tests/app/main/views/test_verify.py

import json
import uuid

from bs4 import BeautifulSoup
from flask import url_for
from itsdangerous import SignatureExpired

from tests.conftest import normalize_spaces


def test_should_return_verify_template(
    client,
    api_user_active,
    mock_send_verify_code,
):
    # TODO this lives here until we work out how to
    # reassign the session after it is lost mid register process
    with client.session_transaction() as session:
        session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
    response = client.get(url_for('main.verify'))
    assert response.status_code == 200

    page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
    assert page.h1.text == 'Check your phone'
    message = page.find_all('p')[1].text
    assert message == "We’ve sent you a text message with a security code."


def test_should_redirect_to_add_service_when_sms_code_is_correct(
    client,
    api_user_active,
    mocker,
    mock_update_user_attribute,
    mock_check_verify_code,
    mock_create_event,
    fake_uuid,
):
    api_user_active.current_session_id = str(uuid.UUID(int=1))
    mocker.patch('app.user_api_client.get_user', return_value=api_user_active)

    with client.session_transaction() as session:
        session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
        # user's only just created their account so no session in the cookie
        session.pop('current_session_id', None)

    response = client.post(url_for('main.verify'),
                           data={'sms_code': '12345'})
    assert response.status_code == 302
    assert response.location == url_for('main.add_service', first='first', _external=True)

    # make sure the current_session_id has changed to what the API returned
    with client.session_transaction() as session:
        assert session['current_session_id'] == str(uuid.UUID(int=1))

    mock_check_verify_code.assert_called_once_with(api_user_active.id, '12345', 'sms')


def test_should_activate_user_after_verify(
    client,
    mocker,
    api_user_pending,
    mock_send_verify_code,
    mock_check_verify_code,
    mock_create_event,
    mock_activate_user,
):
    mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
    with client.session_transaction() as session:
        session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
    client.post(url_for('main.verify'),
                data={'sms_code': '12345'})
    assert mock_activate_user.called


def test_should_return_200_when_sms_code_is_wrong(
    client_request,
    api_user_active,
    mock_check_verify_code_code_not_found,
):
    with client_request.session_transaction() as session:
        session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}

    page = client_request.post(
        'main.verify',
        _data={'sms_code': '12345'},
        _expected_status=200,
    )

    assert len(page.select('.error-message')) == 1
    assert normalize_spaces(page.select_one('.error-message').text) == (
        'Code not found'
    )


def test_verify_email_redirects_to_verify_if_token_valid(
    client,
    mocker,
    api_user_pending,
    mock_get_user_pending,
    mock_send_verify_code,
    mock_check_verify_code,
):
    token_data = {"user_id": api_user_pending.id, "secret_code": 'UNUSED'}
    mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data))

    with client.session_transaction() as session:
        session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}

    response = client.get(url_for('main.verify_email', token='notreal'))

    assert response.status_code == 302
    assert response.location == url_for('main.verify', _external=True)

    assert not mock_check_verify_code.called
    mock_send_verify_code.assert_called_once_with(api_user_pending.id, 'sms', api_user_pending.mobile_number)

    with client.session_transaction() as session:
        assert session['user_details'] == {'email': api_user_pending.email_address, 'id': api_user_pending.id}


def test_verify_email_redirects_to_email_sent_if_token_expired(
    client,
    mocker,
    api_user_pending,
):
    mocker.patch('app.main.views.verify.check_token', side_effect=SignatureExpired('expired'))

    response = client.get(url_for('main.verify_email', token='notreal'))

    assert response.status_code == 302
    assert response.location == url_for('main.resend_email_verification', _external=True)


def test_verify_email_redirects_to_sign_in_if_user_active(
    client,
    mocker,
    api_user_active,
    mock_get_user,
    mock_send_verify_code,
    mock_check_verify_code,
):
    token_data = {"user_id": api_user_active.id, "secret_code": 12345}
    mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data))

    response = client.get(url_for('main.verify_email', token='notreal'), follow_redirects=True)
    page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
    assert page.h1.text == 'Sign in'
    flash_banner = page.find('div', class_='banner-dangerous').string.strip()
    assert flash_banner == "That verification link has expired."


