app/service_invite/rest.py

import base64
import json
import os
from datetime import datetime

from flask import Blueprint, current_app, jsonify, request
from itsdangerous import BadData, SignatureExpired

from app import redis_store
from app.config import QueueNames
from app.dao.invited_user_dao import (
    get_expired_invite_by_service_and_id,
    get_expired_invited_users_for_service,
    get_invited_user_by_id,
    get_invited_user_by_service_and_id,
    get_invited_users_for_service,
    save_invited_user,
)
from app.dao.templates_dao import dao_get_template_by_id
from app.enums import InvitedUserStatus, KeyType, NotificationType
from app.errors import InvalidRequest, register_errors
from app.models import Service
from app.notifications.process_notifications import (
    persist_notification,
    send_notification_to_queue,
)
from app.schemas import invited_user_schema
from app.utils import hilite
from notifications_utils.url_safe_token import check_token, generate_token

service_invite = Blueprint("service_invite", __name__)

register_errors(service_invite)


def _create_service_invite(invited_user, invite_link_host):
    # TODO REMOVE DEBUG
    print(hilite("ENTER _create_service_invite"))
    # END DEBUG

    template_id = current_app.config["INVITATION_EMAIL_TEMPLATE_ID"]

    template = dao_get_template_by_id(template_id)

    service = Service.query.get(current_app.config["NOTIFY_SERVICE_ID"])

    token = generate_token(
        str(invited_user.email_address),
        current_app.config["SECRET_KEY"],
        current_app.config["DANGEROUS_SALT"],
    )

    # The raw permissions are in the form "a,b,c,d"
    # but need to be in the form ["a", "b", "c", "d"]
    data = {}
    permissions = invited_user.permissions
    permissions = permissions.split(",")
    data["from_user_id"] = str(invited_user.from_user.id)
    data["service_id"] = str(invited_user.service.id)
    data["permissions"] = permissions
    data["folder_permissions"] = invited_user.folder_permissions
    data["invited_user_id"] = str(invited_user.id)
    data["invited_user_email"] = invited_user.email_address

    url = os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"]
    url = url.replace("NONCE", token)

    user_data_url_safe = get_user_data_url_safe(data)

    url = url.replace("STATE", user_data_url_safe)

    personalisation = {
        "user_name": invited_user.from_user.name,
        "service_name": invited_user.service.name,
        "url": url,
    }

    saved_notification = persist_notification(
        template_id=template.id,
        template_version=template.version,
        recipient=invited_user.email_address,
        service=service,
        personalisation={},
        notification_type=NotificationType.EMAIL,
        api_key_id=None,
        key_type=KeyType.NORMAL,
        reply_to_text=invited_user.from_user.email_address,
    )
    saved_notification.personalisation = personalisation
    redis_store.set(
        f"email-personalisation-{saved_notification.id}",
        json.dumps(personalisation),
        ex=1800,
    )
    send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY)


@service_invite.route("/service/<service_id>/invite", methods=["POST"])
def create_invited_user(service_id):
    request_json = request.get_json()
    invited_user = invited_user_schema.load(request_json)
    save_invited_user(invited_user)

    _create_service_invite(invited_user, request_json.get("invite_link_host"))

    return jsonify(data=invited_user_schema.dump(invited_user)), 201


@service_invite.route("/service/<service_id>/invite/expired", methods=["GET"])
def get_expired_invited_users_by_service(service_id):
    expired_invited_users = get_expired_invited_users_for_service(service_id)
    return jsonify(data=invited_user_schema.dump(expired_invited_users, many=True)), 200


@service_invite.route("/service/<service_id>/invite", methods=["GET"])
def get_invited_users_by_service(service_id):
    invited_users = get_invited_users_for_service(service_id)
    return jsonify(data=invited_user_schema.dump(invited_users, many=True)), 200


@service_invite.route("/service/<service_id>/invite/<invited_user_id>", methods=["GET"])
def get_invited_user_by_service(service_id, invited_user_id):
    invited_user = get_invited_user_by_service_and_id(service_id, invited_user_id)
    return jsonify(data=invited_user_schema.dump(invited_user)), 200


@service_invite.route(
    "/service/<service_id>/invite/<invited_user_id>", methods=["POST"]
)
def update_invited_user(service_id, invited_user_id):
    fetched = get_invited_user_by_service_and_id(
        service_id=service_id, invited_user_id=invited_user_id
    )

    current_data = dict(invited_user_schema.dump(fetched).items())
    current_data.update(request.get_json())
    update_dict = invited_user_schema.load(current_data)
    save_invited_user(update_dict)
    return jsonify(data=invited_user_schema.dump(fetched)), 200


@service_invite.route(
    "/service/<service_id>/invite/<invited_user_id>/resend", methods=["POST"]
)
def resend_service_invite(service_id, invited_user_id):
    """Resend an expired invite.

