From a2ff034b788f858594cd0ed1803dad0891744906 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Mon, 8 Sep 2025 08:17:37 -0700 Subject: [PATCH 1/3] fix org invites --- app/organization/invite_rest.py | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/app/organization/invite_rest.py b/app/organization/invite_rest.py index 2e6a9ba2c..59fe312c5 100644 --- a/app/organization/invite_rest.py +++ b/app/organization/invite_rest.py @@ -43,6 +43,18 @@ def invite_user_to_org(organization_id): data = request.get_json() validate(data, post_create_invited_org_user_status_schema) + request_json = request.get_json() + try: + nonce = request_json.pop("nonce") + except KeyError: + current_app.logger.exception("nonce not found in submitted data.") + raise + try: + state = request_json.pop("state") + except KeyError: + current_app.logger.exception("state not found in submitted data.") + raise + invited_org_user = InvitedOrganizationUser( email_address=data["email_address"], invited_by_id=data["invited_by"], @@ -53,15 +65,9 @@ def invite_user_to_org(organization_id): template = dao_get_template_by_id( current_app.config["ORGANIZATION_INVITATION_EMAIL_TEMPLATE_ID"] ) - - token = generate_token( - str(invited_org_user.email_address), - current_app.config["SECRET_KEY"], - current_app.config["DANGEROUS_SALT"], - ) url = os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"] - url = url.replace("NONCE", token) - url = url.replace("STATE", token) + url = url.replace("NONCE", nonce) + url = url.replace("STATE", state) personalisation = { "user_name": ( From b5a35cd89d26f822d24516f24d66ad00b71f99d4 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Mon, 8 Sep 2025 12:53:39 -0700 Subject: [PATCH 2/3] fix org invites --- tests/app/organization/test_invite_rest.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/app/organization/test_invite_rest.py b/tests/app/organization/test_invite_rest.py index 37bcb5a9a..55151fd3e 100644 --- a/tests/app/organization/test_invite_rest.py +++ b/tests/app/organization/test_invite_rest.py @@ -56,6 +56,8 @@ def test_create_invited_org_user( organization_id=sample_organization.id, _data=data, _expected_status=201, + nonce="nonce", + state="state", ) assert json_resp["data"]["organization"] == str(sample_organization.id) From 6534d0de5a02d35b765c63b72520bad6ac67fb36 Mon Sep 17 00:00:00 2001 From: Kenneth Kehl <@kkehl@flexion.us> Date: Mon, 8 Sep 2025 13:03:36 -0700 Subject: [PATCH 3/3] fix org invites --- tests/app/organization/test_invite_rest.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/app/organization/test_invite_rest.py b/tests/app/organization/test_invite_rest.py index 55151fd3e..17ace6c55 100644 --- a/tests/app/organization/test_invite_rest.py +++ b/tests/app/organization/test_invite_rest.py @@ -48,6 +48,8 @@ def test_create_invited_org_user( organization=str(sample_organization.id), email_address=email_address, invited_by=str(sample_user.id), + nonce="dummy-nonce", + state="dummy-state", **extra_args ) @@ -56,8 +58,6 @@ def test_create_invited_org_user( organization_id=sample_organization.id, _data=data, _expected_status=201, - nonce="nonce", - state="state", ) assert json_resp["data"]["organization"] == str(sample_organization.id)