2016-01-27 12:22:32 +00:00
|
|
|
import json
|
2018-02-20 11:22:17 +00:00
|
|
|
import uuid
|
2017-02-24 16:21:41 +00:00
|
|
|
|
2018-02-20 11:22:17 +00:00
|
|
|
import pytest
|
2016-01-27 12:22:32 +00:00
|
|
|
from flask import url_for
|
2016-10-13 17:05:37 +01:00
|
|
|
from notifications_utils.url_safe_token import generate_token
|
2018-04-25 14:12:58 +01:00
|
|
|
|
2019-12-19 16:59:07 +00:00
|
|
|
from tests.conftest import create_api_user_active, url_for_endpoint_with_token
|
2017-02-24 16:21:41 +00:00
|
|
|
|
2016-01-27 12:22:32 +00:00
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_show_overview_page(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.get(('main.user_profile'))
|
|
|
|
|
assert page.select_one('h1').text.strip() == 'Your profile'
|
2019-06-14 12:32:47 +01:00
|
|
|
assert 'Use platform admin view' not in page
|
2019-06-13 19:00:17 +01:00
|
|
|
|
|
|
|
|
|
2019-06-14 12:32:47 +01:00
|
|
|
def test_overview_page_shows_disable_for_platform_admin(
|
2019-06-13 19:00:17 +01:00
|
|
|
client_request,
|
|
|
|
|
platform_admin_user
|
|
|
|
|
):
|
|
|
|
|
client_request.login(platform_admin_user)
|
|
|
|
|
page = client_request.get(('main.user_profile'))
|
|
|
|
|
assert page.select_one('h1').text.strip() == 'Your profile'
|
2019-06-14 12:32:47 +01:00
|
|
|
disable_platform_admin_row = page.select('tr')[-1]
|
|
|
|
|
assert ' '.join(disable_platform_admin_row.text.split()) == 'Use platform admin view Yes Change'
|
2016-05-16 10:29:58 +01:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_show_name_page(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.get(('main.user_profile_name'))
|
|
|
|
|
assert page.select_one('h1').text.strip() == 'Change your name'
|
2016-05-16 10:29:58 +01:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_redirect_after_name_change(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
mock_update_user_attribute,
|
2018-02-19 16:53:29 +00:00
|
|
|
mock_email_is_not_already_in_use
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request.post(
|
|
|
|
|
'main.user_profile_name',
|
|
|
|
|
_data={'new_name': 'New Name'},
|
|
|
|
|
_expected_status=302,
|
|
|
|
|
_expected_redirect=url_for('main.user_profile', _external=True),
|
|
|
|
|
)
|
|
|
|
|
assert mock_update_user_attribute.called is True
|
2016-05-16 10:29:58 +01:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_show_email_page(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.get(
|
|
|
|
|
'main.user_profile_email'
|
|
|
|
|
)
|
|
|
|
|
assert page.select_one('h1').text.strip() == 'Change your email address'
|
2016-05-16 10:29:58 +01:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_redirect_after_email_change(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
mock_login,
|
2018-02-19 16:53:29 +00:00
|
|
|
mock_email_is_not_already_in_use,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request.post(
|
|
|
|
|
'main.user_profile_email',
|
|
|
|
|
_data={'email_address': 'new_notify@notify.gov.uk'},
|
|
|
|
|
_expected_status=302,
|
|
|
|
|
_expected_redirect=url_for(
|
|
|
|
|
'main.user_profile_email_authenticate',
|
|
|
|
|
_external=True,
|
|
|
|
|
)
|
|
|
|
|
)
|
2016-05-16 10:29:58 +01:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_show_authenticate_after_email_change(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
with client_request.session_transaction() as session:
|
2017-02-03 12:07:21 +00:00
|
|
|
session['new-email'] = 'new_notify@notify.gov.uk'
|
2016-05-16 10:29:58 +01:00
|
|
|
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.get('main.user_profile_email_authenticate')
|
|
|
|
|
|
|
|
|
|
assert 'Change your email address' in page.text
|
|
|
|
|
assert 'Confirm' in page.text
|
2016-01-27 12:22:32 +00:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_render_change_email_continue_after_authenticate_email(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
mock_verify_password,
