2016-05-11 10:56:24 +01:00
|
|
|
import json
|
2017-02-17 14:06:16 +00:00
|
|
|
import uuid
|
2016-01-21 17:29:24 +00:00
|
|
|
from datetime import datetime
|
2017-02-17 14:06:16 +00:00
|
|
|
|
2016-06-14 15:07:23 +01:00
|
|
|
from flask import (jsonify, request, Blueprint, current_app)
|
2017-02-17 14:06:16 +00:00
|
|
|
|
2016-01-12 10:39:49 +00:00
|
|
|
from app.dao.users_dao import (
|
2016-11-07 17:42:23 +00:00
|
|
|
get_user_by_id,
|
2016-01-28 11:32:46 +00:00
|
|
|
save_model_user,
|
|
|
|
|
create_user_code,
|
|
|
|
|
get_user_code,
|
|
|
|
|
use_user_code,
|
|
|
|
|
increment_failed_login_count,
|
2016-02-23 11:03:59 +00:00
|
|
|
reset_failed_login_count,
|
2016-06-03 15:15:46 +01:00
|
|
|
get_user_by_email,
|
2016-11-07 17:42:23 +00:00
|
|
|
create_secret_code,
|
2017-02-07 11:27:13 +00:00
|
|
|
save_user_attribute,
|
2017-02-15 16:18:05 +00:00
|
|
|
update_user_password,
|
|
|
|
|
count_user_verify_codes
|
2016-01-28 11:32:46 +00:00
|
|
|
)
|
2016-03-01 14:21:28 +00:00
|
|
|
from app.dao.permissions_dao import permission_dao
|
|
|
|
|
from app.dao.services_dao import dao_fetch_service_by_id
|
2016-06-03 15:15:46 +01:00
|
|
|
from app.dao.templates_dao import dao_get_template_by_id
|
2016-12-19 16:47:54 +00:00
|
|
|
from app.models import SMS_TYPE, KEY_TYPE_NORMAL, EMAIL_TYPE, Service
|
2016-12-09 14:55:24 +00:00
|
|
|
from app.notifications.process_notifications import (
|
|
|
|
|
persist_notification,
|
|
|
|
|
send_notification_to_queue
|
|
|
|
|
)
|
2016-01-11 15:07:13 +00:00
|
|
|
from app.schemas import (
|
2016-03-07 15:21:05 +00:00
|
|
|
email_data_request_schema,
|
2016-02-19 17:33:28 +00:00
|
|
|
user_schema,
|
|
|
|
|
request_verify_code_schema,
|
2016-11-07 17:42:23 +00:00
|
|
|
permission_schema,
|
2016-03-01 14:21:28 +00:00
|
|
|
user_schema_load_json,
|
2017-02-07 11:27:13 +00:00
|
|
|
user_update_schema_load_json,
|
|
|
|
|
user_update_password_schema_load_json
|
2016-11-07 17:42:23 +00:00
|
|
|
)
|
2016-06-14 15:07:23 +01:00
|
|
|
from app.errors import (
|
|
|
|
|
register_errors,
|
|
|
|
|
InvalidRequest
|
|
|
|
|
)
|
2016-10-13 11:59:47 +01:00
|
|
|
from app.utils import url_with_token
|
2016-01-08 17:51:46 +00:00
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
user_blueprint = Blueprint('user', __name__)
|
|
|
|
|
register_errors(user_blueprint)
|
2016-02-17 17:04:50 +00:00
|
|
|
|
2016-01-14 16:13:27 +00:00
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('', methods=['POST'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def create_user():
|
2016-03-11 12:39:55 +00:00
|
|
|
user_to_create, errors = user_schema.load(request.get_json())
|
2016-01-19 11:38:29 +00:00
|
|
|
req_json = request.get_json()
|
2016-01-28 11:41:21 +00:00
|
|
|
if not req_json.get('password', None):
|
|
|
|
|
errors.update({'password': ['Missing data for required field.']})
|
2016-06-14 15:07:23 +01:00
|
|
|
raise InvalidRequest(errors, status_code=400)
|
2016-03-11 12:39:55 +00:00
|
|
|
save_model_user(user_to_create, pwd=req_json.get('password'))
|
|
|
|
|
return jsonify(data=user_schema.dump(user_to_create).data), 201
|
2016-01-11 15:07:13 +00:00
