2016-05-11 10:56:24 +01:00
|
|
|
import json
|
2016-06-03 15:15:46 +01:00
|
|
|
import uuid
|
2016-01-21 17:29:24 +00:00
|
|
|
from datetime import datetime
|
2016-03-08 15:20:34 +00:00
|
|
|
from flask import (jsonify, request, abort, Blueprint, current_app)
|
2016-06-03 15:15:46 +01:00
|
|
|
from app import encryption, DATETIME_FORMAT
|
2016-01-12 10:39:49 +00:00
|
|
|
from app.dao.users_dao import (
|
2016-01-28 11:32:46 +00:00
|
|
|
get_model_users,
|
|
|
|
|
save_model_user,
|
|
|
|
|
create_user_code,
|
|
|
|
|
get_user_code,
|
|
|
|
|
use_user_code,
|
|
|
|
|
increment_failed_login_count,
|
2016-02-23 11:03:59 +00:00
|
|
|
reset_failed_login_count,
|
2016-06-03 15:15:46 +01:00
|
|
|
get_user_by_email,
|
|
|
|
|
create_secret_code
|
2016-01-28 11:32:46 +00:00
|
|
|
)
|
2016-03-01 14:21:28 +00:00
|
|
|
from app.dao.permissions_dao import permission_dao
|
|
|
|
|
from app.dao.services_dao import dao_fetch_service_by_id
|
2016-06-03 15:15:46 +01:00
|
|
|
from app.dao.templates_dao import dao_get_template_by_id
|
2016-01-11 15:07:13 +00:00
|
|
|
from app.schemas import (
|
2016-03-07 15:21:05 +00:00
|
|
|
email_data_request_schema,
|
2016-02-19 17:33:28 +00:00
|
|
|
user_schema,
|
|
|
|
|
request_verify_code_schema,
|
2016-03-01 14:21:28 +00:00
|
|
|
user_schema_load_json,
|
|
|
|
|
permission_schema
|
2016-02-19 17:33:28 +00:00
|
|
|
)
|
2016-02-22 13:12:24 +00:00
|
|
|
|
2016-03-17 13:06:17 +00:00
|
|
|
from app.celery.tasks import (
|
2016-06-03 15:15:46 +01:00
|
|
|
send_sms,
|
2016-03-17 13:06:17 +00:00
|
|
|
email_reset_password,
|
2016-06-09 16:41:20 +01:00
|
|
|
email_registration_verification,
|
|
|
|
|
send_email)
|
2016-03-17 13:06:17 +00:00
|
|
|
|
2016-02-19 17:33:28 +00:00
|
|
|
from app.errors import register_errors
|
2016-01-08 17:51:46 +00:00
|
|
|
|
2016-01-14 16:13:27 +00:00
|
|
|
user = Blueprint('user', __name__)
|
2016-02-17 17:04:50 +00:00
|
|
|
register_errors(user)
|
|
|
|
|
|
2016-01-14 16:13:27 +00:00
|
|
|
|
2016-01-15 16:44:46 +00:00
|
|
|
@user.route('', methods=['POST'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def create_user():
|
2016-03-11 12:39:55 +00:00
|
|
|
user_to_create, errors = user_schema.load(request.get_json())
|
2016-01-19 11:38:29 +00:00
|
|
|
req_json = request.get_json()
|
2016-01-20 16:25:18 +00:00
|
|
|
# TODO password policy, what is valid password
|
2016-01-28 11:41:21 +00:00
|
|
|
if not req_json.get('password', None):
|
|
|
|
|
errors.update({'password': ['Missing data for required field.']})
|
2016-01-19 12:07:14 +00:00
|
|
|
return jsonify(result="error", message=errors), 400
|
2016-01-11 18:09:10 +00:00
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
2016-03-11 12:39:55 +00:00
|
|
|
save_model_user(user_to_create, pwd=req_json.get('password'))
|
|
|
|
|
return jsonify(data=user_schema.dump(user_to_create).data), 201
|
2016-01-11 15:07:13 +00:00
|
|
|
|
|
|
|
|
|
2016-04-08 13:34:46 +01:00
|
|
|
@user.route('/<uuid:user_id>', methods=['PUT'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def update_user(user_id):
|
2016-02-22 13:27:47 +00:00
|
|
|
user_to_update = get_model_users(user_id=user_id)
|
2016-02-19 15:54:11 +00:00
|
|
|
req_json = request.get_json()
|
|
|
|
|
update_dct, errors = user_schema_load_json.load(req_json)
|
|
|
|
|
pwd = req_json.get('password', None)