    This resets the invited user's created date and status to make it a new invite, and
    sends the new invite out to the user.

    Note:
        This ignores the POST data entirely.
    """
    fetched = get_expired_invite_by_service_and_id(
        service_id=service_id,
        invited_user_id=invited_user_id,
    )

    fetched.created_at = datetime.utcnow()
    fetched.status = InvitedUserStatus.PENDING

    current_data = {k: v for k, v in invited_user_schema.dump(fetched).items()}
    update_dict = invited_user_schema.load(current_data)

    save_invited_user(update_dict)

    _create_service_invite(fetched, current_app.config["ADMIN_BASE_URL"])

    return jsonify(data=invited_user_schema.dump(fetched)), 200


def invited_user_url(invited_user_id, invite_link_host=None):
    token = generate_token(
        str(invited_user_id),
        current_app.config["SECRET_KEY"],
        current_app.config["DANGEROUS_SALT"],
    )

    if invite_link_host is None:
        invite_link_host = current_app.config["ADMIN_BASE_URL"]

    return "{0}/invitation/{1}".format(invite_link_host, token)


@service_invite.route("/invite/service/<uuid:invited_user_id>", methods=["GET"])
def get_invited_user(invited_user_id):
    invited_user = get_invited_user_by_id(invited_user_id)
    return jsonify(data=invited_user_schema.dump(invited_user)), 200


@service_invite.route("/invite/service/<token>", methods=["GET"])
@service_invite.route("/invite/service/check/<token>", methods=["GET"])
def validate_service_invitation_token(token):
    max_age_seconds = 60 * 60 * 24 * current_app.config["INVITATION_EXPIRATION_DAYS"]

    try:
        invited_user_id = check_token(
            token,
            current_app.config["SECRET_KEY"],
            current_app.config["DANGEROUS_SALT"],
            max_age_seconds,
        )
    except SignatureExpired:
        errors = {
            "invitation": "Your invitation to Notify.gov has expired. "
            "Please ask the person that invited you to send you another one"
        }
        raise InvalidRequest(errors, status_code=400)
    except BadData:
        errors = {
            "invitation": "Something’s wrong with this link. Make sure you’ve copied the whole thing."
        }
        raise InvalidRequest(errors, status_code=400)

    invited_user = get_invited_user_by_id(invited_user_id)
    return jsonify(data=invited_user_schema.dump(invited_user)), 200


def get_user_data_url_safe(data):
    data = json.dumps(data)
    data = base64.b64encode(data.encode("utf8"))
    return data.decode("utf8")
-												cleanup

											
										
										
											2024-04-24 14:06:43 -07:00
+								import base64
-												fix tests

											
										
										
											2024-01-24 07:55:14 -08:00
+								import json
-												fix tests

											
										
										
											2024-03-19 13:23:22 -07:00
+								import os
-												black, isort, flake8

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-08 21:43:52 -05:00
+								from datetime import datetime
-												Made new /resend route in api.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-04 16:59:05 -05:00
-												Run auto-correct on app/ and tests/

											
										
										
											2021-03-10 13:55:06 +00:00
+								from flask import Blueprint, current_app, jsonify, request
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								from itsdangerous import BadData, SignatureExpired
-												[WIP] added endpoint and dao to create invites for users.

Droped token as later code to send email invite can generate
timebased url to send to user. That can then be checked
against configurable time threshold for expiry. Therefore
no need to store a token.

