_user) - return redirect(url_for('main.add_service', first='first')) + return activate_user(user_id) finally: session.pop('user_details', None) @@ -73,3 +68,12 @@ def verify_email(token): session['user_details'] = {"email": user.email_address, "id": user.id} user_api_client.send_verify_code(user.id, 'sms', user.mobile_number) return redirect('verify') + + +def activate_user(user_id): + user = user_api_client.get_user(user_id) + # the user will have a new current_session_id set by the API - store it in the cookie for future requests + session['current_session_id'] = user.current_session_id + activated_user = user_api_client.activate_user(user) + login_user(activated_user) + return redirect(url_for('main.add_service', first='first'))