def test_verify_redirects_to_sign_in_if_not_logged_in(
    client
):
    response = client.get(url_for('main.verify'))

    assert response.location == url_for('main.sign_in', _external=True)
    assert response.status_code == 302
-												ensure other 2FA pages also handle session id

specifically, the 2FA page when you first create an account is different to the login 2FA page
and also the 2FA page when you change your phone number is different as well

											
										
										
											2017-02-24 16:21:41 +00:00
+								import json
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								import uuid
-												109526520: render verify template with VerifyForm

											
										
										
											2015-12-04 16:21:01 +00:00
-												Changed registration flow to first send email verification link that
when visited sends sms code for second step of account verification.

At that second step user enters just sms code sent to users mobile
number.

Also moved dao calls that simply proxied calls to client to calling
client directly.

There is still a place where a user will be a sent a code for
verification to their email namely if they update email address.

											
										
										
											2016-03-17 13:07:52 +00:00
+								from bs4 import BeautifulSoup
-												Enforce order and style of imports

Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```

Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.

Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
    lib1,
    lib2,
    lib3,
    lib4,
)
```

1. https://pypi.python.org/pypi/isort

											
										
										
											2018-02-20 11:22:17 +00:00
+								from flask import url_for
 								from itsdangerous import SignatureExpired
-												define isort first party (app and tests)

we were seeing isort produce different outputs locally and in docker -
this was due to it having different opinions about whether the tests
module (ie all our unit tests) is a first party (local) or third party
(pip installed) import. It's a first party import, so by defining this
in the setup.cfg isort settings, we can force it to be consistent
between environments.

Note: I don't know why it was different in the first place though

											
										
										
											2018-04-25 14:12:58 +01:00
-												Track form validation errors in Google analytics

We started tracking upload errors in eb264f34b766d92ce79cb116b6093698de593caf

This has been useful.

This commit adds tracking of other form validation errors, so we can
pick up if there’s a form field that’s causing people particular
trouble.

Also had to rewrite a very old test to look for page content in a
smarter way.

											
										
										
											2017-10-16 14:58:08 +01:00
+								from tests.conftest import normalize_spaces
-												109526520: render verify template with VerifyForm

											
										
										
											2015-12-04 16:21:01 +00:00
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								def test_should_return_verify_template(
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    client,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								    api_user_active,
 								    mock_send_verify_code,
 								):
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    # TODO this lives here until we work out how to
 								    # reassign the session after it is lost mid register process
 								    with client.session_transaction() as session:
 								        session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
 								    response = client.get(url_for('main.verify'))
 								    assert response.status_code == 200
-												Changed registration flow to first send email verification link that
when visited sends sms code for second step of account verification.

At that second step user enters just sms code sent to users mobile
number.

Also moved dao calls that simply proxied calls to client to calling
client directly.

There is still a place where a user will be a sent a code for
verification to their email namely if they update email address.

											
										
										
											2016-03-17 13:07:52 +00:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
 								    assert page.h1.text == 'Check your phone'
 								    message = page.find_all('p')[1].text
 								    assert message == "We’ve sent you a text message with a security code."
-												109526520: Implememt verify post method.

											
										
										
											2015-12-04 17:10:06 +00:00
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								def test_should_redirect_to_add_service_when_sms_code_is_correct(
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    client,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								    api_user_active,
-												ensure other 2FA pages also handle session id

specifically, the 2FA page when you first create an account is different to the login 2FA page
and also the 2FA page when you change your phone number is different as well

											
										
										
											2017-02-24 16:21:41 +00:00
+								    mocker,
-												replace user PUT with POSTs

the update_user fn was used in two places, for things that are handled
fine by update_user_attribute. Reduce complexity in the API by killing
the PUT, which is more dangerous (might silently overwrite things that
shouldn't be, like "last_logged_in_at" etc).

Had to change the code not received mobile number form, and the
activate user function.

											
										
										
											2017-11-09 12:30:12 +00:00
+								    mock_update_user_attribute,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								    mock_check_verify_code,
