Merge pull request #418 from dod-ccpo/invited-user-#160301892

Invited user #160301892

atst/domain/invitations.py

@@ -8,6 +8,27 @@ from atst.domain.workspace_users import WorkspaceUsers
 from .exceptions import NotFoundError
 
 
+class WrongUserError(Exception):
+    def __init__(self, user, invite):
+        self.user = user
+        self.invite = invite
+
+    @property
+    def message(self):
+        return "User {} with DOD ID {} does not match expected DOD ID {} for invitation {}".format(
+            self.user.id, self.user.dod_id, self.invite.user.dod_id, self.invite.id
+        )
+
+
+class ExpiredError(Exception):
+    def __init__(self, invite):
+        self.invite = invite
+
+    @property
+    def message(self):
+        return "Invitation {} has expired.".format(self.invite.id)
+
+
 class InvitationError(Exception):
     def __init__(self, invite):
         self.invite = invite
@@ -45,26 +66,36 @@ class Invitations(object):
         return invite
 
     @classmethod
-    def accept(cls, token):
+    def accept(cls, user, token):
         invite = Invitations._get(token)
 
-        if invite.is_expired:
-            invite.status = InvitationStatus.REJECTED
-        elif invite.is_pending:
-            invite.status = InvitationStatus.ACCEPTED
+        if invite.user.dod_id != user.dod_id:
+            if invite.is_pending:
+                Invitations._update_status(invite, InvitationStatus.REJECTED)
+            raise WrongUserError(user, invite)
 
-        db.session.add(invite)
-        db.session.commit()
+        elif invite.is_expired:
+            Invitations._update_status(invite, InvitationStatus.REJECTED)
+            raise ExpiredError(invite)
 
-        if invite.is_revoked or invite.is_rejected:
+        elif invite.is_accepted or invite.is_revoked or invite.is_rejected:
             raise InvitationError(invite)
 
-        WorkspaceUsers.enable(invite.workspace_role)
-
-        return invite
+        elif invite.is_pending:
+            Invitations._update_status(invite, InvitationStatus.ACCEPTED)
+            WorkspaceUsers.enable(invite.workspace_role)
+            return invite
 
     @classmethod
     def current_expiration_time(cls):
         return datetime.datetime.now() + datetime.timedelta(
             minutes=Invitations.EXPIRATION_LIMIT_MINUTES
         )
+
+    @classmethod
+    def _update_status(cls, invite, new_status):
+        invite.status = new_status
+        db.session.add(invite)
+        db.session.commit()
+
+        return invite

atst/routes/__init__.py

@@ -2,6 +2,7 @@ import urllib.parse as url
 from flask import Blueprint, render_template, g, redirect, session, url_for, request
 
 from flask import current_app as app
+from jinja2.exceptions import TemplateNotFound
 import pendulum
 import os
 
@@ -10,6 +11,7 @@ from atst.domain.users import Users
 from atst.domain.authnid import AuthenticationContext
 from atst.domain.audit_log import AuditLog
 from atst.domain.auth import logout as _logout
+from werkzeug.exceptions import NotFound
 
 
 bp = Blueprint("atst", __name__)
@@ -77,7 +79,10 @@ def styleguide():
 
 @bp.route("/<path:path>")
 def catch_all(path):
-    return render_template("{}.html".format(path))
+    try:
+        return render_template("{}.html".format(path))
+    except TemplateNotFound:
+        raise NotFound()
 
 
 def _make_authentication_context():

atst/routes/errors.py

@@ -3,27 +3,35 @@ from flask_wtf.csrf import CSRFError
 import werkzeug.exceptions as werkzeug_exceptions
 
 import atst.domain.exceptions as exceptions
-from atst.domain.invitations import InvitationError
+from atst.domain.invitations import (
+    InvitationError,
+    ExpiredError as InvitationExpiredError,
+    WrongUserError as InvitationWrongUserError,
+)
+
+
+def log_error(e):
+    error_message = e.message if hasattr(e, "message") else str(e)
+    current_app.logger.error(error_message)
+
+
+def handle_error(e, message="Not Found", code=404):
+    log_error(e)
+    return render_template("error.html", message=message), code
 
 
 def make_error_pages(app):
-    def log_error(e):
-        error_message = e.message if hasattr(e, "message") else str(e)
-        app.logger.error(error_message)
-
     @app.errorhandler(werkzeug_exceptions.NotFound)
     @app.errorhandler(exceptions.NotFoundError)
     @app.errorhandler(exceptions.UnauthorizedError)
     # pylint: disable=unused-variable
     def not_found(e):
-        log_error(e)
-        return render_template("error.html", message="Not Found"), 404
+        return handle_error(e)
 
     @app.errorhandler(exceptions.UnauthenticatedError)
     # pylint: disable=unused-variable
     def unauthorized(e):
-        log_error(e)
-        return render_template("error.html", message="Log in Failed"), 401
+        return handle_error(e, message="Log in Failed", code=401)
 
     @app.errorhandler(CSRFError)
     # pylint: disable=unused-variable
@@ -43,14 +51,16 @@ def make_error_pages(app):
         )
 
     @app.errorhandler(InvitationError)
+    @app.errorhandler(InvitationWrongUserError)
     # pylint: disable=unused-variable
     def invalid_invitation(e):
-        log_error(e)
-        return (
-            render_template(
-                "error.html", message="The invitation link you clicked is invalid."
-            ),
-            404,
+        return handle_error(e, message="The link you followed is invalid.", code=404)
+
+    @app.errorhandler(InvitationExpiredError)
+    # pylint: disable=unused-variable
+    def invalid_invitation(e):
+        return handle_error(
+            e, message="The invitation you followed has expired.", code=404
         )
 
     return app

atst/routes/workspaces.py

@@ -361,9 +361,7 @@ def update_member(workspace_id, member_id):
 
 @bp.route("/workspaces/invitation/<token>", methods=["GET"])
 def accept_invitation(token):
-    # TODO: check that the current_user DOD ID matches the user associated with
-    # the invitation
-    invite = Invitations.accept(token)
+    invite = Invitations.accept(g.current_user, token)
 
     return redirect(
         url_for("workspaces.show_workspace", workspace_id=invite.workspace.id)