Merge branch 'main' of https://github.com/cisagov/manage.get.gov into es/3285-delete-manager-email

2025-07-25 12:08:40 +02:00 · 2025-02-07 09:32:47 -08:00 · 2025-02-07 09:32:47 -08:00 · 4b403dc6f5
commit 4b403dc6f5
parent bcf2f0946c 6857f33607
8 changed files with 234 additions and 20 deletions
--- a/.github/workflows/delete-and-recreate-db.yaml
+++ b/.github/workflows/delete-and-recreate-db.yaml
@ -0,0 +1,90 @@
+# This workflow can be run from the CLI
+#     gh workflow run reset-db.yaml -f environment=ENVIRONMENT
+
+name: Reset database
+run-name: Reset database for ${{ github.event.inputs.environment }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: Which environment should we flush and re-load data for?
+        options:
+        - el
+        - ad
+        - ms
+        - ag
+        - litterbox
+        - hotgov
+        - cb
+        - bob
+        - meoward
+        - backup
+        - ky
+        - es
+        - nl
+        - rh
+        - za
+        - gd
+        - rb
+        - ko
+        - ab
+        - rjm
+        - dk
+
+jobs:
+  reset-db:
+    runs-on: ubuntu-latest
+    env:
+      CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
+      CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
+      DESTINATION_ENVIRONMENT: ${{ github.event.inputs.environment}}
+    steps:
+    - name: Delete and Recreate Database
+      env:
+        cf_username: ${{ secrets[env.CF_USERNAME] }}
+        cf_password: ${{ secrets[env.CF_PASSWORD] }}
+      run: |
+        # install cf cli and other tools
+         wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo gpg --dearmor -o /usr/share/keyrings/cli.cloudfoundry.org.gpg
+         echo "deb [signed-by=/usr/share/keyrings/cli.cloudfoundry.org.gpg] https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
+
+         sudo apt-get update
+         sudo apt-get install cf8-cli
+         cf api api.fr.cloud.gov
+         cf auth "$CF_USERNAME" "$CF_PASSWORD"
+         cf target -o cisa-dotgov -s $DESTINATION_ENVIRONMENT   
+
+
+
+         # unbind the service
+         cf unbind-service getgov-$DESTINATION_ENVIRONMENT getgov-$DESTINATION_ENVIRONMENT-database
+         #delete the service key
+         yes Y | cf delete-service-key getgov-$DESTINATION_ENVIRONMENT-database SERVICE_CONNECT 
+         # delete the service
+         yes Y | cf delete-service getgov-$DESTINATION_ENVIRONMENT-database
+         # create it again
+         cf create-service aws-rds micro-psql getgov-$DESTINATION_ENVIRONMENT-database
+         # wait for it be created (up to 5 mins)
+         # this checks the creation cf service getgov-$DESTINATION_ENVIRONMENT-database
+         # the below command with check “status” line using cf service command mentioned above. if it says “create in progress” it will keep waiting otherwise the next steps fail
+
+         timeout 480 bash -c  "until cf service getgov-$DESTINATION_ENVIRONMENT-database | grep -q 'The service instance status is succeeded'
+          do
+          echo 'Database not up yet, waiting...'
+          sleep 30
+         done"
+
+         # rebind the service
+         cf bind-service getgov-$DESTINATION_ENVIRONMENT getgov-$DESTINATION_ENVIRONMENT-database
+         #restage the app or it will not connect to the database right for the next commands
+         cf restage getgov-$DESTINATION_ENVIRONMENT
+         # wait for the above command to finish
+         # if it is taking way to long and the annoying “instance starting” line that keeps repeating, then run following two commands in a separate window. This will interrupt the death loop where it keeps hitting an error with it failing health checks
+         # create the cache table and run migrations
+         cf run-task getgov-$DESTINATION_ENVIRONMENT --command 'python manage.py createcachetable' --name createcachetable
+         cf run-task getgov-$DESTINATION_ENVIRONMENT --wait --command 'python manage.py migrate' --name migrate
+
+         # load fixtures
+         cf run-task getgov-$DESTINATION_ENVIRONMENT --wait --command 'python manage.py load' --name loaddata
--- a/docs/developer/workflows/README.md
+++ b/docs/developer/workflows/README.md
@ -0,0 +1,7 @@
+# Workflows Docs
+
+========================
+
+This directory contains files related to workflows
+
+Delete And Recreate Database is in [docs/ops](../workflows/delete-and-recreate-db.md/).
--- a/docs/developer/workflows/delete-and-recreate-db.md
+++ b/docs/developer/workflows/delete-and-recreate-db.md
@ -0,0 +1,13 @@
+## Delete And Recreate Database
+
+This script destroys and recreates a database. This is another troubleshooting tool for issues with the database.
+
+1. unbinds the database
+2. deletes it
+3. recreates it
+4. binds it back to the sandbox
+5. runs migrations
+
+Addition Info in this slack thread:
+
+- [Slack thread](https://cisa-corp.slack.com/archives/C05BGB4L5NF/p1725495150772119)
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@ -9,6 +9,7 @@ from django_fsm import FSMField, transition, TransitionNotAllowed  # type: ignor
 from django.db import models, IntegrityError
 from django.utils import timezone
 from typing import Any
+from registrar.models.domain_invitation import DomainInvitation
 from registrar.models.host import Host
 from registrar.models.host_ip import HostIP
 from registrar.utility.enums import DefaultEmail
@ -1177,6 +1178,10 @@ class Domain(TimeStampedModel, DomainHelper):
            return "DNS needed"
        return self.state.capitalize()