-												don't swallow HTTP errors from create_event

tests weren't patching out create_event (which is invoked every time a
user logs in). This was getting caught by our egress proxy on jenkins.
We didn't notice because the event handler code was swallowing all
exceptions and not re-raising.

This changes that code to no longer swallow exceptions. Since we did
that, we also need to update all the tests that test log-in to mock
the call

											
										
										
											2018-05-02 10:27:01 +01:00
+								    mock_create_event,
 								    fake_uuid,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								):
-												ensure other 2FA pages also handle session id

specifically, the 2FA page when you first create an account is different to the login 2FA page
and also the 2FA page when you change your phone number is different as well

											
										
										
											2017-02-24 16:21:41 +00:00
+								    api_user_active.current_session_id = str(uuid.UUID(int=1))
 								    mocker.patch('app.user_api_client.get_user', return_value=api_user_active)
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    with client.session_transaction() as session:
 								        session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
-												ensure other 2FA pages also handle session id

specifically, the 2FA page when you first create an account is different to the login 2FA page
and also the 2FA page when you change your phone number is different as well

											
										
										
											2017-02-24 16:21:41 +00:00
+								        # user's only just created their account so no session in the cookie
 								        session.pop('current_session_id', None)
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    response = client.post(url_for('main.verify'),
 								                           data={'sms_code': '12345'})
 								    assert response.status_code == 302
 								    assert response.location == url_for('main.add_service', first='first', _external=True)
-												109526520: Implememt verify post method.

											
										
										
											2015-12-04 17:10:06 +00:00
-												ensure other 2FA pages also handle session id

specifically, the 2FA page when you first create an account is different to the login 2FA page
and also the 2FA page when you change your phone number is different as well

											
										
										
											2017-02-24 16:21:41 +00:00
+								    # make sure the current_session_id has changed to what the API returned
 								    with client.session_transaction() as session:
 								        assert session['current_session_id'] == str(uuid.UUID(int=1))
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    mock_check_verify_code.assert_called_once_with(api_user_active.id, '12345', 'sms')
-												Changed registration flow to first send email verification link that
when visited sends sms code for second step of account verification.

At that second step user enters just sms code sent to users mobile
number.

Also moved dao calls that simply proxied calls to client to calling
client directly.

There is still a place where a user will be a sent a code for
verification to their email namely if they update email address.

											
										
										
											2016-03-17 13:07:52 +00:00
-												109526520: Implememt verify post method.

											
										
										
											2015-12-04 17:10:06 +00:00
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								def test_should_activate_user_after_verify(
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    client,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								    mocker,
 								    api_user_pending,
 								    mock_send_verify_code,
 								    mock_check_verify_code,
-												don't swallow HTTP errors from create_event

tests weren't patching out create_event (which is invoked every time a
user logs in). This was getting caught by our egress proxy on jenkins.
We didn't notice because the event handler code was swallowing all
exceptions and not re-raising.

This changes that code to no longer swallow exceptions. Since we did
that, we also need to update all the tests that test log-in to mock
the call

											
										
										
											2018-05-02 10:27:01 +01:00
+								    mock_create_event,
-												replace user PUT with POSTs

the update_user fn was used in two places, for things that are handled
fine by update_user_attribute. Reduce complexity in the API by killing
the PUT, which is more dangerous (might silently overwrite things that
shouldn't be, like "last_logged_in_at" etc).

Had to change the code not received mobile number form, and the
activate user function.

											
										
										
											2017-11-09 12:30:12 +00:00
+								    mock_activate_user,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								):
-												- Add test to check that two-factor auth activates a user as expected
- Ensure DB user activation statusupdate only executed when required
- Fix test_should_activate_user_after_verify

											
										
										
											2016-09-09 15:22:56 +01:00
+								    mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    with client.session_transaction() as session:
 								        session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
 								    client.post(url_for('main.verify'),
 								                data={'sms_code': '12345'})
-												replace user PUT with POSTs

the update_user fn was used in two places, for things that are handled
fine by update_user_attribute. Reduce complexity in the API by killing
