app/schemas.py

import re
from flask_marshmallow.fields import fields
from . import ma
from . import models
from app.dao.permissions_dao import permission_dao
from marshmallow import (post_load, ValidationError, validates, validates_schema)
from marshmallow_sqlalchemy import field_for

mobile_regex = re.compile("^\\+44[\\d]{10}$")

email_regex = re.compile("(^[^@^\\s]+@[^@^\\.^\\s]+(\\.[^@^\\.^\\s]*)*\.(.+))")


# TODO I think marshmallow provides a better integration and error handling.
# Would be better to replace functionality in dao with the marshmallow supported
# functionality.
# http://marshmallow.readthedocs.org/en/latest/api_reference.html


class BaseSchema(ma.ModelSchema):
    def __init__(self, *args, load_json=False, **kwargs):
        self.load_json = load_json
        super(BaseSchema, self).__init__(*args, **kwargs)

    __envelope__ = {
        'single': None,
        'many': None
    }

    def get_envelope_key(self, many):
        """Helper to get the envelope key."""
        key = self.__envelope__['many'] if many else self.__envelope__['single']
        assert key is not None, "Envelope key undefined"
        return key

    # Code to envelope the input and response.
    # TOBE added soon.

    # @pre_load(pass_many=True)
    # def unwrap_envelope(self, data, many):
    #     key = self.get_envelope_key(many)
    #     return data[key]

    # @post_dump(pass_many=True)
    # def wrap_with_envelope(self, data, many):
    #     key = self.get_envelope_key(many)
    #     return {key: data}

    @post_load
    def make_instance(self, data):
        """Deserialize data to an instance of the model. Update an existing row
        if specified in `self.instance` or loaded by primary key(s) in the data;
        else create a new row.
        :param data: Data to deserialize.
        """
        if self.load_json:
            return data
        return super(BaseSchema, self).make_instance(data)


class UserSchema(BaseSchema):

    permissions = fields.Method("user_permissions", dump_only=True)

    def user_permissions(self, usr):
        retval = {}
        for x in permission_dao.get_query({'user': usr.id}):
            service_id = str(x.service_id)
            if service_id not in retval:
                retval[service_id] = []
            retval[service_id].append(x.permission)
        return retval

    class Meta:
        model = models.User
        exclude = (
            "updated_at", "created_at", "user_to_service",
            "_password", "verify_codes")


class ServiceSchema(BaseSchema):
    class Meta:
        model = models.Service
        exclude = ("updated_at", "created_at", "api_keys", "templates", "jobs", 'old_id')


class TemplateSchema(BaseSchema):
    class Meta:
        model = models.Template
        exclude = ("updated_at", "created_at", "service_id", "jobs")


class ApiKeySchema(BaseSchema):
    class Meta:
        model = models.ApiKey
        exclude = ("service", "secret")


class JobSchema(BaseSchema):
    class Meta:
        model = models.Job


class RequestVerifyCodeSchema(ma.Schema):
    to = fields.Str(required=False)


class NotificationSchema(ma.Schema):
    personalisation = fields.Dict(required=False)
    pass


class SmsNotificationSchema(NotificationSchema):
    to = fields.Str(required=True)

    @validates('to')
    def validate_to(self, value):
        if not mobile_regex.match(value):
            raise ValidationError('Invalid phone number, must be of format +441234123123')


class EmailNotificationSchema(NotificationSchema):
    to = fields.Str(required=True)
    template = fields.Int(required=True)

    @validates('to')
    def validate_to(self, value):
        if not email_regex.match(value):
            raise ValidationError('Invalid email')


class SmsTemplateNotificationSchema(SmsNotificationSchema):
    template = fields.Int(required=True)
    job = fields.String()


class JobSmsTemplateNotificationSchema(SmsNotificationSchema):
    template = fields.Int(required=True)
    job = fields.String(required=True)


class JobEmailTemplateNotificationSchema(EmailNotificationSchema):
    template = fields.Int(required=True)
    job = fields.String(required=True)


class SmsAdminNotificationSchema(SmsNotificationSchema):
    content = fields.Str(required=True)


class NotificationStatusSchema(BaseSchema):

    class Meta:
        model = models.Notification


class InvitedUserSchema(BaseSchema):

    class Meta:
        model = models.InvitedUser

    @validates('email_address')
    def validate_to(self, value):
        if not email_regex.match(value):
            raise ValidationError('Invalid email')


class PermissionSchema(BaseSchema):

