app/utils.py

import os
import re
from datetime import datetime, timedelta, timezone

from flask import abort, current_app, url_for
from sqlalchemy import func

from notifications_utils.template import HTMLEmailTemplate, SMSMessageTemplate

DATETIME_FORMAT_NO_TIMEZONE = "%Y-%m-%d %H:%M:%S.%f"
DATETIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ"
DATE_FORMAT = "%Y-%m-%d"


def pagination_links(pagination, endpoint, **kwargs):
    if "page" in kwargs:
        kwargs.pop("page", None)
    links = {}
    if pagination.has_prev:
        links["prev"] = url_for(endpoint, page=pagination.prev_num, **kwargs)
    if pagination.has_next:
        links["next"] = url_for(endpoint, page=pagination.next_num, **kwargs)
        links["last"] = url_for(endpoint, page=pagination.pages, **kwargs)
    return links


def get_prev_next_pagination_links(current_page, next_page_exists, endpoint, **kwargs):
    if "page" in kwargs:
        kwargs.pop("page", None)
    links = {}
    if current_page > 1:
        links["prev"] = url_for(endpoint, page=current_page - 1, **kwargs)
    if next_page_exists:
        links["next"] = url_for(endpoint, page=current_page + 1, **kwargs)
    return links


def url_with_token(data, url, config, base_url=None):
    from notifications_utils.url_safe_token import generate_token

    token = generate_token(data, config["SECRET_KEY"], config["DANGEROUS_SALT"])
    base_url = (base_url or config["ADMIN_BASE_URL"]) + url
    return base_url + token


def get_template_instance(template, values=None):
    from app.enums import TemplateType

    return {
        TemplateType.SMS: SMSMessageTemplate,
        TemplateType.EMAIL: HTMLEmailTemplate,
    }[template["template_type"]](template, values)


def template_model_to_dict(template):
    return {
        "id": str(template.id),
        "template_type": template.template_type,
        "content": template.content,
        "subject": getattr(template, "subject", None),
        "created_at": template.created_at,
        "name": template.name,
        "version": template.version,
    }


def get_midnight_in_utc(date):
    """
    This function converts date to midnight in UTC,
    removing the tzinfo from the datetime because the database stores the timestamps without timezone.
    :param date: the day to calculate the local midnight in UTC for
    :return: the datetime of local midnight in UTC, for example 2016-06-17 = 2016-06-16 23:00:00
    """
    return datetime.combine(date, datetime.min.time())


def get_month_from_utc_column(column):
    """
    Where queries need to count notifications by month it needs to be
    the month in local time.
    The database stores all timestamps as UTC without the timezone.
     - First set the timezone on created_at to UTC
     - then convert the timezone to local time (or America/New_York)
     - lastly truncate the datetime to month with which we can group
       queries
    """
    return func.date_trunc("month", func.timezone("UTC", func.timezone("UTC", column)))


def get_public_notify_type_text(notify_type, plural=False):
    from app.enums import NotificationType, ServicePermissionType

    notify_type_text = notify_type
    if notify_type == NotificationType.SMS:
        notify_type_text = "text message"
    elif notify_type == ServicePermissionType.UPLOAD_DOCUMENT:
        notify_type_text = "document"

    return "{}{}".format(notify_type_text, "s" if plural else "")


def midnight_n_days_ago(number_of_days):
    """
    Returns midnight a number of days ago. Takes care of daylight savings etc.
    """
    return get_midnight_in_utc(utc_now() - timedelta(days=number_of_days))


def escape_special_characters(string):
    for special_character in ("\\", "_", "%", "/"):
        string = string.replace(special_character, r"\{}".format(special_character))
    return string


def get_archived_db_column_value(column):
    date = utc_now().strftime("%Y-%m-%d")
    return f"_archived_{date}_{column}"


def get_dt_string_or_none(val):
    return val.strftime(DATETIME_FORMAT) if val else None


