darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

Removed some un needed flash messages raised as bugs.

Browse Source 
In the process found a couple of edge cases of incorrect
use of invitation links by other users which are now
handled.
This commit is contained in:
Adam Shimali
2016-03-30 16:16:34 +01:00
parent 8391af9d40
commit fc01735d70
4 changed files with 102 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/main/views/invites.py
View File

@@ -3,7 +3,8 @@ from flask import (
url_for,
session,
flash,
render_template
render_template,
abort
)
@@ -17,11 +18,18 @@ from app import (
service_api_client
)
from flask_login import current_user
@main.route("/invitation/<token>")
def accept_invite(token):
invited_user = invite_api_client.check_token(token)
if not current_user.is_anonymous() and current_user.email_address != invited_user.email_address:
flash("You can't accept an invite for another person.")
abort(403)
if invited_user.status == 'cancelled':
from_user = user_api_client.get_user(invited_user.from_user)
service = service_api_client.get_service(invited_user.service)['data']
@@ -31,7 +39,6 @@ def accept_invite(token):
if invited_user.status == 'accepted':
session.pop('invited_user', None)
flash('You have already accepted this invitation', 'default')
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
session['invited_user'] = invited_user.serialize()
@@ -41,15 +48,11 @@ def accept_invite(token):
if existing_user:
if existing_user in service_users:
session.pop('invited_user', None)
flash('You have already accepted an invitation to this service', 'default')
invite_api_client.accept_invite(invited_user.service, invited_user.id)
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
else:
user_api_client.add_user_to_service(invited_user.service,
existing_user.id,
invited_user.permissions)
invite_api_client.accept_invite(invited_user.service, invited_user.id)
return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
else:
return redirect(url_for('main.register_from_invite'))

30
app/main/views/sign_in.py
View File

@@ -4,7 +4,8 @@ from flask import (
url_for,
session,
flash,
request
request,
abort
)
from flask.ext.login import (
@@ -13,26 +14,40 @@ from flask.ext.login import (
confirm_login
)
from app import (
user_api_client,
invite_api_client,
service_api_client
)
from app.main import main
from app import (user_api_client, service_api_client)
from app.main.forms import LoginForm
@main.route('/sign-in', methods=(['GET', 'POST']))
def sign_in():
if current_user and current_user.is_authenticated():
return redirect(url_for('main.choose_service'))
form = LoginForm()
if form.validate_on_submit():
user = user_api_client.get_user_by_email_or_none(form.email_address.data)
user = _get_and_verify_user(user, form.password.data)
if user and user.state == 'pending':
flash("You haven't verified your email or mobile number yet.")
return redirect(url_for('main.sign_in'))
if user and session.get('invited_user'):
invited_user = session.get('invited_user')
if user.email_address != invited_user['email_address']:
flash("You can't accept an invite for another person.")
session.pop('invited_user', None)
abort(403)
else:
invite_api_client.accept_invite(invited_user['service'], invited_user['id'])
if user:
# Remember me login
if not login_fresh() and \
@@ -56,11 +71,6 @@ def sign_in():
# Vague error message for login in case of user not known, locked, inactive or password not verified
flash('Username or password is incorrect')
invited_user = session.get('invited_user')
if invited_user:
message = 'You already have an account with GOV.UK Notify. Sign in to your account to accept this invitation.'
flash(message, 'default')
return render_template('views/signin.html', form=form)