darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-20 15:31:15 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
b679550d977d907d0ad67f628f46007bb53b70df
notifications-api/app/service_invite/rest.py

121 lines
4.7 KiB
Python
Raw Normal View History

Run auto-correct on app/ and tests/
2021-03-10 13:55:06 +00:00
from flask import Blueprint, current_app, jsonify, request
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
from itsdangerous import BadData, SignatureExpired
from notifications_utils.url_safe_token import check_token, generate_token
[WIP] added endpoint and dao to create invites for users. Droped token as later code to send email invite can generate timebased url to send to user. That can then be checked against configurable time threshold for expiry. Therefore no need to store a token.
2016-02-24 14:01:19 +00:00
Revert celery4 Revert the following three pull requests: https://github.com/alphagov/notifications-api/pull/1085 https://github.com/alphagov/notifications-api/pull/1086 https://github.com/alphagov/notifications-api/pull/1088 celery 4.0.2 looked promising, however, on staging under mild load (5/sec api calls) the performance was actually worse than 3.1.25
2017-07-19 13:50:29 +01:00
from app.config import QueueNames
[WIP] added dao and rest endpoint for retrieving invited users by service and by id.
2016-02-25 11:22:36 +00:00
from app.dao.invited_user_dao import (
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
get_invited_user_by_id,
remove duplicate dao invite fns and improve naming
2021-03-12 12:50:07 +00:00
get_invited_user_by_service_and_id,
Run auto-correct on app/ and tests/
2021-03-10 13:55:06 +00:00
get_invited_users_for_service,
save_invited_user,
[WIP] added dao and rest endpoint for retrieving invited users by service and by id.
2016-02-25 11:22:36 +00:00
)
Use the send email task to send the password reset and invitation email. Next PR can remove those tasks.
2016-06-16 17:34:33 +01:00
from app.dao.templates_dao import dao_get_template_by_id
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
from app.errors import InvalidRequest, register_errors
remove broadcast-related code, except migrations
2022-10-04 15:28:27 +00:00
from app.models import EMAIL_TYPE, KEY_TYPE_NORMAL, Service
Run auto-correct on app/ and tests/
2021-03-10 13:55:06 +00:00
from app.notifications.process_notifications import (
persist_notification,
send_notification_to_queue,
)
Working permissions and all tests passing. Remove print statements. Fix for review comments.
2016-02-26 12:00:16 +00:00
from app.schemas import invited_user_schema
[WIP] added endpoint and dao to create invites for users. Droped token as later code to send email invite can generate timebased url to send to user. That can then be checked against configurable time threshold for expiry. Therefore no need to store a token.
2016-02-24 14:01:19 +00:00
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
service_invite = Blueprint('service_invite', __name__)
[WIP] added endpoint and dao to create invites for users. Droped token as later code to send email invite can generate timebased url to send to user. That can then be checked against configurable time threshold for expiry. Therefore no need to store a token.
2016-02-24 14:01:19 +00:00
rename invite blueprints nb: the routes are not changing as part of this, only file paths and blueprint names. invite -> service_invite this blueprint handles fetching invites for a service, creating invites, etc. accept_invite -> global_invite this blueprint handles accepting invites for now, but will also involve retrieving service/org user invite data without knowing the service/org id associated. i'm not in love with this name and open to suggestions, but i wanted to contrast it from service_invite and organisation/invite_rest.py.
2021-03-05 20:13:56 +00:00
register_errors(service_invite)
[WIP] added endpoint and dao to create invites for users. Droped token as later code to send email invite can generate timebased url to send to user. That can then be checked against configurable time threshold for expiry. Therefore no need to store a token.
2016-02-24 14:01:19 +00:00
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
@service_invite.route('/service/<service_id>/invite', methods=['POST'])
[WIP] added dao and rest endpoint for retrieving invited users by service and by id.
