mozilla / fx-private-relay / 5c21a565-f214-49dc-aa7c-394e223be5c0

    OpenApiExample,

    OpenApiParameter,

    OpenApiRequest,

    OpenApiResponse,

    extend_schema,

)

    decorators,

    exceptions,

    permissions,

    response,

    throttling,

    viewsets,

)

    InboundContact,

    RealPhone,

    RelayNumber,

    area_code_numbers,

    get_last_text_sender,

    get_pending_unverified_realphone_records,

    get_valid_realphone_verification_record,

    get_verified_realphone_record,

    get_verified_realphone_records,

    location_numbers,

    send_welcome_message,

    suggested_numbers,

)

    InboundContactSerializer,

    IqInboundSmsSerializer,

    OutboundCallSerializer,

    OutboundSmsSerializer,

    RealPhoneSerializer,

    RelayNumberSerializer,

    TwilioInboundCallSerializer,

    TwilioInboundSmsSerializer,

    TwilioMessagesSerializer,

    TwilioSmsStatusSerializer,

    TwilioVoiceStatusSerializer,

)

    """

    Get real phone number records for the authenticated user.

    The authenticated user must have a subscription that grants one of the

    `SUBSCRIPTIONS_WITH_PHONE` capabilities.

    Client must be authenticated, and these endpoints only return data that is

    "owned" by the authenticated user.

    All endpoints are rate-limited to settings.PHONE_RATE_LIMIT

    """

    # TODO: this doesn't seem to e working?

        """

        Add real phone number to the authenticated user.

        The "flow" to verify a real phone number is:

        1. POST a number (Will text a verification code to the number)

        2a. PATCH the verification code to the realphone/{id} endpoint

        2b. POST the number and verification code together

        The authenticated user must have a subscription that grants one of the

        `SUBSCRIPTIONS_WITH_PHONE` capabilities.

        The `number` field should be in [E.164][e164] format which includes a country

        code. If the number is not in E.164 format, this endpoint will try to

        create an E.164 number by prepending the country code of the client

        making the request (i.e., from the `X-Client-Region` HTTP header).

        If the `POST` does NOT include a `verification_code` and the number is

        a valid (currently, US-based) number, this endpoint will text a

        verification code to the number.

        If the `POST` DOES include a `verification_code`, and the code matches

        a code already sent to the number, this endpoint will set `verified` to

        `True` for this number.

        [e164]: https://en.wikipedia.org/wiki/E.164

        """

        # Check if the request includes a valid verification_code

        # value, look for any un-expired record that matches both the phone

        # number and verification code and mark it verified.

                request.user, serializer.validated_data["number"], verification_code

            )

                    "Could not find that verification_code for user and number."

                    " It may have expired."

                )

                verified_valid_record,

                fields=[

                    "id",

                    "number",

                    "verification_sent_date",

                    "verified",

                    "verified_date",

                ],

            )

        # to prevent sending verification codes to verified numbers,

        # check if the number is already a verified number.

        # to prevent abusive sending of verification messages,

        # check if there is an un-expired verification code for the user

            serializer.validated_data["number"]

        )

                "An unverified record already exists for this number.",

            )

        # We call an additional _validate_number function with the request

        # to try to parse the number as a local national number in the

        # request.country attribute

            "Sent verification code to "

            f"{valid_number.phone_number} "

            f"(country: {valid_number.country_code} "

            f"carrier: {valid_number.carrier})"

        )

    # check verification_code during partial_update to compare

    # the value sent in the request against the value already on the instance

    # TODO: this logic might be able to move "up" into the model, but it will

    # need some more serious refactoring of the RealPhone.save() method

        """

        Update the authenticated user's real phone number.

        The authenticated user must have a subscription that grants one of the

        `SUBSCRIPTIONS_WITH_PHONE` capabilities.

        The `{id}` should match a previously-`POST`ed resource that belongs to the user.

        The `number` field should be in [E.164][e164] format which includes a country

        code.

        The `verification_code` should be the code that was texted to the

        number during the `POST`. If it matches, this endpoint will set

        `verified` to `True` for this number.

        [e164]: https://en.wikipedia.org/wiki/E.164

        """

        # TODO: check verification_sent_date is not "expired"?

        # Note: the RealPhone.save() logic should prevent expired verifications

            "verification_code" not in request.data

            or not request.data["verification_code"] == instance.verification_code

        ):

                "Invalid verification_code for ID. It may have expired."

            )

        """

        Delete a real phone resource.

        Only **un-verified** real phone resources can be deleted.

        """

                "Only un-verified real phone resources can be deleted."

            )

        """

        Provision a phone number with Twilio and assign to the authenticated user.

