tests/app/main/test_errorhandlers.py

import pytest
from flask import Response, url_for
from flask_wtf.csrf import CSRFError
from notifications_python_client.errors import HTTPError


def test_bad_url_returns_page_not_found(client_request):
    page = client_request.get_url(
        "/bad_url",
        _expected_status=404,
    )
    assert page.h1.string.strip() == "Page not found"
    assert page.title.string.strip() == "Page not found – Notify.gov"


def test_load_service_before_request_handles_404(client_request, mocker):
    exc = HTTPError(Response(status=404), "Not found")
    get_service = mocker.patch("app.service_api_client.get_service", side_effect=exc)

    client_request.get(
        "main.service_dashboard",
        service_id="00000000-0000-0000-0000-000000000000",
        _expected_status=404,
    )

    get_service.assert_called_once_with("00000000-0000-0000-0000-000000000000")


@pytest.mark.parametrize(
    "url",
    [
        "/new-password/MALFORMED_TOKEN",
        "/user-profile/email/confirm/MALFORMED_TOKEN",
        "/verify-email/MALFORMED_TOKEN",
    ],
)
def test_malformed_token_returns_page_not_found(client_request, url):
    page = client_request.get_url(url, _expected_status=404)

    assert page.h1.string.strip() == "Page not found"
    flash_banner = page.find("div", class_="banner-dangerous").string.strip()
    assert flash_banner == "There’s something wrong with the link you’ve used."
    assert page.title.string.strip() == "Page not found – Notify.gov"


def test_csrf_returns_400(client_request, mocker):
    # we turn off CSRF handling for tests, so fake a CSRF response here.
    csrf_err = CSRFError("400 Bad Request: The CSRF tokens do not match.")
    mocker.patch("app.main.views.index.render_template", side_effect=csrf_err)

    page = client_request.get_url(
        "/privacy",
        _expected_status=400,
        _test_page_title=False,
    )

    assert (
        page.h1.string.strip()
        == "Sorry, we can't deliver what you asked for right now."
    )
    assert (
        page.title.string.strip()
        == "Sorry, there’s a problem with the service – Notify.gov"
    )


def test_csrf_redirects_to_sign_in_page_if_not_signed_in(client_request, mocker):
    csrf_err = CSRFError("400 Bad Request: The CSRF tokens do not match.")
    mocker.patch("app.main.views.index.render_template", side_effect=csrf_err)

    mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user")
    client_request.logout()
    client_request.get_url(
        "/privacy",
        _expected_redirect=url_for("main.sign_in", next="/privacy"),
    )


def test_405_returns_something_went_wrong_page(client_request, mocker):
    page = client_request.post_url("/", _expected_status=405)

    assert (
        page.h1.string.strip()
        == "Sorry, we can't deliver what you asked for right now."
    )
    assert (
        page.title.string.strip()
        == "Sorry, there’s a problem with the service – Notify.gov"
    )
-												add error handler that catches invalid tokens, and returns 404

											
										
										
											2017-11-01 15:47:05 +00:00
+								import pytest
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								from flask import Response, url_for
 								from flask_wtf.csrf import CSRFError
-												make sure load_service_before_request handles 404s

if it 404s, because the service id doesn't exist, then it should die
gracefully (showing a 404 error page), rather than what it currently
does, which is die kicking and screaming with a 500

											
										
										
											2017-10-30 16:59:24 +00:00
+								from notifications_python_client.errors import HTTPError
-												Fix bug in error handlers.
Correct spelling error

											
										
										
											2016-03-11 10:16:06 +00:00
-												Replace uses of `client.get` and `client.post`

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `client`. This is
not as good because it:
- returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests which had a `client.get(…)` or
`client.post(…)` statement to use their equivalents on `client_request`
instead.

Subsequent commits will remove uses of `client` in other tests, but
doing it this way means the work can be broken up into more manageable
chunks.

											
										
										
											2022-01-04 15:40:42 +00:00
+								def test_bad_url_returns_page_not_found(client_request):
 								    page = client_request.get_url(
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								        "/bad_url",
-												Replace uses of `client.get` and `client.post`

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `client`. This is
not as good because it:
- returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests which had a `client.get(…)` or
`client.post(…)` statement to use their equivalents on `client_request`
instead.

Subsequent commits will remove uses of `client` in other tests, but
doing it this way means the work can be broken up into more manageable
chunks.