2016-02-25 11:22:36 +00:00
def create_invited_user(service_id):
Allow admin to domain to use for invite links When we’re doing user research we often: - start the task by inviting the participant to a service on Notify - have them use a prototype version of the admin app, hosted on a different domain Currently we can’t do both of these things together, because the invite emails always send people to `notifications.service.gov.uk` (because it’s the API that sends the emails, and the prototype admin app points at the production API). This commit changes the API to optionally allow an instance of the admin app to specify which domain should be used when generating invite links.
2017-12-20 14:38:49 +00:00
request_json = request.get_json()
Replace how `.load` is called https://marshmallow.readthedocs.io/en/stable/upgrading.html#schemas-are-always-strict `.load` doesn't return a `(data, errors)` tuple any more - only data is returned. A `ValidationError` is raised if validation fails. The code now relies on the `marshmallow_validation_error` error handler to handle errors instead of having to raise an `InvalidRequest`. This has no effect on the response that is returned (a test has been modified to check). Also added a new `password` field to the `UserSchema` so that we don't have to specially check for password errors in the `.create_user` endpoint - we can let marshmallow handle them.
2022-05-06 15:25:14 +01:00
invited_user = invited_user_schema.load(request_json)
[WIP] added endpoint and dao to create invites for users. Droped token as later code to send email invite can generate timebased url to send to user. That can then be checked against configurable time threshold for expiry. Therefore no need to store a token.
2016-02-24 14:01:19 +00:00
save_invited_user(invited_user)
Use the send email task to send the password reset and invitation email. Next PR can remove those tasks.
2016-06-16 17:34:33 +01:00
remove broadcast-related code, except migrations
2022-10-04 15:28:27 +00:00
template_id = current_app.config['INVITATION_EMAIL_TEMPLATE_ID']
Send broadcast invite email for broadcast service invites This means the copy is more accurate and mentions sending emergency alerts rather than previous copy about sending emails texts and letters.
2020-09-15 16:45:24 +01:00
template = dao_get_template_by_id(template_id)
Two new methods needed to pass the service not the service ID into the create notifications methods.
2017-01-10 13:41:16 +00:00
service = Service.query.get(current_app.config['NOTIFY_SERVICE_ID'])
Refactor create_invited_user to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 6th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 15:59:31 +00:00
saved_notification = persist_notification(
template_id=template.id,
template_version=template.version,
recipient=invited_user.email_address,
Two new methods needed to pass the service not the service ID into the create notifications methods.
2017-01-10 13:41:16 +00:00
service=service,
Refactor create_invited_user to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 6th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 15:59:31 +00:00
personalisation={
Use the send email task to send the password reset and invitation email. Next PR can remove those tasks.
2016-06-16 17:34:33 +01:00
'user_name': invited_user.from_user.name,
'service_name': invited_user.service.name,
Allow admin to domain to use for invite links When we’re doing user research we often: - start the task by inviting the participant to a service on Notify - have them use a prototype version of the admin app, hosted on a different domain Currently we can’t do both of these things together, because the invite emails always send people to `notifications.service.gov.uk` (because it’s the API that sends the emails, and the prototype admin app points at the production API). This commit changes the API to optionally allow an instance of the admin app to specify which domain should be used when generating invite links.
2017-12-20 14:38:49 +00:00
'url': invited_user_url(
invited_user.id,
request_json.get('invite_link_host'),
),
Refactor create_invited_user to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 6th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 15:59:31 +00:00
},
notification_type=EMAIL_TYPE,
api_key_id=None,
Update invite user endpoint to set the reply_to_text on the notification. Update v1 post notifications to set the reply_to_text on the notification.
2017-11-27 12:30:50 +00:00
key_type=KEY_TYPE_NORMAL,
Change reply to address for invitation emails to be invitation sender If someone receives an invitation email for Notify the reply-to address of the email was the GOV.UK Notify email address. This has been changed to be the email address of the user who sent the invite. Pivotal story: https://www.pivotaltracker.com/story/show/153094646
2017-12-18 11:39:21 +00:00
reply_to_text=invited_user.from_user.email_address
Refactor create_invited_user to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 6th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 15:59:31 +00:00
)
This massive set of changes uses the new queue names object throughout the app and tests. Lots of changes, all changing the line of code that puts things into queues, and the code that tests that.
