app/user/rest.py

from datetime import datetime
from flask import (jsonify, request, abort, Blueprint)
from sqlalchemy.exc import DataError
from sqlalchemy.orm.exc import NoResultFound
from app.dao.services_dao import get_model_services
from app.aws_sqs import add_notification_to_queue
from app.dao.users_dao import (
    get_model_users,
    save_model_user,
    delete_model_user,
    create_user_code,
    get_user_code,
    use_user_code,
    increment_failed_login_count,
    reset_failed_login_count
)
from app.schemas import (
    user_schema, users_schema, service_schema, services_schema,
    request_verify_code_schema, user_schema_load_json)
from app import api_user


user = Blueprint('user', __name__)


@user.route('', methods=['POST'])
def create_user():
    user, errors = user_schema.load(request.get_json())
    req_json = request.get_json()
    # TODO password policy, what is valid password
    if not req_json.get('password', None):
        errors.update({'password': ['Missing data for required field.']})
        return jsonify(result="error", message=errors), 400
    if errors:
        return jsonify(result="error", message=errors), 400
    save_model_user(user, pwd=req_json.get('password'))
    return jsonify(data=user_schema.dump(user).data), 201


@user.route('/<int:user_id>', methods=['PUT', 'DELETE'])
def update_user(user_id):
    try:
        user = get_model_users(user_id=user_id)
    except DataError:
        return jsonify(result="error", message="Invalid user id"), 400
    except NoResultFound:
        return jsonify(result="error", message="User not found"), 404
    if request.method == 'DELETE':
        status_code = 202
        delete_model_user(user)
    else:
        req_json = request.get_json()
        update_dct, errors = user_schema_load_json.load(req_json)
        pwd = req_json.get('password', None)
        # TODO password validation, it is already done on the admin app
        # but would be good to have the same validation here.
        if pwd is not None and not pwd:
            errors.update({'password': ['Invalid data for field']})
        if errors:
            return jsonify(result="error", message=errors), 400
        status_code = 200
        save_model_user(user, update_dict=update_dct, pwd=pwd)
    return jsonify(data=user_schema.dump(user).data), status_code


@user.route('/<int:user_id>/verify/password', methods=['POST'])
def verify_user_password(user_id):
    try:
        user = get_model_users(user_id=user_id)
    except DataError:
        return jsonify(result="error", message="Invalid user id"), 400
    except NoResultFound:
        return jsonify(result="error", message="User not found"), 404
    txt_pwd = None
    try:
        txt_pwd = request.get_json()['password']
    except KeyError:
        return jsonify(
            result="error",
            message={'password': ['Required field missing data']}), 400
    if user.check_password(txt_pwd):
        reset_failed_login_count(user)
        return jsonify({}), 204
    else:
        increment_failed_login_count(user)
        return jsonify(result='error', message={'password': ['Incorrect password']}), 400


@user.route('/<int:user_id>/verify/code', methods=['POST'])
def verify_user_code(user_id):
    try:
        user = get_model_users(user_id=user_id)
    except DataError:
        return jsonify(result="error", message="Invalid user id"), 400
    except NoResultFound:
        return jsonify(result="error", message="User not found"), 404
    txt_code = None
    resp_json = request.get_json()
    txt_type = None
    errors = {}
    try:
        txt_code = resp_json['code']
    except KeyError:
        errors.update({'code': ['Required field missing data']})
    try:
        txt_type = resp_json['code_type']
    except KeyError:
        errors.update({'code_type': ['Required field missing data']})
    if errors:
        return jsonify(result="error", message=errors), 400
    code = get_user_code(user, txt_code, txt_type)
    if not code:
        return jsonify(result="error", message="Code not found"), 404
    if datetime.now() > code.expiry_datetime or code.code_used:
        return jsonify(result="error", message="Code has expired"), 400
    use_user_code(code.id)
    return jsonify({}), 204


@user.route('/<int:user_id>/code', methods=['POST'])
def send_user_code(user_id):
    try:
        user = get_model_users(user_id=user_id)
    except DataError:
        return jsonify(result="error", message="Invalid user id"), 400
    except NoResultFound:
        return jsonify(result="error", message="User not found"), 404

    verify_code, errors = request_verify_code_schema.load(request.get_json())
    if errors:
        return jsonify(result="error", message=errors), 400

    from app.dao.users_dao import create_secret_code
    secret_code = create_secret_code()
    create_user_code(user, secret_code, verify_code.get('code_type'))
    if verify_code.get('code_type') == 'sms':
        mobile = user.mobile_number if verify_code.get('to', None) is None else verify_code.get('to')
        notification = {'to': mobile, 'content': secret_code}
        add_notification_to_queue(api_user['client'], 'admin', 'sms', notification)
    elif verify_code.get('code_type') == 'email':
        email = user.email_address if verify_code.get('to', None) is None else verify_code.get('to')
        notification = {
            'to_address': email,
            'from_address': 'notify@digital.cabinet-office.gov.uk',
            'subject': 'Verification code',
            'body': secret_code}
        add_notification_to_queue(api_user['client'], 'admin', 'email', notification)
    else:
        abort(500)
    return jsonify({}), 204


