darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-22 03:15:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
203393de235631db0ce3c38dec85da170a634fba
notifications-admin/tests/app/main/views/test_two_factor.py

307 lines
9.5 KiB
Python
Raw Normal View History

alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
from bs4 import BeautifulSoup
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from flask import url_for
define isort first party (app and tests) we were seeing isort produce different outputs locally and in docker - this was due to it having different opinions about whether the tests module (ie all our unit tests) is a first party (local) or third party (pip installed) import. It's a first party import, so by defining this in the setup.cfg isort settings, we can force it to be consistent between environments. Note: I don't know why it was different in the first place though
2018-04-25 14:12:58 +01:00
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
from tests.conftest import (
SERVICE_ONE_ID,
normalize_spaces,
set_config,
url_for_endpoint_with_token,
)
Record login including remembered user login events to the api based of flask login signals.
2016-04-27 16:39:17 +01:00
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_render_two_factor_page(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user_by_email,
):
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
# TODO this lives here until we work out how to
# reassign the session after it is lost mid register process
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.get(url_for('main.two_factor'))
assert response.status_code == 200
Enable numeric keypad for text message code If you’re signing in on a phone, it’s easier to type the two factor code with a numeric keypad. The most reliable way to get the numeric keypad to show up on multiple devices is: - `type='tel'` (not `type='number'` because that’s only meant for numbers, not string of digits, ie `01234` is not a number) - `pattern='[0-9]*'`, without which it doesn’t work on iOS Based on the guidance here: - https://github.com/alphagov/govuk-design-system-backlog/issues/74 - https://docs.google.com/document/d/1wozIhOdt6wvlgqVReauUnlsJI-3fqUlNuQFwUI7tqAA/edit
2018-05-07 22:26:24 +01:00
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert page.select_one('main p').text.strip() == (
'Weve sent you a text message with a security code.'
)
Refactor `sms_code` functionality into the class So it’s all in one place, not two.
2018-05-07 22:57:18 +01:00
assert page.select_one('label').text.strip(
'Text message code'
)
Enable numeric keypad for text message code If you’re signing in on a phone, it’s easier to type the two factor code with a numeric keypad. The most reliable way to get the numeric keypad to show up on multiple devices is: - `type='tel'` (not `type='number'` because that’s only meant for numbers, not string of digits, ie `01234` is not a number) - `pattern='[0-9]*'`, without which it doesn’t work on iOS Based on the guidance here: - https://github.com/alphagov/govuk-design-system-backlog/issues/74 - https://docs.google.com/document/d/1wozIhOdt6wvlgqVReauUnlsJI-3fqUlNuQFwUI7tqAA/edit
2018-05-07 22:26:24 +01:00
assert page.select_one('input')['type'] == 'tel'
assert page.select_one('input')['pattern'] == '[0-9]*'
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_and_should_redirect_to_next_url(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
Remove dashboard from dashboard URL It’s weird that `/services/<service_id>` returns `404`. The home page for every service is the dashboard – should be possible to get there from any other page just by stemming the URL. Also makes it consistent with organisations, which will have `/organisations/<org_id>`.
2018-02-14 10:38:00 +00:00
response = client.post(url_for('main.two_factor', next='/services/{}'.format(SERVICE_ONE_ID)),
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True
Add flake8 linting to project The GDS Way™[1] recommends using Flake8 to lint Python projects. This commit takes the Flake8 config from Digital Marketplace API[2] and removes the bits we don’t need. It changes the `max_complexity` setting to 14, which is the most complex code we have in this repo currently (we shouldn’t be writing code _more_ complex than what we already have). This commit also fixes the errors found by Flake8, which includes 6(!) tests which were never getting run because they had the same names as existing tests. Here is a full list of the errors that were found and fixed: ``` ./app/__init__.py:2:1: F401 're' imported but unused ./app/__init__.py:4:1: F401 'json' imported but unused ./app/__init__.py:8:1: F401 'dateutil' imported but unused ./app/__init__.py:11:1: F401 'flask.escape' imported but unused ./app/__init__.py:41:1: F401 'app.proxy_fix' imported but unused ./app/__init__.py:129:5: F821 undefined name 'proxy_fix' ./app/__init__.py:221:19: F821 undefined name 'highlight' ./app/__init__.py:221:35: F821 undefined name 'JavascriptLexer' ./app/__init__.py:221:54: F821 undefined name 'HtmlFormatter' ./app/config.py:2:1: F401 'datetime.timedelta' imported but unused ./app/event_handlers.py:2:1: F401 'flask_login.current_user' imported but unused ./app/utils.py:11:1: F401 'dateutil.parser' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.two_factor' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.notifications' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.add_service' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.forgot_password' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.inbound_number' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.styleguide' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.organisations' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.letter_jobs' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.verify' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.conversation' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.api_keys' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.send' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.dashboard' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.jobs' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.manage_users' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.sign_in' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.sign_out' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.code_not_received' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.invites' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.platform_admin' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.providers' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.service_settings' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.index' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.new_password' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.user_profile' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.feedback' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.choose_service' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.templates' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.register' imported