the PUT, which is more dangerous (might silently overwrite things that
shouldn't be, like "last_logged_in_at" etc).

Had to change the code not received mobile number form, and the
activate user function.

											
										
										
											2017-11-09 12:30:12 +00:00
+								    assert mock_activate_user.called
-												109526520: Implement verify flow

When a person registers with a valid mobile number and email address,
a code will be sent to each. That person can enter the verify codes and continue to the add-service page.

											
										
										
											2015-12-07 16:08:30 +00:00
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								def test_should_return_200_when_sms_code_is_wrong(
-												Track form validation errors in Google analytics

We started tracking upload errors in eb264f34b766d92ce79cb116b6093698de593caf

This has been useful.

This commit adds tracking of other form validation errors, so we can
pick up if there’s a form field that’s causing people particular
trouble.

Also had to rewrite a very old test to look for page content in a
smarter way.

											
										
										
											2017-10-16 14:58:08 +01:00
+								    client_request,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								    api_user_active,
 								    mock_check_verify_code_code_not_found,
 								):
-												Track form validation errors in Google analytics

We started tracking upload errors in eb264f34b766d92ce79cb116b6093698de593caf

This has been useful.

This commit adds tracking of other form validation errors, so we can
pick up if there’s a form field that’s causing people particular
trouble.

Also had to rewrite a very old test to look for page content in a
smarter way.

											
										
										
											2017-10-16 14:58:08 +01:00
+								    with client_request.session_transaction() as session:
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								        session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
-												Track form validation errors in Google analytics

We started tracking upload errors in eb264f34b766d92ce79cb116b6093698de593caf

This has been useful.

This commit adds tracking of other form validation errors, so we can
pick up if there’s a form field that’s causing people particular
trouble.

Also had to rewrite a very old test to look for page content in a
smarter way.

											
										
										
											2017-10-16 14:58:08 +01:00
 								    page = client_request.post(
 								        'main.verify',
 								        _data={'sms_code': '12345'},
 								        _expected_status=200,
 								    )
 								    assert len(page.select('.error-message')) == 1
 								    assert normalize_spaces(page.select_one('.error-message').text) == (
 								        'Code not found'
 								    )
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								def test_verify_email_redirects_to_verify_if_token_valid(
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    client,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								    mocker,
 								    api_user_pending,
 								    mock_get_user_pending,
 								    mock_send_verify_code,
 								    mock_check_verify_code,
 								):
-												don't hit API when checking new account email-token

we currently store new account email verify tokens in the database, and
check against that to work out if they've expired. But we don't need to
do that, tokens have their own timing mechanism. So lets just use that,
and free up the database to do other things.

Also, standardised the forgot password, change email, and new account
email verification timeouts to all be an hour, from the config val
'EMAIL_EXPIRY_SECONDS'

											
										
										
											2017-11-01 14:39:14 +00:00
+								    token_data = {"user_id": api_user_pending.id, "secret_code": 'UNUSED'}
-												Updated notifications_utils version and associated code. Added email subject formatting for placeholders.

											
										
										
											2016-04-14 12:00:55 +01:00
+								    mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data))
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    with client.session_transaction() as session:
 								        session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    response = client.get(url_for('main.verify_email', token='notreal'))
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    assert response.status_code == 302
 								    assert response.location == url_for('main.verify', _external=True)
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												don't hit API when checking new account email-token

we currently store new account email verify tokens in the database, and
check against that to work out if they've expired. But we don't need to
do that, tokens have their own timing mechanism. So lets just use that,
and free up the database to do other things.

Also, standardised the forgot password, change email, and new account
email verification timeouts to all be an hour, from the config val
'EMAIL_EXPIRY_SECONDS'

											
										
										
											2017-11-01 14:39:14 +00:00
+								    assert not mock_check_verify_code.called
 								    mock_send_verify_code.assert_called_once_with(api_user_pending.id, 'sms', api_user_pending.mobile_number)
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    with client.session_transaction() as session:
-												don't hit API when checking new account email-token

we currently store new account email verify tokens in the database, and
check against that to work out if they've expired. But we don't need to
