Add a new endpoint for deleting the invitation-id from session.

Used to "log" a user out in the manual invite flow

Add a new endpoint for deleting the invitation-id from session.
Used to "log" a user out in the manual invite flow
355165a4 · Sivert Kronen Hatteberg · 93411b8c · 355165a4
Commit 355165a4 authored 3 years ago by Sivert Kronen Hatteberg
--- a/gregui/api/views/invitation.py
+++ b/gregui/api/views/invitation.py
-import logging
 from enum import Enum
+import logging
 from typing import Optional, List
+import structlog

 from django.core import exceptions
 from django.db import transaction
@@ -24,7 +25,7 @@ from gregui.api.serializers.invitation import InviteGuestSerializer
 from gregui.mailutils import send_invite_mail
 from gregui.models import GregUserProfile

-logger = logging.getLogger(__name__)
+logger = structlog.getLogger(__name__)


 class InvitationView(CreateAPIView, DestroyAPIView):
@@ -91,9 +92,7 @@ class InvitationView(CreateAPIView, DestroyAPIView):
            # not be verified, but including that check just in case here.
            # If this is the case then there is an unexpected situation, the cancel option
            # should only apply to guests that have not completed the registration
-            logger.warning(
-                f"Attempting to delete invitation for already registered guest with person ID {person_id}"
-            )
+            logger.warning("try_delete_registered_invite", person_id=person_id)
            return Response(status=status.HTTP_400_BAD_REQUEST)

        # Delete the person. The delete will cascade and all roles, identities and invitations will be removed.
@@ -109,7 +108,7 @@ class CheckInvitationView(APIView):
    permission_classes = [AllowAny]
    throttle_classes = [AnonRateThrottle]

-    def post(self, request, *args, **kwargs):
+    def post(self, request, *args, **kwargs) -> Response:
        """
        Endpoint for verifying and setting invite_id in session.

@@ -132,6 +131,16 @@ class CheckInvitationView(APIView):
        request.session["invite_id"] = invite_id
        return Response(status=status.HTTP_200_OK)

+    def delete(self, request, *args, **kwargs) -> Response:
+        if "invite_id" in request.session:
+            logging.info(
+                "invitation_session_deleted", invite_id=request.session["invite_id"]
+            )
+            del request.session["invite_id"]
+            return Response(status.HTTP_200_OK)
+
+        return Response(status=status.HTTP_403_FORBIDDEN)
+

 class SessionType(Enum):
    INVITE = "invite"
@@ -322,9 +331,7 @@ class ResendInvitationView(UpdateModelMixin, APIView):
        if non_expired_links.count() > 0:
            if non_expired_links.count() > 1:
                # Do not expect this to happen
-                logger.warning(
-                    f"Person with ID {person_id} has multiple invitation links"
-                )
+                logger.warning("found_multiple_invitation_links", person_id=person_id)

            # Just resend all and do not create a new one
            for link in non_expired_links:
@@ -339,9 +346,7 @@ class ResendInvitationView(UpdateModelMixin, APIView):
                # Do not expected that a person has several open invitations, it could happen
                # if he has been invited by different sponsor at the same time, but that
                # could be an indication that there has been a mixup
-                logger.warning(
-                    f"Multiple invitations exist for person with ID {person_id}"
-                )
+                logger.warning("found_multiple_invitations", person_id=person_id)

            for invitation in invitations_to_resend:
                invitation_link = InvitationLink.objects.create(