but unused ./app/main/forms.py:12:1: F401 'wtforms.SelectField' imported but unused ./app/main/views/api_keys.py:37:29: E241 multiple spaces after ':' ./app/main/views/feedback.py:3:1: F401 'flask.flash' imported but unused ./app/main/views/feedback.py:122:17: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/inbound_number.py:1:1: F401 'flask.url_for' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.session' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.redirect' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.request' imported but unused ./app/main/views/inbound_number.py:13:1: F401 'flask.jsonify' imported but unused ./app/main/views/jobs.py:31:1: F401 'app.utils.get_template' imported but unused ./app/main/views/letter_jobs.py:1:1: F401 'datetime' imported but unused ./app/main/views/letter_jobs.py:6:1: F401 'app.format_datetime_24h' imported but unused ./app/main/views/manage_users.py:111:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/notifications.py:121:5: F841 local variable 'status_args' is assigned to but never used ./app/main/views/organisations.py:1:1: F401 'flask.request' imported but unused ./app/main/views/service_settings.py:77:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/service_settings.py:82:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/service_settings.py:420:13: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/sign_in.py:12:1: F401 'flask_login.confirm_login' imported but unused ./app/main/views/sign_in.py:17:1: F401 'app.service_api_client' imported but unused ./app/main/views/sign_in.py:62:13: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/templates.py:4:1: F401 'flask.json' imported but unused ./app/main/views/templates.py:17:1: F401 'notifications_utils.formatters.escape_html' imported but unused ./app/main/views/templates.py:23:1: F401 'app.utils.get_help_argument' imported but unused ./app/main/views/templates.py:64:13: E123 closing bracket does not match indentation of opening bracket's line ./app/notify_client/service_api_client.py:6:1: F401 '.notification_api_client' imported but unused ./app/notify_client/user_api_client.py:1:1: F401 'uuid' imported but unused ./app/notify_client/user_api_client.py:3:1: F401 'flask.session' imported but unused ./tests/__init__.py:1:1: F401 'csv' imported but unused ./tests/app/main/test_asset_fingerprinter.py:2:1: F401 'os' imported but unused ./tests/app/main/test_asset_fingerprinter.py:4:1: F401 'unittest.mock' imported but unused ./tests/app/main/test_asset_fingerprinter.py:98:9: F841 local variable 'string_with_unicode_character' is assigned to but never used ./tests/app/main/test_errorhandlers.py:2:1: F401 'flask.url_for' imported but unused ./tests/app/main/test_permissions.py:26:13: F841 local variable 'response' is assigned to but never used ./tests/app/main/test_placeholder_form.py:3:1: F401 'wtforms.Label' imported but unused ./tests/app/main/test_placeholder_form.py:11:10: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:10:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:23:65: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:37:48: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:51:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:65:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/views/test_accept_invite.py:356:5: F841 local variable 'element' is assigned to but never used ./tests/app/main/views/test_activity.py:11:1: F811 redefinition of unused 'mock_get_notifications' from line 11 ./tests/app/main/views/test_activity.py:18:1: F401 'datetime.datetime' imported but unused ./tests/app/main/views/test_activity.py:102:5: F841 local variable 'content' is assigned to but never used ./tests/app/main/views/test_activity.py:104:5: F841 local variable 'notification' is assigned to but never used ./tests/app/main/views/test_activity.py:337:5: F841 local variable '_notifications_mock' is assigned to but never used ./tests/app/main/views/test_activity.py:373:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_activity.py:378:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_activity.py:404:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_activity.py:407:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_api_keys.py:354:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_conversation.py:5:1: F401 'bs4.BeautifulSoup' imported but unused ./tests/app/main/views/test_conversation.py:198:5: F841 local variable 'mock_get_inbound_sms' is assigned to but never used ./tests/app/main/views/test_dashboard.py:53:5: F841 local variable 'mock_template_stats' is assigned to but never used ./tests/app/main/views/test_dashboard.py:72:5: F841 local variable 'mock_template_stats' is assigned to but never used ./tests/app/main/views/test_jobs.py:2:1: F401 'uuid' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.urlparse' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.quote' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.parse_qs' imported but unused ./tests/app/main/views/test_jobs.py:9:1: F401 'app.main.views.jobs.get_status_filters' imported but unused ./tests/app/main/views/test_jobs.py:10:1: F401 'tests.notification_json' imported but unused ./tests/app/main/views/test_letters.py:6:1: F401 'tests.service_json' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.REQUESTED_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.DELIVERED_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.SENDING_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.FAILURE_STATUSES' imported but unused ./tests/app/main/views/test_platform_admin.py:242:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_platform_admin.py:247:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:3:1: F401 'unittest.mock.Mock' imported but unused ./tests/app/main/views/test_send.py:18:1: F811 redefinition of unused 'mock_get_service' from line 18 ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.multiple_letter_contact_blocks' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.no_sms_senders' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.multiple_sms_senders' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.no_letter_contact_blocks' imported