remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2026-01-30 14:31:57 -05:00 · 2021-03-11 20:26:44 +00:00
parent 4471189b87
commit eab4a75e29
9 changed files with 267 additions and 205 deletions
--- a/app/organisation/invite_rest.py
+++ b/app/organisation/invite_rest.py
@@ -1,14 +1,18 @@
 from flask import Blueprint, current_app, jsonify, request
-from notifications_utils.url_safe_token import generate_token
+from itsdangerous import BadData, SignatureExpired
+from notifications_utils.url_safe_token import check_token, generate_token

 from app.config import QueueNames
 from app.dao.invited_org_user_dao import (
-    get_invited_org_user,
+    get_invited_org_user as dao_get_invited_org_user,
+)
+from app.dao.invited_org_user_dao import (
    get_invited_org_users_for_organisation,
    save_invited_org_user,
 )
+from app.dao.organisation_dao import dao_get_invited_organisation_user
 from app.dao.templates_dao import dao_get_template_by_id
-from app.errors import register_errors
+from app.errors import InvalidRequest, register_errors
 from app.models import EMAIL_TYPE, KEY_TYPE_NORMAL, InvitedOrganisationUser
 from app.notifications.process_notifications import (
    persist_notification,
@@ -20,14 +24,12 @@ from app.organisation.organisation_schema import (
 )
 from app.schema_validation import validate

-organisation_invite_blueprint = Blueprint(
-    'organisation_invite', __name__,
-    url_prefix='/organisation/<uuid:organisation_id>/invite')
+organisation_invite_blueprint = Blueprint('organisation_invite', __name__)

 register_errors(organisation_invite_blueprint)


-@organisation_invite_blueprint.route('', methods=['POST'])
+@organisation_invite_blueprint.route('/organisation/<uuid:organisation_id>/invite', methods=['POST'])
 def invite_user_to_org(organisation_id):
    data = request.get_json()
    validate(data, post_create_invited_org_user_status_schema)
@@ -69,21 +71,27 @@ def invite_user_to_org(organisation_id):
    return jsonify(data=invited_org_user.serialize()), 201


-@organisation_invite_blueprint.route('', methods=['GET'])
+@organisation_invite_blueprint.route('/organisation/<uuid:organisation_id>/invite', methods=['GET'])
 def get_invited_org_users_by_organisation(organisation_id):
    invited_org_users = get_invited_org_users_for_organisation(organisation_id)
    return jsonify(data=[x.serialize() for x in invited_org_users]), 200


-@organisation_invite_blueprint.route('/<invited_org_user_id>', methods=['GET'])
+@organisation_invite_blueprint.route(
+    '/organisation/<uuid:organisation_id>/invite/<invited_org_user_id>',
+    methods=['GET']
+)
 def get_invited_org_user_by_organisation(organisation_id, invited_org_user_id):
-    invited_org_user = get_invited_org_user(organisation_id, invited_org_user_id)
+    invited_org_user = dao_get_invited_org_user(organisation_id, invited_org_user_id)
    return jsonify(data=invited_org_user.serialize()), 200


-@organisation_invite_blueprint.route('/<invited_org_user_id>', methods=['POST'])
+@organisation_invite_blueprint.route(
+    '/organisation/<uuid:organisation_id>/invite/<invited_org_user_id>',
+    methods=['POST']
+)
 def update_org_invite_status(organisation_id, invited_org_user_id):
-    fetched = get_invited_org_user(organisation_id=organisation_id, invited_org_user_id=invited_org_user_id)
+    fetched = dao_get_invited_org_user(organisation_id=organisation_id, invited_org_user_id=invited_org_user_id)

    data = request.get_json()
    validate(data, post_update_invited_org_user_status_schema)
@@ -105,3 +113,32 @@ def invited_org_user_url(invited_org_user_id, invite_link_host=None):
        invite_link_host = current_app.config['ADMIN_BASE_URL']

    return '{0}/organisation-invitation/{1}'.format(invite_link_host, token)
+
+
+@organisation_invite_blueprint.route('/invite/organisation/<uuid:invited_org_user_id>', methods=['GET'])
+def get_invited_org_user(invited_org_user_id):
+    invited_user = dao_get_invited_organisation_user(invited_org_user_id)
+    return jsonify(data=invited_user.serialize()), 200
+
+
+@organisation_invite_blueprint.route('/invite/organisation/<token>', methods=['GET'])
+def validate_invitation_token(token):
+
+    max_age_seconds = 60 * 60 * 24 * current_app.config['INVITATION_EXPIRATION_DAYS']
+
+    try:
+        invited_user_id = check_token(token,
+                                      current_app.config['SECRET_KEY'],
+                                      current_app.config['DANGEROUS_SALT'],
+                                      max_age_seconds)
+    except SignatureExpired:
+        errors = {'invitation':
+                  'Your invitation to GOV.UK Notify has expired. '
+                  'Please ask the person that invited you to send you another one'}
+        raise InvalidRequest(errors, status_code=400)
+    except BadData:
+        errors = {'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'}
+        raise InvalidRequest(errors, status_code=400)
+
+    invited_user = dao_get_invited_organisation_user(invited_user_id)
+    return jsonify(data=invited_user.serialize()), 200