mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-09 19:04:33 -04:00
pull main
This commit is contained in:
@@ -19,13 +19,11 @@ from app import user_api_client
|
||||
from app.main import main
|
||||
from app.main.forms import (
|
||||
RegisterUserForm,
|
||||
RegisterUserFromInviteForm,
|
||||
RegisterUserFromOrgInviteForm,
|
||||
SetupUserProfileForm,
|
||||
)
|
||||
from app.main.views import sign_in
|
||||
from app.main.views.verify import activate_user
|
||||
from app.models.service import Service
|
||||
from app.models.user import InvitedOrgUser, InvitedUser, User
|
||||
from app.utils import hide_from_search_engines, hilite
|
||||
|
||||
@@ -44,35 +42,10 @@ def register():
|
||||
return render_template("views/register.html", form=form)
|
||||
|
||||
|
||||
@main.route("/register-from-invite", methods=["GET", "POST"])
|
||||
def register_from_invite():
|
||||
invited_user = InvitedUser.from_session()
|
||||
if not invited_user:
|
||||
abort(404)
|
||||
|
||||
form = RegisterUserFromInviteForm(invited_user)
|
||||
|
||||
if form.validate_on_submit():
|
||||
if (
|
||||
form.service.data != invited_user.service
|
||||
or form.email_address.data != invited_user.email_address
|
||||
):
|
||||
abort(400)
|
||||
_do_registration(form, send_email=False, send_sms=invited_user.sms_auth)
|
||||
invited_user.accept_invite()
|
||||
if invited_user.sms_auth:
|
||||
return redirect(url_for("main.verify"))
|
||||
else:
|
||||
# we've already proven this user has email because they clicked the invite link,
|
||||
# so just activate them straight away
|
||||
return activate_user(session["user_details"]["id"])
|
||||
|
||||
return render_template(
|
||||
"views/register-from-invite.html", invited_user=invited_user, form=form
|
||||
)
|
||||
|
||||
|
||||
@main.route("/register-from-org-invite", methods=["GET", "POST"])
|
||||
# TODO This is deprecated, we are now handling invites in the
|
||||
# login.gov workflow. Leaving it here until we write the new
|
||||
# org registration.
|
||||
def register_from_org_invite():
|
||||
invited_org_user = InvitedOrgUser.from_session()
|
||||
if not invited_org_user:
|
||||
@@ -152,38 +125,62 @@ def set_up_your_profile():
|
||||
state = request.args.get("state")
|
||||
login_gov_error = request.args.get("error")
|
||||
if code and state:
|
||||
access_token = sign_in._get_access_token(code, state)
|
||||
user_email, user_uuid = sign_in._get_user_email_and_uuid(access_token)
|
||||
|
||||
invite_data = state.encode("utf8")
|
||||
invite_data = base64.b64decode(invite_data)
|
||||
invite_data = json.loads(invite_data)
|
||||
invited_service = Service.from_id(invite_data["service_id"])
|
||||
invited_user_id = invite_data["invited_user_id"]
|
||||
invited_user = InvitedUser.by_id(invited_user_id)
|
||||
|
||||
if user_email.lower() != invited_user.email_address.lower():
|
||||
flash("You cannot accept an invite for another person.")
