Merge branch 'main' into dev

Author: a-happysoft

.cursorindexingignore

@@ -0,0 +1,3 @@
+
+# Don't index SpecStory auto-save files, but allow explicit context inclusion via @ references
+.specstory/**

docs/support_ticket_automated_email.md

@@ -0,0 +1,46 @@
+# Support Ticket: Enable Automated Email Sending for Future of Development Platform
+
+**Subject:**
+Enable Automated Email Sending for Future Trends & Signals (Microsoft Graph Application Permissions)
+
+**Description:**
+We are building a feature for the Future of Development platform that sends automated email digests (e.g., weekly summaries, notifications) to users. To do this securely and reliably, we need to configure Microsoft Graph **Application permissions** for our Azure AD app registration, and set up a dedicated internal email account for sending these digests.
+
+## Requirements
+
+1. **Azure AD App Registration:**
+    - App Name: **Future Trends & Signals**
+    - Client ID: `4b179bfc-6621-409a-a1ed-ad141c12eb11`
+    - The app must be able to send emails automatically (without manual login) using Microsoft Graph.
+
+2. **Permissions Needed:**
+    - Add **Mail.Send** (Application) permission to the app registration.
+    - Grant **admin consent** for this permission.
+
+3. **Service Account:**
+    - Please create or confirm an internal mailbox (e.g., `futureofdevelopment@undp.org`) to be used as the sender for these digests.
+    - Ensure this mailbox is licensed and can send emails.
+
+4. **Configuration Steps (for ITU):**
+    - Go to Azure Portal > Azure Active Directory > App registrations > "Future of Development".
+    - Under **API permissions**, click **Add a permission** > **Microsoft Graph** > **Application permissions**.
+    - Add **Mail.Send** (Application).
+    - Click **Grant admin consent for [Your Org]**.
+    - Confirm that the mailbox `futureofdevelopment@undp.org` is active and can be used by the app for sending emails.
+
+5. **Verification:**
+    - After configuration, we will verify by running:
+      ```sh
+      az ad app permission list --id 4b179bfc-6621-409a-a1ed-ad141c12eb11
+      ```
+      - We should see a `"type": "Role"` for Mail.Send.
+
+## Why This Is Needed
+- Delegated permissions require a user to log in interactively, which is not suitable for scheduled/automated jobs.
+- Application permissions allow our backend to send emails on a schedule, securely and without manual intervention.
+
+## What We Need from ITU
+- Add and grant the required permissions as described above.
+- Confirm the service account is ready and provide any additional configuration details if needed.
+
+Thank you for your support! If you need more technical details, please see the attached documentation or contact our team. 

scripts/run_direct_test.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# Script to run the direct email test in the correct virtual environment
+
+# Change to the project directory
+cd "$(dirname "$0")/.."
+
+# Activate the virtual environment
+source venv/bin/activate
+
+# Run the direct test script
+python scripts/test_email_direct.py andrew.maguire@undp.org
+
+# Deactivate the virtual environment
+deactivate