+    def active_invitations(self):
+        """Returns only the active invitations (those with status 'invited')."""
+        return self.invitations.filter(status=DomainInvitation.DomainInvitationStatus.INVITED)
+
    def map_epp_contact_to_public_contact(self, contact: eppInfo.InfoContactResultData, contact_id, contact_type):
        """Maps the Epp contact representation to a PublicContact object.

--- a/src/registrar/templates/includes/summary_item.html
+++ b/src/registrar/templates/includes/summary_item.html
@ -113,10 +113,10 @@
            </ul>
          {% endif %}
        {% endif %}
-        {% if value.invitations.all %}
+        {% if value.active_invitations.all %}
          <h4 class="margin-bottom-05">Invited domain managers</h4>
          <ul class="usa-list usa-list--unstyled margin-top-0">
-          {% for item in value.invitations.all %}
+          {% for item in value.active_invitations.all %}
            <li>{{ item.email }}</li>
          {% endfor %}
          </ul>
--- a/src/registrar/tests/test_views_members_json.py
+++ b/src/registrar/tests/test_views_members_json.py
@ -372,6 +372,21 @@ class GetPortfolioMembersJsonTest(MockEppLib, WebTest):
            domain=domain3,
        )

+        # create another domain in the portfolio
+        # but make sure the domain invitation is canceled
+        domain4 = Domain.objects.create(
+            name="somedomain4.com",
+        )
+        DomainInformation.objects.create(
+            creator=self.user,
+            domain=domain4,
+        )
+        DomainInvitation.objects.create(
+            email=self.email6,
+            domain=domain4,
+            status=DomainInvitation.DomainInvitationStatus.CANCELED,
+        )
+
        response = self.app.get(reverse("get_portfolio_members_json"), params={"portfolio": self.portfolio.id})
        self.assertEqual(response.status_code, 200)
        data = response.json
@ -381,6 +396,7 @@ class GetPortfolioMembersJsonTest(MockEppLib, WebTest):
        self.assertIn("somedomain1.com", domain_names)
        self.assertIn("thissecondinvitetestsasubqueryinjson@lets.notbreak", domain_names)
        self.assertNotIn("somedomain3.com", domain_names)
+        self.assertNotIn("somedomain4.com", domain_names)

    @less_console_noise_decorator
    @override_flag("organization_feature", active=True)
--- a/src/registrar/tests/test_views_portfolio.py
+++ b/src/registrar/tests/test_views_portfolio.py
@ -22,7 +22,7 @@ from registrar.models.utility.portfolio_helper import UserPortfolioPermissionCho
 from registrar.tests.test_views import TestWithUser
 from registrar.utility.email import EmailSendingError
 from registrar.utility.errors import MissingEmailError
-from .common import MockSESClient, completed_domain_request, create_test_user, create_user
+from .common import MockEppLib, MockSESClient, completed_domain_request, create_test_user, create_user
 from waffle.testutils import override_flag
 from django.contrib.sessions.middleware import SessionMiddleware
 import boto3_mocking  # type: ignore
@ -3365,34 +3365,35 @@ class TestRequestingEntity(WebTest):
        self.assertContains(response, "kepler, AL")


-class TestPortfolioInviteNewMemberView(TestWithUser, WebTest):
+class TestPortfolioInviteNewMemberView(MockEppLib, WebTest):

-    @classmethod
-    def setUpClass(cls):
-        super().setUpClass()
+    def setUp(self):
+        super().setUp()
+
+        self.user = create_test_user()

        # Create Portfolio
-        cls.portfolio = Portfolio.objects.create(creator=cls.user, organization_name="Test Portfolio")
+        self.portfolio = Portfolio.objects.create(creator=self.user, organization_name="Test Portfolio")

        # Add an invited member who has been invited to manage domains
-        cls.invited_member_email = "invited@example.com"
-        cls.invitation = PortfolioInvitation.objects.create(
-            email=cls.invited_member_email,
-            portfolio=cls.portfolio,
+        self.invited_member_email = "invited@example.com"
+        self.invitation = PortfolioInvitation.objects.create(
+            email=self.invited_member_email,
+            portfolio=self.portfolio,
            roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
            additional_permissions=[
                UserPortfolioPermissionChoices.VIEW_MEMBERS,
            ],
        )

-        cls.new_member_email = "newmember@example.com"
+        self.new_member_email = "newmember@example.com"

-        AllowedEmail.objects.get_or_create(email=cls.new_member_email)
+        AllowedEmail.objects.get_or_create(email=self.new_member_email)