    # Override generated fields
    user = field_for(models.Permission, 'user', dump_only=True)
    service = field_for(models.Permission, 'service', dump_only=True)
    permission = field_for(models.Permission, 'permission')

    __envelope__ = {
        'single': 'permission',
        'many': 'permissions',
    }

    class Meta:
        model = models.Permission
        exclude = ("created_at",)


class EmailDataSchema(ma.Schema):
    email = fields.Str(required=False)

    @validates('email')
    def validate_to(self, value):
        if not email_regex.match(value):
            raise ValidationError('Invalid email')

user_schema = UserSchema()
user_schema_load_json = UserSchema(load_json=True)
service_schema = ServiceSchema()
service_schema_load_json = ServiceSchema(load_json=True)
template_schema = TemplateSchema()
template_schema_load_json = TemplateSchema(load_json=True)
api_key_schema = ApiKeySchema()
api_key_schema_load_json = ApiKeySchema(load_json=True)
job_schema = JobSchema()
job_schema_load_json = JobSchema(load_json=True)
request_verify_code_schema = RequestVerifyCodeSchema()
sms_admin_notification_schema = SmsAdminNotificationSchema()
sms_template_notification_schema = SmsTemplateNotificationSchema()
job_sms_template_notification_schema = JobSmsTemplateNotificationSchema()
email_notification_schema = EmailNotificationSchema()
job_email_template_notification_schema = JobEmailTemplateNotificationSchema()
notification_status_schema = NotificationStatusSchema()
notification_status_schema_load_json = NotificationStatusSchema(load_json=True)
invited_user_schema = InvitedUserSchema()
permission_schema = PermissionSchema()
email_data_request_schema = EmailDataSchema()
Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00			`import re`
Create schema for RequestVerifyCodeSchema Previously we were using a schema that mapped onto db.Model. However, the json in the request did not reflect the VerfiyCode db Model. I did not add validation on the to field, we did not have that previously. 2016-02-01 10:48:33 +00:00			`from flask_marshmallow.fields import fields`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`from . import ma`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00			`from . import models`
user permissions now returned with the user object and all tests passing. 2016-02-26 15:57:24 +00:00			`from app.dao.permissions_dao import permission_dao`
Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00			`from marshmallow import (post_load, ValidationError, validates, validates_schema)`
Functionality added and all tests working. 2016-03-01 14:21:28 +00:00			`from marshmallow_sqlalchemy import field_for`
Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00
			`mobile_regex = re.compile("^\\+44[\\d]{10}$")`
Create schema for RequestVerifyCodeSchema Previously we were using a schema that mapped onto db.Model. However, the json in the request did not reflect the VerfiyCode db Model. I did not add validation on the to field, we did not have that previously. 2016-02-01 10:48:33 +00:00
Send Email via the API - uses the new subject/email from fields present on the templates / service tables - brings the send email api call into line with the sms one. - same fields (to/template_id) - same rules regarding restricted services - wired in as a task into celery Requires - new celery queue - new env property (NOTIFY_EMAIL_DOMAIN) 2016-02-22 17:17:29 +00:00			`email_regex = re.compile("(^[^@^\\s]+@[^@^\\.^\\s]+(\\.[^@^\\.^\\s])\.(.+))")`

Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`# TODO I think marshmallow provides a better integration and error handling.`
			`# Would be better to replace functionality in dao with the marshmallow supported`
			`# functionality.`
			`# http://marshmallow.readthedocs.org/en/latest/api_reference.html`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`class BaseSchema(ma.ModelSchema):`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`def __init__(self, args, load_json=False, *kwargs):`
			`self.load_json = load_json`
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`super(BaseSchema, self).__init__(args, *kwargs)`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00
Working permissions and all tests passing. Remove print statements. Fix for review comments. 2016-02-26 12:00:16 +00:00			`__envelope__ = {`
			`'single': None,`
			`'many': None`
			`}`

			`def get_envelope_key(self, many):`
			`"""Helper to get the envelope key."""`
			`key = self.__envelope__['many'] if many else self.__envelope__['single']`
			`assert key is not None, "Envelope key undefined"`
			`return key`