|
|
|
|
|
mock_send_change_email_verification,
|
|
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
with client_request.session_transaction() as session:
|
2017-02-03 12:07:21 +00:00
|
|
|
session['new-email'] = 'new_notify@notify.gov.uk'
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.post(
|
|
|
|
|
'main.user_profile_email_authenticate',
|
|
|
|
|
data={'password': '12345'},
|
|
|
|
|
_expected_status=200,
|
|
|
|
|
)
|
|
|
|
|
assert 'Click the link in the email to confirm the change to your email address.' in page.text
|
2016-10-13 17:05:37 +01:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_redirect_to_user_profile_when_user_confirms_email_link(
|
|
|
|
|
app_,
|
2017-02-03 12:07:21 +00:00
|
|
|
logged_in_client,
|
2017-02-03 10:42:01 +00:00
|
|
|
api_user_active,
|
|
|
|
|
mock_update_user_attribute,
|
|
|
|
|
):
|
2016-10-13 17:05:37 +01:00
|
|
|
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
token = generate_token(payload=json.dumps({'user_id': api_user_active['id'], 'email': 'new_email@gov.uk'}),
|
2017-02-03 12:07:21 +00:00
|
|
|
secret=app_.config['SECRET_KEY'], salt=app_.config['DANGEROUS_SALT'])
|
2018-10-18 14:34:07 +01:00
|
|
|
response = logged_in_client.get(url_for_endpoint_with_token('main.user_profile_email_confirm',
|
|
|
|
|
token=token))
|
2016-01-27 12:22:32 +00:00
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
assert response.status_code == 302
|
|
|
|
|
assert response.location == url_for('main.user_profile', _external=True)
|
2016-01-27 12:22:32 +00:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_show_mobile_number_page(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.get(('main.user_profile_mobile_number'))
|
|
|
|
|
assert 'Change your mobile number' in page.text
|
2016-01-27 12:22:32 +00:00
|
|
|
|
|
|
|
|
|
2017-08-29 14:52:24 +01:00
|
|
|
@pytest.mark.parametrize('phone_number_to_register_with', [
|
|
|
|
|
'+4407700900460',
|
|
|
|
|
'+1800-555-555',
|
|
|
|
|
])
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_redirect_after_mobile_number_change(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-08-29 14:52:24 +01:00
|
|
|
phone_number_to_register_with,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request.post(
|
|
|
|
|
'main.user_profile_mobile_number',
|
|
|
|
|
_data={'mobile_number': phone_number_to_register_with},
|
|
|
|
|
_expected_status=302,
|
|
|
|
|
_expected_redirect=url_for(
|
|
|
|
|
'main.user_profile_mobile_number_authenticate',
|
|
|
|
|
_external=True,
|
|
|
|
|
)
|
|
|
|
|
)
|
|
|
|
|
with client_request.session_transaction() as session:
|
2017-08-29 14:52:24 +01:00
|
|
|
assert session['new-mob'] == phone_number_to_register_with
|
2016-01-27 12:22:32 +00:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_show_authenticate_after_mobile_number_change(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
with client_request.session_transaction() as session:
|
2017-02-03 12:07:21 +00:00
|
|
|
session['new-mob'] = '+441234123123'
|
2016-01-27 12:22:32 +00:00
|
|
|
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.get(
|
|
|
|
|
'main.user_profile_mobile_number_authenticate',
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
assert 'Change your mobile number' in page.text
|
|
|
|
|
assert 'Confirm' in page.text
|
2016-01-27 12:22:32 +00:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_redirect_after_mobile_number_authenticate(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
mock_verify_password,
|
|
|
|
|
mock_send_verify_code,
|
|
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
with client_request.session_transaction() as session:
|
2017-02-03 12:07:21 +00:00
|
|
|
session['new-mob'] = '+441234123123'
|
2016-01-27 12:22:32 +00:00
|
|
|
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request.post(
|
|
|
|
|
'main.user_profile_mobile_number_authenticate',
|
|
|
|
|
_data={'password': '12345667'},
|