@user.route('/<int:user_id>', methods=['GET'])
@user.route('', methods=['GET'])
def get_user(user_id=None):
    try:
        users = get_model_users(user_id=user_id)
    except DataError:
        return jsonify(result="error", message="Invalid user id"), 400
    except NoResultFound:
        return jsonify(result="error", message="User not found"), 404
    result = users_schema.dump(users) if isinstance(users, list) else user_schema.dump(users)
    return jsonify(data=result.data)


@user.route('/<int:user_id>/service', methods=['GET'])
@user.route('/<int:user_id>/service/<service_id>', methods=['GET'])
def get_service_by_user_id(user_id, service_id=None):
    try:
        user = get_model_users(user_id=user_id)
    except DataError:
        return jsonify(result="error", message="Invalid user id"), 400
    except NoResultFound:
        return jsonify(result="error", message="User not found"), 404

    try:
        services = get_model_services(user_id=user.id, service_id=service_id)
    except DataError:
        return jsonify(result="error", message="Invalid service id"), 400
    except NoResultFound:
        return jsonify(result="error", message="Service not found"), 404
    services, errors = services_schema.dump(services) if isinstance(services, list) else service_schema.dump(services)
    return jsonify(data=services)
All tests working, second time around. 2016-01-21 17:29:24 +00:00			`from datetime import datetime`
Missed a couple of places where we should push to the queue. 2016-02-03 13:52:09 +00:00			`from flask import (jsonify, request, abort, Blueprint)`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00			`from sqlalchemy.exc import DataError`
			`from sqlalchemy.orm.exc import NoResultFound`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`from app.dao.services_dao import get_model_services`
Missed a couple of places where we should push to the queue. 2016-02-03 13:52:09 +00:00			`from app.aws_sqs import add_notification_to_queue`
Added delete endpoint and tests. 2016-01-12 10:39:49 +00:00			`from app.dao.users_dao import (`
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0. 2016-01-28 11:32:46 +00:00			`get_model_users,`
			`save_model_user,`
			`delete_model_user,`
			`create_user_code,`
			`get_user_code,`
			`use_user_code,`
			`increment_failed_login_count,`
			`reset_failed_login_count`
			`)`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`from app.schemas import (`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`user_schema, users_schema, service_schema, services_schema,`
Create schema for RequestVerifyCodeSchema Previously we were using a schema that mapped onto db.Model. However, the json in the request did not reflect the VerfiyCode db Model. I did not add validation on the to field, we did not have that previously. 2016-02-01 10:48:33 +00:00			`request_verify_code_schema, user_schema_load_json)`
Removed alpha client imports. 2016-02-09 16:13:48 +00:00			`from app import api_user`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00

Remove the view packages 2016-01-14 16:13:27 +00:00			`user = Blueprint('user', __name__)`


Remove trailing slashing from urls 2016-01-15 16:44:46 +00:00			`@user.route('', methods=['POST'])`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`def create_user():`
Add more tests. 2016-01-11 18:09:10 +00:00			`user, errors = user_schema.load(request.get_json())`
Add rest of user model fields to api. First step to moving user interactions to api. 2016-01-19 11:38:29 +00:00			`req_json = request.get_json()`
Added user verify password endpoint. 2016-01-20 16:25:18 +00:00			`# TODO password policy, what is valid password`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`if not req_json.get('password', None):`
			`errors.update({'password': ['Missing data for required field.']})`
Update error message for password to match marshmallow errors. 2016-01-19 12:07:14 +00:00			`return jsonify(result="error", message=errors), 400`
Add more tests. 2016-01-11 18:09:10 +00:00			`if errors:`
			`return jsonify(result="error", message=errors), 400`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`save_model_user(user, pwd=req_json.get('password'))`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`return jsonify(data=user_schema.dump(user).data), 201`