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>', methods=['PUT'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def update_user(user_id):
|
2016-11-07 17:42:23 +00:00
|
|
|
user_to_update = get_user_by_id(user_id=user_id)
|
2016-02-19 15:54:11 +00:00
|
|
|
req_json = request.get_json()
|
|
|
|
|
update_dct, errors = user_schema_load_json.load(req_json)
|
2017-02-16 17:37:21 +00:00
|
|
|
# TODO don't let password be updated in this PUT method (currently used by the forgot password flow)
|
2016-02-19 15:54:11 +00:00
|
|
|
pwd = req_json.get('password', None)
|
2017-02-16 17:37:21 +00:00
|
|
|
if pwd is not None:
|
|
|
|
|
if not pwd:
|
|
|
|
|
errors.update({'password': ['Invalid data for field']})
|
|
|
|
|
raise InvalidRequest(errors, status_code=400)
|
|
|
|
|
else:
|
|
|
|
|
reset_failed_login_count(user_to_update)
|
2016-02-22 13:12:24 +00:00
|
|
|
save_model_user(user_to_update, update_dict=update_dct, pwd=pwd)
|
2016-06-14 15:07:23 +01:00
|
|
|
return jsonify(data=user_schema.dump(user_to_update).data), 200
|
2016-01-11 15:07:13 +00:00
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>', methods=['POST'])
|
2016-11-07 17:42:23 +00:00
|
|
|
def update_user_attribute(user_id):
|
|
|
|
|
user_to_update = get_user_by_id(user_id=user_id)
|
|
|
|
|
req_json = request.get_json()
|
|
|
|
|
update_dct, errors = user_update_schema_load_json.load(req_json)
|
|
|
|
|
if errors:
|
|
|
|
|
raise InvalidRequest(errors, status_code=400)
|
|
|
|
|
save_user_attribute(user_to_update, update_dict=update_dct)
|
|
|
|
|
return jsonify(data=user_schema.dump(user_to_update).data), 200
|
|
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/reset-failed-login-count', methods=['POST'])
|
2017-02-28 14:28:33 +00:00
|
|
|
def user_reset_failed_login_count(user_id):
|
|
|
|
|
user_to_update = get_user_by_id(user_id=user_id)
|
|
|
|
|
reset_failed_login_count(user_to_update)
|
|
|
|
|
return jsonify(data=user_schema.dump(user_to_update).data), 200
|
|
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/verify/password', methods=['POST'])
|
2016-01-20 16:25:18 +00:00
|
|
|
def verify_user_password(user_id):
|
2016-11-07 17:42:23 +00:00
|
|
|
user_to_verify = get_user_by_id(user_id=user_id)
|
2016-02-19 11:37:35 +00:00
|
|
|
|
2016-01-20 16:25:18 +00:00
|
|
|
try:
|
2016-01-21 17:29:24 +00:00
|
|
|
txt_pwd = request.get_json()['password']
|
2016-01-20 16:25:18 +00:00
|
|
|
except KeyError:
|
2016-06-14 15:07:23 +01:00
|
|
|
message = 'Required field missing data'
|
|
|
|
|
errors = {'password': [message]}
|
|
|
|
|
raise InvalidRequest(errors, status_code=400)
|
|
|
|
|
|
2016-02-19 11:37:35 +00:00
|
|
|
if user_to_verify.check_password(txt_pwd):
|
|
|
|
|
reset_failed_login_count(user_to_verify)
|
2016-01-28 11:41:21 +00:00
|
|
|
return jsonify({}), 204
|
2016-01-20 16:25:18 +00:00
|
|
|
else:
|
2016-02-19 11:37:35 +00:00
|
|
|
increment_failed_login_count(user_to_verify)
|
2016-06-14 15:07:23 +01:00
|
|
|
message = 'Incorrect password'
|
|
|
|
|
errors = {'password': [message]}
|
|
|
|
|
raise InvalidRequest(errors, status_code=400)
|
2016-01-20 16:25:18 +00:00
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/verify/code', methods=['POST'])