											
										
										
											2022-01-04 15:40:42 +00:00
+								        _expected_status=404,
 								    )
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    assert page.h1.string.strip() == "Page not found"
 								    assert page.title.string.strip() == "Page not found – Notify.gov"
-												make sure load_service_before_request handles 404s

if it 404s, because the service id doesn't exist, then it should die
gracefully (showing a 404 error page), rather than what it currently
does, which is die kicking and screaming with a 500

											
										
										
											2017-10-30 16:59:24 +00:00
 								def test_load_service_before_request_handles_404(client_request, mocker):
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    exc = HTTPError(Response(status=404), "Not found")
 								    get_service = mocker.patch("app.service_api_client.get_service", side_effect=exc)
-												make sure load_service_before_request handles 404s

if it 404s, because the service id doesn't exist, then it should die
gracefully (showing a 404 error page), rather than what it currently
does, which is die kicking and screaming with a 500

											
										
										
											2017-10-30 16:59:24 +00:00
 								    client_request.get(
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								        "main.service_dashboard",
 								        service_id="00000000-0000-0000-0000-000000000000",
 								        _expected_status=404,
-												make sure load_service_before_request handles 404s

if it 404s, because the service id doesn't exist, then it should die
gracefully (showing a 404 error page), rather than what it currently
does, which is die kicking and screaming with a 500

											
										
										
											2017-10-30 16:59:24 +00:00
+								    )
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    get_service.assert_called_once_with("00000000-0000-0000-0000-000000000000")
-												Merge branch 'master' into load-service-err
											
										
										
											2017-11-01 16:43:51 +00:00
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								@pytest.mark.parametrize(
 								    "url",
 								    [
 								        "/new-password/MALFORMED_TOKEN",
 								        "/user-profile/email/confirm/MALFORMED_TOKEN",
 								        "/verify-email/MALFORMED_TOKEN",
 								    ],
 								)
-												Stop using `logged_in_client` fixture

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `logged_in_client`.
This is not as good because:
- it returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests using `logged_in_client` to:
use `client_request` instead.

											
										
										
											2021-12-31 12:08:14 +00:00
+								def test_malformed_token_returns_page_not_found(client_request, url):
 								    page = client_request.get_url(url, _expected_status=404)
-												add error handler that catches invalid tokens, and returns 404

											
										
										
											2017-11-01 15:47:05 +00:00
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    assert page.h1.string.strip() == "Page not found"
 								    flash_banner = page.find("div", class_="banner-dangerous").string.strip()
-												add error handler that catches invalid tokens, and returns 404

											
										
										
											2017-11-01 15:47:05 +00:00
+								    assert flash_banner == "There’s something wrong with the link you’ve used."
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    assert page.title.string.strip() == "Page not found – Notify.gov"
-												error handlers should not raise. Not even `abort(400)`s.

Refactor csrf handler into the normal error handler area, and then add
some tests to make sure it does the right thing. Also, change it back
to a 400, because the 403 err page talks about being in the wrong
place, but this is about sending the wrong data through, even though
it's technically a 403. Will need to think about wording but this is a
fine first pass

											
										
										
											2017-11-28 12:11:29 +00:00
-												Stop using `logged_in_client` fixture

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `logged_in_client`.
This is not as good because:
- it returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests using `logged_in_client` to:
use `client_request` instead.

											
										
										
											2021-12-31 12:08:14 +00:00
+								def test_csrf_returns_400(client_request, mocker):
-												error handlers should not raise. Not even `abort(400)`s.

Refactor csrf handler into the normal error handler area, and then add
some tests to make sure it does the right thing. Also, change it back
to a 400, because the 403 err page talks about being in the wrong
place, but this is about sending the wrong data through, even though
it's technically a 403. Will need to think about wording but this is a
fine first pass

											
										
										
											2017-11-28 12:11:29 +00:00
+								    # we turn off CSRF handling for tests, so fake a CSRF response here.
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    csrf_err = CSRFError("400 Bad Request: The CSRF tokens do not match.")
 								    mocker.patch("app.main.views.index.render_template", side_effect=csrf_err)
-												error handlers should not raise. Not even `abort(400)`s.

Refactor csrf handler into the normal error handler area, and then add
some tests to make sure it does the right thing. Also, change it back
to a 400, because the 403 err page talks about being in the wrong
place, but this is about sending the wrong data through, even though
it's technically a 403. Will need to think about wording but this is a
fine first pass

											
										
										
											2017-11-28 12:11:29 +00:00
-												Stop using `logged_in_client` fixture

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `logged_in_client`.
This is not as good because:
- it returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests using `logged_in_client` to:
use `client_request` instead.

											
										
										
											2021-12-31 12:08:14 +00:00
+								    page = client_request.get_url(
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								        "/privacy",
-												Stop using `logged_in_client` fixture

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `logged_in_client`.
This is not as good because:
- it returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests using `logged_in_client` to:
use `client_request` instead.

											
										
										
											2021-12-31 12:08:14 +00:00
+								        _expected_status=400,
 								        _test_page_title=False,
 								    )
-												error handlers should not raise. Not even `abort(400)`s.