# Function used for debugging.
# Do print(hilite(message)) while debugging, then remove your print statements
def hilite(message):
    ansi_green = "\033[32m"
    ansi_reset = "\033[0m"
    return f"{ansi_green}{message}{ansi_reset}"


def aware_utcnow():
    return datetime.now(timezone.utc)


def naive_utcnow():
    return aware_utcnow().replace(tzinfo=None)


def utc_now():
    return naive_utcnow()


def debug_not_production(msg):
    if os.getenv("NOTIFY_ENVIRONMENT") not in ["production"]:
        current_app.logger.info(msg)


def is_suspicious_input(input_str):
    if not isinstance(input_str, str):
        return False

    pattern = re.compile(
        r"""
                         (?i) # case insensite
                         \b  # word boundary
                         ( # start of group for SQL keywords
                         OR   # match SQL keyword OR
                         |AND
                         |UNION
                         |SELECT
                         |DROP
                         |INSERT
                         |UPDATE
                         |DELETE
                         |EXEC
                         |TRUNCATE
                         |CREATE
                         |ALTER
                         |-- # match SQL single-line comment
                         |/\* # match SQL multi-line comment
                         |\bpg_sleep\b # Match PostgreSQL 'pg_sleep' function

                         |\bsleep\b # Match SQL Server 'sleep' function
                         ) # End SQL keywords and function group
                         | # OR operator to include an alternate pattern
                         [';]{2,} # Match two or more consecutive single quotes or semi-colons
                         """,
        re.VERBOSE,
    )
    return bool(re.search(pattern, input_str))


def is_valid_id(id):
    if not isinstance(id, str):
        return True
    return bool(re.match(r"^[a-zA-Z0-9_-]{1,50}$", id))


def check_suspicious_id(*args):
    for id in args:
        if not is_valid_id(id):
            abort(403)
        if is_suspicious_input(id):
            abort(403)
add more debug to get e2e tests working 2024-09-04 09:33:41 -07:00			`import os`
more input checking 2025-06-26 10:35:46 -07:00			`import re`
replace utcnow with timezone naive utc call 2024-05-23 10:18:02 -07:00			`from datetime import datetime, timedelta, timezone`
Add date helper methods to be used as date range filters for notification counts 2017-01-27 12:21:28 +00:00
more input checking 2025-06-26 10:35:46 -07:00			`from flask import abort, current_app, url_for`
Run auto-correct on app/ and tests/ 2021-03-10 13:55:06 +00:00			`from sqlalchemy import func`
move get_all_notifications_for_service and get_all_notifications_for_job moved from notifications/rest -> service/rest and job/rest respectively endpoint routes not affected removed requires_admin decorator - that should be set by nginx config as opposed to python code 2016-06-28 15:17:36 +01:00
Localize notification_utils to the API This changeset pulls in all of the notification_utils code directly into the API and removes it as an external dependency. We are doing this to cut down on operational maintenance of the project and will begin removing parts of it no longer needed for the API. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov> 2024-05-16 10:17:45 -04:00			`from notifications_utils.template import HTMLEmailTemplate, SMSMessageTemplate`

Move DATETIME_FORMAT from app to app.utils To avoid cyclical import issues 2020-12-18 17:39:35 +00:00			`DATETIME_FORMAT_NO_TIMEZONE = "%Y-%m-%d %H:%M:%S.%f"`
			`DATETIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%fZ"`
			`DATE_FORMAT = "%Y-%m-%d"`
Add fix for bst 2017-04-03 15:49:23 +01:00
move get_all_notifications_for_service and get_all_notifications_for_job moved from notifications/rest -> service/rest and job/rest respectively endpoint routes not affected removed requires_admin decorator - that should be set by nginx config as opposed to python code 2016-06-28 15:17:36 +01:00
			`def pagination_links(pagination, endpoint, **kwargs):`
reformat 2023-08-29 14:54:30 -07:00			`if "page" in kwargs:`
			`kwargs.pop("page", None)`
add pagination to GET /service/{}/job accepts a page parameter to control what page of data returns additional pagination fields in the response dict * page_size: will always be 50. defined by Config.PAGE_SIZE * total: the total amount of unpaginated records * links: dict containing optionally prev, next, and last, links to other relevant pagination pages also cleaned up some test imports 2016-09-21 16:54:02 +01:00			`links = {}`
move get_all_notifications_for_service and get_all_notifications_for_job moved from notifications/rest -> service/rest and job/rest respectively endpoint routes not affected removed requires_admin decorator - that should be set by nginx config as opposed to python code 2016-06-28 15:17:36 +01:00			`if pagination.has_prev:`
reformat 2023-08-29 14:54:30 -07:00			`links["prev"] = url_for(endpoint, page=pagination.prev_num, **kwargs)`
move get_all_notifications_for_service and get_all_notifications_for_job moved from notifications/rest -> service/rest and job/rest respectively endpoint routes not affected removed requires_admin decorator - that should be set by nginx config as opposed to python code 2016-06-28 15:17:36 +01:00			`if pagination.has_next:`
reformat 2023-08-29 14:54:30 -07:00			`links["next"] = url_for(endpoint, page=pagination.next_num, **kwargs)`
			`links["last"] = url_for(endpoint, page=pagination.pages, **kwargs)`
move get_all_notifications_for_service and get_all_notifications_for_job moved from notifications/rest -> service/rest and job/rest respectively endpoint routes not affected removed requires_admin decorator - that should be set by nginx config as opposed to python code 2016-06-28 15:17:36 +01:00			`return links`
Rename the endpoints. Increase test coverage to include the encrypted message sent to the task. 2016-10-13 11:59:47 +01:00

