diff --git a/app/__init__.py b/app/__init__.py index 3c4a6823c..c56ec476c 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -109,7 +109,6 @@ def register_blueprint(application): from app.billing.rest import billing_blueprint from app.organisation.rest import organisation_blueprint from app.organisation.invite_rest import organisation_invite_blueprint - from app.organisation.accept_organisation_invite import accept_organisation_invite_blueprint service_blueprint.before_request(requires_admin_auth) application.register_blueprint(service_blueprint, url_prefix='/service') @@ -186,9 +185,6 @@ def register_blueprint(application): organisation_invite_blueprint.before_request(requires_admin_auth) application.register_blueprint(organisation_invite_blueprint) - accept_organisation_invite_blueprint.before_request(requires_admin_auth) - application.register_blueprint(accept_organisation_invite_blueprint) - def register_v2_blueprints(application): from app.v2.inbound_sms.get_inbound_sms import v2_inbound_sms_blueprint as get_inbound_sms diff --git a/app/accept_invite/rest.py b/app/accept_invite/rest.py index 3957b6b47..dcdf64b0a 100644 --- a/app/accept_invite/rest.py +++ b/app/accept_invite/rest.py @@ -23,30 +23,6 @@ accept_invite = Blueprint('accept_invite', __name__) register_errors(accept_invite) -@accept_invite.route('/', methods=['GET']) -def get_invited_user_by_token(token): - """ - This method is now deprecated, - in favor of a single accept_invite endpoint for both service and organisation invitations - """ - max_age_seconds = 60 * 60 * 24 * current_app.config['INVITATION_EXPIRATION_DAYS'] - - try: - invited_user_id = check_token(token, - current_app.config['SECRET_KEY'], - current_app.config['DANGEROUS_SALT'], - max_age_seconds) - except SignatureExpired: - errors = {'invitation': - ['Your invitation to GOV.UK Notify has expired. ' - 'Please ask the person that invited you to send you another one']} - raise InvalidRequest(errors, status_code=400) - - invited_user = get_invited_user_by_id(invited_user_id) - - return jsonify(data=invited_user_schema.dump(invited_user).data), 200 - - @accept_invite.route('//', methods=['GET']) def validate_invitation_token(invitation_type, token): diff --git a/app/organisation/accept_organisation_invite.py b/app/organisation/accept_organisation_invite.py deleted file mode 100644 index 20c580a09..000000000 --- a/app/organisation/accept_organisation_invite.py +++ /dev/null @@ -1,30 +0,0 @@ -from flask import Blueprint, jsonify, current_app -from itsdangerous import SignatureExpired -from notifications_utils.url_safe_token import check_token - -from app.dao.organisation_dao import dao_get_invited_organisation_user -from app.errors import register_errors, InvalidRequest - -accept_organisation_invite_blueprint = Blueprint( - 'accept_organisation_invite', __name__, - url_prefix='/organisation-invitation') - -register_errors(accept_organisation_invite_blueprint) - - -@accept_organisation_invite_blueprint.route("/", methods=['GET']) -def accept_organisation_invitation(token): - max_age_seconds = 60 * 60 * 24 * current_app.config['INVITATION_EXPIRATION_DAYS'] - - try: - invited_user_id = check_token(token, - current_app.config['SECRET_KEY'], - current_app.config['DANGEROUS_SALT'], - max_age_seconds) - except SignatureExpired: - errors = {'invitation': ['Your invitation to GOV.UK Notify has expired. ' - 'Please ask the person that invited you to send you another one']} - raise InvalidRequest(errors, status_code=400) - invited_user = dao_get_invited_organisation_user(invited_user_id) - - return jsonify(data=invited_user.serialize()), 200 diff --git a/tests/app/accept_invite/test_accept_invite_rest.py b/tests/app/accept_invite/test_accept_invite_rest.py index 05a129919..407f4705c 100644 --- a/tests/app/accept_invite/test_accept_invite_rest.py +++ b/tests/app/accept_invite/test_accept_invite_rest.py @@ -7,58 +7,6 @@ from notifications_utils.url_safe_token import generate_token from tests import create_authorization_header -def test_accept_invite_for_expired_token_returns_400(notify_api, sample_invited_user): - with notify_api.test_request_context(): - with notify_api.test_client() as client: - with freeze_time('2016-01-01T12:00:00'): - token = generate_token(str(sample_invited_user.id), notify_api.config['SECRET_KEY'], - notify_api.config['DANGEROUS_SALT']) - url = '/invite/{}'.format(token) - auth_header = create_authorization_header() - response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header]) - - assert response.status_code == 400 - json_resp = json.loads(response.get_data(as_text=True)) - assert json_resp['result'] == 'error' - assert json_resp['message'] == {'invitation': [ - 'Your invitation to GOV.UK Notify has expired. ' - 'Please ask the person that invited you to send you another one']} - - -def test_accept_invite_returns_200_when_token_valid(notify_api, sample_invited_user): - with notify_api.test_request_context(): - with notify_api.test_client() as client: - token = generate_token(str(sample_invited_user.id), notify_api.config['SECRET_KEY'], - notify_api.config['DANGEROUS_SALT']) - url = '/invite/{}'.format(token) - auth_header = create_authorization_header() - response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header]) - - assert response.status_code == 200 - json_resp = json.loads(response.get_data(as_text=True)) - assert json_resp['data']['id'] == str(sample_invited_user.id) - assert json_resp['data']['email_address'] == sample_invited_user.email_address - assert json_resp['data']['from_user'] == str(sample_invited_user.user_id) - assert json_resp['data']['service'] == str(sample_invited_user.service_id) - assert json_resp['data']['status'] == sample_invited_user.status - assert json_resp['data']['permissions'] == sample_invited_user.permissions - - -def test_accept_invite_returns_400_when_invited_user_does_not_exist(notify_api): - with notify_api.test_request_context(): - with notify_api.test_client() as client: - token = generate_token(str(uuid.uuid4()), notify_api.config['SECRET_KEY'], - notify_api.config['DANGEROUS_SALT']) - url = '/invite/{}'.format(token) - auth_header = create_authorization_header() - response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header]) - - assert response.status_code == 404 - json_resp = json.loads(response.get_data(as_text=True)) - assert json_resp['result'] == 'error' - assert json_resp['message'] == 'No result found' - - @pytest.mark.parametrize('invitation_type', ['service', 'organisation']) def test_validate_invitation_token_for_expired_token_returns_400(client, invitation_type): with freeze_time('2016-01-01T12:00:00'): diff --git a/tests/app/organisation/test_accept_organisation_invite.py b/tests/app/organisation/test_accept_organisation_invite.py deleted file mode 100644 index be2db4ca6..000000000 --- a/tests/app/organisation/test_accept_organisation_invite.py +++ /dev/null @@ -1,17 +0,0 @@ -import json - -from flask import current_app -from notifications_utils.url_safe_token import generate_token - -from tests import create_authorization_header - - -def test_accept_organisation_invitation(client, sample_invited_org_user): - token = generate_token(str(sample_invited_org_user.id), current_app.config['SECRET_KEY'], - current_app.config['DANGEROUS_SALT']) - url = '/organisation-invitation/{}'.format(token) - auth_header = create_authorization_header() - response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header]) - assert response.status_code == 200 - json_resp = json.loads(response.get_data(as_text=True)) - assert json_resp['data'] == sample_invited_org_user.serialize()