|
|
|
|
_expected_status=302,
|
|
|
|
|
_expected_redirect=url_for(
|
|
|
|
|
'main.user_profile_mobile_number_confirm',
|
|
|
|
|
_external=True,
|
|
|
|
|
)
|
|
|
|
|
)
|
2016-01-27 12:22:32 +00:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_show_confirm_after_mobile_number_change(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
with client_request.session_transaction() as session:
|
2017-02-03 12:07:21 +00:00
|
|
|
session['new-mob-password-confirmed'] = True
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.get(
|
|
|
|
|
'main.user_profile_mobile_number_confirm'
|
|
|
|
|
)
|
2016-01-27 12:22:32 +00:00
|
|
|
|
2019-03-26 12:35:32 +00:00
|
|
|
assert 'Change your mobile number' in page.text
|
|
|
|
|
assert 'Confirm' in page.text
|
2016-01-27 12:22:32 +00:00
|
|
|
|
|
|
|
|
|
2017-08-29 14:52:24 +01:00
|
|
|
@pytest.mark.parametrize('phone_number_to_register_with', [
|
|
|
|
|
'+4407700900460',
|
|
|
|
|
'+1800-555-555',
|
|
|
|
|
])
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_redirect_after_mobile_number_confirm(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-24 16:21:41 +00:00
|
|
|
mocker,
|
2017-02-03 10:42:01 +00:00
|
|
|
mock_update_user_attribute,
|
|
|
|
|
mock_check_verify_code,
|
2017-08-29 14:52:24 +01:00
|
|
|
phone_number_to_register_with,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-12-19 16:59:07 +00:00
|
|
|
user_before = create_api_user_active(with_unique_id=True)
|
|
|
|
|
user_after = create_api_user_active(with_unique_id=True)
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
user_before['current_session_id'] = str(uuid.UUID(int=1))
|
|
|
|
|
user_after['current_session_id'] = str(uuid.UUID(int=2))
|
2017-02-24 16:21:41 +00:00
|
|
|
|
|
|
|
|
# first time (login decorator) return normally, second time (after 2FA return with new session id)
|
|
|
|
|
mocker.patch('app.user_api_client.get_user', side_effect=[user_before, user_after])
|
|
|
|
|
|
2019-03-26 12:35:32 +00:00
|
|
|
with client_request.session_transaction() as session:
|
2017-02-03 12:07:21 +00:00
|
|
|
session['new-mob-password-confirmed'] = True
|
2017-08-29 14:52:24 +01:00
|
|
|
session['new-mob'] = phone_number_to_register_with
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
session['current_session_id'] = user_before['current_session_id']
|
2017-02-24 16:21:41 +00:00
|
|
|
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request.post(
|
|
|
|
|
'main.user_profile_mobile_number_confirm',
|
|
|
|
|
_data={'sms_code': '12345'},
|
|
|
|
|
_expected_status=302,
|
|
|
|
|
_expected_redirect=url_for(
|
|
|
|
|
'main.user_profile',
|
|
|
|
|
_external=True,
|
|
|
|
|
)
|
|
|
|
|
)
|
2016-01-27 12:22:32 +00:00
|
|
|
|
2017-02-24 16:21:41 +00:00
|
|
|
# make sure the current_session_id has changed to what the API returned
|
2019-03-26 12:35:32 +00:00
|
|
|
with client_request.session_transaction() as session:
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
assert session['current_session_id'] == user_after['current_session_id']
|
2017-02-24 16:21:41 +00:00
|
|
|
|
2016-01-27 12:22:32 +00:00
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_show_password_page(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
page = client_request.get(('main.user_profile_password'))
|
2016-01-27 12:22:32 +00:00
|
|
|
|
2019-03-26 12:35:32 +00:00
|
|
|
assert page.select_one('h1').text.strip() == 'Change your password'
|
2016-01-27 12:22:32 +00:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_should_redirect_after_password_change(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
2017-02-07 13:32:20 +00:00
|
|
|
mock_update_user_password,
|
2017-02-03 10:42:01 +00:00
|
|
|
mock_verify_password,
|
|
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request.post(
|
|
|
|
|
'main.user_profile_password',
|
|
|
|
|
_data={
|
|
|
|
|
'new_password': 'the new password',
|
|
|
|
|
'old_password': 'the old password',
