Mpt 5362 as a fin ops operator i can invite users to join my organisation (#25)

* Add API to decline an invitation and to register an invited user.
Add new tests to cover the new functionalities.

* WIP. Add functions to check if a user can be safely deleted as a result of a declined invitations.
Add tests to cover the new funzionalities
Add API method to remove users from OptScale

* Add pydantic v2 SettingsConfigDict and ConfigDict to models and config.
Improve Test coverage and density.
Complete functions/endpoints documentations.
Add JTW to decline an invitation.

* Add admin_api_key as additional parameters to the remove_user function.
Update tests

* Remove invitation from omit

* Add invite validation before registering an invited user.
Remove JTW from /decline because the token is provided by the UI.
Updated the tests. Rename external_services.py to invitations.py

Author: antoniodimariano

app/core/api_client.py

@@ -84,6 +84,8 @@ async def _make_request(
                     }
             else:
                 # Handle non-JSON response
+                if response.status_code == 204:
+                    return {}
                 logger.warning(
                     "Response is not JSON as indicated by Content-Type header."
                 )

app/core/config.py

@@ -1,4 +1,8 @@
-from pydantic_settings import BaseSettings
+import pathlib
+
+from pydantic_settings import BaseSettings, SettingsConfigDict
+
+PROJECT_ROOT = pathlib.Path(__file__).parent.parent
 
 
 class Settings(BaseSettings):
@@ -18,5 +22,7 @@ class Settings(BaseSettings):
     leeway: float = 30.0
     default_request_timeout: int = 10  # API Client
 
-    class Config:
-        env_file = "/app/.env.test"
+    model_config = SettingsConfigDict(
+        env_file=PROJECT_ROOT / ".env",
+        env_file_encoding="utf-8",
+    )

app/core/exceptions.py

@@ -28,6 +28,12 @@ class UserOrgCreationError(Exception):
     pass
 
 
+class InvitationDoesNotExist(Exception):
+    """Custom exception for validating a user invitation ."""
+
+    pass
+
+
 class OptScaleAPIResponseError(Exception):
     """
     Custom exception class for handling errors in the OptScale API responses.

app/invitations/api.py

@@ -0,0 +1,101 @@
+import logging
+
+from fastapi import APIRouter, BackgroundTasks, Depends
+from fastapi import status as http_status
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from starlette.responses import JSONResponse
+
+from app import settings
+from app.core.exceptions import (
+    InvitationDoesNotExist,
+    OptScaleAPIResponseError,
+    handle_exception,
+)
+from app.invitations.model import (
+    DeclineInvitation,
+    RegisteredInvitedUserResponse,
+    RegisterInvitedUser,
+)
+from app.invitations.services.invitations import (
+    register_invited_user_on_optscale,
+    remove_user,
+)
+from app.optscale_api.invitation_api import OptScaleInvitationAPI
+from app.optscale_api.orgs_api import OptScaleOrgAPI
+from app.optscale_api.users_api import OptScaleUserAPI
+
+# HTTPBearer scheme to parse Authorization header
+bearer_scheme = HTTPBearer()
+logger = logging.getLogger(__name__)
+router = APIRouter()
+
+
+def get_bearer_token(
+    auth: HTTPAuthorizationCredentials = Depends(bearer_scheme),
+) -> str:
+    return auth.credentials  # Return the raw token
+
+
+def get_optscale_user_api() -> OptScaleUserAPI:
+    return OptScaleUserAPI()
+
+
+@router.post(
+    path="/users",
+    status_code=http_status.HTTP_201_CREATED,
+    response_model=RegisteredInvitedUserResponse,
+)
+async def register_invited(
+    data: RegisterInvitedUser,
+    user_api: OptScaleUserAPI = Depends(get_optscale_user_api),
+):  # noqa: E501
+    try:
+        response = await register_invited_user_on_optscale(
+            email=str(data.email),
+            display_name=data.display_name,
+            password=data.password,
+            user_api=user_api,
+        )
+        return JSONResponse(
+            status_code=response.get("status_code", http_status.HTTP_201_CREATED),
+            content=response.get("data", {}),
+        )
+
+    except (OptScaleAPIResponseError, InvitationDoesNotExist) as error:
+        handle_exception(error=error)
+
+
+@router.post(
+    path="/users/invites/{invite_id}/decline",
+    status_code=http_status.HTTP_200_OK,
+)
+async def decline_invitation(
+    invite_id: str,
+    data: DeclineInvitation,
+    background_task: BackgroundTasks,
+    invitation_api: OptScaleInvitationAPI = Depends(),
+    org_api: OptScaleOrgAPI = Depends(),
+    user_api: OptScaleUserAPI = Depends(),
+    invited_user_token: str = Depends(get_bearer_token),
+):
+    try:
+        user_id = data.user_id
+        response = await invitation_api.decline_invitation(
+            user_access_token=invited_user_token, invitation_id=invite_id
+        )
+
+        background_task.add_task(
+            remove_user,
+            user_access_token=invited_user_token,
+            user_id=user_id,
+            invitation_api=invitation_api,
+            org_api=org_api,
+            user_api=user_api,
+            admin_api_key=settings.admin_token,
+        )
+        return JSONResponse(
+            status_code=response.get("status_code", http_status.HTTP_200_OK),
+            content={"response": "Invitation declined"},
+        )
+    except OptScaleAPIResponseError as error:
+        handle_exception(error=error)

