Merge remote-tracking branch 'remotes/origin/master' into st_dh_admin…

…_toolbar

# Conflicts:
#	microsetta_private_api/example/client_impl.py

microsetta_private_api/admin/tests/test_admin.py

@@ -40,7 +40,8 @@ def setup_test_data():
                               "CA",
                               12345,
                               "US"
-                          ))
+                          ),
+                          "fakekit")
             acct_repo.create_account(acc)
 
             acc = Account(ADMIN_ACCT_ID,
@@ -56,7 +57,8 @@ def setup_test_data():
                               "CA",
                               12345,
                               "US"
-                          ))
+                          ),
+                          "fakekit")
             acct_repo.create_account(acc)
             t.commit()
 

microsetta_private_api/api/implementation.py

@@ -70,6 +70,7 @@ def find_accounts_for_login(token_info):
 
         if acct is None:
             return jsonify([]), 200
+
         return jsonify([acct.to_api()]), 200
 
 
@@ -687,7 +688,6 @@ def _validate_account_access(token_info, account_id):
         token_associated_account = account_repo.find_linked_account(
             token_info['iss'],
             token_info['sub'])
-
         account = account_repo.get_account(account_id)
         if account is None:
             raise NotFound(ACCT_NOT_FOUND_MSG)

microsetta_private_api/api/tests/test_api.py

@@ -366,7 +366,6 @@ def run_query_and_content_required_field_test(self, url, action,
                 else:
                     raise ValueError(format("unexpect request action: ",
                                             action))
-
                 self.assertEqual(400, response.status_code)
                 resp_obj = json.loads(response.data)
                 self.assertTrue(curr_expected_msg in resp_obj['detail'])
@@ -395,12 +394,6 @@ def validate_dummy_acct_response_body(self, response_obj,
         # check all input fields/values appear in response body EXCEPT kit_name
         # plus additional fields
         expected_dict = copy.deepcopy(dummy_acct_dict)
-        try:
-            expected_dict.pop(KIT_NAME_KEY)
-        except KeyError:
-            # is ok if input did not have a kit name, as this is
-            # provided on account create but not account update
-            pass
         expected_dict[ACCT_ID_KEY] = real_acct_id_from_body
         expected_dict[ACCT_TYPE_KEY] = ACCT_TYPE_VAL
         expected_dict[CREATION_TIME_KEY] = real_creation_time
@@ -641,9 +634,11 @@ def test_account_view_fail_404(self):
 
     # region account update/put tests
     @staticmethod
-    def make_updated_acct_dict():
+    def make_updated_acct_dict(keep_kit_name=False):
         result = copy.deepcopy(DUMMY_ACCT_INFO)
-        result.pop(KIT_NAME_KEY)
+
+        if not keep_kit_name:
+            result.pop(KIT_NAME_KEY)
 
         result["address"] = {
             "city": "Oakland",
@@ -659,7 +654,7 @@ def test_account_update_success(self):
         """Successfully update existing account"""
         dummy_acct_id = create_dummy_acct()
 
-        changed_acct_dict = self.make_updated_acct_dict()
+        changed_acct_dict = self.make_updated_acct_dict(keep_kit_name=True)
 
         # create post input json
         input_json = json.dumps(changed_acct_dict)

microsetta_private_api/api/tests/test_integration.py

@@ -163,7 +163,8 @@ def setup_test_data():
                               "CA",
                               12345,
                               "US"
-                          ))
+                          ),
+                          "fakekit")
             acct_repo.create_account(acc)
 
             source_repo.create_source(Source(
@@ -504,7 +505,8 @@ def test_edit_account_info(self):
                 },
                 "email": "foo@baz.com",
                 "first_name": "Dan",
-                "last_name": "H"
+                "last_name": "H",
+                "kit_name": "fakekit"
             }
 
         # Hard to guess these two, so let's pop em out
@@ -514,12 +516,14 @@ def test_edit_account_info(self):
 
         regular_data.pop("account_id")
 