        ⚠️ **THIS WILL BUY A PHONE NUMBER** ⚠️

        If you have real account credentials in your `TWILIO_*` env vars, this

        will really provision a Twilio number to your account. You can use

        [Test Credentials][test-creds] to call this endpoint without making a

        real phone number purchase. If you do, you need to pass one of the

        [test phone numbers][test-numbers].

        The `number` should be in [E.164][e164] format.

        Every call or text to the relay number will be sent as a webhook to the

        URL configured for your `TWILIO_SMS_APPLICATION_SID`.

        [test-creds]: https://www.twilio.com/docs/iam/test-credentials

        [test-numbers]: https://www.twilio.com/docs/iam/test-credentials#test-incoming-phone-numbers-parameters-PhoneNumber

        [e164]: https://en.wikipedia.org/wiki/E.164

        """  # noqa: E501  # ignore long line for URL

        """

        Update the authenticated user's relay number.

        The authenticated user must have a subscription that grants one of the

        `SUBSCRIPTIONS_WITH_PHONE` capabilities.

        The `{id}` should match a previously-`POST`ed resource that belongs to

        the authenticated user.

        This is primarily used to toggle the `enabled` field.

        """

        """

        Returns suggested relay numbers for the authenticated user.

        Based on the user's real number, returns available relay numbers:

          * `same_prefix_options`: Numbers that match as much of the user's

            real number as possible.

          * `other_areas_options`: Numbers that exactly match the user's real

            number, in a different area code.

          * `same_area_options`: Other numbers in the same area code as the user.

          * `random_options`: Available numbers in the user's country

        """

        """

        Search for available numbers.

        This endpoints uses the underlying [AvailablePhoneNumbers][apn] API.

        Accepted query params:

          * ?location=

            * Will be passed to `AvailablePhoneNumbers` `in_locality` param

          * ?area_code=

            * Will be passed to `AvailablePhoneNumbers` `area_code` param

        [apn]: https://www.twilio.com/docs/phone-numbers/api/availablephonenumberlocal-resource#read-multiple-availablephonenumberlocal-resources

        """  # noqa: E501  # ignore long line for URL

        else:

        request.data[number_field], getattr(request, "country", None)

    )

            "number must be in E.164 format, or in local national format of the"

            f" country detected: {country}"

        )

            f"Could not get number details for {e164_number}"

        )

            "Relay Phone is currently only available for these country codes: "

            f"{sorted(settings.TWILIO_ALLOWED_COUNTRY_CODES)!r}. "

            "Your phone number country code is: "

            f"'{number_details.country_code.upper()}'."

        )

        # First try to parse assuming number is E.164 with country prefix

                # Try to parse, assuming number is local national format

                # in the detected request country

    tags=["phones"],

    responses={

        "200": OpenApiResponse(

            bytes,

            description="A Virtual Contact File (VCF) for the user's Relay number.",

            examples=[

                OpenApiExample(

                    name="partial VCF",

                    media_type="text/x-vcard",

                    value=(

                        "BEGIN:VCARD\nVERSION:3.0\nFN:Firefox Relay\n"

                        "TEL:+14045555555\nEND:VCARD\n"

                    ),

                )

            ],

        ),

        "404": OpenApiResponse(description="No or unknown lookup key"),

    },

)

    """

    Get a Relay vCard. `lookup_key` should be passed in url path.

    We use this to return a vCard for a number. When we create a RelayNumber,

    we create a secret lookup_key and text it to the user.

    """

    tags=["phones"],

    request=OpenApiRequest(),

    responses={

        "200": OpenApiResponse(

            {"type": "object"},

            description="Welcome message sent.",

            examples=[OpenApiExample("success", {"msg": "sent"})],

        ),

        "401": OpenApiResponse(description="Not allowed"),

        "404": OpenApiResponse(description="User does not have a Relay number."),

    },

)

    """

    Resend the "Welcome" SMS, including vCard.

    Requires the user to be signed in and to have phone service.