Move `get_prev_next_pagination_links` to utils This will mean it can later be reused whereever we want 2021-12-09 17:18:28 +00:00			`def get_prev_next_pagination_links(current_page, next_page_exists, endpoint, **kwargs):`
reformat 2023-08-29 14:54:30 -07:00			`if "page" in kwargs:`
			`kwargs.pop("page", None)`
Move `get_prev_next_pagination_links` to utils This will mean it can later be reused whereever we want 2021-12-09 17:18:28 +00:00			`links = {}`
			`if current_page > 1:`
reformat 2023-08-29 14:54:30 -07:00			`links["prev"] = url_for(endpoint, page=current_page - 1, **kwargs)`
Move `get_prev_next_pagination_links` to utils This will mean it can later be reused whereever we want 2021-12-09 17:18:28 +00:00			`if next_page_exists:`
reformat 2023-08-29 14:54:30 -07:00			`links["next"] = url_for(endpoint, page=current_page + 1, **kwargs)`
Move `get_prev_next_pagination_links` to utils This will mean it can later be reused whereever we want 2021-12-09 17:18:28 +00:00			`return links`


Allow admin to specify domain for email auth links Similar to https://github.com/alphagov/notifications-api/pull/1515 This lets the admin app pass in a domain to use for email auth links, so that when it’s running on a different URL users who try to sign in will get an email auth link for the domain they sign in on, not the default admin domain for the environment in which the API is running. 2018-02-09 14:16:10 +00:00			`def url_with_token(data, url, config, base_url=None):`
Rename the endpoints. Increase test coverage to include the encrypted message sent to the task. 2016-10-13 11:59:47 +01:00			`from notifications_utils.url_safe_token import generate_token`
reformat 2023-08-29 14:54:30 -07:00
			`token = generate_token(data, config["SECRET_KEY"], config["DANGEROUS_SALT"])`
			`base_url = (base_url or config["ADMIN_BASE_URL"]) + url`
Rename the endpoints. Increase test coverage to include the encrypted message sent to the task. 2016-10-13 11:59:47 +01:00			`return base_url + token`
Update utils to 12.0.0 Includes: - [x] https://github.com/alphagov/notifications-utils/pull/94 (breaking changes which are responsible for all the changes to the API in this PR) The test for `get_sms_fragment_count` has been removed because this method is already tested in utils here: https://github.com/alphagov/notifications-utils/blob/ac20f7e99ece4935fccf39ed9d5c0fb40e45bfbc/tests/test_base_template.py#L140-L159 2016-12-09 15:56:25 +00:00

Fixed another 30 tests 2025-05-27 19:40:26 -04:00			`def get_template_instance(template, values=None):`
Getting imports right to use app.enums Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov> 2024-01-10 12:45:03 -05:00			`from app.enums import TemplateType`
reformat 2023-08-29 14:54:30 -07:00
Update utils to 12.0.0 Includes: - [x] https://github.com/alphagov/notifications-utils/pull/94 (breaking changes which are responsible for all the changes to the API in this PR) The test for `get_sms_fragment_count` has been removed because this method is already tested in utils here: https://github.com/alphagov/notifications-utils/blob/ac20f7e99ece4935fccf39ed9d5c0fb40e45bfbc/tests/test_base_template.py#L140-L159 2016-12-09 15:56:25 +00:00			`return {`
Cleaning up a lot of things, getting Enums used everywhere. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov> 2024-02-28 12:40:52 -05:00			`TemplateType.SMS: SMSMessageTemplate,`
			`TemplateType.EMAIL: HTMLEmailTemplate,`
Fixed another 30 tests 2025-05-27 19:40:26 -04:00			`}[template["template_type"]](template, values)`
Removed dependency that is not needed, fixed more tests 2025-05-16 16:23:59 -04:00