											
										
										
											2016-02-24 14:01:19 +00:00
-												fix tests

											
										
										
											2024-01-24 07:55:14 -08:00
+								from app import redis_store
-												Revert celery4

Revert the following three pull requests:
https://github.com/alphagov/notifications-api/pull/1085
https://github.com/alphagov/notifications-api/pull/1086
https://github.com/alphagov/notifications-api/pull/1088

celery 4.0.2 looked promising, however, on staging under mild load
(5/sec api calls) the performance was actually worse than 3.1.25

											
										
										
											2017-07-19 13:50:29 +01:00
+								from app.config import QueueNames
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
+								from app.dao.invited_user_dao import (
-												Fixing stuff.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-20 09:51:43 -05:00
+								    get_expired_invite_by_service_and_id,
-												Working on getting tests working.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-11-10 16:14:03 -05:00
+								    get_expired_invited_users_for_service,
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    get_invited_user_by_id,
-												remove duplicate dao invite fns and improve naming

											
										
										
											2021-03-12 12:50:07 +00:00
+								    get_invited_user_by_service_and_id,
-												Run auto-correct on app/ and tests/

											
										
										
											2021-03-10 13:55:06 +00:00
+								    get_invited_users_for_service,
 								    save_invited_user,
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
+								)
-												Use the send email task to send the password reset and invitation email.

Next PR can remove those tasks.

											
										
										
											2016-06-16 17:34:33 +01:00
+								from app.dao.templates_dao import dao_get_template_by_id
-												Cleaning up with black, isort, flake8.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2024-01-16 07:37:21 -05:00
+								from app.enums import InvitedUserStatus, KeyType, NotificationType
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								from app.errors import InvalidRequest, register_errors
-												KeyType implemented.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2024-01-18 10:28:50 -05:00
+								from app.models import Service
-												Run auto-correct on app/ and tests/

											
										
										
											2021-03-10 13:55:06 +00:00
+								from app.notifications.process_notifications import (
 								    persist_notification,
 								    send_notification_to_queue,
 								)
-												Working permissions and all tests passing.

Remove print statements.

Fix for review comments.

											
										
										
											2016-02-26 12:00:16 +00:00
+								from app.schemas import invited_user_schema
-												fix flake8

											
										
										
											2024-04-19 09:27:58 -07:00
+								from app.utils import hilite
-												Localize notification_utils to the API

This changeset pulls in all of the notification_utils code directly into the API and removes it as an external dependency.  We are doing this to cut down on operational maintenance of the project and will begin removing parts of it no longer needed for the API.

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>

											
										
										
											2024-05-16 10:17:45 -04:00
+								from notifications_utils.url_safe_token import check_token, generate_token
-												[WIP] added endpoint and dao to create invites for users.

Droped token as later code to send email invite can generate
timebased url to send to user. That can then be checked
against configurable time threshold for expiry. Therefore
no need to store a token.

											
										
										
											2016-02-24 14:01:19 +00:00
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								service_invite = Blueprint("service_invite", __name__)
-												[WIP] added endpoint and dao to create invites for users.

Droped token as later code to send email invite can generate
timebased url to send to user. That can then be checked
against configurable time threshold for expiry. Therefore
no need to store a token.

											
										
										
											2016-02-24 14:01:19 +00:00
-												rename invite blueprints

nb: the routes are not changing as part of this, only file paths and
blueprint names.

invite -> service_invite

this blueprint handles fetching invites for a service, creating invites,
etc.

accept_invite -> global_invite

this blueprint handles accepting invites for now, but will also involve
retrieving service/org user invite data without knowing the service/org
id associated. i'm not in love with this name and open to suggestions,
but i wanted to contrast it from service_invite and
organisation/invite_rest.py.

											
										
										
											2021-03-05 20:13:56 +00:00
+								register_errors(service_invite)
-												[WIP] added endpoint and dao to create invites for users.

Droped token as later code to send email invite can generate
timebased url to send to user. That can then be checked
against configurable time threshold for expiry. Therefore
no need to store a token.

											
										
										
											2016-02-24 14:01:19 +00:00
-												black, isort, flake8

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-08 21:43:52 -05:00
-												Made new /resend route in api.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-04 16:59:05 -05:00
+								def _create_service_invite(invited_user, invite_link_host):
-												more debug

											
										
										
											2024-04-19 09:14:36 -07:00
+								    # TODO REMOVE DEBUG
 								    print(hilite("ENTER _create_service_invite"))
 								    # END DEBUG
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								    template_id = current_app.config["INVITATION_EMAIL_TEMPLATE_ID"]
-												Send broadcast invite email for broadcast service invites

This means the copy is more accurate and mentions sending emergency
alerts rather than previous copy about sending emails texts and letters.

