darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-13 08:42:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

make state non-arbitrary

Browse Source
This commit is contained in:
Kenneth Kehl
2024-04-02 13:18:21 -07:00
parent 9ecbfd24ff
commit 23e66db2a9
3 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
app/dao/users_dao.py
View File

@@ -2,6 +2,8 @@ import uuid
from datetime import datetime, timedelta from datetime import datetime, timedelta
from secrets import randbelow from secrets import randbelow
import sqlalchemy
from flask import current_app
from sqlalchemy import func from sqlalchemy import func
from sqlalchemy.orm import joinedload from sqlalchemy.orm import joinedload
@@ -39,7 +41,17 @@ def get_login_gov_user(login_uuid, email_address):
user = User.query.filter_by(login_uuid=login_uuid).first() user = User.query.filter_by(login_uuid=login_uuid).first()
if user: if user:
if user.email_address != email_address: if user.email_address != email_address:
save_user_attribute(user, {"email_address": email_address}) try:
save_user_attribute(user, {"email_address": email_address})
except sqlalchemy.exc.IntegrityError as ie:
# We are trying to change the email address as a courtesy,
# based on the assumption that the user has somehow changed their
# address in login.gov.
# But if we cannot change the email address, at least we don't
# want to fail here, otherwise the user will be locked out.
current_app.logger.error(ie)
db.session.rollback()
return user return user
# Remove this 1 July 2025, all users should have login.gov uuids by now # Remove this 1 July 2025, all users should have login.gov uuids by now
user = User.query.filter_by(email_address=email_address).first() user = User.query.filter_by(email_address=email_address).first()

11
app/organization/invite_rest.py
View File

@@ -52,6 +52,15 @@ def invite_user_to_org(organization_id):
current_app.config["ORGANIZATION_INVITATION_EMAIL_TEMPLATE_ID"] current_app.config["ORGANIZATION_INVITATION_EMAIL_TEMPLATE_ID"]
) )
token = generate_token(
str(invited_org_user.email_address),
current_app.config["SECRET_KEY"],
current_app.config["DANGEROUS_SALT"],
)
url = os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"]
url = url.replace("NONCE", token)
url = url.replace("STATE", token)
personalisation = { personalisation = {
"user_name": ( "user_name": (
"The Notify.gov team" "The Notify.gov team"
@@ -59,7 +68,7 @@ def invite_user_to_org(organization_id):
else invited_org_user.invited_by.name else invited_org_user.invited_by.name
), ),
"organization_name": invited_org_user.organization.name, "organization_name": invited_org_user.organization.name,
"url": os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"], "url": url,
} }
saved_notification = persist_notification( saved_notification = persist_notification(
template_id=template.id, template_id=template.id,

12
app/service_invite/rest.py
View File

@@ -37,10 +37,20 @@ def _create_service_invite(invited_user, invite_link_host):
template = dao_get_template_by_id(template_id) template = dao_get_template_by_id(template_id)
service = Service.query.get(current_app.config["NOTIFY_SERVICE_ID"]) service = Service.query.get(current_app.config["NOTIFY_SERVICE_ID"])
token = generate_token(
str(invited_user.email_address),
current_app.config["SECRET_KEY"],
current_app.config["DANGEROUS_SALT"],
)
url = os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"]
url = url.replace("NONCE", token)
url = url.replace("STATE", token)
personalisation = { personalisation = {
"user_name": invited_user.from_user.name, "user_name": invited_user.from_user.name,
"service_name": invited_user.service.name, "service_name": invited_user.service.name,
"url": os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"], "url": url,
} }
saved_notification = persist_notification( saved_notification = persist_notification(