do that, tokens have their own timing mechanism. So lets just use that,
and free up the database to do other things.

Also, standardised the forgot password, change email, and new account
email verification timeouts to all be an hour, from the config val
'EMAIL_EXPIRY_SECONDS'

											
										
										
											2017-11-01 14:39:14 +00:00
+								        assert session['user_details'] == {'email': api_user_pending.email_address, 'id': api_user_pending.id}
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												don't hit API when checking new account email-token

we currently store new account email verify tokens in the database, and
check against that to work out if they've expired. But we don't need to
do that, tokens have their own timing mechanism. So lets just use that,
and free up the database to do other things.

Also, standardised the forgot password, change email, and new account
email verification timeouts to all be an hour, from the config val
'EMAIL_EXPIRY_SECONDS'

											
										
										
											2017-11-01 14:39:14 +00:00
+								def test_verify_email_redirects_to_email_sent_if_token_expired(
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    client,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								    mocker,
 								    api_user_pending,
 								):
-												Updated notifications_utils version and associated code. Added email subject formatting for placeholders.

											
										
										
											2016-04-14 12:00:55 +01:00
+								    mocker.patch('app.main.views.verify.check_token', side_effect=SignatureExpired('expired'))
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    response = client.get(url_for('main.verify_email', token='notreal'))
-												When user clicks on verification link but doesn't complete
verification, if they try to use link again the code will
have been used. Therefore they will need a new email with new
link to use for verification.

											
										
										
											2016-03-22 13:38:35 +00:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    assert response.status_code == 302
 								    assert response.location == url_for('main.resend_email_verification', _external=True)
-												If user is pending it means they have not verified email yet

Added better checking on re use of consumed verification link.

											
										
										
											2016-03-29 12:13:36 +01:00
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								def test_verify_email_redirects_to_sign_in_if_user_active(
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    client,
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								    mocker,
 								    api_user_active,
 								    mock_get_user,
 								    mock_send_verify_code,
 								    mock_check_verify_code,
 								):
-												If user is pending it means they have not verified email yet

Added better checking on re use of consumed verification link.

											
										
										
											2016-03-29 12:13:36 +01:00
+								    token_data = {"user_id": api_user_active.id, "secret_code": 12345}
-												Updated notifications_utils version and associated code. Added email subject formatting for placeholders.

											
										
										
											2016-04-14 12:00:55 +01:00
+								    mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data))
-												If user is pending it means they have not verified email yet

Added better checking on re use of consumed verification link.

											
										
										
											2016-03-29 12:13:36 +01:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    response = client.get(url_for('main.verify_email', token='notreal'), follow_redirects=True)
 								    page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
 								    assert page.h1.text == 'Sign in'
 								    flash_banner = page.find('div', class_='banner-dangerous').string.strip()
 								    assert flash_banner == "That verification link has expired."
-												when not logged in, redirect to sign-in

parts of the initial setup/login stages were throwing 500s if user
not already in process (ie: user directly navigated to url):
* /resend-email-verification
* /text-not-received
* /send-new-code
* verify

											
										
										
											2016-06-17 11:36:30 +01:00
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								def test_verify_redirects_to_sign_in_if_not_logged_in(
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    client
-												Normalize whitespace in test arguments

We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.

Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
  instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
  terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE

Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.

											
										
										
											2017-02-03 10:42:01 +00:00
+								):
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    response = client.get(url_for('main.verify'))
-												when not logged in, redirect to sign-in

parts of the initial setup/login stages were throwing 500s if user
not already in process (ie: user directly navigated to url):
* /resend-email-verification
* /text-not-received
* /send-new-code
* verify

											
										
										
											2016-06-17 11:36:30 +01:00
-												Use `client` and `logged_in_client` fixtures

Wherever possible, because Don’t Repeat Yourself.

											
										
										
											2017-02-03 12:07:21 +00:00
+								    assert response.location == url_for('main.sign_in', _external=True)
 								    assert response.status_code == 302