        # Assign permissions to the user making requests
        UserPortfolioPermission.objects.create(
-            user=cls.user,
-            portfolio=cls.portfolio,
+            user=self.user,
+            portfolio=self.portfolio,
            roles=[UserPortfolioRoleChoices.ORGANIZATION_ADMIN],
            additional_permissions=[
                UserPortfolioPermissionChoices.VIEW_MEMBERS,
@ -3400,14 +3401,13 @@ class TestPortfolioInviteNewMemberView(TestWithUser, WebTest):
            ],
        )

-    @classmethod
-    def tearDownClass(cls):
+    def tearDown(self):
        PortfolioInvitation.objects.all().delete()
        UserPortfolioPermission.objects.all().delete()
        Portfolio.objects.all().delete()
        User.objects.all().delete()
        AllowedEmail.objects.all().delete()
-        super().tearDownClass()
+        super().tearDown()

    @boto3_mocking.patching
    @less_console_noise_decorator
@ -3452,6 +3452,85 @@ class TestPortfolioInviteNewMemberView(TestWithUser, WebTest):
            # Check that an email was sent
            self.assertTrue(mock_client.send_email.called)

+    @less_console_noise_decorator
+    @override_flag("organization_feature", active=True)
+    @override_flag("organization_members", active=True)
+    @patch("registrar.views.portfolios.send_portfolio_invitation_email")
+    def test_member_invite_for_previously_removed_user(self, mock_send_email):
+        """Tests the member invitation flow for an existing member which was previously removed."""
+        self.client.force_login(self.user)
+
+        # invite, then retrieve an existing user, then remove the user from the portfolio
+        retrieved_member_email = "retrieved@example.com"
+        retrieved_user = User.objects.create(
+            username="retrieved_user",
+            first_name="Retrieved",
+            last_name="User",
+            email=retrieved_member_email,
+            phone="8003111234",
+            title="retrieved",
+        )
+
+        retrieved_invitation = PortfolioInvitation.objects.create(
+            email=retrieved_member_email,
+            portfolio=self.portfolio,
+            roles=[UserPortfolioRoleChoices.ORGANIZATION_MEMBER],
+            additional_permissions=[
+                UserPortfolioPermissionChoices.VIEW_MEMBERS,
+            ],
+            status=PortfolioInvitation.PortfolioInvitationStatus.INVITED,
+        )
+        retrieved_invitation.retrieve()
+        retrieved_invitation.save()
+        upp = UserPortfolioPermission.objects.filter(
+            user=retrieved_user,
+            portfolio=self.portfolio,
+        )
+        upp.delete()
+
+        # Simulate a session to ensure continuity
+        session_id = self.client.session.session_key
+        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
+
+        # Simulate submission of member invite for previously retrieved/removed member
+        final_response = self.client.post(
+            reverse("new-member"),
+            {
+                "role": UserPortfolioRoleChoices.ORGANIZATION_MEMBER.value,
+                "domain_request_permissions": UserPortfolioPermissionChoices.VIEW_ALL_REQUESTS.value,
+                "domain_permissions": UserPortfolioPermissionChoices.VIEW_MANAGED_DOMAINS.value,
+                "member_permissions": "no_access",
+                "email": retrieved_member_email,
+            },
+        )
+
+        # Ensure the final submission is successful
+        self.assertEqual(final_response.status_code, 302)  # Redirects
+
+        # Validate Database Changes
+        # Validate that portfolio invitation was created and retrieved
+        self.assertFalse(
+            PortfolioInvitation.objects.filter(
+                email=retrieved_member_email,
+                portfolio=self.portfolio,
+                status=PortfolioInvitation.PortfolioInvitationStatus.INVITED,
+            ).exists()
+        )
+        # at least one retrieved invitation
+        self.assertTrue(
+            PortfolioInvitation.objects.filter(
+                email=retrieved_member_email,
+                portfolio=self.portfolio,
+                status=PortfolioInvitation.PortfolioInvitationStatus.RETRIEVED,
+            ).exists()
+        )
+        # Ensure exactly one UserPortfolioPermission exists for the retrieved user
+        self.assertEqual(
+            UserPortfolioPermission.objects.filter(user=retrieved_user, portfolio=self.portfolio).count(),
+            1,
+            "Expected exactly one UserPortfolioPermission for the retrieved user.",
+        )
+
    @boto3_mocking.patching
    @less_console_noise_decorator
    @override_flag("organization_feature", active=True)
--- a/src/registrar/views/portfolio_members_json.py
+++ b/src/registrar/views/portfolio_members_json.py
@ -123,7 +123,11 @@ class PortfolioMembersJson(PortfolioMembersPermission, View):

        # Subquery to get concatenated domain information for each email
        domain_invitations = (
-            DomainInvitation.objects.filter(email=OuterRef("email"), domain__domain_info__portfolio=portfolio)
+            DomainInvitation.objects.filter(
+                email=OuterRef("email"),
+                domain__domain_info__portfolio=portfolio,
+                status=DomainInvitation.DomainInvitationStatus.INVITED,
+            )
            .annotate(
                concatenated_info=Concat(F("domain__id"), Value(":"), F("domain__name"), output_field=CharField())
            )