|
||||
session.pop("invited_user_id", None)
|
||||
abort(403)
|
||||
else:
|
||||
invited_user.accept_invite()
|
||||
current_app.logger.debug(
|
||||
hilite(
|
||||
f"INVITED USER {invited_user.email_address} to service {invited_service.name}"
|
||||
)
|
||||
)
|
||||
current_app.logger.debug(hilite("ACCEPTED INVITE"))
|
||||
|
||||
return _handle_login_dot_gov_invite(code, state, form)
|
||||
elif login_gov_error:
|
||||
current_app.logger.error(f"login.gov error: {login_gov_error}")
|
||||
raise Exception(f"Could not login with login.gov {login_gov_error}")
|
||||
# end login.gov
|
||||
|
||||
# create the user
|
||||
# TODO we have to provide something for password until that column goes away
|
||||
# TODO ideally we would set the user's preferred timezone here as well
|
||||
return render_template("views/set-up-your-profile.html", form=form)
|
||||
|
||||
|
||||
def get_invited_user_email_address(invited_user_id):
|
||||
# InvitedUser is an unhashable type and hard to mock in tests
|
||||
# so this convenience method is a workaround for that
|
||||
invited_user = InvitedUser.by_id(invited_user_id)
|
||||
return invited_user.email_address
|
||||
|
||||
|
||||
def invited_user_accept_invite(invited_user_id):
|
||||
# InvitedUser is an unhashable type and hard to mock in tests
|
||||
# so this convenience method is a workaround for that
|
||||
invited_user = InvitedUser.by_id(invited_user_id)
|
||||
invited_user.accept_invite()
|
||||
|
||||
|
||||
def debug_msg(msg):
|
||||
current_app.logger.debug(hilite(msg))
|
||||
|
||||
|
||||
def _handle_login_dot_gov_invite(code, state, form):
|
||||
debug_msg(f"enter _handle_login_dot_gov_invite with code {code} state {state}")
|
||||
access_token = sign_in._get_access_token(code, state)
|
||||
debug_msg("Got the access token for login.gov")
|
||||
user_email, user_uuid = sign_in._get_user_email_and_uuid(access_token)
|
||||
debug_msg(
|
||||
f"Got the user_email {user_email} and user_uuid {user_uuid} from login.gov"
|
||||
)
|
||||
debug_msg(f"raw state {state}")
|
||||
invite_data = state.encode("utf8")
|
||||
debug_msg(f"utf8 encoded state {invite_data}")
|
||||
invite_data = base64.b64decode(invite_data)
|
||||
debug_msg(f"b64 decoded state {invite_data}")
|
||||
invite_data = json.loads(invite_data)
|
||||
debug_msg(f"final state {invite_data}")
|
||||
invited_user_id = invite_data["invited_user_id"]
|
||||
invited_user_email_address = get_invited_user_email_address(invited_user_id)
|
||||
debug_msg(f"email address from the invite_date is {invited_user_email_address}")
|
||||
if user_email.lower() != invited_user_email_address.lower():
|
||||
debug_msg("invited user email did not match expected email, abort(403)")
|
||||
flash("You cannot accept an invite for another person.")
|
||||
session.pop("invited_user_id", None)
|
||||
abort(403)
|
||||
else:
|
||||
invited_user_accept_invite(invited_user_id)
|
||||
debug_msg(
|
||||
f"invited user {invited_user_email_address} to service {invite_data['service_id']}"
|
||||
)
|
||||
debug_msg("accepted invite")
|
||||
user = user_api_client.get_user_by_uuid_or_email(user_uuid, user_email)
|
||||
if user is None:
|
||||
user = User.register(
|
||||
@@ -193,20 +190,20 @@ def set_up_your_profile():
|
||||
password=str(uuid.uuid4()),
|
||||
auth_type="sms_auth",
|
||||
)
|
||||
debug_msg(f"registered user {form.name.data} with email {user_email}")
|
||||
|
||||
# activate the user
|
||||
user = user_api_client.get_user_by_uuid_or_email(user_uuid, user_email)
|
||||
activate_user(user["id"])
|
||||
debug_msg("activated user")
|
||||
usr = User.from_id(user["id"])
|
||||
usr.add_to_service(
|
||||
invited_service.id,
|
||||
invite_data["service_id"],
|
||||
invite_data["permissions"],
|
||||
invite_data["folder_permissions"],
|
||||
invite_data["from_user_id"],
|
||||
)
|
||||
