Allow sending invitation mails to users

Author: manisandro

schemas/qwc-admin-gui.json

@@ -124,6 +124,14 @@
         "default_qgis_server_url": {
           "description": "The default Qgis server URL. Required for 'themes' plugin.",
           "type": "string"
+        },
+        "application_name": {
+          "description": "The application name to display in the invite emails. Default: 'QWC'",
+          "type": "string"
+        },
+        "application_url": {
+          "description": "The application URL to display in the invite emails. Default: computed from the Admin GUI URL'",
+          "type": "string"
         }
       },
       "required": [

src/controllers/users_controller.py

@@ -1,24 +1,36 @@
 import os
+import secrets
 
-from flask import json
+from flask import json, flash, redirect, render_template, url_for
+from flask_mail import Message
 
 from .controller import Controller
 from forms import UserForm
 
+from utils import i18n
 
 class UsersController(Controller):
     """Controller for user model"""
 
-    def __init__(self, app, handler):
+    def __init__(self, app, handler, mail):
         """Constructor
 
         :param Flask app: Flask application
         :param handler: Tenant config handler
+        :param flask_mail.Mail mail: Application mailer
         """
         super(UsersController, self).__init__(
             "User", 'users', 'user', 'users', app, handler
         )
 
+        self.mail = mail
+
+        # send mail
+        app.add_url_rule(
+            '/%s/<int:id>/sendmail' % self.base_route, 'sendmail_%s' % self.endpoint_suffix, self.sendmail,
+            methods=['GET']
+        )
+
     def resources_for_index_query(self, search_text, session):
         """Return query for users list.
 
@@ -156,3 +168,74 @@ def create_or_update_resources(self, resource, form, session):
         self.update_collection(
             user.roles_collection, form.roles, self.Role, 'id', session
         )
+
+    def sendmail(self, id):
+        """Send mail with access link.
+
+        :param int id: User ID
+        """
+        if not self.app.config.get("MAIL_USERNAME", None):
+            flash(
+                i18n('interface.users.no_mail_config'),
+                'error'
+            )
+            return redirect(url_for(self.base_route))
+
+        self.setup_models()
+        # find user
+        with self.session() as session, session.begin():
+            user = self.find_resource(id, session)
+
+            if not user or not user.email:
+                flash(
+                    i18n('interface.users.no_user_email'),
+                    'error'
+                )
+                return redirect(url_for(self.base_route))
+
+            password = secrets.token_urlsafe(8).replace('-','0')
+            user.set_password(password)
+            user.force_password_change = True
+
+            app_name = self.handler().config().get("application_name", "QWC")
+            app_url = self.handler().config().get("application_url",
+                os.path.dirname(url_for('home', _external=True).rstrip("/")) + "/"
+            )
+
+            try:
+                body = render_template(
+                    '%s/invite_email_body.%s.txt' % (self.templates_dir, i18n.get('locale')),
+                    user=user, password=password, app_name=app_name
+                )
+            except:
+                body = render_template(
+                    '%s/invite_email_body.en.txt' % (self.templates_dir),
+                    user=user, password=password, app_name=app_name, app_url=app_url
+                )
+
+            try:
+                msg = Message(
+                    i18n('interface.users.mail_subject', [app_name]),
+                    recipients=[user.email]
+                )
+                # set message body from template
+                msg.body = body
+
+                # send message
+                self.logger.debug(msg)
+                self.mail.send(msg)
+                flash(
+                    i18n('interface.users.send_mail_success'),
+                    'success'
+                )
+            except Exception as e:
+                self.logger.error(
+                    "Could not send mail to user '%s':\n%s" %
+                    (user.email, e)
+                )
+                flash(
+                    i18n('interface.users.send_mail_failure'),
+                    'error'
+                )
+
+            return redirect(url_for(self.base_route))

src/server.py

@@ -118,7 +118,7 @@ def auth_path_prefix():
 
 
 # create controllers (including their routes)
-UsersController(app, handler)
+UsersController(app, handler, mail)
 GroupsController(app, handler)
 RolesController(app, handler)
 ResourcesController(app, handler)

src/templates/base_index.html

@@ -176,6 +176,8 @@ <h1>{{ self.title() }}</h1>
                 </a>
               {% endif %}
             {% endif %}
+            {% block resource_actions scoped %}
+            {% endblock %}
             <form action="{{ url_for('destroy_%s' % endpoint_suffix, id=resource[pkey]) }}" method="post" style="display: inline;">
               <input type="hidden" name="_method" value="DELETE" />
               <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>

src/templates/users/index.html

@@ -14,4 +14,14 @@
   <td>{{ resource.name }}</td>
 {% endblock %}
 
+{% block resource_actions %}
+<a href="#" class="btn btn-primary" onclick="
+if (confirm('{{ i18n('interface.users.confirm_sendmail', [resource.email]) }}')) {
+location.href = '{{ url_for('sendmail_%s' % endpoint_suffix, id=resource[pkey]) }}';
+}
+" role="button">
+  {{ utils.render_icon('envelope') }} {{ i18n('interface.users.sendmail') }}
+</a>
+{% endblock %}
+
 {% block delete_resource_confirmation %}{{ i18n('interface.users.confirm_message_delete') }}{% endblock %}

src/templates/users/invite_email_body.de.txt

@@ -0,0 +1,12 @@
+Hallo {{ user.name }}
+
+Es wurde für Sie ein Konto für {{ app_name }} erstellt.
+
+Sie können auf die Anwendung unter {{ app_url }} zugreifen.
+
+Ihre Anmeldedaten sind:
+
+* Benutzername: {{ user.name }}
+* Passwort: {{ password }}
+
+Bei der ersten Anmeldung werden Sie aufgefordert, Ihr Passwort zu ändern.