											
										
										
											2020-09-15 16:45:24 +01:00
 								    template = dao_get_template_by_id(template_id)
-												Did stuff, fixed things. This seems to work now.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-15 13:14:53 -05:00
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								    service = Service.query.get(current_app.config["NOTIFY_SERVICE_ID"])
-												make state non-arbitrary

											
										
										
											2024-04-02 13:18:21 -07:00
 								    token = generate_token(
 								        str(invited_user.email_address),
 								        current_app.config["SECRET_KEY"],
 								        current_app.config["DANGEROUS_SALT"],
 								    )
-												cleanup

											
										
										
											2024-04-24 14:06:43 -07:00
 								    # The raw permissions are in the form "a,b,c,d"
 								    # but need to be in the form ["a", "b", "c", "d"]
 								    data = {}
 								    permissions = invited_user.permissions
 								    permissions = permissions.split(",")
-												Minor changes accounting for black and isort formatting

Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>

											
										
										
											2024-05-06 15:35:04 -04:00
+								    data["from_user_id"] = str(invited_user.from_user.id)
-												cleanup

											
										
										
											2024-04-24 14:06:43 -07:00
+								    data["service_id"] = str(invited_user.service.id)
-												code review feedback

											
										
										
											2024-04-25 13:21:26 -07:00
+								    data["permissions"] = permissions
-												cleanup

											
										
										
											2024-04-24 14:06:43 -07:00
+								    data["folder_permissions"] = invited_user.folder_permissions
 								    data["invited_user_id"] = str(invited_user.id)
 								    data["invited_user_email"] = invited_user.email_address
-												make state non-arbitrary

											
										
										
											2024-04-02 13:18:21 -07:00
+								    url = os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"]
 								    url = url.replace("NONCE", token)
-												cleanup

											
										
										
											2024-04-24 14:06:43 -07:00
 								    user_data_url_safe = get_user_data_url_safe(data)
 								    url = url.replace("STATE", user_data_url_safe)
-												make state non-arbitrary

											
										
										
											2024-04-02 13:18:21 -07:00
-												fix tests

											
										
										
											2024-01-22 10:55:09 -08:00
+								    personalisation = {
 								        "user_name": invited_user.from_user.name,
 								        "service_name": invited_user.service.name,
-												make state non-arbitrary

											
										
										
											2024-04-02 13:18:21 -07:00
+								        "url": url,
-												fix tests

											
										
										
											2024-01-22 10:55:09 -08:00
+								    }
-												fix tests

											
										
										
											2024-01-24 07:55:14 -08:00
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    saved_notification = persist_notification(
 								        template_id=template.id,
 								        template_version=template.version,
 								        recipient=invited_user.email_address,
-												Two new methods needed to pass the service not the service ID into the create notifications methods.

											
										
										
											2017-01-10 13:41:16 +00:00
+								        service=service,
-												fix invitations

											
										
										
											2024-03-22 11:18:47 -07:00
+								        personalisation={},
-												Cleaning up a lot of things, getting Enums used everywhere.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2024-02-28 12:40:52 -05:00
+								        notification_type=NotificationType.EMAIL,
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								        api_key_id=None,
-												KeyType implemented.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2024-01-18 10:28:50 -05:00
+								        key_type=KeyType.NORMAL,
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								        reply_to_text=invited_user.from_user.email_address,
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    )
-												fix tests

											
										
										
											2024-01-22 10:55:09 -08:00
+								    saved_notification.personalisation = personalisation
-												fix tests

											
										
										
											2024-01-24 07:55:14 -08:00
+								    redis_store.set(
 								        f"email-personalisation-{saved_notification.id}",
 								        json.dumps(personalisation),
 								        ex=1800,
 								    )
-												notify-api-433b remove research mode

											
										
										
											2023-08-25 12:09:00 -07:00
+								    send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY)
-												Use the send email task to send the password reset and invitation email.

Next PR can remove those tasks.