current_app.logger.debug(
|
||||
hilite(f"Added user {usr.email_address} to service {invited_service.name}")
|
||||
debug_msg(
|
||||
f"Added user {usr.email_address} to service {invite_data['service_id']}"
|
||||
)
|
||||
return redirect(url_for("main.show_accounts_or_dashboard"))
|
||||
|
||||
return render_template("views/set-up-your-profile.html", form=form)
|
||||
|
||||
@@ -4,27 +4,15 @@ import uuid
|
||||
|
||||
import jwt
|
||||
import requests
|
||||
from flask import (
|
||||
Response,
|
||||
abort,
|
||||
current_app,
|
||||
flash,
|
||||
redirect,
|
||||
render_template,
|
||||
request,
|
||||
session,
|
||||
url_for,
|
||||
)
|
||||
from flask import Response, current_app, redirect, render_template, request, url_for
|
||||
from flask_login import current_user
|
||||
from markupsafe import Markup
|
||||
from notifications_utils.url_safe_token import generate_token
|
||||
|
||||
from app import login_manager, user_api_client
|
||||
from app.main import main
|
||||
from app.main.forms import LoginForm
|
||||
from app.main.views.index import error
|
||||
from app.main.views.verify import activate_user
|
||||
from app.models.user import InvitedUser, User
|
||||
from app.models.user import User
|
||||
from app.utils import hide_from_search_engines
|
||||
from app.utils.login import is_safe_redirect_url
|
||||
from app.utils.time import is_less_than_days_ago
|
||||
@@ -129,6 +117,16 @@ def verify_email(user, redirect_url):
|
||||
)
|
||||
|
||||
|
||||
def _handle_e2e_tests(redirect_url):
|
||||
current_app.logger.warning("E2E TESTS ARE ENABLED.")
|
||||
current_app.logger.warning(
|
||||
"If you are getting a 404 on signin, comment out E2E vars in .env file!"
|
||||
)
|
||||
user = user_api_client.get_user_by_email(os.getenv("NOTIFY_E2E_TEST_EMAIL"))
|
||||
activate_user(user["id"])
|
||||
return redirect(url_for("main.show_accounts_or_dashboard", next=redirect_url))
|
||||
|
||||
|
||||
@main.route("/sign-in", methods=(["GET", "POST"]))
|
||||
@hide_from_search_engines
|
||||
def sign_in():
|
||||
@@ -146,70 +144,13 @@ def sign_in():
|
||||
redirect_url = request.args.get("next")
|
||||
|
||||
if os.getenv("NOTIFY_E2E_TEST_EMAIL"):
|
||||
current_app.logger.warning("E2E TESTS ARE ENABLED.")
|
||||
current_app.logger.warning(
|
||||
"If you are getting a 404 on signin, comment out E2E vars in .env file!"
|
||||
)
|
||||
user = user_api_client.get_user_by_email(os.getenv("NOTIFY_E2E_TEST_EMAIL"))
|
||||
activate_user(user["id"])
|
||||
return redirect(url_for("main.show_accounts_or_dashboard", next=redirect_url))
|
||||
return _handle_e2e_tests(redirect_url)
|
||||
|
||||
current_app.logger.info(f"current user is {current_user}")
|
||||
if current_user and current_user.is_authenticated:
|
||||
if redirect_url and is_safe_redirect_url(redirect_url):
|
||||
return redirect(redirect_url)
|
||||
return redirect(url_for("main.show_accounts_or_dashboard"))
|
||||
|
||||
form = LoginForm()
|
||||
current_app.logger.info("Got the login form")
|
||||
password_reset_url = url_for(".forgot_password", next=request.args.get("next"))
|
||||
|
||||
if form.validate_on_submit():
|
||||
user = User.from_email_address_and_password_or_none(
|
||||
form.email_address.data, form.password.data
|
||||
)
|
||||
|
||||
if user:
|
||||
# add user to session to mark us as in the process of signing the user in
|
||||
session["user_details"] = {"email": user.email_address, "id": user.id}
|
||||
|
||||
if user.state == "pending":
|
||||
return redirect(
|
||||
url_for("main.resend_email_verification", next=redirect_url)
|
||||
)
|
||||
|
||||
if user.is_active:
|
||||
if session.get("invited_user_id"):
|
||||
invited_user = InvitedUser.from_session()
|
||||
if user.email_address.lower() != invited_user.email_address.lower():
|
||||
flash("You cannot accept an invite for another person.")