|
|
|
|
|
# TODO password validation, it is already done on the admin app
|
|
|
|
|
# but would be good to have the same validation here.
|
|
|
|
|
if pwd is not None and not pwd:
|
|
|
|
|
errors.update({'password': ['Invalid data for field']})
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
|
|
|
|
status_code = 200
|
2016-02-22 13:12:24 +00:00
|
|
|
save_model_user(user_to_update, update_dict=update_dct, pwd=pwd)
|
2016-02-19 11:37:35 +00:00
|
|
|
return jsonify(data=user_schema.dump(user_to_update).data), status_code
|
2016-01-11 15:07:13 +00:00
|
|
|
|
|
|
|
|
|
2016-04-08 13:34:46 +01:00
|
|
|
@user.route('/<uuid:user_id>/verify/password', methods=['POST'])
|
2016-01-20 16:25:18 +00:00
|
|
|
def verify_user_password(user_id):
|
2016-02-19 11:37:35 +00:00
|
|
|
user_to_verify = get_model_users(user_id=user_id)
|
|
|
|
|
|
2016-01-21 17:29:24 +00:00
|
|
|
txt_pwd = None
|
2016-01-20 16:25:18 +00:00
|
|
|
try:
|
2016-01-21 17:29:24 +00:00
|
|
|
txt_pwd = request.get_json()['password']
|
2016-01-20 16:25:18 +00:00
|
|
|
except KeyError:
|
|
|
|
|
return jsonify(
|
|
|
|
|
result="error",
|
|
|
|
|
message={'password': ['Required field missing data']}), 400
|
2016-02-19 11:37:35 +00:00
|
|
|
if user_to_verify.check_password(txt_pwd):
|
2016-03-07 15:01:40 +00:00
|
|
|
user_to_verify.logged_in_at = datetime.utcnow()
|
|
|
|
|
save_model_user(user_to_verify)
|
2016-02-19 11:37:35 +00:00
|
|
|
reset_failed_login_count(user_to_verify)
|
2016-01-28 11:41:21 +00:00
|
|
|
return jsonify({}), 204
|
2016-01-20 16:25:18 +00:00
|
|
|
else:
|
2016-02-19 11:37:35 +00:00
|
|
|
increment_failed_login_count(user_to_verify)
|
2016-01-20 16:25:18 +00:00
|
|
|
return jsonify(result='error', message={'password': ['Incorrect password']}), 400
|
|
|
|
|
|
|
|
|
|
|
2016-04-08 13:34:46 +01:00
|
|
|
@user.route('/<uuid:user_id>/verify/code', methods=['POST'])
|
2016-01-21 17:29:24 +00:00
|
|
|
def verify_user_code(user_id):
|
2016-02-19 11:37:35 +00:00
|
|
|
user_to_verify = get_model_users(user_id=user_id)
|
|
|
|
|
|
2016-01-21 17:29:24 +00:00
|
|
|
txt_code = None
|
|
|
|
|
resp_json = request.get_json()
|
|
|
|
|
txt_type = None
|
|
|
|
|
errors = {}
|
|
|
|
|
try:
|
|
|
|
|
txt_code = resp_json['code']
|
|
|
|
|
except KeyError:
|
|
|
|
|
errors.update({'code': ['Required field missing data']})
|
|
|
|
|
try:
|
|
|
|
|
txt_type = resp_json['code_type']
|
|
|
|
|
except KeyError:
|
|
|
|
|
errors.update({'code_type': ['Required field missing data']})
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
2016-02-19 11:37:35 +00:00
|
|
|
code = get_user_code(user_to_verify, txt_code, txt_type)
|
2016-01-21 17:29:24 +00:00
|
|
|
if not code:
|
|
|
|
|
return jsonify(result="error", message="Code not found"), 404
|
2016-05-11 10:56:24 +01:00
|
|
|
if datetime.utcnow() > code.expiry_datetime or code.code_used:
|
2016-01-21 17:29:24 +00:00
|
|
|
return jsonify(result="error", message="Code has expired"), 400
|
|
|
|
|
use_user_code(code.id)
|
2016-01-28 11:41:21 +00:00
|
|
|
return jsonify({}), 204
|
2016-01-21 17:29:24 +00:00
|
|
|
|
|
|
|
|
|
2016-04-08 13:34:46 +01:00
|
|
|
@user.route('/<uuid:user_id>/sms-code', methods=['POST'])
|
2016-02-19 11:37:35 +00:00
|
|
|
def send_user_sms_code(user_id):
|
|
|
|
|
user_to_send_to = get_model_users(user_id=user_id)
|
|
|
|
|
verify_code, errors = request_verify_code_schema.load(request.get_json())