|
2016-01-21 17:29:24 +00:00
|
|
|
def verify_user_code(user_id):
|
2016-11-07 17:42:23 +00:00
|
|
|
user_to_verify = get_user_by_id(user_id=user_id)
|
2016-02-19 11:37:35 +00:00
|
|
|
|
2017-02-17 14:06:16 +00:00
|
|
|
req_json = request.get_json()
|
2017-02-24 15:14:47 +00:00
|
|
|
verify_code = None
|
|
|
|
|
code_type = None
|
2016-01-21 17:29:24 +00:00
|
|
|
errors = {}
|
|
|
|
|
try:
|
2017-02-24 15:14:47 +00:00
|
|
|
verify_code = req_json['code']
|
2016-01-21 17:29:24 +00:00
|
|
|
except KeyError:
|
|
|
|
|
errors.update({'code': ['Required field missing data']})
|
|
|
|
|
try:
|
2017-02-24 15:14:47 +00:00
|
|
|
code_type = req_json['code_type']
|
2016-01-21 17:29:24 +00:00
|
|
|
except KeyError:
|
|
|
|
|
errors.update({'code_type': ['Required field missing data']})
|
|
|
|
|
if errors:
|
2016-06-14 15:07:23 +01:00
|
|
|
raise InvalidRequest(errors, status_code=400)
|
|
|
|
|
|
2017-02-24 15:14:47 +00:00
|
|
|
code = get_user_code(user_to_verify, verify_code, code_type)
|
2017-02-28 14:28:33 +00:00
|
|
|
if user_to_verify.failed_login_count >= current_app.config.get('MAX_VERIFY_CODE_COUNT'):
|
|
|
|
|
raise InvalidRequest("Code not found", status_code=404)
|
2016-01-21 17:29:24 +00:00
|
|
|
if not code:
|
2017-02-14 14:04:11 +00:00
|
|
|
increment_failed_login_count(user_to_verify)
|
2016-06-14 15:07:23 +01:00
|
|
|
raise InvalidRequest("Code not found", status_code=404)
|
2016-05-11 10:56:24 +01:00
|
|
|
if datetime.utcnow() > code.expiry_datetime or code.code_used:
|
2017-02-14 14:04:11 +00:00
|
|
|
increment_failed_login_count(user_to_verify)
|
2016-06-14 15:07:23 +01:00
|
|
|
raise InvalidRequest("Code has expired", status_code=400)
|
2017-02-17 14:06:16 +00:00
|
|
|
|
2017-02-24 15:14:47 +00:00
|
|
|
if code_type == 'sms':
|
|
|
|
|
user_to_verify.current_session_id = str(uuid.uuid4())
|
|
|
|
|
user_to_verify.logged_in_at = datetime.utcnow()
|
2017-02-28 14:28:33 +00:00
|
|
|
user_to_verify.failed_login_count = 0
|
2017-02-24 15:14:47 +00:00
|
|
|
save_model_user(user_to_verify)
|
2017-02-17 14:06:16 +00:00
|
|
|
|
2016-01-21 17:29:24 +00:00
|
|
|
use_user_code(code.id)
|
2016-01-28 11:41:21 +00:00
|
|
|
return jsonify({}), 204
|
2016-01-21 17:29:24 +00:00
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/sms-code', methods=['POST'])
|
2016-02-19 11:37:35 +00:00
|
|
|
def send_user_sms_code(user_id):
|
2016-11-07 17:42:23 +00:00
|
|
|
user_to_send_to = get_user_by_id(user_id=user_id)
|
2016-02-19 11:37:35 +00:00
|
|
|
verify_code, errors = request_verify_code_schema.load(request.get_json())
|
|
|
|
|
|
2017-02-15 16:18:05 +00:00
|
|
|
if count_user_verify_codes(user_to_send_to) >= current_app.config.get('MAX_VERIFY_CODE_COUNT'):
|
|
|
|
|
# Prevent more than `MAX_VERIFY_CODE_COUNT` active verify codes at a time
|
2017-02-15 17:41:07 +00:00
|
|
|
current_app.logger.warn('Max verify code has exceeded for user {}'.format(user_to_send_to.id))
|
2017-02-15 16:18:05 +00:00
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
2016-02-19 11:37:35 +00:00
|
|
|
secret_code = create_secret_code()
|
2016-06-30 15:41:51 +01:00
|
|
|
create_user_code(user_to_send_to, secret_code, SMS_TYPE)