|
|
|
|
|
},
|
|
|
|
|
_expected_status=302,
|
|
|
|
|
_expected_redirect=url_for(
|
|
|
|
|
'main.user_profile',
|
|
|
|
|
_external=True,
|
|
|
|
|
),
|
|
|
|
|
)
|
2016-10-28 11:45:05 +01:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_non_gov_user_cannot_see_change_email_link(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
|
|
|
|
api_nongov_user_active,
|
2019-05-28 16:11:54 +01:00
|
|
|
mock_get_organisations,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request.login(api_nongov_user_active)
|
|
|
|
|
page = client_request.get('main.user_profile')
|
2020-02-21 14:05:34 +00:00
|
|
|
assert not page.find('a', {'href': url_for('main.user_profile_email')})
|
2019-03-26 12:35:32 +00:00
|
|
|
assert page.select_one('h1').text.strip() == 'Your profile'
|
2016-10-28 11:45:05 +01:00
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
def test_non_gov_user_cannot_access_change_email_page(
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request,
|
|
|
|
|
api_nongov_user_active,
|
2019-05-28 16:11:54 +01:00
|
|
|
mock_get_organisations,
|
2017-02-03 10:42:01 +00:00
|
|
|
):
|
2019-03-26 12:35:32 +00:00
|
|
|
client_request.login(api_nongov_user_active)
|
|
|
|
|
client_request.get('main.user_profile_email', _expected_status=403)
|
2019-06-13 19:00:17 +01:00
|
|
|
|
|
|
|
|
|
2019-06-14 12:32:47 +01:00
|
|
|
def test_normal_user_doesnt_see_disable_platform_admin(client_request):
|
|
|
|
|
client_request.get('main.user_profile_disable_platform_admin_view', _expected_status=403)
|
2019-06-13 19:00:17 +01:00
|
|
|
|
|
|
|
|
|
2019-06-14 12:32:47 +01:00
|
|
|
def test_platform_admin_can_see_disable_platform_admin_page(client_request, platform_admin_user):
|
2019-06-13 19:00:17 +01:00
|
|
|
client_request.login(platform_admin_user)
|
2019-06-14 12:32:47 +01:00
|
|
|
page = client_request.get('main.user_profile_disable_platform_admin_view')
|
2019-06-13 19:00:17 +01:00
|
|
|
|
2019-06-14 12:32:47 +01:00
|
|
|
assert page.select_one('h1').text.strip() == 'Use platform admin view'
|
|
|
|
|
assert page.select_one('input[checked]')['value'] == 'True'
|
2019-06-13 19:00:17 +01:00
|
|
|
|
|
|
|
|
|
2019-06-14 12:32:47 +01:00
|
|
|
def test_can_disable_platform_admin(client_request, platform_admin_user):
|
2019-06-13 19:00:17 +01:00
|
|
|
client_request.login(platform_admin_user)
|
|
|
|
|
|
|
|
|
|
with client_request.session_transaction() as session:
|
2019-06-14 12:32:47 +01:00
|
|
|
assert 'disable_platform_admin_view' not in session
|
2019-06-13 19:00:17 +01:00
|
|
|
|
|
|
|
|
client_request.post(
|
2019-06-14 12:32:47 +01:00
|
|
|
'main.user_profile_disable_platform_admin_view',
|
|
|
|
|
_data={'enabled': False},
|
2019-06-13 19:00:17 +01:00
|
|
|
_expected_status=302,
|
|
|
|
|
_expected_redirect=url_for('main.user_profile', _external=True),
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with client_request.session_transaction() as session:
|
2019-06-14 12:32:47 +01:00
|
|
|
assert session['disable_platform_admin_view'] is True
|
2019-06-13 19:00:17 +01:00
|
|
|
|
|
|
|
|
|
2019-06-14 12:32:47 +01:00
|
|
|
def test_can_reenable_platform_admin(client_request, platform_admin_user):
|
2019-06-13 19:00:17 +01:00
|
|
|
client_request.login(platform_admin_user)
|
|
|
|
|
|
|
|
|
|
with client_request.session_transaction() as session:
|
2019-06-14 12:32:47 +01:00
|
|
|
session['disable_platform_admin_view'] = True
|
2019-06-13 19:00:17 +01:00
|
|
|
|
|
|
|
|
client_request.post(
|
2019-06-14 12:32:47 +01:00
|
|
|
'main.user_profile_disable_platform_admin_view',
|
|
|
|
|
_data={'enabled': True},
|
2019-06-13 19:00:17 +01:00
|
|
|
_expected_status=302,
|
|
|
|
|
_expected_redirect=url_for('main.user_profile', _external=True),
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with client_request.session_transaction() as session:
|
2019-06-14 12:32:47 +01:00
|
|
|
assert session['disable_platform_admin_view'] is False
|