-        # Don't fuzz the email--changing the email in the accounts table
-        # without changing the email in the authorization causes
+        # Don't fuzz the email or kit_name -- changing the email in the
+        # accounts table without changing the email in the authorization causes
         # authorization errors (as it should)
         the_email = regular_data["email"]
+        kit_name = regular_data['kit_name']
         fuzzy_data = fuzz(regular_data)
         fuzzy_data['email'] = the_email
+        fuzzy_data['kit_name'] = kit_name
 
         # submit an invalid account type
         fuzzy_data['account_type'] = "Voldemort"
@@ -563,6 +567,7 @@ def test_edit_account_info(self):
         check_response(response)
 
         acc = json.loads(response.data)
+
         acc.pop('creation_time')
         acc.pop('update_time')
         regular_data['account_type'] = 'standard'

microsetta_private_api/db/patches/0063.sql

@@ -0,0 +1,41 @@
+-- create a column that can be used to record what kit was used 
+-- when the account was created. 
+ALTER TABLE ag.account ADD COLUMN created_with_kit_id VARCHAR;
+
+-- from existing accounts, recover a kit that is associated with
+-- the account. if someone has a single kit, then that kit is used
+-- and has to be what was registered with. If they have multiple
+-- kits, then we'll just pick one of them as in the old system,
+-- users would have had to register with each kit individually.
+-- This should be suitable for newly created accounts where 
+-- people have assigned samples.
+UPDATE ag.account a SET created_with_kit_id = ss.kit_id
+    FROM (SELECT s.account_id, (array_agg(supplied_kit_id))[1] AS kit_id 
+          FROM ag.ag_kit ak 
+             JOIN ag.ag_kit_barcodes akb USING (ag_kit_id) 
+             INNER JOIN ag.source s ON (akb.source_id=s.id) 
+          GROUP BY s.account_id) ss
+    WHERE a.id = ss.account_id;
+
+-- a large number of kits have samples that were never assigned, 
+-- which resulted in them not being linked to the "source" table
+-- during migration. to handle this, let's use the older links in 
+-- the database.
+UPDATE ag.account SET created_with_kit_id=subquery.kit_id
+    FROM (SELECT ag_login_id, (array_agg(supplied_kit_id))[1] AS kit_id
+          FROM ag.account a
+              JOIN ag.ag_kit ak ON a.id=ak.ag_login_id
+              JOIN ag.ag_kit_barcodes USING(ag_kit_id)
+          WHERE created_with_kit_id IS NULL 
+          GROUP BY ag_login_id) AS subquery
+    WHERE id=subquery.ag_login_id;
+
+-- finally, there are a handful where the created_with_kit_id remains null.
+-- on inspection, this appears to happen in the new system when someone
+-- has created an account but hasn't yet claimed samples from a kit. We'll 
+-- set those to the empty string so that we can make created_with_kit_id
+-- not null
+UPDATE ag.account SET created_with_kit_id=''
+    WHERE created_with_kit_id IS NULL;
+
+ALTER TABLE ag.account ALTER COLUMN created_with_kit_id SET NOT NULL;