app/invitations/model.py

@@ -0,0 +1,59 @@
+from __future__ import annotations
+
+from pydantic import BaseModel, ConfigDict, EmailStr, constr
+
+
+class RegisterInvitedUser(BaseModel):
+    email: EmailStr
+    display_name: str
+    password: constr(min_length=8)
+    model_config = ConfigDict(
+        json_schema_extra={
+            "example": [
+                {
+                    "email": "peter.parker@spiderman.com",
+                    "display_name": "Peter Parker",
+                    "password": "superC00lPassword123",
+                }
+            ]
+        }
+    )
+
+
+class DeclineInvitation(BaseModel):
+    user_id: str
+
+
+class RegisteredInvitedUserResponse(BaseModel):
+    id: str
+    display_name: str
+    is_active: bool
+    type_id: int
+    email: EmailStr
+    verified: bool
+    scope_id: str | None
+    slack_connected: bool
+    is_password_autogenerated: bool
+    jira_connected: bool
+    token: None
+    model_config = ConfigDict(
+        json_schema_extra={
+            "examples": [
+                {
+                    "created_at": 1730126521,
+                    "deleted_at": 0,
+                    "id": "f0bd0c4a-7c55-45b7-8b58-27740e38789a",
+                    "display_name": "Spider Man",
+                    "is_active": True,
+                    "type_id": 1,
+                    "email": "peter.parker@iamspiderman.com",
+                    "verified": False,
+                    "scope_id": None,
+                    "slack_connected": False,
+                    "is_password_autogenerated": False,
+                    "jira_connected": False,
+                    "token": "JTW_TOKEN",
+                }
+            ]
+        }
+    )