			`# Code to envelope the input and response.`
			`# TOBE added soon.`

			`# @pre_load(pass_many=True)`
			`# def unwrap_envelope(self, data, many):`
			`# key = self.get_envelope_key(many)`
			`# return data[key]`

			`# @post_dump(pass_many=True)`
			`# def wrap_with_envelope(self, data, many):`
			`# key = self.get_envelope_key(many)`
			`# return {key: data}`

Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`@post_load`
			`def make_instance(self, data):`
			`"""Deserialize data to an instance of the model. Update an existing row`
			if specified in `self.instance` or loaded by primary key(s) in the data;
			`else create a new row.`
			`:param data: Data to deserialize.`
			`"""`
			`if self.load_json:`
			`return data`
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`return super(BaseSchema, self).make_instance(data)`


			`class UserSchema(BaseSchema):`
user permissions now returned with the user object and all tests passing. 2016-02-26 15:57:24 +00:00
			`permissions = fields.Method("user_permissions", dump_only=True)`

			`def user_permissions(self, usr):`
			`retval = {}`
			`for x in permission_dao.get_query({'user': usr.id}):`
			`service_id = str(x.service_id)`
			`if service_id not in retval:`
			`retval[service_id] = []`
			`retval[service_id].append(x.permission)`
			`return retval`

Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`class Meta:`
			`model = models.User`
			`exclude = (`
			`"updated_at", "created_at", "user_to_service",`
			`"_password", "verify_codes")`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`class ServiceSchema(BaseSchema):`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00			`class Meta:`
			`model = models.Service`
Change services.id to a UUID Ideally all the primary keys in the db would be UUID in order to guarantee unique ids across distributed dbs. This updates the services.id to a UUID. All the tables with a foreign key to the services.id are also updated. The endpoints no longer state a data type of the <service_id> path param. All the tests are updated to reflect this update. The thing to pay attention to is the 0011_uuid_service_id.py migration script. This commit must go with a commit on the notifications_admin app to keep things working. There will be a small outage until both deploys have happened. 2016-02-02 14:16:08 +00:00			`exclude = ("updated_at", "created_at", "api_keys", "templates", "jobs", 'old_id')`
Template rest api skeleton added. 2016-01-13 11:04:13 +00:00

Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`class TemplateSchema(BaseSchema):`
Template rest api skeleton added. 2016-01-13 11:04:13 +00:00			`class Meta:`
			`model = models.Template`
Added endpoints for creating job, and getting job/jobs. 2016-01-15 15:48:05 +00:00			`exclude = ("updated_at", "created_at", "service_id", "jobs")`
Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`class ApiKeySchema(BaseSchema):`
Add api_token model and dao 2016-01-13 09:25:46 +00:00			`class Meta:`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`model = models.ApiKey`
Get api_keys for service endpoint 2016-01-20 15:23:32 +00:00			`exclude = ("service", "secret")`
Moved the _generate_token methods to the tokens_dao. 2016-01-14 11:30:45 +00:00
Add api_token model and dao 2016-01-13 09:25:46 +00:00
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`class JobSchema(BaseSchema):`
Added endpoints for creating job, and getting job/jobs. 2016-01-15 15:48:05 +00:00			`class Meta:`
			`model = models.Job`


Refactor user/<user_id>/code into two endpoints. - Created new endpoint user/<user_id>/sms-code to send the sms verification code to the user. - Create new endpoirtn user/<user_id>/email-code to send the email verifcation code to the user. - Marked the old methods, schema, tests with a TODO to be deleted when the admin app is no longer sending messages to /user/<user_id>/code - Added error handlers for DataError and NoResultFound. Data error catches invalid input errors. - Added error handler for SqlAlchemyError which catches any other database errors. - Removed the need for the try catches around the db calls in the user endpoints with the addition of the db error handlers. - We may want to wrap db excpetions in the dao, if we want the No results found message to be more specific and say no result found for user. 2016-02-19 11:37:35 +00:00			`class RequestVerifyCodeSchema(ma.Schema):`
			`to = fields.Str(required=False)`


Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00			`class NotificationSchema(ma.Schema):`
Accept and validate personalisation This commit allows the send notification endpoint to accept an extra parameter, `personalisation`, the contents of which will be used (later) to replace the placeholders in the template. It does validation in the following places: - at the schema level, to validate the type and (optional) presence of personalisation - at the endpoint, to check whether the personalisation provided matches exactly the placeholders in the template It does not do validation when processing CSV files, as these are assumed to already have been validated by the admin app. It explicitly does not persist either the names of the placeholders (these should always be derived from the template contents unless it really becomes a performance concern) or the values of the placeholders (because they might be personal data). 2016-02-29 11:23:34 +00:00			`personalisation = fields.Dict(required=False)`
Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00			`pass`


			`class SmsNotificationSchema(NotificationSchema):`
			`to = fields.Str(required=True)`

			`@validates('to')`
			`def validate_to(self, value):`
			`if not mobile_regex.match(value):`
			`raise ValidationError('Invalid phone number, must be of format +441234123123')`


Send Email via the API - uses the new subject/email from fields present on the templates / service tables - brings the send email api call into line with the sms one. - same fields (to/template_id) - same rules regarding restricted services - wired in as a task into celery Requires - new celery queue - new env property (NOTIFY_EMAIL_DOMAIN) 2016-02-22 17:17:29 +00:00			`class EmailNotificationSchema(NotificationSchema):`
			`to = fields.Str(required=True)`
			`template = fields.Int(required=True)`

			`@validates('to')`
			`def validate_to(self, value):`
			`if not email_regex.match(value):`
			`raise ValidationError('Invalid email')`


Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00			`class SmsTemplateNotificationSchema(SmsNotificationSchema):`
			`template = fields.Int(required=True)`
New endpoint for delivery app to use. Once removal of code that uses existing alpha is done, then duplicated code from /notifications/sms and the new endpoint can be merged. Job id is now avaiable in notificaiton but is not used yet. 2016-02-08 14:54:15 +00:00			`job = fields.String()`
Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00

Moved the sending sms for a job into celery tasks 2016-02-23 17:30:50 +00:00			`class JobSmsTemplateNotificationSchema(SmsNotificationSchema):`
			`template = fields.Int(required=True)`
			`job = fields.String(required=True)`


More refactors - single base method to send notifications - knows about service id (present if job based) - knows about jobs - if needed - knows about type Does the right thing Was lots of shared code around error checking now in one place. 2016-02-24 09:55:05 +00:00			`class JobEmailTemplateNotificationSchema(EmailNotificationSchema):`
			`template = fields.Int(required=True)`
			`job = fields.String(required=True)`


Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00			`class SmsAdminNotificationSchema(SmsNotificationSchema):`
			`content = fields.Str(required=True)`


[WIP] Added endpoints under /job for creating, updating and reading notification status. 2016-02-09 14:17:42 +00:00			`class NotificationStatusSchema(BaseSchema):`

			`class Meta:`
Fixing up tests to validate the call to the celery tasks. - mocker used to test call or otherwise of the task - no new tests just a spring clean 2016-02-16 14:06:56 +00:00			`model = models.Notification`
[WIP] Added endpoints under /job for creating, updating and reading notification status. 2016-02-09 14:17:42 +00:00

[WIP] added endpoint and dao to create invites for users. Droped token as later code to send email invite can generate timebased url to send to user. That can then be checked against configurable time threshold for expiry. Therefore no need to store a token. 2016-02-24 14:01:19 +00:00			`class InvitedUserSchema(BaseSchema):`
[WIP] invited user now has comma separated permission values stored against it so that user can be created with correct permissions. 2016-02-29 09:49:12 +00:00
[WIP] added endpoint and dao to create invites for users. Droped token as later code to send email invite can generate timebased url to send to user. That can then be checked against configurable time threshold for expiry. Therefore no need to store a token. 2016-02-24 14:01:19 +00:00			`class Meta:`
			`model = models.InvitedUser`

			`@validates('email_address')`
			`def validate_to(self, value):`
			`if not email_regex.match(value):`
			`raise ValidationError('Invalid email')`


Working permissions and all tests passing. Remove print statements. Fix for review comments. 2016-02-26 12:00:16 +00:00			`class PermissionSchema(BaseSchema):`