microsetta_private_api/db/patches/0064.sql

@@ -0,0 +1,40 @@
+-- users requested that height and weight units come before entering the values
+
+DO
+$do$
+DECLARE
+    q108 integer;
+    q109 integer;
+    q113 integer;
+    q114 integer;
+BEGIN
+    -- store the current display indices
+    SELECT display_index INTO q108 FROM ag.group_questions WHERE survey_question_id=108;
+    SELECT display_index INTO q109 FROM ag.group_questions WHERE survey_question_id=109;
+    SELECT display_index INTO q113 FROM ag.group_questions WHERE survey_question_id=113;
+    SELECT display_index INTO q114 FROM ag.group_questions WHERE survey_question_id=114;
+
+    -- set 108 to a temp value, put index from 109 as 108, put index from 108 as 109
+    UPDATE ag.group_questions SET display_index=123456 WHERE survey_question_id=108;
+    UPDATE ag.group_questions SET display_index=q108 WHERE survey_question_id=109;
+    UPDATE ag.group_questions SET display_index=q109 WHERE survey_question_id=108;
+
+    -- set 113 to a temp value, put index from 114 as 113, put index from 113 as 114
+    UPDATE ag.group_questions SET display_index=123456 WHERE survey_question_id=113;
+    UPDATE ag.group_questions SET display_index=q113 WHERE survey_question_id=114;
+    UPDATE ag.group_questions SET display_index=q114 WHERE survey_question_id=113;
+END $do$;
+
+-- and add missing birth years... (derived from 0040.sql). This is painful.
+ALTER TABLE ag.survey_question_response DROP CONSTRAINT idx_survey_question_response;
+UPDATE ag.survey_question_response 
+    SET display_index = display_index + 2 
+    WHERE survey_question_id = 112 AND response != 'Unspecified';
+ALTER TABLE ag.survey_question_response ADD CONSTRAINT idx_survey_question_response UNIQUE ( survey_question_id, display_index );
+
+INSERT INTO ag.survey_response (american, british) VALUES ('2019', '2019');
+INSERT INTO ag.survey_response (american, british) VALUES ('2020', '2020');
+INSERT INTO ag.survey_question_response (survey_question_id, response, display_index, spanish, french, chinese) 
+    VALUES (112, '2020', 1, '2020', '2020', '2020');
+INSERT INTO ag.survey_question_response (survey_question_id, response, display_index, spanish, french, chinese) 
+    VALUES (112, '2019', 2, '2019', '2019', '2019');

microsetta_private_api/example/client.yaml

@@ -218,22 +218,22 @@ paths:
               schema:
                 type: string
 
-  '/accounts/{account_id}/info':
+  '/accounts/{account_id}/details':
     get:
-      operationId: microsetta_private_api.example.client_impl.get_account_info
+      operationId: microsetta_private_api.example.client_impl.get_account_details
       tags:
         - Accounts
       parameters:
         - $ref: '#/components/parameters/account_id'
       responses:
         '200':
-          description: Editable display of account information
+          description: Editable display of account details
           content:
             text/html:
               schema:
                 type: string
     post:
-      operationId: microsetta_private_api.example.client_impl.post_account_info
+      operationId: microsetta_private_api.example.client_impl.post_account_details
       tags:
         - Accounts
       parameters:

microsetta_private_api/example/client_impl.py

@@ -57,6 +57,12 @@
 ACCT_WRITEABLE_KEYS = [ACCT_FNAME_KEY, ACCT_LNAME_KEY, ACCT_EMAIL_KEY,
                        ACCT_ADDR_KEY]
 
+ACCT_ADDR_STREET_KEY = "street"
+ACCT_ADDR_CITY_KEY = "city"
+ACCT_ADDR_STATE_KEY = "state"
+ACCT_ADDR_POST_CODE_KEY = "post_code"
+ACCT_ADDR_COUNTRY_CODE_KEY = "country_code"
+
 _NEEDS_SURVEY_PREFIX = "NeedsSurvey"
 
 # States
@@ -139,12 +145,7 @@ def authrocket_callback(token):
 
 
 def logout():
-    if TOKEN_KEY_NAME in session:
-        # delete these keys if they are here, otherwise ignore
-        session.pop(TOKEN_KEY_NAME, None)
-        session.pop(ADMIN_MODE_KEY, None)
-        session.pop(KIT_NAME_KEY, None)
-        session.pop(EMAIL_CHECK_KEY, None)
+    session.clear()
     return redirect("/home")
 
 
@@ -263,9 +264,26 @@ def get_workflow_create_account():
         return redirect(WORKFLOW_URL)
 
     email, _ = parse_jwt(session[TOKEN_KEY_NAME])
-    return render_template('create_acct.jinja2',
+    # TODO:  Need to support other countries
+    #  and not default to US and California
+    default_account_values = {
+            ACCT_EMAIL_KEY: email,
+            ACCT_FNAME_KEY: '',
+            ACCT_LNAME_KEY: '',
+            ACCT_ADDR_KEY: {
+                ACCT_ADDR_STREET_KEY: '',
+                ACCT_ADDR_CITY_KEY: '',
+                ACCT_ADDR_STATE_KEY: 'CA',
+                ACCT_ADDR_POST_CODE_KEY: '',
+                ACCT_ADDR_COUNTRY_CODE_KEY: 'US'
+            }
+        }
+
+    return render_template('account_details.jinja2',
+                           CREATE_ACCT=True,
                            admin_mode=session.get(ADMIN_MODE_KEY, False),
-                           authorized_email=email)
+                           authorized_email=email,
+                           account=default_account_values)
 