Added delete endpoint and tests. 2016-01-12 10:39:49 +00:00			`@user.route('/<int:user_id>', methods=['PUT', 'DELETE'])`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`def update_user(user_id):`
All four http methods working now for user and service restful apis. 2016-01-11 17:19:06 +00:00			`try:`
			`user = get_model_users(user_id=user_id)`
			`except DataError:`
			`return jsonify(result="error", message="Invalid user id"), 400`
			`except NoResultFound:`
			`return jsonify(result="error", message="User not found"), 404`
Added delete endpoint and tests. 2016-01-12 10:39:49 +00:00			`if request.method == 'DELETE':`
			`status_code = 202`
			`delete_model_user(user)`
			`else:`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`req_json = request.get_json()`
			`update_dct, errors = user_schema_load_json.load(req_json)`
			`pwd = req_json.get('password', None)`
			`# TODO password validation, it is already done on the admin app`
			`# but would be good to have the same validation here.`
			`if pwd is not None and not pwd:`
			`errors.update({'password': ['Invalid data for field']})`
			`if errors:`
			`return jsonify(result="error", message=errors), 400`
Added delete endpoint and tests. 2016-01-12 10:39:49 +00:00			`status_code = 200`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`save_model_user(user, update_dict=update_dct, pwd=pwd)`
Added delete endpoint and tests. 2016-01-12 10:39:49 +00:00			`return jsonify(data=user_schema.dump(user).data), status_code`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00

Added user verify password endpoint. 2016-01-20 16:25:18 +00:00			`@user.route('/<int:user_id>/verify/password', methods=['POST'])`
			`def verify_user_password(user_id):`
			`try:`
			`user = get_model_users(user_id=user_id)`
			`except DataError:`
			`return jsonify(result="error", message="Invalid user id"), 400`
			`except NoResultFound:`
			`return jsonify(result="error", message="User not found"), 404`
All tests working, second time around. 2016-01-21 17:29:24 +00:00			`txt_pwd = None`
Added user verify password endpoint. 2016-01-20 16:25:18 +00:00			`try:`
All tests working, second time around. 2016-01-21 17:29:24 +00:00			`txt_pwd = request.get_json()['password']`
Added user verify password endpoint. 2016-01-20 16:25:18 +00:00			`except KeyError:`
			`return jsonify(`
			`result="error",`
			`message={'password': ['Required field missing data']}), 400`
All tests working, second time around. 2016-01-21 17:29:24 +00:00			`if user.check_password(txt_pwd):`
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0. 2016-01-28 11:32:46 +00:00			`reset_failed_login_count(user)`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`return jsonify({}), 204`
Added user verify password endpoint. 2016-01-20 16:25:18 +00:00			`else:`
Record and persist failed login count on api. 2016-01-25 11:14:23 +00:00			`increment_failed_login_count(user)`
Added user verify password endpoint. 2016-01-20 16:25:18 +00:00			`return jsonify(result='error', message={'password': ['Incorrect password']}), 400`


All tests working, second time around. 2016-01-21 17:29:24 +00:00			`@user.route('/<int:user_id>/verify/code', methods=['POST'])`
			`def verify_user_code(user_id):`
			`try:`
			`user = get_model_users(user_id=user_id)`
			`except DataError:`
			`return jsonify(result="error", message="Invalid user id"), 400`
			`except NoResultFound:`
			`return jsonify(result="error", message="User not found"), 404`
			`txt_code = None`
			`resp_json = request.get_json()`
			`txt_type = None`
			`errors = {}`
			`try:`
			`txt_code = resp_json['code']`
			`except KeyError:`
			`errors.update({'code': ['Required field missing data']})`
			`try:`
			`txt_type = resp_json['code_type']`
			`except KeyError:`
			`errors.update({'code_type': ['Required field missing data']})`
			`if errors:`
			`return jsonify(result="error", message=errors), 400`
			`code = get_user_code(user, txt_code, txt_type)`
			`if not code:`
			`return jsonify(result="error", message="Code not found"), 404`
			`if datetime.now() > code.expiry_datetime or code.code_used:`
			`return jsonify(result="error", message="Code has expired"), 400`
			`use_user_code(code.id)`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`return jsonify({}), 204`
All tests working, second time around. 2016-01-21 17:29:24 +00:00