Refactor csrf handler into the normal error handler area, and then add
some tests to make sure it does the right thing. Also, change it back
to a 400, because the 403 err page talks about being in the wrong
place, but this is about sending the wrong data through, even though
it's technically a 403. Will need to think about wording but this is a
fine first pass

											
										
										
											2017-11-28 12:11:29 +00:00
-												Fixing tests

											
										
										
											2023-11-01 13:06:29 -04:00
+								    assert (
 								        page.h1.string.strip()
 								        == "Sorry, we can't deliver what you asked for right now."
 								    )
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    assert (
 								        page.title.string.strip()
 								        == "Sorry, there’s a problem with the service – Notify.gov"
 								    )
-												error handlers should not raise. Not even `abort(400)`s.

Refactor csrf handler into the normal error handler area, and then add
some tests to make sure it does the right thing. Also, change it back
to a 400, because the 403 err page talks about being in the wrong
place, but this is about sending the wrong data through, even though
it's technically a 403. Will need to think about wording but this is a
fine first pass

											
										
										
											2017-11-28 12:11:29 +00:00
-												Replace uses of `client.get` and `client.post`

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `client`. This is
not as good because it:
- returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests which had a `client.get(…)` or
`client.post(…)` statement to use their equivalents on `client_request`
instead.

Subsequent commits will remove uses of `client` in other tests, but
doing it this way means the work can be broken up into more manageable
chunks.

											
										
										
											2022-01-04 15:40:42 +00:00
+								def test_csrf_redirects_to_sign_in_page_if_not_signed_in(client_request, mocker):
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    csrf_err = CSRFError("400 Bad Request: The CSRF tokens do not match.")
 								    mocker.patch("app.main.views.index.render_template", side_effect=csrf_err)
-												error handlers should not raise. Not even `abort(400)`s.

Refactor csrf handler into the normal error handler area, and then add
some tests to make sure it does the right thing. Also, change it back
to a 400, because the 403 err page talks about being in the wrong
place, but this is about sending the wrong data through, even though
it's technically a 403. Will need to think about wording but this is a
fine first pass

											
										
										
											2017-11-28 12:11:29 +00:00
-												ugh

											
										
										
											2024-07-11 09:38:32 -07:00
+								    mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user")
-												Replace uses of `client.get` and `client.post`

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `client`. This is
not as good because it:
- returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests which had a `client.get(…)` or
`client.post(…)` statement to use their equivalents on `client_request`
instead.

Subsequent commits will remove uses of `client` in other tests, but
doing it this way means the work can be broken up into more manageable
chunks.

											
										
										
											2022-01-04 15:40:42 +00:00
+								    client_request.logout()
 								    client_request.get_url(
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								        "/privacy",
 								        _expected_redirect=url_for("main.sign_in", next="/privacy"),
-												Replace uses of `client.get` and `client.post`

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `client`. This is
not as good because it:
- returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests which had a `client.get(…)` or
`client.post(…)` statement to use their equivalents on `client_request`
instead.

Subsequent commits will remove uses of `client` in other tests, but
doing it this way means the work can be broken up into more manageable
chunks.

											
										
										
											2022-01-04 15:40:42 +00:00
+								    )
-												handle 405 METHOD NOT ALLOWEDs

(show the "something went wrong" error page).

also catch any other werkzeug http exceptions and show an appropriate
template, if it exists

											
										
										
											2018-06-22 17:36:58 +01:00
-												Replace uses of `client.get` and `client.post`

We have a `client_request` fixture which does a bunch of useful stuff
like:
- checking the status code of the response
- returning a `BeautifulSoup` object

Lots of our tests still use an older fixture called `client`. This is
not as good because it:
- returns a raw `Response` object
- doesn’t do the additional checks
- means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')`

This commit converts all the tests which had a `client.get(…)` or
`client.post(…)` statement to use their equivalents on `client_request`
instead.

Subsequent commits will remove uses of `client` in other tests, but
doing it this way means the work can be broken up into more manageable
chunks.

											
										
										
											2022-01-04 15:40:42 +00:00
+								def test_405_returns_something_went_wrong_page(client_request, mocker):
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    page = client_request.post_url("/", _expected_status=405)
-												handle 405 METHOD NOT ALLOWEDs

(show the "something went wrong" error page).

also catch any other werkzeug http exceptions and show an appropriate
template, if it exists

											
										
										
											2018-06-22 17:36:58 +01:00
-												Fixing tests

											
										
										
											2023-11-01 13:06:29 -04:00
+								    assert (
 								        page.h1.string.strip()
 								        == "Sorry, we can't deliver what you asked for right now."
 								    )
-												notify-api-412 use black to enforce python coding style

											
										
										
											2023-08-25 09:12:23 -07:00
+								    assert (
 								        page.title.string.strip()
 								        == "Sorry, there’s a problem with the service – Notify.gov"
 								    )