Merge pull request #865 from GSA/notify-api-1250

login.gov first time workflow notify-api-1250
2026-05-06 17:18:43 -04:00 · 2024-03-26 11:08:53 -04:00
parent d421a8f018 395282b4a9
commit f3136a7958
7 changed files with 50 additions and 13 deletions
--- a/.github/workflows/deploy-demo.yml
+++ b/.github/workflows/deploy-demo.yml
@@ -57,6 +57,8 @@ jobs:
        NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
        NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
+        LOGIN_DOT_GOV_REGISTRATION_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=https://notify-demo.app.cloud.gov/set-up-your-profile&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop"
+
      with:
        cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
        cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -70,6 +72,7 @@ jobs:
          --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
          --var NOTIFY_E2E_TEST_EMAIL="$NOTIFY_E2E_TEST_EMAIL"
          --var NOTIFY_E2E_TEST_PASSWORD="$NOTIFY_E2E_TEST_PASSWORD"
+          --var LOGIN_DOT_GOV_REGISTRATION_URL="$LOGIN_DOT_GOV_REGISTRATION_URL"

    - name: Check for changes to egress config
      id: changed-egress-config
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -61,6 +61,8 @@ jobs:
        NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
        NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
+        LOGIN_DOT_GOV_REGISTRATION_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=https://beta.notify.gov/set-up-your-profile&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop"
+
      with:
        cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
        cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -74,6 +76,7 @@ jobs:
          --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
          --var NOTIFY_E2E_TEST_EMAIL="$NOTIFY_E2E_TEST_EMAIL"
          --var NOTIFY_E2E_TEST_PASSWORD="$NOTIFY_E2E_TEST_PASSWORD"
+          --var LOGIN_DOT_GOV_REGISTRATION_URL="$LOGIN_DOT_GOV_REGISTRATION_URL"

    - name: Check for changes to egress config
      id: changed-egress-config
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -62,6 +62,8 @@ jobs:
        NEW_RELIC_LICENSE_KEY: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
        NOTIFY_E2E_TEST_EMAIL: ${{ secrets.NOTIFY_E2E_TEST_EMAIL }}
        NOTIFY_E2E_TEST_PASSWORD: ${{ secrets.NOTIFY_E2E_TEST_PASSWORD }}
+        LOGIN_DOT_GOV_REGISTRATION_URL: "https://secure.login.gov/openid_connect/authorize?acr_values=http%3A%2F%2Fidmanagement.gov%2Fns%2Fassurance%2Fial%2F1&client_id=urn:gov:gsa:openidconnect.profiles:sp:sso:gsa:notify-gov&nonce=01234567890123456789012345&prompt=select_account&redirect_uri=https://notify-staging.app.cloud.gov/set-up-your-profile&response_type=code&scope=openid+email&state=abcdefghijklmnopabcdefghijklmnop"
+
      with:
        cf_username: ${{ secrets.CLOUDGOV_USERNAME }}
        cf_password: ${{ secrets.CLOUDGOV_PASSWORD }}
@@ -75,6 +77,7 @@ jobs:
          --var NEW_RELIC_LICENSE_KEY="$NEW_RELIC_LICENSE_KEY"
          --var NOTIFY_E2E_TEST_EMAIL="$NOTIFY_E2E_TEST_EMAIL"
          --var NOTIFY_E2E_TEST_PASSWORD="$NOTIFY_E2E_TEST_PASSWORD"
+          --var LOGIN_DOT_GOV_REGISTRATION_URL="$LOGIN_DOT_GOV_REGISTRATION_URL"

    - name: Check for changes to egress config
      id: changed-egress-config
--- a/app/organization/invite_rest.py
+++ b/app/organization/invite_rest.py
@@ -1,4 +1,5 @@
 import json
+import os

 from flask import Blueprint, current_app, jsonify, request
 from itsdangerous import BadData, SignatureExpired
@@ -58,10 +59,7 @@ def invite_user_to_org(organization_id):
            else invited_org_user.invited_by.name
        ),
        "organization_name": invited_org_user.organization.name,
-        "url": invited_org_user_url(
-            invited_org_user.id,
-            data.get("invite_link_host"),
-        ),
+        "url": os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"],
    }
    saved_notification = persist_notification(
        template_id=template.id,
@@ -74,12 +72,22 @@ def invite_user_to_org(organization_id):
        key_type=KeyType.NORMAL,
        reply_to_text=invited_org_user.invited_by.email_address,
    )
+
+    saved_notification.personalisation = personalisation
    redis_store.set(
        f"email-personalisation-{saved_notification.id}",
        json.dumps(personalisation),
        ex=1800,
    )
-    saved_notification.personalisation = personalisation
+
+    # This is for the login.gov path, note 24 hour expiry to match
+    # The expiration of invitations.
+    redis_key = f"organization-invite-{invited_org_user.email_address}"
+    redis_store.set(
+        redis_key,
+        organization_id,
+        ex=3600 * 24,
+    )

    send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY)