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
|
|
|
|
|
|
|
|
|
secret_code = create_secret_code()
|
|
|
|
|
create_user_code(user_to_send_to, secret_code, 'sms')
|
|
|
|
|
|
|
|
|
|
mobile = user_to_send_to.mobile_number if verify_code.get('to', None) is None else verify_code.get('to')
|
2016-06-03 15:15:46 +01:00
|
|
|
sms_code_template_id = current_app.config['SMS_CODE_TEMPLATE_ID']
|
|
|
|
|
sms_code_template = dao_get_template_by_id(sms_code_template_id)
|
|
|
|
|
verification_message = encryption.encrypt({
|
|
|
|
|
'template': sms_code_template_id,
|
|
|
|
|
'template_version': sms_code_template.version,
|
|
|
|
|
'to': mobile,
|
|
|
|
|
'personalisation': {
|
|
|
|
|
'verify_code': secret_code
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
})
|
|
|
|
|
send_sms.apply_async([current_app.config['NOTIFY_SERVICE_ID'],
|
|
|
|
|
str(uuid.uuid4()),
|
|
|
|
|
verification_message,
|
|
|
|
|
datetime.utcnow().strftime(DATETIME_FORMAT)
|
|
|
|
|
], queue='sms-code')
|
2016-02-19 11:37:35 +00:00
|
|
|
|
|
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2016-04-08 13:34:46 +01:00
|
|
|
@user.route('/<uuid:user_id>/email-verification', methods=['POST'])
|
2016-03-17 13:06:17 +00:00
|
|
|
def send_user_email_verification(user_id):
|
|
|
|
|
user_to_send_to = get_model_users(user_id=user_id)
|
|
|
|
|
verify_code, errors = request_verify_code_schema.load(request.get_json())
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
|
|
|
|
|
|
|
|
|
secret_code = create_secret_code()
|
|
|
|
|
create_user_code(user_to_send_to, secret_code, 'email')
|
|
|
|
|
|
2016-06-09 16:41:20 +01:00
|
|
|
template = dao_get_template_by_id(current_app.config['EMAIL_VERIFY_CODE_TEMPLATE_ID'])
|
|
|
|
|
message = {
|
2016-06-10 17:19:10 +01:00
|
|
|
'template': str(template.id),
|
2016-06-09 16:41:20 +01:00
|
|
|
'template_version': template.version,
|
|
|
|
|
'to': user_to_send_to.email_address,
|
|
|
|
|
'personalisation': {
|
|
|
|
|
'user_name': user_to_send_to.name,
|
|
|
|
|
'url': _create_verification_url(user_to_send_to, secret_code)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
email_from = '"GOV.UK Notify" <{}>'.format(
|
|
|
|
|
current_app.config['VERIFY_CODE_FROM_EMAIL_ADDRESS']
|
|
|
|
|
)
|
|
|
|
|
send_email.apply_async((
|
|
|
|
|
current_app.config['NOTIFY_SERVICE_ID'],
|
|
|
|
|
str(uuid.uuid4()),
|
|
|
|
|
email_from,
|
|
|
|
|
encryption.encrypt(message),
|
|
|
|
|
datetime.utcnow().strftime(DATETIME_FORMAT)
|
|
|
|
|
), queue='email-registration-verification')
|
2016-03-17 13:06:17 +00:00
|
|
|
|
|
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2016-04-08 13:34:46 +01:00
|
|
|
@user.route('/<uuid:user_id>', methods=['GET'])
|
2016-01-22 09:59:02 +00:00
|
|
|
@user.route('', methods=['GET'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def get_user(user_id=None):
|
2016-02-19 17:07:59 +00:00
|
|
|
users = get_model_users(user_id=user_id)
|
2016-02-26 12:00:16 +00:00
|
|
|
result = user_schema.dump(users, many=True) if isinstance(users, list) else user_schema.dump(users)
|
2016-01-11 15:07:13 +00:00
|
|
|
return jsonify(data=result.data)
|
2016-02-23 11:03:59 +00:00
|
|
|
|
|
|
|
|
|
2016-04-08 13:34:46 +01:00
|
|
|
@user.route('/<uuid:user_id>/service/<uuid:service_id>/permission', methods=['POST'])
|
2016-03-01 14:21:28 +00:00
|
|
|
def set_permissions(user_id, service_id):