but unused ./tests/app/main/views/test_send.py:102:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_send.py:870:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_send.py:1367:5: F841 local variable 'service_id' is assigned to but never used ./tests/app/main/views/test_send.py:1451:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:1620:80: E226 missing whitespace around arithmetic operator ./tests/app/main/views/test_send.py:1909:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:1912:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_service_settings.py:13:1: F811 redefinition of unused 'no_reply_to_email_addresses' from line 13 ./tests/app/main/views/test_service_settings.py:13:1: F401 'tests.conftest.single_reply_to_email_address' imported but unused ./tests/app/main/views/test_service_settings.py:28:5: E123 closing bracket does not match indentation of opening bracket's line ./tests/app/main/views/test_service_settings.py:104:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:166:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:186:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:217:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:237:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:257:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:307:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:340:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:466:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:555:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:615:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:719:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:874:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:902:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:954:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:986:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1101:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1121:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1271:1: F811 redefinition of unused 'test_set_letter_contact_block_saves' from line 1189 ./tests/app/main/views/test_service_settings.py:1433:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1495:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1540:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1570:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1589:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1621:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1641:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1658:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1676:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1697:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1759:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1775:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_templates.py:3:1: F401 'uuid' imported but unused ./tests/app/main/views/test_templates.py:11:1: F401 'tests.conftest.mock_get_user' imported but unused ./tests/app/main/views/test_templates.py:514:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:672:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:795:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:835:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_two_factor.py:67:13: E126 continuation line over-indented for hanging indent ./tests/app/notify_client/test_notification_client.py:79:5: F841 local variable 'mock_post' is assigned to but never used ``` 1. https://gds-way.cloudapps.digital/manuals/programming-languages/python/linting.html#how-to-use-flake8 2. https://github.com/alphagov/digitalmarketplace-api/blob/d5ab8afef4a0472f9d266d94ab4ffe1333a9aaad/.flake8
2017-10-18 14:51:26 +01:00
)
The verify view was not passing along the next param to the two factor view. Now if it is passed and it is a url on the same domain that request originates from then it is used.
2016-03-14 16:30:48 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_and_not_redirect_to_external_url(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor', next='http://www.google.com'),
data={'sms_code': '12345'})
assert response.status_code == 302
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
assert response.location == url_for('main.show_accounts_or_dashboard', _external=True)
Skip ‘choose service’ page if user has one service We used to do this by redirecting on the choose service page. However when we lost the dropdown and this page also became the page for adding a new service (in 3617f2e936aadbdf71d582e58d88a16629ee5ca2) the redirect was removed. This commit re-adds the redirect on the two factor page, so that it only happens on first login. So the flows are: **Multiple services** ``` `Sign in` → `Enter two factor code` → `Choose service` → `Service dashboard` ``` **One service** ``` `Sign in` → `Enter two factor code` → `Service dashboard` ``` **No services (you’ve deleted all your services)** `Sign in` → `Enter two factor code` → `Choose service` → `Add new service`
2016-02-05 14:25:48 +00:00
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
def test_should_login_user_and_redirect_to_show_accounts(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
109638656: Implement two factor verify flow When user enters valid sms code they are redirected to the dashboard. Otherwise, form errors are present.
2015-12-08 12:36:54 +00:00
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
assert response.status_code == 302
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
assert response.location == url_for('main.show_accounts_or_dashboard', _external=True)
109638656: Implement two factor verify flow When user enters valid sms code they are redirected to the dashboard. Otherwise, form errors are present.
2015-12-08 12:36:54 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_return_200_with_sms_code_error_when_sms_code_is_wrong(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user_by_email,
mock_check_verify_code_code_not_found,
):
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '23456'})
assert response.status_code == 200
assert 'Code not found' in response.get_data(as_text=True)
110880218: Completed implementation of resend the verificaton code
2015-12-31 13:16:59 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_when_multiple_valid_codes_exist(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '23456'})
assert response.status_code == 302
Remember me functionality added and tested. Merge extra. Fixed comment.