2017-05-25 10:51:49 +01:00
send_notification_to_queue(saved_notification, False, queue=QueueNames.NOTIFY)
Use the send email task to send the password reset and invitation email. Next PR can remove those tasks.
2016-06-16 17:34:33 +01:00
Replace how `.dump` is called As with `.load`, only data is now returned instead of a tuple.
2022-05-06 15:52:44 +01:00
return jsonify(data=invited_user_schema.dump(invited_user)), 201
[WIP] added dao and rest endpoint for retrieving invited users by service and by id.
2016-02-25 11:22:36 +00:00
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
@service_invite.route('/service/<service_id>/invite', methods=['GET'])
[WIP] added dao and rest endpoint for retrieving invited users by service and by id.
2016-02-25 11:22:36 +00:00
def get_invited_users_by_service(service_id):
invited_users = get_invited_users_for_service(service_id)
Replace how `.dump` is called As with `.load`, only data is now returned instead of a tuple.
2022-05-06 15:52:44 +01:00
return jsonify(data=invited_user_schema.dump(invited_users, many=True)), 200
[WIP] added dao and rest endpoint for retrieving invited users by service and by id.
2016-02-25 11:22:36 +00:00
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
@service_invite.route('/service/<service_id>/invite/<invited_user_id>', methods=['GET'])
Add endpoints to get invited users We want to display flash messages in admin when invites have been cancelled. This message needs to display the user's email address, so this commit adds endpoints to GET a single invited service user and org user so that we can look up the email address of a cancelled user.
2020-08-17 11:59:55 +01:00
def get_invited_user_by_service(service_id, invited_user_id):
remove duplicate dao invite fns and improve naming
2021-03-12 12:50:07 +00:00
invited_user = get_invited_user_by_service_and_id(service_id, invited_user_id)
Replace how `.dump` is called As with `.load`, only data is now returned instead of a tuple.
2022-05-06 15:52:44 +01:00
return jsonify(data=invited_user_schema.dump(invited_user)), 200
Add endpoints to get invited users We want to display flash messages in admin when invites have been cancelled. This message needs to display the user's email address, so this commit adds endpoints to GET a single invited service user and org user so that we can look up the email address of a cancelled user.
2020-08-17 11:59:55 +01:00
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
@service_invite.route('/service/<service_id>/invite/<invited_user_id>', methods=['POST'])
New endpoint to update invited user. Can be used to update status on invited user.
2016-03-01 13:33:20 +00:00
def update_invited_user(service_id, invited_user_id):
remove duplicate dao invite fns and improve naming
2021-03-12 12:50:07 +00:00
fetched = get_invited_user_by_service_and_id(service_id=service_id, invited_user_id=invited_user_id)
New endpoint to update invited user. Can be used to update status on invited user.
2016-03-01 13:33:20 +00:00
Replace how `.dump` is called As with `.load`, only data is now returned instead of a tuple.
2022-05-06 15:52:44 +01:00
current_data = dict(invited_user_schema.dump(fetched).items())
New endpoint to update invited user. Can be used to update status on invited user.
2016-03-01 13:33:20 +00:00
current_data.update(request.get_json())
Replace how `.load` is called https://marshmallow.readthedocs.io/en/stable/upgrading.html#schemas-are-always-strict `.load` doesn't return a `(data, errors)` tuple any more - only data is returned. A `ValidationError` is raised if validation fails. The code now relies on the `marshmallow_validation_error` error handler to handle errors instead of having to raise an `InvalidRequest`. This has no effect on the response that is returned (a test has been modified to check). Also added a new `password` field to the `UserSchema` so that we don't have to specially check for password errors in the `.create_user` endpoint - we can let marshmallow handle them.
2022-05-06 15:25:14 +01:00
update_dict = invited_user_schema.load(current_data)
New endpoint to update invited user. Can be used to update status on invited user.