|
|
|
|
|
# TODO fix security hole, how do we verify that the user
|
|
|
|
|
# who is making this request has permission to make the request.
|
|
|
|
|
user = get_model_users(user_id=user_id)
|
|
|
|
|
service = dao_fetch_service_by_id(service_id=service_id)
|
|
|
|
|
permissions, errors = permission_schema.load(request.get_json(), many=True)
|
|
|
|
|
if errors:
|
|
|
|
|
abort(400, errors)
|
|
|
|
|
for p in permissions:
|
|
|
|
|
p.user = user
|
|
|
|
|
p.service = service
|
2016-06-07 16:31:10 +01:00
|
|
|
permission_dao.set_user_service_permission(user, service, permissions, _commit=True, replace=True)
|
2016-03-01 14:21:28 +00:00
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2016-02-23 11:03:59 +00:00
|
|
|
@user.route('/email', methods=['GET'])
|
|
|
|
|
def get_by_email():
|
|
|
|
|
email = request.args.get('email')
|
|
|
|
|
if not email:
|
|
|
|
|
return jsonify(result="error", message="invalid request"), 400
|
2016-03-07 15:21:05 +00:00
|
|
|
fetched_user = get_user_by_email(email)
|
|
|
|
|
result = user_schema.dump(fetched_user)
|
2016-02-23 11:03:59 +00:00
|
|
|
|
|
|
|
|
return jsonify(data=result.data)
|
2016-03-07 14:34:53 +00:00
|
|
|
|
|
|
|
|
|
2016-03-07 15:21:05 +00:00
|
|
|
@user.route('/reset-password', methods=['POST'])
|
2016-03-07 18:20:20 +00:00
|
|
|
def send_user_reset_password():
|
2016-03-07 15:21:05 +00:00
|
|
|
email, errors = email_data_request_schema.load(request.get_json())
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
|
|
|
|
|
|
|
|
|
user_to_send_to = get_user_by_email(email['email'])
|
2016-03-07 14:34:53 +00:00
|
|
|
|
|
|
|
|
reset_password_message = {'to': user_to_send_to.email_address,
|
2016-03-08 14:33:06 +00:00
|
|
|
'name': user_to_send_to.name,
|
2016-03-07 14:34:53 +00:00
|
|
|
'reset_password_url': _create_reset_password_url(user_to_send_to.email_address)}
|
|
|
|
|
|
2016-03-07 18:20:20 +00:00
|
|
|
email_reset_password.apply_async([encryption.encrypt(reset_password_message)], queue='email-reset-password')
|
|
|
|
|
|
2016-03-07 14:34:53 +00:00
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _create_reset_password_url(email):
|
2016-04-13 15:31:08 +01:00
|
|
|
from notifications_utils.url_safe_token import generate_token
|
2016-05-11 10:56:24 +01:00
|
|
|
data = json.dumps({'email': email, 'created_at': str(datetime.utcnow())})
|
2016-03-07 18:20:20 +00:00
|
|
|
token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])
|
2016-03-07 14:34:53 +00:00
|
|
|
|
|
|
|
|
return current_app.config['ADMIN_BASE_URL'] + '/new-password/' + token
|
2016-03-17 13:06:17 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def _create_verification_url(user, secret_code):
|
2016-04-13 15:31:08 +01:00
|
|
|
from notifications_utils.url_safe_token import generate_token
|
2016-04-08 13:34:46 +01:00
|
|
|
data = json.dumps({'user_id': str(user.id), 'email': user.email_address, 'secret_code': secret_code})
|
2016-03-17 13:06:17 +00:00
|
|
|
token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])
|
|
|
|
|
|
|
|
|
|
return current_app.config['ADMIN_BASE_URL'] + '/verify-email/' + token
|