|
||||
session.pop("invited_user_id", None)
|
||||
abort(403)
|
||||
else:
|
||||
invited_user.accept_invite()
|
||||
|
||||
user.send_login_code()
|
||||
|
||||
if user.sms_auth:
|
||||
return redirect(url_for(".two_factor_sms", next=redirect_url))
|
||||
|
||||
if user.email_auth:
|
||||
return redirect(
|
||||
url_for(".two_factor_email_sent", next=redirect_url)
|
||||
)
|
||||
|
||||
# Vague error message for login in case of user not known, locked, inactive or password not verified
|
||||
flash(
|
||||
Markup(
|
||||
(
|
||||
f"The email address or password you entered is incorrect."
|
||||
f" <a href={password_reset_url} class='usa-link'>Forgot your password?</a>"
|
||||
)
|
||||
)
|
||||
)
|
||||
|
||||
other_device = current_user.logged_in_elsewhere()
|
||||
|
||||
token = generate_token(
|
||||
str(request.remote_addr),
|
||||
current_app.config["SECRET_KEY"],
|
||||
@@ -222,10 +163,7 @@ def sign_in():
|
||||
url = url.replace("STATE", token)
|
||||
return render_template(
|
||||
"views/signin.html",
|
||||
form=form,
|
||||
again=bool(redirect_url),
|
||||
other_device=other_device,
|
||||
password_reset_url=password_reset_url,
|
||||
initial_signin_url=url,
|
||||
)
|
||||
|
||||
|
||||
@@ -140,9 +140,6 @@ class User(JSONModel, UserMixin):
|
||||
set_by_id=set_by_id,
|
||||
)
|
||||
|
||||
def logged_in_elsewhere(self):
|
||||
return session.get("current_session_id") != self.current_session_id
|
||||
|
||||
def activate(self):
|
||||
if self.is_pending:
|
||||
user_data = user_api_client.activate_user(self.id)
|
||||
@@ -196,7 +193,7 @@ class User(JSONModel, UserMixin):
|
||||
|
||||
@property
|
||||
def is_authenticated(self):
|
||||
return not self.logged_in_elsewhere() and super(User, self).is_authenticated
|
||||
return super(User, self).is_authenticated
|
||||
|
||||
@property
|
||||
def platform_admin(self):
|
||||
@@ -674,10 +671,6 @@ class InvitedOrgUser(JSONModel):
|
||||
|
||||
|
||||
class AnonymousUser(AnonymousUserMixin):
|
||||
# set the anonymous user so that if a new browser hits us we don't error http://stackoverflow.com/a/19275188
|
||||
|
||||
def logged_in_elsewhere(self):
|
||||
return False
|
||||
|
||||
@property
|
||||
def default_organization(self):
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
import datetime
|
||||
|
||||
import pytz
|
||||
from flask import current_app
|
||||
from flask_login import current_user
|
||||
from notifications_utils.recipients import RecipientCSV
|
||||
|
||||
@@ -67,7 +66,6 @@ def generate_notifications_csv(**kwargs):
|
||||
from app import notification_api_client
|
||||
from app.s3_client.s3_csv_client import s3download
|
||||
|
||||
current_app.logger.info("\n\n\n\nENTER generate_notifications_csv")
|
||||
if "page" not in kwargs:
|
||||
kwargs["page"] = 1
|
||||
|
||||
|
||||
Reference in New Issue
Block a user