Only accept project invitations whose email match new user email #2449
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
remove invitation_id and invitation_token query params from invitation email link. remove support for allowing a user to register using a different email from the one the invite was sent to add a post_save signal to accept only invitations that match the new user email and remove implementation for accepting invitation from the UserProfileSerializer. This is because a user can also be created using OIDC
kelvin-muchiri
changed the title
kelvin-muchiri
added a commit
that referenced
this pull request
Jul 20, 2023
* remove project invitation id and token verification remove invitation_id and invitation_token query params from invitation email link. remove support for allowing a user to register using a different email from the one the invite was sent to add a post_save signal to accept only invitations that match the new user email and remove implementation for accepting invitation from the UserProfileSerializer. This is because a user can also be created using OIDC * update project invitation documentation
kelvin-muchiri
added a commit
that referenced
this pull request
Jul 20, 2023
* remove project invitation id and token verification remove invitation_id and invitation_token query params from invitation email link. remove support for allowing a user to register using a different email from the one the invite was sent to add a post_save signal to accept only invitations that match the new user email and remove implementation for accepting invitation from the UserProfileSerializer. This is because a user can also be created using OIDC * update project invitation documentation
kelvin-muchiri
added a commit
that referenced
this pull request
Jul 20, 2023
* remove project invitation id and token verification remove invitation_id and invitation_token query params from invitation email link. remove support for allowing a user to register using a different email from the one the invite was sent to add a post_save signal to accept only invitations that match the new user email and remove implementation for accepting invitation from the UserProfileSerializer. This is because a user can also be created using OIDC * update project invitation documentation
kelvin-muchiri
added a commit
that referenced
this pull request
Jul 20, 2023
* add ProjectInvitation model model to store a project invitation details * APIRequestFactory test * add tests for get project invitations list * add tests for get project invitations list * add create project invitation endpoint * add tests for create project invitation endpoint * update project invitation role * add endpoint to revoke project invitation * add endpoint to resend project invitation * update comments * restore onadata/libs/filters.py * make project invitation status readonly have status field in create project invitation endpoint readonly * add project invitation endpoints documentation add API documentation remove project key from API response * format project invitations documentation * format project invitations documentation * format project invitations documentation * format project invitations documentation * format project invitations documentation * update path for revoke, resend project invitation * expose ProjectInvitation model to Django admin * revert changes to expose ProjectInvitation in Django admin * fix lint errors fix lint errors for file onadata/libs/serializers/project_invitation_serializer * fix lint errors fix lint errors for file onadata/apps/logger/models/project_invitation.py * fix cylic dependency * fix linting errors * refactor code * add code comments * refactor code * suppress linting error suppress linting error abstract-method / Method 'create' is abstract in class 'BaseSerializer' but is not overridden * remove duplicate variable declaration * separate update project invitation from create * add test case to update project invitation * fix typo in docs * fix typo in docs * Send and accept project invitation (#2443) * send project invitation email * add tests for ProjectInvitationEmailTestCase and refactor * accept project invitation accept all pending project invitations when user creates account * have invitation_id, invitation_token as query params change invitation_id, invitation_token from being submitted as part of the payload but instead received from query params * add tests for tasks add tests for send_project_invitation_email_async, accept_project_invitation_async * add documentation for accept project invitation * enhance project invitation docs * enhance project invitation docs * update method docstring * update method docstring * fix rst typos in docs * fix rst typos in docs * fix rst typos in docs * fix rst typos in docs * add fields invited_by, accepted_by for ProjectInvitation * remove unused code * update docs * add test case * provide flexibility to add extra context data to invitation email templates * catch exceptions * refactor code * refactor code * fix linting error * fix linting errors * fix linting erros * fix linting erros * fix linting errors * fix linting errors * fix linting errors * fix linting errors * fix linting errors * Update invitations url path Signed-off-by: Kipchirchir Sigei <[email protected]> * Fix typon in invitations endpoint methods Signed-off-by: Kipchirchir Sigei <[email protected]> * Cleanup Signed-off-by: Kipchirchir Sigei <[email protected]> * remove HTML ampersand character from invitation mail * remove unique together ProjectInvitation model there can be multiple revoked invitations. To support this, unique together integrity check has been removed. To prevent duplicate invitations from being created, a validation check has been added to the create invitation endpoint * refactor code * add temporary logging for debugging * log temporarily for debugging * log temporarily for debugging * log temp for debuggig * remove debugging logs * fix linting error add missing method docstring * share projects if invitation invalid/missing If id and token are invalid or are not provided but the user registers using an email that matches a pending invitation, then that project is shared with the user. * refactor code * fix failing test fix failing test remove PATCH support endpoint /api/v1/projects/{pk}/invitations update documentation * update documentatio * update documentation * fix bug when working with multipart/formdata * fix typo in docs * fix Invitation already exists when updating invitation when the email does not change when updating invitation, the error 'Invitation already exists' occurred. The fix was to have the check for uniqueness only when creating * fix 'User already exists' when updating an accepted invitation ensure only pending invitations can be updated * send project invtation email when email is updated * fix typo * Only accept project invitations whose email match new user email (#2449) * remove project invitation id and token verification remove invitation_id and invitation_token query params from invitation email link. remove support for allowing a user to register using a different email from the one the invite was sent to add a post_save signal to accept only invitations that match the new user email and remove implementation for accepting invitation from the UserProfileSerializer. This is because a user can also be created using OIDC * update project invitation documentation * fix linting errors * fix error when creating user with no password fix AttributeError: 'NoneType' object has no attribute 'lower' when creating a user with password field missing from the payload * validate password if not None when creating user * refactor cod * use queryset_iterator to iterate queryset --------- Signed-off-by: Kipchirchir Sigei <[email protected]> Co-authored-by: Kipchirchir Sigei <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes / Features implemented
invitation_idandinvitation_tokenquery params from link in the invitation email.invitation_idandinvitation_tokenfrom the link in the email. This is because of security reasons and also it's not going to work when using OIDCpost_savesignal to accept only invitations that match the new user email and remove implementation for accepting invitation from theUserProfileSerializer. This is because a user can also be created via OIDCSteps taken to verify this change does what is intended
Added tests
Side effects of implementing this change
Before submitting this PR for review, please make sure you have:
Closes #