    """

        # Raise the exception unless it's a 404 indicating the message is already gone

    # Send a translated message to the user

    # log the error in English

    tags=["phones: Twilio"],

    parameters=[

        OpenApiParameter(name="X-Twilio-Signature", required=True, location="header"),

    ],

    request=OpenApiRequest(

        TwilioInboundSmsSerializer,

        examples=[

            OpenApiExample(

                "request",

                {"to": "+13035556789", "from": "+14045556789", "text": "Hello!"},

            )

        ],

    ),

    responses={

        "200": OpenApiResponse(

            {"type": "string", "xml": {"name": "Response"}},

            description="The number is disabled.",

            examples=[OpenApiExample("disabled", None)],

        ),

        "201": OpenApiResponse(

            {"type": "string", "xml": {"name": "Response"}},

            description="Forward the message to the user.",

            examples=[OpenApiExample("success", None)],

        ),

        "400": OpenApiResponse(

            {"type": "object", "xml": {"name": "Error"}},

            description="Unable to complete request.",

            examples=[

                OpenApiExample(

                    "invalid signature",

                    {

                        "status_code": 400,

                        "code": "invalid",

                        "title": "Invalid Request: Invalid Signature",

                    },

                )

            ],

        ),

    },

)

    """

    Handle an inbound SMS message sent by Twilio.

    The return value is TwilML Response XML that reports the error or an empty success

    message.

    """

    TODO: delete the message from Twilio; how to do this AFTER this request? queue?

    E.g., with a django-celery task in phones.tasks:

    inbound_msg_sid = request.data.get("MessageSid", None)

    if inbound_msg_sid is None:

        raise exceptions.ValidationError("Request missing MessageSid")

    tasks._try_delete_from_twilio.delay(args=message, countdown=10)

    """

                relay_number, inbound_body

            )

                from_=relay_number.number, body=body, to=destination_number

            )

                from_=relay_number.number, body=user_error_message, to=real_phone.number

            )

            # Return 400 on critical exceptions

                    sms_exception.detail

                ) from sms_exception

            status=200,

            template_name="twiml_empty_response.xml",

        )

            status=200,

            template_name="twiml_empty_response.xml",

        )

        from_=relay_number.number,

        body=body,

        status_callback=app.sms_status_callback,

        to=real_phone.number,

    )

        status=201,

        template_name="twiml_empty_response.xml",

    )

    tags=["phones: Inteliquent"],

    request=OpenApiRequest(

        IqInboundSmsSerializer,

        examples=[

            OpenApiExample(

                "request",

                {"to": "+13035556789", "from": "+14045556789", "text": "Hello!"},

            )

        ],

    ),

    parameters=[

        OpenApiParameter(name="VerificationToken", required=True, location="header"),

        OpenApiParameter(name="MessageId", required=True, location="header"),

    ],

    responses={

        "200": OpenApiResponse(

            description=(

                "The message was forwarded, or the user is out of text messages."

            )

        ),

        "401": OpenApiResponse(description="Invalid signature"),

        "400": OpenApiResponse(description="Invalid request"),

    },

)

    """Handle an inbound SMS message sent by Inteliquent."""

        phonenumbers.parse(inbound_from, "US"),

        phonenumbers.PhoneNumberFormat.E164,

    )

        phonenumbers.parse(single_num, "US"), phonenumbers.PhoneNumberFormat.E164

    )

                relay_number, inbound_body

            )

            # Return 400 on critical exceptions

                    sms_exception.detail

                ) from sms_exception

            status=200,

            template_name="twiml_empty_response.xml",

        )

    tags=["phones: Twilio"],

    parameters=[

        OpenApiParameter(name="X-Twilio-Signature", required=True, location="header"),

    ],

    request=OpenApiRequest(

        TwilioInboundCallSerializer,

        examples=[

            OpenApiExample(

                "request",

                {"Caller": "+13035556789", "Called": "+14045556789"},

            )

        ],

    ),

    responses={

        "200": OpenApiResponse(

            {

                "type": "object",

                "xml": {"name": "Response"},

                "properties": {"say": {"type": "string"}},

            },

            description="The number is disabled.",

            examples=[

                OpenApiExample(

                    "disabled", {"say": "Sorry, that number is not available."}

                )

            ],

        ),

        "201": OpenApiResponse(

            {

                "type": "object",

                "xml": {"name": "Response"},

                "properties": {

                    "Dial": {

                        "type": "object",

                        "properties": {

                            "callerId": {

                                "type": "string",

                                "xml": {"attribute": "true"},

                            },

                            "Number": {"type": "string"},

                        },

                    }

                },

            },

            description="Connect the caller to the Relay user.",

            examples=[

                OpenApiExample(

                    "success",

                    {"Dial": {"callerId": "+13035556789", "Number": "+15025558642"}},

                )

            ],

        ),

        "400": OpenApiResponse(

            {"type": "object", "xml": {"name": "Error"}},

            description="Unable to complete request.",

            examples=[

                OpenApiExample(

                    "invalid signature",

                    {

                        "status_code": 400,

                        "code": "invalid",

                        "title": "Invalid Request: Invalid Signature",

                    },

                ),

                OpenApiExample(

                    "out of call time for month",

                    {

                        "status_code": 400,