Remove trailing slash from /verify/code 2016-01-26 15:32:55 +00:00			`@user.route('/<int:user_id>/code', methods=['POST'])`
All tests working, second time around. 2016-01-21 17:29:24 +00:00			`def send_user_code(user_id):`
			`try:`
			`user = get_model_users(user_id=user_id)`
			`except DataError:`
			`return jsonify(result="error", message="Invalid user id"), 400`
			`except NoResultFound:`
			`return jsonify(result="error", message="User not found"), 404`
Updated send user code to use an optional to field to send emails Added tests for send_user_code 2016-01-27 11:51:02 +00:00
Create schema for RequestVerifyCodeSchema Previously we were using a schema that mapped onto db.Model. However, the json in the request did not reflect the VerfiyCode db Model. I did not add validation on the to field, we did not have that previously. 2016-02-01 10:48:33 +00:00			`verify_code, errors = request_verify_code_schema.load(request.get_json())`
Use VerifyCodeSchema 2016-01-27 12:11:25 +00:00			`if errors:`
			`return jsonify(result="error", message=errors), 400`
Updated send user code to use an optional to field to send emails Added tests for send_user_code 2016-01-27 11:51:02 +00:00
			`from app.dao.users_dao import create_secret_code`
			`secret_code = create_secret_code()`
Create schema for RequestVerifyCodeSchema Previously we were using a schema that mapped onto db.Model. However, the json in the request did not reflect the VerfiyCode db Model. I did not add validation on the to field, we did not have that previously. 2016-02-01 10:48:33 +00:00			`create_user_code(user, secret_code, verify_code.get('code_type'))`
			`if verify_code.get('code_type') == 'sms':`
			`mobile = user.mobile_number if verify_code.get('to', None) is None else verify_code.get('to')`
Missed a couple of places where we should push to the queue. 2016-02-03 13:52:09 +00:00			`notification = {'to': mobile, 'content': secret_code}`
			`add_notification_to_queue(api_user['client'], 'admin', 'sms', notification)`
Create schema for RequestVerifyCodeSchema Previously we were using a schema that mapped onto db.Model. However, the json in the request did not reflect the VerfiyCode db Model. I did not add validation on the to field, we did not have that previously. 2016-02-01 10:48:33 +00:00			`elif verify_code.get('code_type') == 'email':`
			`email = user.email_address if verify_code.get('to', None) is None else verify_code.get('to')`
Missed a couple of places where we should push to the queue. 2016-02-03 13:52:09 +00:00			`notification = {`
			`'to_address': email,`
			`'from_address': 'notify@digital.cabinet-office.gov.uk',`
			`'subject': 'Verification code',`
			`'body': secret_code}`
Now done. 2016-02-08 09:43:19 +00:00			`add_notification_to_queue(api_user['client'], 'admin', 'email', notification)`
All tests working, second time around. 2016-01-21 17:29:24 +00:00			`else:`
			`abort(500)`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`return jsonify({}), 204`
All tests working, second time around. 2016-01-21 17:29:24 +00:00

Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`@user.route('/<int:user_id>', methods=['GET'])`
Fix the user url. Add test for authentication to test paths with path params 2016-01-22 09:59:02 +00:00			`@user.route('', methods=['GET'])`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`def get_user(user_id=None):`
			`try:`
			`users = get_model_users(user_id=user_id)`
			`except DataError:`
			`return jsonify(result="error", message="Invalid user id"), 400`
			`except NoResultFound:`
Add more tests. 2016-01-11 18:09:10 +00:00			`return jsonify(result="error", message="User not found"), 404`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`result = users_schema.dump(users) if isinstance(users, list) else user_schema.dump(users)`
			`return jsonify(data=result.data)`


Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00			`@user.route('/<int:user_id>/service', methods=['GET'])`
Change services.id to a UUID Ideally all the primary keys in the db would be UUID in order to guarantee unique ids across distributed dbs. This updates the services.id to a UUID. All the tables with a foreign key to the services.id are also updated. The endpoints no longer state a data type of the <service_id> path param. All the tests are updated to reflect this update. The thing to pay attention to is the 0011_uuid_service_id.py migration script. This commit must go with a commit on the notifications_admin app to keep things working. There will be a small outage until both deploys have happened. 2016-02-02 14:16:08 +00:00			`@user.route('/<int:user_id>/service/<service_id>', methods=['GET'])`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00			`def get_service_by_user_id(user_id, service_id=None):`
			`try:`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`user = get_model_users(user_id=user_id)`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00			`except DataError:`
			`return jsonify(result="error", message="Invalid user id"), 400`
			`except NoResultFound:`
Add more tests. 2016-01-11 18:09:10 +00:00			`return jsonify(result="error", message="User not found"), 404`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00
			`try:`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`services = get_model_services(user_id=user.id, service_id=service_id)`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00			`except DataError:`
			`return jsonify(result="error", message="Invalid service id"), 400`
			`except NoResultFound:`
Add more tests. 2016-01-11 18:09:10 +00:00			`return jsonify(result="error", message="Service not found"), 404`
			`services, errors = services_schema.dump(services) if isinstance(services, list) else service_schema.dump(services)`
			`return jsonify(data=services)`