2016-02-23 15:45:19 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_two_factor_should_set_password_when_new_password_exists_in_session(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_check_verify_code,
mock_get_services_with_one_service,
Update two-factor to use new update password endpoint and refactor tests
2017-02-20 14:55:28 +00:00
mock_update_user_password,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address,
'password': 'changedpassword'}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 302
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
assert response.location == url_for('main.show_accounts_or_dashboard', _external=True)
Update two-factor to use new update password endpoint and refactor tests
2017-02-20 14:55:28 +00:00
mock_update_user_password.assert_called_once_with(api_user_active.id, password='changedpassword')
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
def test_two_factor_returns_error_when_user_is_locked(
client,
api_user_locked,
mock_get_locked_user,
Fix the user flow when the user account is locked. The user has 10 tries at the password, after which the account is locked. The same is true for the verify code, the user will have 10 tries before the user account is locked.
2017-02-28 14:41:31 +00:00
mock_check_verify_code_code_not_found,
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
mock_get_services_with_one_service
):
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_locked.id,
'email': api_user_locked.email_address,
}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 200
assert 'Code not found' in response.get_data(as_text=True)
In case user details were not in session the redirect did not use url_for to redirect to sign in.
2016-06-06 14:46:16 +01:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_two_factor_should_redirect_to_sign_in_if_user_not_in_session(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
):
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for('main.sign_in', _external=True)
- Add test to check that two-factor auth activates a user as expected - Ensure DB user activation statusupdate only executed when required - Fix test_should_activate_user_after_verify
2016-09-09 15:22:56 +01:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_two_factor_should_activate_pending_user(
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
client,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
mocker,
api_user_pending,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
replace user PUT with POSTs the update_user fn was used in two places, for things that are handled fine by update_user_attribute. Reduce complexity in the API by killing the PUT, which is more dangerous (might silently overwrite things that shouldn't be, like "last_logged_in_at" etc). Had to change the code not received mobile number form, and the activate user function.
2017-11-09 12:30:12 +00:00
mock_activate_user,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
- Add test to check that two-factor auth activates a user as expected - Ensure DB user activation statusupdate only executed when required - Fix test_should_activate_user_after_verify
2016-09-09 15:22:56 +01:00
mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
mocker.patch('app.service_api_client.get_services', return_value={'data': []})
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_pending.id,
'email_address': api_user_pending.email_address
}
client.post(url_for('main.two_factor'), data={'sms_code': '12345'})
replace user PUT with POSTs the update_user fn was used in two places, for things that are handled fine by update_user_attribute. Reduce complexity in the API by killing the PUT, which is more dangerous (might silently overwrite things that shouldn't be, like "last_logged_in_at" etc). Had to change the code not received mobile number form, and the activate user function.
2017-11-09 12:30:12 +00:00
assert mock_activate_user.called
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
assert api_user_pending.is_active
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_valid_two_factor_email_link_logs_in_user(
client,
valid_token,
mock_get_user,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mocker,
mock_create_event,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
mocker.patch('app.user_api_client.check_verify_code', return_value=(True, ''))
response = client.get(
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token),
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
assert response.status_code == 302
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
assert response.location == url_for('main.show_accounts_or_dashboard', _external=True)
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_has_expired(
app_,
valid_token,
client,
mock_send_verify_code,
fake_uuid
):
with set_config(app_, 'EMAIL_2FA_EXPIRY_SECONDS', -1):
response = client.get(
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token),
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
follow_redirects=True,
)
assert response.status_code == 200
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
assert page.h1.text.strip() == 'The link has expired'
mock_send_verify_code.assert_not_called
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_is_invalid(
client
):
token = 12345
response = client.get(
url_for('main.two_factor_email', token=token),
follow_redirects=True
)
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert normalize_spaces(
page.select_one('.banner-dangerous').text
) == "Theres something wrong with the link youve used."
assert response.status_code == 404
def test_two_factor_email_link_is_already_used(
client,
valid_token,
Updated code used flow
2017-11-09 17:06:24 +00:00
mocker,
mock_send_verify_code
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
mocker.patch('app.user_api_client.check_verify_code', return_value=(False, 'Code has expired'))
response = client.get(
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token),
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
follow_redirects=True
)
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert response.status_code == 200
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
assert page.h1.text.strip() == 'The link has expired'
mock_send_verify_code.assert_not_called
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_when_user_is_locked_out(
client,
valid_token,
Updated code used flow
2017-11-09 17:06:24 +00:00
mocker,
mock_send_verify_code
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
mocker.patch('app.user_api_client.check_verify_code', return_value=(False, 'Code not found'))
response = client.get(
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token),
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
follow_redirects=True
)
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert response.status_code == 200
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
assert page.h1.text.strip() == 'The link has expired'
mock_send_verify_code.assert_not_called
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_used_when_user_already_logged_in(
logged_in_client,
valid_token
):
response = logged_in_client.get(
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token)
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
assert response.status_code == 302
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
assert response.location == url_for('main.show_accounts_or_dashboard', _external=True)
Reference in New Issue Copy Permalink