src/templates/users/invite_email_body.en.txt

@@ -0,0 +1,12 @@
+Hello {{ user.name }}
+
+An account has been created for you for {{ app_name }}.
+
+You can access the application at {{ app_url }}.
+
+Your credentials are:
+
+* Username: {{ user.name }}
+* Password: {{ password }}
+
+You will be prompted to change your password on first login.

src/templates/users/invite_email_body.fr.txt

@@ -0,0 +1,12 @@
+Bonjour {{ user.name }}
+
+Un compte a été créé pour vous pour {{ app_name }}.
+
+Vous pouvez accéder à l'application à l'adresse {{ app_url }}.
+
+Vos informations d'identification sont les suivantes :
+
+* Nom d'utilisateur : {{ user.name }}
+* Mot de passe : {{ password }}
+
+Vous serez invité à modifier votre mot de passe lors de votre première connexion.

src/translations/de.json

@@ -153,6 +153,8 @@
     "users": {
       "authentication": "Authentifizierung",
       "confirm_message_delete": "Benutzer entfenrnen?",
+      "confirm_sendmail": "Das Passwort wird zurückgesetzt und eine Einladungs-E-Mail an {} gesendet, weiter?",
+      "force_password_change": "Passwortänderung bei nächster Anmeldung erzwingen",
       "form_email": "Email",
       "form_email_error": "Bitte eine andere Email Adresse verwenden.",
       "form_failed_login": "Fehlgeschlagenen Loginversuche",
@@ -163,7 +165,13 @@
       "form_password_repeat": "Passwort wiederholen",
       "form_totp": "TOTP Geheimniss",
       "groups_roles": "Gruppen und Rollen",
+      "mail_subject": "Ihr Zugang zu {}",
       "new_user": "Neuer Benutzer",
+      "no_mail_config": "Keine Absender-E-Mail ist konfiguriert, kann keine Einladungs-E-Mail senden.",
+      "no_user_email": "Keine E-Mail für den Benutzer gespeichert, kann keine E-Mail senden.",
+      "send_mail_failure": "Die Einladungs-E-Mail konnte nicht gesendet werden.",
+      "send_mail_success": "Einladungs-E-Mail erfolgreich gesendet.",
+      "sendmail": "Einladung versenden",
       "title": "Benutzer",
       "user_info": "Benutzerinfo"
     }

src/translations/en.json

@@ -153,6 +153,8 @@
     "users": {
       "authentication": "Authentication",
       "confirm_message_delete": "Remove user?",
+      "confirm_sendmail": "The password will be reset and an invitation mail sent to {}, proceed?",
+      "force_password_change": "Force password change on next login",
       "form_email": "Email",
       "form_email_error": "Please use a different email address.",
       "form_failed_login": "Failed login attempts",
@@ -163,7 +165,13 @@
       "form_password_repeat": "Repeat Password",
       "form_totp": "TOTP secret",
       "groups_roles": "Groups and roles",
+      "mail_subject": "Your access to {}",
       "new_user": "New user",
+      "no_mail_config": "No sender email is configured, cannot send invitation e-mail.",
+      "no_user_email": "No email stored for the user, cannot send e-mail.",
+      "send_mail_failure": "Failed to send the invitation e-mail.",
+      "send_mail_success": "Invitation e-mail sent successfully.",
+      "sendmail": "Send invitation",
       "title": "Users",
       "user_info": "User info"
     }

src/translations/fr.json

@@ -153,6 +153,8 @@
     "users": {
       "authentication": "Authenticafition",
       "confirm_message_delete": "Voulez-vous supprimer cet utilisateur?",
+      "confirm_sendmail": "Le mot de passe sera réinitialisé et un e-mail d'invitation sera envoyé à {}, procéder?",
+      "force_password_change": "Forcer le changement de mot de passe lors de la prochaine connexion",
       "form_email": "Email",
       "form_email_error": "Utilisez une adresse email différente SVP.",
       "form_failed_login": "Nombre de tentatives de connexion infructueuses",
@@ -163,7 +165,13 @@
       "form_password_repeat": "Répéter le mot de passe",
       "form_totp": "TOTP secret",
       "groups_roles": "Groupes et rôles",
+      "mail_subject": "Votre accès à {}",
       "new_user": "Nouvel utilisateur",
+      "no_mail_config": "Aucun e-mail d'expéditeur n'est configuré, il n'est pas possible d'envoyer un e-mail d'invitation.",
+      "no_user_email": "Aucun e-mail n'est enregistré pour l'utilisateur, il ne peut pas envoyer d'e-mail.",
+      "send_mail_failure": "L'envoi de l'e-mail d'invitation a échoué",
+      "send_mail_success": "L'e-mail d'invitation a été envoyé avec succès",
+      "sendmail": "Envoyer une invitation",
       "title": "Utilisateurs",
       "user_info": "Information utilisateur"
     }

src/translations/tsconfig.json

@@ -142,6 +142,8 @@
     "interface.roles.title",
     "interface.users.authentication",
     "interface.users.confirm_message_delete",
+    "interface.users.confirm_sendmail",
+    "interface.users.force_password_change",
     "interface.users.form_email",
     "interface.users.form_email_error",
     "interface.users.form_failed_login",
@@ -152,7 +154,13 @@
     "interface.users.form_password_repeat",
     "interface.users.form_totp",
     "interface.users.groups_roles",
+    "interface.users.mail_subject",
     "interface.users.new_user",
+    "interface.users.no_mail_config",
+    "interface.users.no_user_email",
+    "interface.users.send_mail_failure",
+    "interface.users.send_mail_success",
+    "interface.users.sendmail",
     "interface.users.title",
     "interface.users.user_info",
     "plugins.config_editor.edit_message_error",