app/invitations/services/__init__.py

@@ -0,0 +1,138 @@
+from __future__ import annotations
+
+import asyncio
+import functools
+import logging
+
+from fastapi import Depends
+
+from app import settings
+from app.core.exceptions import InvitationDoesNotExist, OptScaleAPIResponseError
+from app.optscale_api.invitation_api import OptScaleInvitationAPI
+from app.optscale_api.orgs_api import OptScaleOrgAPI
+from app.optscale_api.users_api import OptScaleUserAPI
+
+logger = logging.getLogger(__name__)
+
+
+def validate_invitation():  # noqa: E501
+    def decorator(func):
+        @functools.wraps(func)
+        async def wrapper(*args, **kwargs):
+            email = kwargs.get("email")
+            invitation_api = OptScaleInvitationAPI()
+            response = await invitation_api.get_list_of_invitations(email=email)
+            no_invitations = {"invites": []}
+            if response.get("data", {}) == no_invitations:
+                # there is no invitation
+                raise InvitationDoesNotExist("Invitation not found")
+            return await func(*args, **kwargs)
+
+        return wrapper
+
+    return decorator
+
+
+@validate_invitation()
+async def register_invited_user_on_optscale(
+    email: str,
+    display_name: str,
+    password: str,
+    user_api: OptScaleUserAPI,
+) -> dict[str, str] | Exception:
+    """
+    Registers invited users to OptScale, without
+    verification.
+
+    :param user_api: an instance of OptScaleUserAPI
+    :param email: The email of the given user to register
+    :param display_name: The display name of the user
+    :param password: The password of the user
+    :return: dict[str, str] : User information.
+    :raises: OptScaleAPIResponseError if any error occurs
+        contacting the OptScale APIs
+    """
+    try:
+        response = await user_api.create_user(
+            email=email,
+            display_name=display_name,
+            password=password,
+            admin_api_key=settings.admin_token,
+            verified=False,
+        )
+        logger.info(f"Invited User successfully registered: {response}")
+        return response
+    except OptScaleAPIResponseError as error:
+        logger.error(f"An error {error} occurred registering the invited user {email}")
+        raise
+    except InvitationDoesNotExist:
+        logger.error(f"There is no invitation for this email  {email}")
+        raise
+
+
+async def validate_user_delete(
+    user_token: str,
+    invitation_api: OptScaleInvitationAPI = Depends(),
+    org_api: OptScaleOrgAPI = Depends(),
+) -> bool:
+    """
+    Validates if a user can be deleted by checking invitations and organizations.
+
+    :param invitation_api: An instance of OptScaleInvitationAPI
+    :param org_api: An instance of OptScaleOrgAPI
+    :param user_token: The Access Token of the user to be deleted
+    :return: True if the user has no invitations and organizations. False, otherwise
+    :raises An Exception if an error occurs.
+    """
+    try:
+        response_invitation, response_organization = await asyncio.gather(
+            invitation_api.get_list_of_invitations(user_access_token=user_token),
+            org_api.get_user_org_list(user_access_token=user_token),
+        )
+        no_org_response = {"organizations": []}
+        no_invitations_response = {"invites": []}
+        return (
+            response_invitation.get("data", {}) == no_invitations_response
+            and response_organization.get("data", {}) == no_org_response
+        )
+    except Exception as error:
+        logger.error(f"Exception during deletion user validation:{error}")
+        return False
+
+
+async def remove_user(
+    user_id: str,
+    user_access_token: str,
+    admin_api_key: str,
+    invitation_api: OptScaleInvitationAPI = Depends(),
+    org_api: OptScaleOrgAPI = Depends(),
+    user_api: OptScaleUserAPI = Depends(),
+) -> bool:
+    """
+    Removes a user if they have no invitations or organizations.
+    :param admin_api_key: The Secret admin key to add to the Headers
+    :param user_id: the user ID to be deleted
+    :param user_access_token: The Access Token of the given User
+    :param invitation_api: An instance of the OptScaleInvitationAPI
+    :param org_api: an instance of the OptScaleOrgAPI
+    :param user_api: An instance of OptScaleUserAPI
+    :return: True if the user was successfully deleted, False otherwise.
+    :raises OptScaleAPIResponseError if any error occurs
+        contacting the OptScale APIs
+    """
+    validate_delete = await validate_user_delete(
+        user_token=user_access_token, invitation_api=invitation_api, org_api=org_api
+    )
+    if validate_delete:
+        try:
+            await user_api.delete_user(
+                user_id=user_id,
+                admin_api_key=admin_api_key,
+            )
+            logger.info(f"The user {user_id} was successfully deleted")
+            return True
+        except OptScaleAPIResponseError:
+            logger.error(f"Error deleting user:{user_id}")
+            return False
+    logger.info(f"The user {user_id} cannot be deleted.")
+    return False