remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2025-12-20 15:31:15 -05:00 · 2021-03-11 20:26:44 +00:00
parent 4471189b87
commit eab4a75e29
9 changed files with 267 additions and 205 deletions
--- a/app/service_invite/rest.py
+++ b/app/service_invite/rest.py
@@ -1,13 +1,16 @@
 from flask import Blueprint, current_app, jsonify, request
+from itsdangerous import BadData, SignatureExpired
+from notifications_utils.url_safe_token import check_token, generate_token

 from app.config import QueueNames
+from app.dao.invited_user_dao import get_invited_user as dao_get_invited_user
 from app.dao.invited_user_dao import (
-    get_invited_user,
+    get_invited_user_by_id,
    get_invited_users_for_service,
    save_invited_user,
 )
 from app.dao.templates_dao import dao_get_template_by_id
-from app.errors import register_errors
+from app.errors import InvalidRequest, register_errors
 from app.models import BROADCAST_TYPE, EMAIL_TYPE, KEY_TYPE_NORMAL, Service
 from app.notifications.process_notifications import (
    persist_notification,
@@ -15,12 +18,12 @@ from app.notifications.process_notifications import (
 )
 from app.schemas import invited_user_schema

-service_invite = Blueprint('service_invite', __name__, url_prefix='/service/<service_id>/invite')
+service_invite = Blueprint('service_invite', __name__)

 register_errors(service_invite)


-@service_invite.route('', methods=['POST'])
+@service_invite.route('/service/<service_id>/invite', methods=['POST'])
 def create_invited_user(service_id):
    request_json = request.get_json()
    invited_user, errors = invited_user_schema.load(request_json)
@@ -58,21 +61,21 @@ def create_invited_user(service_id):
    return jsonify(data=invited_user_schema.dump(invited_user).data), 201


-@service_invite.route('', methods=['GET'])
+@service_invite.route('/service/<service_id>/invite', methods=['GET'])
 def get_invited_users_by_service(service_id):
    invited_users = get_invited_users_for_service(service_id)
    return jsonify(data=invited_user_schema.dump(invited_users, many=True).data), 200


-@service_invite.route('/<invited_user_id>', methods=['GET'])
+@service_invite.route('/service/<service_id>/invite/<invited_user_id>', methods=['GET'])
 def get_invited_user_by_service(service_id, invited_user_id):
-    invited_user = get_invited_user(service_id, invited_user_id)
+    invited_user = dao_get_invited_user(service_id, invited_user_id)
    return jsonify(data=invited_user_schema.dump(invited_user).data), 200


-@service_invite.route('/<invited_user_id>', methods=['POST'])
+@service_invite.route('/service/<service_id>/invite/<invited_user_id>', methods=['POST'])
 def update_invited_user(service_id, invited_user_id):
-    fetched = get_invited_user(service_id=service_id, invited_user_id=invited_user_id)
+    fetched = dao_get_invited_user(service_id=service_id, invited_user_id=invited_user_id)

    current_data = dict(invited_user_schema.dump(fetched).data.items())
    current_data.update(request.get_json())
@@ -82,10 +85,38 @@ def update_invited_user(service_id, invited_user_id):


 def invited_user_url(invited_user_id, invite_link_host=None):
-    from notifications_utils.url_safe_token import generate_token
    token = generate_token(str(invited_user_id), current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])

    if invite_link_host is None:
        invite_link_host = current_app.config['ADMIN_BASE_URL']

    return '{0}/invitation/{1}'.format(invite_link_host, token)
+
+
+@service_invite.route('/invite/service/<uuid:invited_user_id>', methods=['GET'])
+def get_invited_user(invited_user_id):
+    invited_user = get_invited_user_by_id(invited_user_id)
+    return jsonify(data=invited_user_schema.dump(invited_user).data), 200
+
+
+@service_invite.route('/invite/service/<token>', methods=['GET'])
+def validate_service_invitation_token(token):
+
+    max_age_seconds = 60 * 60 * 24 * current_app.config['INVITATION_EXPIRATION_DAYS']
+
+    try:
+        invited_user_id = check_token(token,
+                                      current_app.config['SECRET_KEY'],
+                                      current_app.config['DANGEROUS_SALT'],
+                                      max_age_seconds)
+    except SignatureExpired:
+        errors = {'invitation':
+                  'Your invitation to GOV.UK Notify has expired. '
+                  'Please ask the person that invited you to send you another one'}
+        raise InvalidRequest(errors, status_code=400)
+    except BadData:
+        errors = {'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'}
+        raise InvalidRequest(errors, status_code=400)
+
+    invited_user = get_invited_user_by_id(invited_user_id)
+    return jsonify(data=invited_user_schema.dump(invited_user).data), 200