scripts/send_digest_smtp.py

@@ -0,0 +1,91 @@
+#!/usr/bin/env python
+"""
+Script to send a weekly digest email using SMTP (e.g., Office 365, Gmail).
+This is for testing SMTP-based delivery to a distribution list or group.
+"""
+
+import os
+import sys
+import asyncio
+import argparse
+import logging
+import smtplib
+from email.mime.text import MIMEText
+from typing import List
+
+# Add the parent directory to sys.path to allow importing the app modules
+parent_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
+sys.path.insert(0, parent_dir)
+
+from src.services.weekly_digest import WeeklyDigestService
+
+logging.basicConfig(
+    level=logging.INFO,
+    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
+    handlers=[logging.StreamHandler()]
+)
+logger = logging.getLogger(__name__)
+
+async def generate_digest_html(days=None, status=None, limit=None):
+    digest_service = WeeklyDigestService()
+    signals_list = await digest_service.get_recent_signals(days=days, status=status, limit=limit)
+    logger.info(f"Fetched {len(signals_list)} signals for digest.")
+    html_content = digest_service.generate_email_html(signals_list)
+    return html_content
+
+def send_email_smtp(smtp_server, smtp_port, username, password, to_emails, subject, html_content):
+    msg = MIMEText(html_content, 'html')
+    msg['Subject'] = subject
+    msg['From'] = username
+    msg['To'] = ', '.join(to_emails)
+    with smtplib.SMTP(smtp_server, smtp_port) as server:
+        server.starttls()
+        server.login(username, password)
+        server.sendmail(msg['From'], to_emails, msg.as_string())
+    logger.info(f"Email sent via SMTP to {to_emails}")
+
+def main():
+    parser = argparse.ArgumentParser(description="Send weekly digest email via SMTP")
+    parser.add_argument('--recipients', nargs='+', required=True, help="Email addresses to send the digest to (space-separated)")
+    parser.add_argument('--days', type=int, default=None, help="Number of days to look back for signals (optional)")
+    parser.add_argument('--status', nargs='+', default=None, help="Signal statuses to filter by (e.g. Draft Approved). Optional.")
+    parser.add_argument('--limit', type=int, default=None, help="Maximum number of signals to include (optional)")
+    parser.add_argument('--smtp-server', type=str, default='smtp.office365.com', help="SMTP server address")
+    parser.add_argument('--smtp-port', type=int, default=587, help="SMTP server port")
+    parser.add_argument('--smtp-user', type=str, required=True, help="SMTP username (your email)")
+    parser.add_argument('--smtp-password', type=str, required=True, help="SMTP password (or app password)")
+    parser.add_argument('--test', action='store_true', help="Run in test mode (adds [TEST] to the subject line)")
+    args = parser.parse_args()
+
+    subject = "UNDP Futures Weekly Digest"
+    if args.test:
+        subject = f"[TEST] {subject}"
+
+    # Validate email addresses
+    for email in args.recipients:
+        if "@" not in email:
+            logger.error(f"Invalid email address: {email}")
+            sys.exit(1)
+
+    # Map status strings to Status enum if provided
+    status_enum = None
+    if args.status:
+        from src.services.weekly_digest import Status
+        status_enum = [Status(s) for s in args.status]
+
+    # Generate digest HTML
+    html_content = asyncio.run(generate_digest_html(days=args.days, status=status_enum, limit=args.limit))
+
+    # Send email via SMTP
+    send_email_smtp(
+        smtp_server=args.smtp_server,
+        smtp_port=args.smtp_port,
+        username=args.smtp_user,
+        password=args.smtp_password,
+        to_emails=args.recipients,
+        subject=subject,
+        html_content=html_content
+    )
+
+if __name__ == "__main__":
+    main() 

