app/global_invite/rest.py

from flask import Blueprint, current_app, jsonify
from itsdangerous import BadData, SignatureExpired
from notifications_utils.url_safe_token import check_token

from app.dao.invited_user_dao import get_invited_user_by_id
from app.dao.organisation_dao import dao_get_invited_organisation_user
from app.errors import InvalidRequest, register_errors
from app.schemas import invited_user_schema

global_invite_blueprint = Blueprint('global_invite', __name__)
register_errors(global_invite_blueprint)


@global_invite_blueprint.route('/<invitation_type>/<token>', methods=['GET'])
def validate_invitation_token(invitation_type, token):

    max_age_seconds = 60 * 60 * 24 * current_app.config['INVITATION_EXPIRATION_DAYS']

    try:
        invited_user_id = check_token(token,
                                      current_app.config['SECRET_KEY'],
                                      current_app.config['DANGEROUS_SALT'],
                                      max_age_seconds)
    except SignatureExpired:
        errors = {'invitation':
                  'Your invitation to GOV.UK Notify has expired. '
                  'Please ask the person that invited you to send you another one'}
        raise InvalidRequest(errors, status_code=400)
    except BadData:
        errors = {'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'}
        raise InvalidRequest(errors, status_code=400)

    if invitation_type == 'service':
        invited_user = get_invited_user_by_id(invited_user_id)
        return jsonify(data=invited_user_schema.dump(invited_user).data), 200
    elif invitation_type == 'organisation':
        invited_user = dao_get_invited_organisation_user(invited_user_id)
        return jsonify(data=invited_user.serialize()), 200
    else:
        raise InvalidRequest("Unrecognised invitation type: {}".format(invitation_type))
-												Run auto-correct on app/ and tests/

											
										
										
											2021-03-10 13:55:06 +00:00
+								from flask import Blueprint, current_app, jsonify
 								from itsdangerous import BadData, SignatureExpired
-												Working placeholders in subject with upgraded notifications-utils.

Fix test.

											
										
										
											2016-04-13 15:31:08 +01:00
+								from notifications_utils.url_safe_token import check_token
-												[WIP] Start of api for accepting invite.

											
										
										
											2016-02-29 17:38:02 +00:00
 								from app.dao.invited_user_dao import get_invited_user_by_id
-												Added a new endpoint that can be used for organisation or service invitations.
The other two invitation endpoints will be removed once the admin app is updated.

											
										
										
											2018-02-23 14:15:39 +00:00
+								from app.dao.organisation_dao import dao_get_invited_organisation_user
-												Run auto-correct on app/ and tests/

											
										
										
											2021-03-10 13:55:06 +00:00
+								from app.errors import InvalidRequest, register_errors
-												[WIP] Start of api for accepting invite.

											
										
										
											2016-02-29 17:38:02 +00:00
+								from app.schemas import invited_user_schema
-												rename invite blueprints

nb: the routes are not changing as part of this, only file paths and
blueprint names.

invite -> service_invite

this blueprint handles fetching invites for a service, creating invites,
etc.

accept_invite -> global_invite

this blueprint handles accepting invites for now, but will also involve
retrieving service/org user invite data without knowing the service/org
id associated. i'm not in love with this name and open to suggestions,
but i wanted to contrast it from service_invite and
organisation/invite_rest.py.

											
										
										
											2021-03-05 20:13:56 +00:00
+								global_invite_blueprint = Blueprint('global_invite', __name__)
 								register_errors(global_invite_blueprint)
-												[WIP] Start of api for accepting invite.

											
										
										
											2016-02-29 17:38:02 +00:00
-												rename invite blueprints

nb: the routes are not changing as part of this, only file paths and
blueprint names.

invite -> service_invite

this blueprint handles fetching invites for a service, creating invites,
etc.

accept_invite -> global_invite

this blueprint handles accepting invites for now, but will also involve
retrieving service/org user invite data without knowing the service/org
id associated. i'm not in love with this name and open to suggestions,
but i wanted to contrast it from service_invite and
organisation/invite_rest.py.

											
										
										
											2021-03-05 20:13:56 +00:00
+								@global_invite_blueprint.route('/<invitation_type>/<token>', methods=['GET'])
-												Added a new endpoint that can be used for organisation or service invitations.
The other two invitation endpoints will be removed once the admin app is updated.

											
										
										
											2018-02-23 14:15:39 +00:00
+								def validate_invitation_token(invitation_type, token):
 								    max_age_seconds = 60 * 60 * 24 * current_app.config['INVITATION_EXPIRATION_DAYS']
 								    try:
 								        invited_user_id = check_token(token,
 								                                      current_app.config['SECRET_KEY'],
 								                                      current_app.config['DANGEROUS_SALT'],
 								                                      max_age_seconds)
 								    except SignatureExpired:
 								        errors = {'invitation':
-												Fix error message when invitation has expired

The error message for when an invitation to Notify had expired was
displaying in admin with square brackets round it because admin is not
expecting the message to be a list
(https://github.com/alphagov/notifications-admin/blob/a85134ee227a89fbe13ee470a7b74b69e01ad7e2/app/models/user.py#L500)

											
										
										
											2020-08-12 18:30:00 +01:00
+								                  'Your invitation to GOV.UK Notify has expired. '
 								                  'Please ask the person that invited you to send you another one'}
-												Added a new endpoint that can be used for organisation or service invitations.
The other two invitation endpoints will be removed once the admin app is updated.

											
										
										
											2018-02-23 14:15:39 +00:00
+								        raise InvalidRequest(errors, status_code=400)
-												handle malformed invite tokens

											
										
										
											2018-03-08 13:14:56 +00:00
+								    except BadData:
 								        errors = {'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'}
 								        raise InvalidRequest(errors, status_code=400)
-												Added a new endpoint that can be used for organisation or service invitations.
The other two invitation endpoints will be removed once the admin app is updated.

											
										
										
											2018-02-23 14:15:39 +00:00
 								    if invitation_type == 'service':
 								        invited_user = get_invited_user_by_id(invited_user_id)
 								        return jsonify(data=invited_user_schema.dump(invited_user).data), 200
 								    elif invitation_type == 'organisation':
 								        invited_user = dao_get_invited_organisation_user(invited_user_id)
 								        return jsonify(data=invited_user.serialize()), 200
 								    else:
 								        raise InvalidRequest("Unrecognised invitation type: {}".format(invitation_type))