2016-03-01 13:33:20 +00:00
save_invited_user(update_dict)
Replace how `.dump` is called As with `.load`, only data is now returned instead of a tuple.
2022-05-06 15:52:44 +01:00
return jsonify(data=invited_user_schema.dump(fetched)), 200
New endpoint to update invited user. Can be used to update status on invited user.
2016-03-01 13:33:20 +00:00
Allow admin to domain to use for invite links When we’re doing user research we often: - start the task by inviting the participant to a service on Notify - have them use a prototype version of the admin app, hosted on a different domain Currently we can’t do both of these things together, because the invite emails always send people to `notifications.service.gov.uk` (because it’s the API that sends the emails, and the prototype admin app points at the production API). This commit changes the API to optionally allow an instance of the admin app to specify which domain should be used when generating invite links.
2017-12-20 14:38:49 +00:00
def invited_user_url(invited_user_id, invite_link_host=None):
Use the send email task to send the password reset and invitation email. Next PR can remove those tasks.
2016-06-16 17:34:33 +01:00
token = generate_token(str(invited_user_id), current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])
Allow admin to domain to use for invite links When we’re doing user research we often: - start the task by inviting the participant to a service on Notify - have them use a prototype version of the admin app, hosted on a different domain Currently we can’t do both of these things together, because the invite emails always send people to `notifications.service.gov.uk` (because it’s the API that sends the emails, and the prototype admin app points at the production API). This commit changes the API to optionally allow an instance of the admin app to specify which domain should be used when generating invite links.
2017-12-20 14:38:49 +00:00
if invite_link_host is None:
invite_link_host = current_app.config['ADMIN_BASE_URL']
return '{0}/invitation/{1}'.format(invite_link_host, token)
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
@service_invite.route('/invite/service/<uuid:invited_user_id>', methods=['GET'])
def get_invited_user(invited_user_id):
invited_user = get_invited_user_by_id(invited_user_id)
Replace how `.dump` is called As with `.load`, only data is now returned instead of a tuple.
2022-05-06 15:52:44 +01:00
return jsonify(data=invited_user_schema.dump(invited_user)), 200
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
@service_invite.route('/invite/service/<token>', methods=['GET'])
add new `invite/<token_type>/check/<token>` endpoint having `/invite/service/<token>` and `/invite/service/<id>` as two separate routes (the first to validate an invite token, the second to retrieve invite metadata) technically works. Routes are matched from first to last until a match is found. The metadata endpoint only accepts UUIDs, so requests with a UUID will be picked up by the correct endpoint, while requests that don't look like a UUID will carry on searching for an endpoint, and will find the token validation endpoint. So while this works correctly for our normal expected input, it only does so _because the UUID endpoint is first in the file_. This isn't great, and it makes it harder to reason about the URLs when looking at them. To solve this, create the new `invite/service/check/<token>` endpoint. For backwards compatibility, assign this in parallel with the existing route - once the admin uses the new route we can remove the old route and make better guarantees about what endpoint is being hit.
2021-03-11 20:47:24 +00:00
@service_invite.route('/invite/service/check/<token>', methods=['GET'])
remove the global_invite (accept_invite) endpoint move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2021-03-11 20:26:44 +00:00
def validate_service_invitation_token(token):
max_age_seconds = 60 * 60 * 24 * current_app.config['INVITATION_EXPIRATION_DAYS']
try:
invited_user_id = check_token(token,
current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
max_age_seconds)
except SignatureExpired:
errors = {'invitation':
'Your invitation to GOV.UK Notify has expired. '
'Please ask the person that invited you to send you another one'}
raise InvalidRequest(errors, status_code=400)
except BadData:
errors = {'invitation': 'Somethings wrong with this link. Make sure youve copied the whole thing.'}
raise InvalidRequest(errors, status_code=400)
invited_user = get_invited_user_by_id(invited_user_id)
Replace how `.dump` is called As with `.load`, only data is now returned instead of a tuple.
2022-05-06 15:52:44 +01:00
return jsonify(data=invited_user_schema.dump(invited_user)), 200
Reference in New Issue Copy Permalink