scripts/test_direct_email.py

@@ -0,0 +1,151 @@
+#!/usr/bin/env python
+"""
+Direct test script for sending emails using Graph API.
+This bypasses the normal email service for testing purposes.
+"""
+
+import os
+import sys
+import asyncio
+import logging
+from datetime import datetime
+from dotenv import load_dotenv
+
+# Add the parent directory to sys.path
+parent_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), '..'))
+sys.path.insert(0, parent_dir)
+
+# Load environment variables
+env_file = os.path.join(parent_dir, '.env.local')
+if os.path.exists(env_file):
+    load_dotenv(env_file)
+    print(f"Loaded environment from {env_file}")
+else:
+    print(f"Warning: {env_file} not found")
+
+# Import our direct authentication module
+from src.services.graph_direct_auth import GraphDirectAuth
+
+# Set up logging
+logging.basicConfig(
+    level=logging.DEBUG,
+    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
+    handlers=[
+        logging.StreamHandler()
+    ]
+)
+logger = logging.getLogger(__name__)
+
+async def test_direct_email(to_email: str) -> None:
+    """Send a test email using direct Graph API authentication"""
+    try:
+        print(f"\nSending test email to {to_email}...")
+        
+        # Get sender email from environment
+        from_email = os.getenv('MS_FROM_EMAIL', 'exo.futures.curators@undp.org')
+        
+        # Create the GraphDirectAuth client
+        graph_auth = GraphDirectAuth()
+        
+        # Create HTML content with current timestamp
+        timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
+        
+        html_content = f"""
+        <!DOCTYPE html>
+        <html>
+        <head>
+            <meta charset="utf-8">
+            <meta name="viewport" content="width=device-width, initial-scale=1.0">
+            <title>UNDP Futures - Direct Test Email</title>
+            <style>
+                body {{
+                    font-family: Arial, sans-serif;
+                    line-height: 1.6;
+                    color: #333;
+                    max-width: 600px;
+                    margin: 0 auto;
+                    padding: 20px;
+                }}
+                .header {{
+                    background-color: #0768AC;
+                    color: white;
+                    padding: 20px;
+                    text-align: center;
+                    margin-bottom: 20px;
+                }}
+                .content {{
+                    padding: 20px;
+                    background-color: #f5f5f5;
+                    border-left: 4px solid #0768AC;
+                }}
+                .footer {{
+                    margin-top: 30px;
+                    padding-top: 15px;
+                    border-top: 1px solid #ddd;
+                    font-size: 0.9em;
+                    color: #666;
+                    text-align: center;
+                }}
+            </style>
+        </head>
+        <body>
+            <div class="header">
+                <h1>UNDP Futures - Direct Test Email</h1>
+            </div>
+            
+            <div class="content">
+                <h2>Direct Graph API Email Test</h2>
+                <p>This is a test email sent using direct Graph API authentication.</p>
+                <p>If you're receiving this, it means the email configuration is working!</p>
+                <p>Sent at: {timestamp}</p>
+                <p>Configuration:</p>
+                <ul>
+                    <li>From Email: {from_email}</li>
+                    <li>To Email: {to_email}</li>
+                    <li>Tenant ID: {os.getenv('TENANT_ID')}</li>
+                </ul>
+            </div>
+            
+            <div class="footer">
+                <p>This is a test email from the UNDP Futures platform.</p>
+                <p>&copy; United Nations Development Programme</p>
+            </div>
+        </body>
+        </html>
+        """
+        
+        # Send the email
+        success = await graph_auth.send_email(
+            from_email=from_email,
+            to_emails=[to_email],
+            subject=f"[TEST] UNDP Futures - Direct Email Test ({timestamp})",
+            content=html_content,
+            content_type="HTML"
+        )
+        
+        if success:
+            print("\n=====================================================")
+            print(f"✅ Test email successfully sent to {to_email}!")
+            print("=====================================================\n")
+        else:
+            print("\n=====================================================")
+            print(f"❌ Failed to send test email to {to_email}")
+            print("=====================================================\n")
+            
+    except Exception as e:
+        logger.error(f"Error in test_direct_email: {str(e)}", exc_info=True)
+        print("\n=====================================================")
+        print(f"❌ Error sending test email: {str(e)}")
+        print("=====================================================\n")
+
+def main():
+    """Main entry point"""
+    if len(sys.argv) < 2:
+        print("Usage: python test_direct_email.py <recipient_email>")
+        sys.exit(1)
+        
+    recipient_email = sys.argv[1]
+    asyncio.run(test_direct_email(recipient_email))
+
+if __name__ == "__main__":
+    main()

scripts/test_email.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+# Test script to run the email digest in the correct virtual environment
+
+# Change to the project directory
+cd "$(dirname "$0")/.."
+
+# Activate the virtual environment
+source venv/bin/activate
+
+# Run the digest script with test parameters
+python scripts/send_digest.py --recipients andrew.maguire@undp.org --days 14 --test
+
+# Deactivate the virtual environment
+deactivate

src/database/users.py

@@ -36,8 +36,8 @@ async def search_users(cursor: AsyncCursor, filters: UserFilters) -> UserPage:
     params = filters.model_dump()
 
     # Only add roles filter if present and non-empty
-    if getattr(filters, "roles", None):
-        where_clauses.append("role = ANY(%(roles)s)")
+    # if getattr(filters, "roles", None):
+    #     where_clauses.append("role = ANY(%(roles)s)")
 
     # Always allow searching by query
     where_clauses.append("(%(query)s IS NULL OR name ~* %(query)s)")