			`def template_model_to_dict(template):`
			`return {`
			`"id": str(template.id),`
			`"template_type": template.template_type,`
			`"content": template.content,`
			`"subject": getattr(template, "subject", None),`
			`"created_at": template.created_at,`
			`"name": template.name,`
			`"version": template.version,`
			`}`
Add date helper methods to be used as date range filters for notification counts 2017-01-27 12:21:28 +00:00

notify-260 remove server-side timezone handling 2023-05-10 08:39:50 -07:00			`def get_midnight_in_utc(date):`
Refactor the get_midnight functions to return the date in UTC but for the localised time. So in June when we are in BST June 16, 00:00 BST => June 15 23:00 UTC 2017-01-27 15:57:25 +00:00			`"""`
reformat 2023-08-29 14:54:30 -07:00			`This function converts date to midnight in UTC,`
			`removing the tzinfo from the datetime because the database stores the timestamps without timezone.`
			`:param date: the day to calculate the local midnight in UTC for`
			`:return: the datetime of local midnight in UTC, for example 2016-06-17 = 2016-06-16 23:00:00`
Refactor the get_midnight functions to return the date in UTC but for the localised time. So in June when we are in BST June 16, 00:00 BST => June 15 23:00 UTC 2017-01-27 15:57:25 +00:00			`"""`
notify-260 remove server-side timezone handling 2023-05-10 08:39:50 -07:00			`return datetime.combine(date, datetime.min.time())`
Add date helper methods to be used as date range filters for notification counts 2017-01-27 12:21:28 +00:00

more fix 2023-05-30 12:16:49 -07:00			`def get_month_from_utc_column(column):`
Split out handling of BST queries for reuse 2017-01-30 16:46:47 +00:00			`"""`
reformat 2023-08-29 14:54:30 -07:00			`Where queries need to count notifications by month it needs to be`
			`the month in local time.`
			`The database stores all timestamps as UTC without the timezone.`
			`- First set the timezone on created_at to UTC`
			`- then convert the timezone to local time (or America/New_York)`
			`- lastly truncate the datetime to month with which we can group`
			`queries`
Split out handling of BST queries for reuse 2017-01-30 16:46:47 +00:00			`"""`
reformat 2023-08-29 14:54:30 -07:00			`return func.date_trunc("month", func.timezone("UTC", func.timezone("UTC", column)))`
Moved the cache key to the utils module. Renamed the dao method. 2017-02-14 14:22:52 +00:00

Refactored to make code clearer 2017-06-29 18:02:21 +01:00			`def get_public_notify_type_text(notify_type, plural=False):`
All string "constants" in app.models converted to app.enums. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov> 2024-01-15 16:45:55 -05:00			`from app.enums import NotificationType, ServicePermissionType`
reformat 2023-08-29 14:54:30 -07:00
Refactored to make code clearer 2017-06-29 18:02:21 +01:00			`notify_type_text = notify_type`
Cleaning up a lot of things, getting Enums used everywhere. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov> 2024-02-28 12:40:52 -05:00			`if notify_type == NotificationType.SMS:`
reformat 2023-08-29 14:54:30 -07:00			`notify_type_text = "text message"`
All string "constants" in app.models converted to app.enums. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov> 2024-01-15 16:45:55 -05:00			`elif notify_type == ServicePermissionType.UPLOAD_DOCUMENT:`
reformat 2023-08-29 14:54:30 -07:00			`notify_type_text = "document"`
broadcast flake8 cleanup 2022-10-25 11:53:24 -04:00
reformat 2023-08-29 14:54:30 -07:00			`return "{}{}".format(notify_type_text, "s" if plural else "")`
move days_ago to utils and make it tz aware it's used in a few places - it should definitely know what timezones are and return datetimes rather than dates, which are hard to work with in terms of figuring out how tz aware they are. 2018-04-12 10:47:16 +01:00

rename days_ago to midnight_n_days_ago also add some more timezone boundary tests and minor code cleanup 2018-04-30 11:50:56 +01:00			`def midnight_n_days_ago(number_of_days):`
move days_ago to utils and make it tz aware it's used in a few places - it should definitely know what timezones are and return datetimes rather than dates, which are hard to work with in terms of figuring out how tz aware they are. 2018-04-12 10:47:16 +01:00			`"""`
			`Returns midnight a number of days ago. Takes care of daylight savings etc.`
			`"""`
remove datetime.utcnow() 2024-05-23 13:59:51 -07:00			`return get_midnight_in_utc(utc_now() - timedelta(days=number_of_days))`
refactor template stats endpoint to read from new redis keys New redis keys are partitioned per service per day. New process is as follows: * require a count of days to filter by. Currently admin always gives 7. * for each day, check and see if there's anything in redis. There won't be if either a) redis is/was down or b) the service didn't send any notifications that day - if there isn't, go to the database and get a count out. * combine all these stats together * get the names/template types etc out of the DB at the end. 2018-04-12 10:46:22 +01:00