|
2016-02-19 11:37:35 +00:00
|
|
|
|
|
|
|
|
mobile = user_to_send_to.mobile_number if verify_code.get('to', None) is None else verify_code.get('to')
|
2016-06-03 15:15:46 +01:00
|
|
|
sms_code_template_id = current_app.config['SMS_CODE_TEMPLATE_ID']
|
|
|
|
|
sms_code_template = dao_get_template_by_id(sms_code_template_id)
|
2016-12-19 16:45:18 +00:00
|
|
|
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
|
2016-12-09 14:55:24 +00:00
|
|
|
|
|
|
|
|
saved_notification = persist_notification(
|
|
|
|
|
template_id=sms_code_template_id,
|
|
|
|
|
template_version=sms_code_template.version,
|
|
|
|
|
recipient=mobile,
|
2016-12-19 16:45:18 +00:00
|
|
|
service=service,
|
2016-12-09 14:55:24 +00:00
|
|
|
personalisation={'verify_code': secret_code},
|
|
|
|
|
notification_type=SMS_TYPE,
|
|
|
|
|
api_key_id=None,
|
|
|
|
|
key_type=KEY_TYPE_NORMAL
|
|
|
|
|
)
|
|
|
|
|
# Assume that we never want to observe the Notify service's research mode
|
|
|
|
|
# setting for this notification - we still need to be able to log into the
|
|
|
|
|
# admin even if we're doing user research using this service:
|
|
|
|
|
send_notification_to_queue(saved_notification, False, queue='notify')
|
2016-02-19 11:37:35 +00:00
|
|
|
|
|
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/change-email-verification', methods=['POST'])
|
2016-10-12 13:06:39 +01:00
|
|
|
def send_user_confirm_new_email(user_id):
|
2016-11-07 17:42:23 +00:00
|
|
|
user_to_send_to = get_user_by_id(user_id=user_id)
|
2016-10-12 13:06:39 +01:00
|
|
|
email, errors = email_data_request_schema.load(request.get_json())
|
|
|
|
|
if errors:
|
|
|
|
|
raise InvalidRequest(message=errors, status_code=400)
|
|
|
|
|
|
|
|
|
|
template = dao_get_template_by_id(current_app.config['CHANGE_EMAIL_CONFIRMATION_TEMPLATE_ID'])
|
2016-12-19 16:51:57 +00:00
|
|
|
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
|
2016-12-19 15:19:05 +00:00
|
|
|
|
|
|
|
|
saved_notification = persist_notification(
|
|
|
|
|
template_id=template.id,
|
|
|
|
|
template_version=template.version,
|
|
|
|
|
recipient=email['email'],
|
2016-12-19 16:51:57 +00:00
|
|
|
service=service,
|
2016-12-19 15:19:05 +00:00
|
|
|
personalisation={
|
2016-10-12 13:06:39 +01:00
|
|
|
'name': user_to_send_to.name,
|
2016-10-13 11:59:47 +01:00
|
|
|
'url': _create_confirmation_url(user=user_to_send_to, email_address=email['email']),
|
2016-10-12 13:06:39 +01:00
|
|
|
'feedback_url': current_app.config['ADMIN_BASE_URL'] + '/feedback'
|
2016-12-19 15:19:05 +00:00
|
|
|
},
|
|
|
|
|
notification_type=EMAIL_TYPE,
|
|
|
|
|
api_key_id=None,
|
|
|
|
|
key_type=KEY_TYPE_NORMAL
|
|
|
|
|
)
|
2016-10-12 13:06:39 +01:00
|
|
|
|
2016-12-19 15:19:05 +00:00
|
|
|
send_notification_to_queue(saved_notification, False, queue='notify')
|
2016-10-12 13:06:39 +01:00
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/email-verification', methods=['POST'])
|
2016-03-17 13:06:17 +00:00
|
|
|
def send_user_email_verification(user_id):
|
2016-11-07 17:42:23 +00:00
|
|
|
user_to_send_to = get_user_by_id(user_id=user_id)
|
2016-03-17 13:06:17 +00:00
|
|
|
secret_code = create_secret_code()
|
|
|
|
|