											
										
										
											2016-06-16 17:34:33 +01:00
-												Made new /resend route in api.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-04 16:59:05 -05:00
 								@service_invite.route("/service/<service_id>/invite", methods=["POST"])
 								def create_invited_user(service_id):
 								    request_json = request.get_json()
 								    invited_user = invited_user_schema.load(request_json)
 								    save_invited_user(invited_user)
 								    _create_service_invite(invited_user, request_json.get("invite_link_host"))
-												Replace how `.dump` is called

As with `.load`, only data is now returned instead of a tuple.

											
										
										
											2022-05-06 15:52:44 +01:00
+								    return jsonify(data=invited_user_schema.dump(invited_user)), 201
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												Working on getting tests working.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-11-10 16:14:03 -05:00
+								@service_invite.route("/service/<service_id>/invite/expired", methods=["GET"])
 								def get_expired_invited_users_by_service(service_id):
 								    expired_invited_users = get_expired_invited_users_for_service(service_id)
 								    return jsonify(data=invited_user_schema.dump(expired_invited_users, many=True)), 200
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								@service_invite.route("/service/<service_id>/invite", methods=["GET"])
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
+								def get_invited_users_by_service(service_id):
 								    invited_users = get_invited_users_for_service(service_id)
-												Replace how `.dump` is called

As with `.load`, only data is now returned instead of a tuple.

											
										
										
											2022-05-06 15:52:44 +01:00
+								    return jsonify(data=invited_user_schema.dump(invited_users, many=True)), 200
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								@service_invite.route("/service/<service_id>/invite/<invited_user_id>", methods=["GET"])
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
+								def get_invited_user_by_service(service_id, invited_user_id):
-												remove duplicate dao invite fns and improve naming

											
										
										
											2021-03-12 12:50:07 +00:00
+								    invited_user = get_invited_user_by_service_and_id(service_id, invited_user_id)
-												Replace how `.dump` is called

As with `.load`, only data is now returned instead of a tuple.

											
										
										
											2022-05-06 15:52:44 +01:00
+								    return jsonify(data=invited_user_schema.dump(invited_user)), 200
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								@service_invite.route(
 								    "/service/<service_id>/invite/<invited_user_id>", methods=["POST"]
 								)
-												New endpoint to update invited user.
Can be used to update status on invited user.

											
										
										
											2016-03-01 13:33:20 +00:00
+								def update_invited_user(service_id, invited_user_id):
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								    fetched = get_invited_user_by_service_and_id(
 								        service_id=service_id, invited_user_id=invited_user_id
 								    )
-												New endpoint to update invited user.
Can be used to update status on invited user.

											
										
										
											2016-03-01 13:33:20 +00:00
-												Replace how `.dump` is called

As with `.load`, only data is now returned instead of a tuple.

											
										
										
											2022-05-06 15:52:44 +01:00
+								    current_data = dict(invited_user_schema.dump(fetched).items())
-												New endpoint to update invited user.
Can be used to update status on invited user.

											
										
										
											2016-03-01 13:33:20 +00:00
+								    current_data.update(request.get_json())
-												Replace how `.load` is called

https://marshmallow.readthedocs.io/en/stable/upgrading.html#schemas-are-always-strict

`.load` doesn't return a `(data, errors)` tuple any more - only data is
returned. A `ValidationError` is raised if validation fails. The code
now relies on the `marshmallow_validation_error` error handler to handle
errors instead of having to raise an `InvalidRequest`. This has no
effect on the response that is returned (a test has been modified to
check).

Also added a new `password` field to the `UserSchema` so that we don't
have to specially check for password errors in the `.create_user` endpoint
- we can let marshmallow handle them.

											
										
										
											2022-05-06 15:25:14 +01:00
+								    update_dict = invited_user_schema.load(current_data)
-												New endpoint to update invited user.
Can be used to update status on invited user.

											
										
										
											2016-03-01 13:33:20 +00:00
+								    save_invited_user(update_dict)
-												Replace how `.dump` is called

As with `.load`, only data is now returned instead of a tuple.

											
										
										
											2022-05-06 15:52:44 +01:00
+								    return jsonify(data=invited_user_schema.dump(fetched)), 200
-												New endpoint to update invited user.
Can be used to update status on invited user.

