From 355165a461783ca3d4ef2b018ee6f5fdcfde24bc Mon Sep 17 00:00:00 2001
From: Sivert Kronen Hatteberg <skh@uio.no>
Date: Mon, 6 Dec 2021 22:05:06 +0100
Subject: [PATCH] Add a new endpoint for deleting the invitation-id from
session.
Used to "log" a user out in the manual invite flow
---
gregui/api/views/invitation.py | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/gregui/api/views/invitation.py b/gregui/api/views/invitation.py
index 2a36d024..4500c69b 100644
--- a/gregui/api/views/invitation.py
+++ b/gregui/api/views/invitation.py
@@ -1,6 +1,7 @@
-import logging
from enum import Enum
+import logging
from typing import Optional, List
+import structlog
from django.core import exceptions
from django.db import transaction
@@ -24,7 +25,7 @@ from gregui.api.serializers.invitation import InviteGuestSerializer
from gregui.mailutils import send_invite_mail
from gregui.models import GregUserProfile
-logger = logging.getLogger(__name__)
+logger = structlog.getLogger(__name__)
class InvitationView(CreateAPIView, DestroyAPIView):
@@ -91,9 +92,7 @@ class InvitationView(CreateAPIView, DestroyAPIView):
# not be verified, but including that check just in case here.
# If this is the case then there is an unexpected situation, the cancel option
# should only apply to guests that have not completed the registration
- logger.warning(
- f"Attempting to delete invitation for already registered guest with person ID {person_id}"
- )
+ logger.warning("try_delete_registered_invite", person_id=person_id)
return Response(status=status.HTTP_400_BAD_REQUEST)
# Delete the person. The delete will cascade and all roles, identities and invitations will be removed.
@@ -109,7 +108,7 @@ class CheckInvitationView(APIView):
permission_classes = [AllowAny]
throttle_classes = [AnonRateThrottle]
- def post(self, request, *args, **kwargs):
+ def post(self, request, *args, **kwargs) -> Response:
"""
Endpoint for verifying and setting invite_id in session.
@@ -132,6 +131,16 @@ class CheckInvitationView(APIView):
request.session["invite_id"] = invite_id
return Response(status=status.HTTP_200_OK)
+ def delete(self, request, *args, **kwargs) -> Response:
+ if "invite_id" in request.session:
+ logging.info(
+ "invitation_session_deleted", invite_id=request.session["invite_id"]
+ )
+ del request.session["invite_id"]
+ return Response(status.HTTP_200_OK)
+
+ return Response(status=status.HTTP_403_FORBIDDEN)
+
class SessionType(Enum):
INVITE = "invite"
@@ -322,9 +331,7 @@ class ResendInvitationView(UpdateModelMixin, APIView):
if non_expired_links.count() > 0:
if non_expired_links.count() > 1:
# Do not expect this to happen
- logger.warning(
- f"Person with ID {person_id} has multiple invitation links"
- )
+ logger.warning("found_multiple_invitation_links", person_id=person_id)
# Just resend all and do not create a new one
for link in non_expired_links:
@@ -339,9 +346,7 @@ class ResendInvitationView(UpdateModelMixin, APIView):
# Do not expected that a person has several open invitations, it could happen
# if he has been invited by different sponsor at the same time, but that
# could be an indication that there has been a mixup
- logger.warning(
- f"Multiple invitations exist for person with ID {person_id}"
- )
+ logger.warning("found_multiple_invitations", person_id=person_id)
for invitation in invitations_to_resend:
invitation_link = InvitationLink.objects.create(
--
GitLab