Commit Graph

6 Commits

Author SHA1 Message Date
David McDonald
c248fee772 Add event for remove_user_from_service
Follows our existing patterns of events for managing users
2020-03-10 13:52:39 +00:00
Katie Smith
f57f8641ad Add an event if a user is archived
This adds a new type of event, 'archive_user', which stores the id of
the archived user and the id of the user who is doing the archiving.
2019-06-06 09:56:16 +01:00
Chris Hill-Scott
628e344b36 Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
                         API (returns JSON)
                                  ⬇
          API client (returns a built in type, usually `dict`)
                                  ⬇
          Model (returns an instance, eg of type `Service`)
                                  ⬇
                         View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:

```
                         API (returns JSON)
                                  ⬇
    API client (returns a model, of type `User`, `InvitedUser`, etc)
                                  ⬇
                         View (returns HTML)
```

This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.

It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.

For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-06-05 11:13:41 +01:00
Katie Smith
88e9a0ff61 Add audit event when a service manager changes someones profile
We should audit when a service manager changes a user profile that is not
their own. This can be recorded in our events table, which is currently
only used to record successful logins.

This adds two new types of event, `update_user_email` and
`update_user_mobile_number` which store the
- browser fingerprint
- IP address
- user id of the user being updated
- user id of the service manager  making the change
- original email address and new email address (for `update_user_email`
events)
- original mobile number and new mobile number (for
`update_user_mobile_number` events)
2019-04-09 14:37:37 +01:00
Leo Hemsted
9fda5d1847 remove remember_me cookie and related code 2017-02-27 15:18:18 +00:00
Adam Shimali
7c1867fde6 Record login including remembered user login events to the api based of flask login
signals.
2016-04-27 16:39:17 +01:00