Functionality added and all tests working. 2016-03-01 14:21:28 +00:00			`# Override generated fields`
			`user = field_for(models.Permission, 'user', dump_only=True)`
			`service = field_for(models.Permission, 'service', dump_only=True)`
			`permission = field_for(models.Permission, 'permission')`

Working permissions and all tests passing. Remove print statements. Fix for review comments. 2016-02-26 12:00:16 +00:00			`__envelope__ = {`
			`'single': 'permission',`
			`'many': 'permissions',`
			`}`

			`class Meta:`
			`model = models.Permission`
			`exclude = ("created_at",)`


Send email address in the data rather than the user_id as a path param. Remove unused OldRequestVerifyCodeSchema. 2016-03-07 15:21:05 +00:00			`class EmailDataSchema(ma.Schema):`
			`email = fields.Str(required=False)`

			`@validates('email')`
			`def validate_to(self, value):`
			`if not email_regex.match(value):`
			`raise ValidationError('Invalid email')`

Service and User API added, working with tests. Still need to polish the edges and add more tests. 2016-01-11 15:07:13 +00:00			`user_schema = UserSchema()`
Added support for allowing password to updated from the PUT request to the user rest endpoint. 2016-01-28 11:41:21 +00:00			`user_schema_load_json = UserSchema(load_json=True)`
Work in progress, skeleton of the api created and testing started. Need to fix authentication tests. 2016-01-08 17:51:46 +00:00			`service_schema = ServiceSchema()`
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`service_schema_load_json = ServiceSchema(load_json=True)`
Template rest api skeleton added. 2016-01-13 11:04:13 +00:00			`template_schema = TemplateSchema()`
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`template_schema_load_json = TemplateSchema(load_json=True)`
Change Tokens to ApiKey Added name to ApiKey model 2016-01-19 12:07:00 +00:00			`api_key_schema = ApiKeySchema()`
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`api_key_schema_load_json = ApiKeySchema(load_json=True)`
Added endpoints for creating job, and getting job/jobs. 2016-01-15 15:48:05 +00:00			`job_schema = JobSchema()`
Added support for validation only of put requests. 2016-01-29 11:11:00 +00:00			`job_schema_load_json = JobSchema(load_json=True)`
Create schema for RequestVerifyCodeSchema Previously we were using a schema that mapped onto db.Model. However, the json in the request did not reflect the VerfiyCode db Model. I did not add validation on the to field, we did not have that previously. 2016-02-01 10:48:33 +00:00			`request_verify_code_schema = RequestVerifyCodeSchema()`
Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00			`sms_admin_notification_schema = SmsAdminNotificationSchema()`
			`sms_template_notification_schema = SmsTemplateNotificationSchema()`
Moved the sending sms for a job into celery tasks 2016-02-23 17:30:50 +00:00			`job_sms_template_notification_schema = JobSmsTemplateNotificationSchema()`
Sqs queues now populated from all create_notification api calls. Marshmallow schemas added for notification. 2016-02-03 13:16:19 +00:00			`email_notification_schema = EmailNotificationSchema()`
More refactors - single base method to send notifications - knows about service id (present if job based) - knows about jobs - if needed - knows about type Does the right thing Was lots of shared code around error checking now in one place. 2016-02-24 09:55:05 +00:00			`job_email_template_notification_schema = JobEmailTemplateNotificationSchema()`
[WIP] Added endpoints under /job for creating, updating and reading notification status. 2016-02-09 14:17:42 +00:00			`notification_status_schema = NotificationStatusSchema()`
			`notification_status_schema_load_json = NotificationStatusSchema(load_json=True)`
[WIP] added endpoint and dao to create invites for users. Droped token as later code to send email invite can generate timebased url to send to user. That can then be checked against configurable time threshold for expiry. Therefore no need to store a token. 2016-02-24 14:01:19 +00:00			`invited_user_schema = InvitedUserSchema()`
Working permissions and all tests passing. Remove print statements. Fix for review comments. 2016-02-26 12:00:16 +00:00			`permission_schema = PermissionSchema()`
Send email address in the data rather than the user_id as a path param. Remove unused OldRequestVerifyCodeSchema. 2016-03-07 15:21:05 +00:00			`email_data_request_schema = EmailDataSchema()`