create_user_code(user_to_send_to, secret_code, 'email')
|
|
|
|
|
|
2016-06-09 16:41:20 +01:00
|
|
|
template = dao_get_template_by_id(current_app.config['EMAIL_VERIFY_CODE_TEMPLATE_ID'])
|
2016-12-19 16:51:57 +00:00
|
|
|
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
|
2016-12-19 15:31:54 +00:00
|
|
|
|
|
|
|
|
saved_notification = persist_notification(
|
|
|
|
|
template_id=template.id,
|
|
|
|
|
template_version=template.version,
|
|
|
|
|
recipient=user_to_send_to.email_address,
|
2016-12-19 16:51:57 +00:00
|
|
|
service=service,
|
2016-12-19 15:31:54 +00:00
|
|
|
personalisation={
|
2016-06-13 11:29:07 +01:00
|
|
|
'name': user_to_send_to.name,
|
2016-06-09 16:41:20 +01:00
|
|
|
'url': _create_verification_url(user_to_send_to, secret_code)
|
2016-12-19 15:31:54 +00:00
|
|
|
},
|
|
|
|
|
notification_type=EMAIL_TYPE,
|
|
|
|
|
api_key_id=None,
|
|
|
|
|
key_type=KEY_TYPE_NORMAL
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
send_notification_to_queue(saved_notification, False, queue="notify")
|
2016-03-17 13:06:17 +00:00
|
|
|
|
|
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/email-already-registered', methods=['POST'])
|
2016-07-07 17:23:07 +01:00
|
|
|
def send_already_registered_email(user_id):
|
2016-07-08 10:57:20 +01:00
|
|
|
to, errors = email_data_request_schema.load(request.get_json())
|
2016-07-07 17:23:07 +01:00
|
|
|
template = dao_get_template_by_id(current_app.config['ALREADY_REGISTERED_EMAIL_TEMPLATE_ID'])
|
2017-01-10 13:41:16 +00:00
|
|
|
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
|
2016-07-07 17:23:07 +01:00
|
|
|
|
2016-12-19 17:35:13 +00:00
|
|
|
saved_notification = persist_notification(
|
|
|
|
|
template_id=template.id,
|
|
|
|
|
template_version=template.version,
|
|
|
|
|
recipient=to['email'],
|
2017-01-10 13:41:16 +00:00
|
|
|
service=service,
|
2016-12-19 17:35:13 +00:00
|
|
|
personalisation={
|
2016-07-07 17:23:07 +01:00
|
|
|
'signin_url': current_app.config['ADMIN_BASE_URL'] + '/sign-in',
|
|
|
|
|
'forgot_password_url': current_app.config['ADMIN_BASE_URL'] + '/forgot-password',
|
|
|
|
|
'feedback_url': current_app.config['ADMIN_BASE_URL'] + '/feedback'
|
2016-12-19 17:35:13 +00:00
|
|
|
},
|
|
|
|
|
notification_type=EMAIL_TYPE,
|
|
|
|
|
api_key_id=None,
|
|
|
|
|
key_type=KEY_TYPE_NORMAL
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
send_notification_to_queue(saved_notification, False, queue="notify")
|
2016-07-07 17:23:07 +01:00
|
|
|
|
|
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>', methods=['GET'])
|
|
|
|
|
@user_blueprint.route('', methods=['GET'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def get_user(user_id=None):
|
2016-11-07 17:42:23 +00:00
|
|
|
users = get_user_by_id(user_id=user_id)
|
2016-02-26 12:00:16 +00:00
|
|
|
result = user_schema.dump(users, many=True) if isinstance(users, list) else user_schema.dump(users)
|
2016-01-11 15:07:13 +00:00
|
|
|
return jsonify(data=result.data)
|
2016-02-23 11:03:59 +00:00
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/service/<uuid:service_id>/permission', methods=['POST'])
|
2016-03-01 14:21:28 +00:00
|
|
|
def set_permissions(user_id, service_id):