											
										
										
											2016-03-01 13:33:20 +00:00
-												Made new /resend route in api.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-04 16:59:05 -05:00
+								@service_invite.route(
 								    "/service/<service_id>/invite/<invited_user_id>/resend", methods=["POST"]
 								)
 								def resend_service_invite(service_id, invited_user_id):
 								    """Resend an expired invite.
 								    This resets the invited user's created date and status to make it a new invite, and
 								    sends the new invite out to the user.
 								    Note:
 								        This ignores the POST data entirely.
 								    """
-												Fixing stuff.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-20 09:51:43 -05:00
+								    fetched = get_expired_invite_by_service_and_id(
-												Filtering the rest endpoint for resending invites by status = pending
now.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-20 08:15:19 -05:00
+								        service_id=service_id,
 								        invited_user_id=invited_user_id,
-												Made new /resend route in api.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-04 16:59:05 -05:00
+								    )
 								    fetched.created_at = datetime.utcnow()
-												KeyType implemented.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2024-01-18 10:28:50 -05:00
+								    fetched.status = InvitedUserStatus.PENDING
-												Made new /resend route in api.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-04 16:59:05 -05:00
 								    current_data = {k: v for k, v in invited_user_schema.dump(fetched).items()}
 								    update_dict = invited_user_schema.load(current_data)
-												Did stuff, fixed things. This seems to work now.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-15 13:14:53 -05:00
-												Made new /resend route in api.

Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>

											
										
										
											2023-12-04 16:59:05 -05:00
+								    save_invited_user(update_dict)
 								    _create_service_invite(fetched, current_app.config["ADMIN_BASE_URL"])
 								    return jsonify(data=invited_user_schema.dump(fetched)), 200
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
+								def invited_user_url(invited_user_id, invite_link_host=None):
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								    token = generate_token(
 								        str(invited_user_id),
 								        current_app.config["SECRET_KEY"],
 								        current_app.config["DANGEROUS_SALT"],
 								    )
-												Use the send email task to send the password reset and invitation email.

Next PR can remove those tasks.

											
										
										
											2016-06-16 17:34:33 +01:00
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
+								    if invite_link_host is None:
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								        invite_link_host = current_app.config["ADMIN_BASE_URL"]
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								    return "{0}/invitation/{1}".format(invite_link_host, token)
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								@service_invite.route("/invite/service/<uuid:invited_user_id>", methods=["GET"])
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								def get_invited_user(invited_user_id):
 								    invited_user = get_invited_user_by_id(invited_user_id)
-												Replace how `.dump` is called

As with `.load`, only data is now returned instead of a tuple.

											
										
										
											2022-05-06 15:52:44 +01:00
+								    return jsonify(data=invited_user_schema.dump(invited_user)), 200
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								@service_invite.route("/invite/service/<token>", methods=["GET"])
 								@service_invite.route("/invite/service/check/<token>", methods=["GET"])
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								def validate_service_invitation_token(token):
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								    max_age_seconds = 60 * 60 * 24 * current_app.config["INVITATION_EXPIRATION_DAYS"]
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
 								    try:
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								        invited_user_id = check_token(
 								            token,
 								            current_app.config["SECRET_KEY"],
 								            current_app.config["DANGEROUS_SALT"],
 								            max_age_seconds,
 								        )
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    except SignatureExpired:
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								        errors = {
-												fix invite text

											
										
										
											2024-05-15 08:22:04 -07:00
+								            "invitation": "Your invitation to Notify.gov has expired. "
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								            "Please ask the person that invited you to send you another one"
 								        }
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								        raise InvalidRequest(errors, status_code=400)
 								    except BadData:
-												reformat

											
										
										
											2023-08-29 14:54:30 -07:00
+								        errors = {
 								            "invitation": "Something’s wrong with this link. Make sure you’ve copied the whole thing."
 								        }
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								        raise InvalidRequest(errors, status_code=400)
 								    invited_user = get_invited_user_by_id(invited_user_id)
-												Replace how `.dump` is called

As with `.load`, only data is now returned instead of a tuple.

											
										
										
											2022-05-06 15:52:44 +01:00
+								    return jsonify(data=invited_user_schema.dump(invited_user)), 200
-												api to return service invite info

											
										
										
											2024-04-19 14:02:38 -07:00
-												cleanup

											
										
										
											2024-04-24 14:06:43 -07:00
+								def get_user_data_url_safe(data):
 								    data = json.dumps(data)
 								    data = base64.b64encode(data.encode("utf8"))
 								    return data.decode("utf8")