Move code that escapes special chars to helper function and use it in query get_users_by_partial_email 2018-07-13 15:26:42 +01:00			`def escape_special_characters(string):`
reformat 2023-08-29 14:54:30 -07:00			`for special_character in ("\\", "_", "%", "/"):`
			`string = string.replace(special_character, r"\{}".format(special_character))`
Move code that escapes special chars to helper function and use it in query get_users_by_partial_email 2018-07-13 15:26:42 +01:00			`return string`
Set default branding for NHS services The NHS is a special case because it’s not one organisation, but it does have one consistent brand. So anyone working for an NHS organisation should have their default branding set when they create a service, even if we know nothing about their specific organisation. 2019-04-05 15:18:39 +01:00

Move function to get archived email address value This function will be used when archiving services too, so it has been renamed and moved to `app/utils.py`. 2020-05-22 09:36:07 +01:00			`def get_archived_db_column_value(column):`
remove datetime.utcnow() 2024-05-23 13:59:51 -07:00			`date = utc_now().strftime("%Y-%m-%d")`
reformat 2023-08-29 14:54:30 -07:00			`return f"_archived_{date}_{column}"`
create get_dt_string_or_none string mostly to quash flakle8 warnings 2020-07-27 15:17:19 +01:00

			`def get_dt_string_or_none(val):`
			`return val.strftime(DATETIME_FORMAT) if val else None`
Format sequential number into an 8 char long hex As per Vodafone spec for ibag format message number 2020-12-04 16:00:20 +00:00

debug staging 2024-03-28 11:19:02 -07:00			`# Function used for debugging.`
			`# Do print(hilite(message)) while debugging, then remove your print statements`
			`def hilite(message):`
			`ansi_green = "\033[32m"`
			`ansi_reset = "\033[0m"`
			`return f"{ansi_green}{message}{ansi_reset}"`
replace utcnow with timezone naive utc call 2024-05-23 10:18:02 -07:00

			`def aware_utcnow():`
			`return datetime.now(timezone.utc)`


			`def naive_utcnow():`
			`return aware_utcnow().replace(tzinfo=None)`


			`def utc_now():`
			`return naive_utcnow()`
add more debug to get e2e tests working 2024-09-04 09:33:41 -07:00

			`def debug_not_production(msg):`
			`if os.getenv("NOTIFY_ENVIRONMENT") not in ["production"]:`
			`current_app.logger.info(msg)`
socket io setup 2025-04-09 16:56:42 -07:00

more input checking 2025-06-26 10:35:46 -07:00			`def is_suspicious_input(input_str):`
			`if not isinstance(input_str, str):`
			`return False`

			`pattern = re.compile(`
			`r"""`
			`(?i) # case insensite`
			`\b # word boundary`
			`( # start of group for SQL keywords`
			`OR # match SQL keyword OR`
			`\|AND`
			`\|UNION`
			`\|SELECT`
			`\|DROP`
			`\|INSERT`
			`\|UPDATE`
			`\|DELETE`
			`\|EXEC`
			`\|TRUNCATE`
			`\|CREATE`
			`\|ALTER`
			`\|-- # match SQL single-line comment`
			`\|/\* # match SQL multi-line comment`
			`\|\bpg_sleep\b # Match PostgreSQL 'pg_sleep' function`

			`\|\bsleep\b # Match SQL Server 'sleep' function`
			`) # End SQL keywords and function group`
			`\| # OR operator to include an alternate pattern`
			`[';]{2,} # Match two or more consecutive single quotes or semi-colons`
			`""",`
			`re.VERBOSE,`
			`)`
			`return bool(re.search(pattern, input_str))`


			`def is_valid_id(id):`
			`if not isinstance(id, str):`
			`return True`
			`return bool(re.match(r"^[a-zA-Z0-9_-]{1,50}$", id))`


			`def check_suspicious_id(*args):`
			`for id in args:`
			`if not is_valid_id(id):`
			`abort(403)`
			`if is_suspicious_input(id):`
			`abort(403)`