 
 def post_workflow_create_account(body):
@@ -279,11 +297,11 @@ def post_workflow_create_account(body):
             ACCT_LNAME_KEY: body['last_name'],
             ACCT_EMAIL_KEY: body['email'],
             ACCT_ADDR_KEY: {
-                "street": body['street'],
-                "city": body['city'],
-                "state": body['state'],
-                "post_code": body['post_code'],
-                "country_code": body['country_code']
+                ACCT_ADDR_STREET_KEY: body['street'],
+                ACCT_ADDR_CITY_KEY: body['city'],
+                ACCT_ADDR_STATE_KEY: body['state'],
+                ACCT_ADDR_POST_CODE_KEY: body['post_code'],
+                ACCT_ADDR_COUNTRY_CODE_KEY: body['country_code']
             },
             KIT_NAME_KEY: kit_name
         }
@@ -325,7 +343,7 @@ def post_workflow_update_email(body):
         # retain only writeable fields; KeyError if any of them missing
         mod_acct = {k: acct_output[k] for k in ACCT_WRITEABLE_KEYS}
 
-        # write back the updated account info
+        # write back the updated account details
         do_return, put_output, _ = ApiRequest.put(
             '/accounts/%s' % acct_id, json=mod_acct)
         if do_return:
@@ -501,44 +519,43 @@ def get_account(account_id):
     if do_return:
         return sources
 
-    return render_template('account.jinja2',
+    return render_template('account_overview.jinja2',
                            admin_mode=session.get(ADMIN_MODE_KEY, False),
                            acct_id=account_id,
                            account=account,
                            sources=sources)
 
 
-def get_account_info(account_id):
+def get_account_details(account_id):
     next_state, current_state = determine_workflow_state()
     if next_state != ALL_DONE:
         return redirect(WORKFLOW_URL)
 
     do_return, account, _ = ApiRequest.get('/accounts/%s' % account_id)
     if do_return:
         return account
-    print("ACCOUNT")
-    print(account)
 
-    return render_template('update_account.jinja2',
+    return render_template('account_details.jinja2',
+                           CREATE_ACCT=False,
                            admin_mode=session.get(ADMIN_MODE_KEY, False),
                            account=account)
 
 
-def post_account_info(account_id):
+def post_account_details(account_id, body):
     next_state, current_state = determine_workflow_state()
     if next_state != ALL_DONE:
         return redirect(WORKFLOW_URL)
 
     acct = {
-        'email': flask.request.form['email'],
-        'first_name': flask.request.form['first_name'],
-        'last_name': flask.request.form['last_name'],
-        'address': {
-            'street': flask.request.form['street'],
-            'city': flask.request.form['city'],
-            'state': flask.request.form['state'],
-            'post_code': flask.request.form['post_code'],
-            'country_code': flask.request.form['country_code']
+        ACCT_FNAME_KEY: body['first_name'],
+        ACCT_LNAME_KEY: body['last_name'],
+        ACCT_EMAIL_KEY: body['email'],
+        ACCT_ADDR_KEY: {
+            ACCT_ADDR_STREET_KEY: body['street'],
+            ACCT_ADDR_CITY_KEY: body['city'],
+            ACCT_ADDR_STATE_KEY: body['state'],
+            ACCT_ADDR_POST_CODE_KEY: body['post_code'],
+            ACCT_ADDR_COUNTRY_CODE_KEY: body['country_code']
         }
     }
 
@@ -550,7 +567,6 @@ def post_account_info(account_id):
     if do_return:
         return sample_output
 
-    # Do we want this to return to the account info page or the account page?
     return redirect('/accounts/%s' % (account_id,))