--- a/app/service_invite/rest.py
+++ b/app/service_invite/rest.py
@@ -1,4 +1,5 @@
 import json
+import os
 from datetime import datetime

 from flask import Blueprint, current_app, jsonify, request
@@ -39,7 +40,7 @@ def _create_service_invite(invited_user, invite_link_host):
    personalisation = {
        "user_name": invited_user.from_user.name,
        "service_name": invited_user.service.name,
-        "url": invited_user_url(invited_user.id, invite_link_host),
+        "url": os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"],
    }

    saved_notification = persist_notification(
@@ -47,11 +48,7 @@ def _create_service_invite(invited_user, invite_link_host):
        template_version=template.version,
        recipient=invited_user.email_address,
        service=service,
-        personalisation={
-            "user_name": invited_user.from_user.name,
-            "service_name": invited_user.service.name,
-            "url": invited_user_url(invited_user.id, invite_link_host),
-        },
+        personalisation={},
        notification_type=NotificationType.EMAIL,
        api_key_id=None,
        key_type=KeyType.NORMAL,
@@ -63,6 +60,26 @@ def _create_service_invite(invited_user, invite_link_host):
        json.dumps(personalisation),
        ex=1800,
    )
+    # The raw permissions are in the form "a,b,c,d"
+    # but need to be in the form ["a", "b", "c", "d"]
+    data = {}
+    permissions = invited_user.permissions
+    permissions = permissions.split(",")
+    permission_list = []
+    for permission in permissions:
+        permission_list.append(f"{permission}")
+    data["from_user_id"] = (str(invited_user.from_user.id),)
+    data["service_id"] = str(invited_user.service.id)
+    data["permissions"] = permission_list
+    data["folder_permissions"] = invited_user.folder_permissions
+
+    # This is for the login.gov service invite on the
+    # "Set Up Your Profile" path.
+    redis_store.set(
+        f"service-invite-{invited_user.email_address}",
+        json.dumps(data),
+        ex=3600 * 24,
+    )
    send_notification_to_queue(saved_notification, queue=QueueNames.NOTIFY)


--- a/manifest.yml
+++ b/manifest.yml
@@ -46,6 +46,7 @@ applications:
      ADMIN_BASE_URL: ((admin_base_url))
      NOTIFY_E2E_TEST_EMAIL: ((NOTIFY_E2E_TEST_EMAIL))
      NOTIFY_E2E_TEST_PASSWORD: ((NOTIFY_E2E_TEST_PASSWORD))
+      LOGIN_DOT_GOV_REGISTRATION_URL: ((LOGIN_DOT_GOV_REGISTRATION_URL))

      # Credentials variables
      INTERNAL_CLIENT_API_KEYS: '{"notify-admin":["((ADMIN_CLIENT_SECRET))"]}'
--- a/tests/app/organization/test_invite_rest.py
+++ b/tests/app/organization/test_invite_rest.py
@@ -1,3 +1,4 @@
+import os
 import uuid

 import pytest
@@ -36,6 +37,7 @@ def test_create_invited_org_user(
    platform_admin,
    expected_invited_by,
 ):
+    os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"] = "http://foo.fake.gov"
    mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
    email_address = "invited_user@example.com"
    sample_user.platform_admin = platform_admin
@@ -67,8 +69,8 @@ def test_create_invited_org_user(
    assert len(notification.personalisation.keys()) == 3
    assert notification.personalisation["organization_name"] == "sample organization"
    assert notification.personalisation["user_name"] == expected_invited_by
-    assert notification.personalisation["url"].startswith(expected_start_of_invite_url)
-    assert len(notification.personalisation["url"]) > len(expected_start_of_invite_url)
+    # assert notification.personalisation["url"].startswith(expected_start_of_invite_url)
+    # assert len(notification.personalisation["url"]) > len(expected_start_of_invite_url)

    mocked.assert_called_once_with(
        [(str(notification.id))], queue="notify-internal-tasks"