|
|
|
|
|
# TODO fix security hole, how do we verify that the user
|
|
|
|
|
# who is making this request has permission to make the request.
|
2016-11-07 17:42:23 +00:00
|
|
|
user = get_user_by_id(user_id=user_id)
|
2016-03-01 14:21:28 +00:00
|
|
|
service = dao_fetch_service_by_id(service_id=service_id)
|
|
|
|
|
permissions, errors = permission_schema.load(request.get_json(), many=True)
|
2016-06-14 15:07:23 +01:00
|
|
|
|
2016-03-01 14:21:28 +00:00
|
|
|
for p in permissions:
|
|
|
|
|
p.user = user
|
|
|
|
|
p.service = service
|
2016-06-07 16:31:10 +01:00
|
|
|
permission_dao.set_user_service_permission(user, service, permissions, _commit=True, replace=True)
|
2016-03-01 14:21:28 +00:00
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/email', methods=['GET'])
|
2016-02-23 11:03:59 +00:00
|
|
|
def get_by_email():
|
|
|
|
|
email = request.args.get('email')
|
|
|
|
|
if not email:
|
2016-06-14 15:07:23 +01:00
|
|
|
error = 'Invalid request. Email query string param required'
|
|
|
|
|
raise InvalidRequest(error, status_code=400)
|
2016-03-07 15:21:05 +00:00
|
|
|
fetched_user = get_user_by_email(email)
|
|
|
|
|
result = user_schema.dump(fetched_user)
|
2016-02-23 11:03:59 +00:00
|
|
|
|
|
|
|
|
return jsonify(data=result.data)
|
2016-03-07 14:34:53 +00:00
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/reset-password', methods=['POST'])
|
2016-03-07 18:20:20 +00:00
|
|
|
def send_user_reset_password():
|
2016-03-07 15:21:05 +00:00
|
|
|
email, errors = email_data_request_schema.load(request.get_json())
|
|
|
|
|
|
|
|
|
|
user_to_send_to = get_user_by_email(email['email'])
|
2016-03-07 14:34:53 +00:00
|
|
|
|
2016-06-16 10:43:41 +01:00
|
|
|
template = dao_get_template_by_id(current_app.config['PASSWORD_RESET_TEMPLATE_ID'])
|
2017-01-10 13:41:16 +00:00
|
|
|
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
|
2016-12-20 11:55:26 +00:00
|
|
|
saved_notification = persist_notification(
|
|
|
|
|
template_id=template.id,
|
|
|
|
|
template_version=template.version,
|
|
|
|
|
recipient=email['email'],
|
2017-01-10 13:41:16 +00:00
|
|
|
service=service,
|
2016-12-20 11:55:26 +00:00
|
|
|
personalisation={
|
2016-06-16 10:43:41 +01:00
|
|
|
'user_name': user_to_send_to.name,
|
2016-06-16 17:34:33 +01:00
|
|
|
'url': _create_reset_password_url(user_to_send_to.email_address)
|
2016-12-20 11:55:26 +00:00
|
|
|
},
|
|
|
|
|
notification_type=EMAIL_TYPE,
|
|
|
|
|
api_key_id=None,
|
|
|
|
|
key_type=KEY_TYPE_NORMAL
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
send_notification_to_queue(saved_notification, False, queue="notify")
|
2016-03-07 18:20:20 +00:00
|
|
|
|
2016-03-07 14:34:53 +00:00
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2017-03-16 18:15:49 +00:00
|
|
|
@user_blueprint.route('/<uuid:user_id>/update-password', methods=['POST'])
|
2017-02-07 11:27:13 +00:00
|
|
|
def update_password(user_id):
|
|
|
|
|
user = get_user_by_id(user_id=user_id)
|
|
|
|
|
req_json = request.get_json()
|
|
|
|
|
pwd = req_json.get('_password')
|
|
|
|
|
update_dct, errors = user_update_password_schema_load_json.load(req_json)
|
|
|
|
|
if errors:
|
|
|
|
|
raise InvalidRequest(errors, status_code=400)
|
|
|
|
|
update_user_password(user, pwd)
|
|
|
|
|
return jsonify(data=user_schema.dump(user).data), 200
|
|
|
|
|
|
|
|
|
|
|
2016-10-12 13:06:39 +01:00
|
|
|
def _create_reset_password_url(email):
|
|
|
|
|
data = json.dumps({'email': email, 'created_at': str(datetime.utcnow())})
|
2016-10-13 11:59:47 +01:00
|
|
|
url = '/new-password/'
|
|
|
|
|
return url_with_token(data, url, current_app.config)
|
2016-03-17 13:06:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def _create_verification_url(user, secret_code):
|
2016-04-08 13:34:46 +01:00
|
|
|
data = json.dumps({'user_id': str(user.id), 'email': user.email_address, 'secret_code': secret_code})
|
2016-10-13 11:59:47 +01:00
|
|
|
url = '/verify-email/'
|
|
|
|
|
return url_with_token(data, url, current_app.config)
|
2016-10-12 13:06:39 +01:00
|
|
|
|
2016-03-17 13:06:17 +00:00
|
|
|
|
2016-10-12 13:06:39 +01:00
|
|
|
def _create_confirmation_url(user, email_address):
|
2016-10-13 11:59:47 +01:00
|
|
|
data = json.dumps({'user_id': str(user.id), 'email': email_address})
|
|
|
|
|
url = '/user-profile/email/confirm/'
|
|
|
|
|
return url_with_token(data, url, current_app.config)
|
