darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-06-04 21:40:23 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
6cee00929ecc2a4cffda9267500d760ebb616cf7
notifications-admin/tests/app/main/views/test_two_factor.py

493 lines
14 KiB
Python
Raw Normal View History

Reduce usage of the platform admin index page This page is slow to load which means: - it’s annoying for us - it’s potentially causing load on the database This commit does two things to reduce the amount we’re unnecessarily looking at this page: 1. Avoid redirecting to it when signing in as a platform admin user 2. Don’t go directly to it when clicking ‘platform admin’ at the top, but instead show a holding page (there’s a fair chance you’ve clicked that link in order to go and manage some email branding or find a user, not wait for stats to load)
2020-03-19 10:49:40 +00:00
import pytest
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from flask import url_for
define isort first party (app and tests) we were seeing isort produce different outputs locally and in docker - this was due to it having different opinions about whether the tests module (ie all our unit tests) is a first party (local) or third party (pip installed) import. It's a first party import, so by defining this in the setup.cfg isort settings, we can force it to be consistent between environments. Note: I don't know why it was different in the first place though
2018-04-25 14:12:58 +01:00
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
from tests.conftest import (
SERVICE_ONE_ID,
normalize_spaces,
set_config,
url_for_endpoint_with_token,
)
Record login including remembered user login events to the api based of flask login signals.
2016-04-27 16:39:17 +01:00
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
Reformatted a handful more tests Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2023-09-08 17:58:06 -04:00
@pytest.fixture()
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
def mock_email_validated_recently(mocker):
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
return mocker.patch(
"app.main.views.two_factor.email_needs_revalidating", return_value=False
)
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
@pytest.mark.parametrize(
"request_url", ["two_factor_email_sent", "revalidate_email_sent"]
)
@pytest.mark.parametrize(
"redirect_url", [None, f"/services/{SERVICE_ONE_ID}/templates"]
)
@pytest.mark.parametrize(
Reformatted a handful more tests Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2023-09-08 17:58:06 -04:00
("email_resent", "page_title"), [(None, "Check your email"), (True, "Email resent")]
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
)
Turn on redirects for two_factor_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:24 +01:00
def test_two_factor_email_sent_page(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
client_request, email_resent, page_title, redirect_url, request_url
Turn on redirects for two_factor_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:24 +01:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
page = client_request.get(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
f"main.{request_url}",
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
next=redirect_url,
email_resent=email_resent,
)
Turn on redirects for two_factor_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:24 +01:00
assert page.h1.string == page_title
# there shouldn't be a form for updating mobile number
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert page.find("form") is None
resend_email_link = page.find("a", class_="usa-link")
assert resend_email_link.text == "Not received an email?"
assert resend_email_link["href"] == url_for(
"main.email_not_received", next=redirect_url
)
Turn on redirects for two_factor_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:24 +01:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
@pytest.mark.parametrize(
"redirect_url",
[
None,
f"/services/{SERVICE_ONE_ID}/templates",
],
)
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_render_two_factor_page(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
client_request, api_user_active, mock_get_user_by_email, mocker, redirect_url
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
# TODO this lives here until we work out how to
# reassign the session after it is lost mid register process
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_active["id"],
"email": api_user_active["email_address"],
}
mocker.patch("app.user_api_client.get_user", return_value=api_user_active)
page = client_request.get("main.two_factor_sms", next=redirect_url)
assert page.select_one("main p").text.strip() == (
"Weve sent you a text message with a security code."
Refactor `sms_code` functionality into the class So it’s all in one place, not two.
2018-05-07 22:57:18 +01:00
)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert page.select_one("label").text.strip() == ("Text message code")
assert page.select_one("input")["type"] == "tel"
assert page.select_one("input")["pattern"] == "[0-9]*"
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert page.select_one('a:contains("Not received a text message?")')[
"href"
] == url_for("main.check_and_resend_text_code", next=redirect_url)
Turn on redirects two_factor This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:21 +01:00
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_and_should_redirect_to_next_url(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_active["id"],
"email": api_user_active["email_address"],
}
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
next="/services/{}".format(SERVICE_ONE_ID),
_data={"sms_code": "123456"},
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_expected_redirect=url_for(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.service_dashboard",
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
service_id=SERVICE_ONE_ID,
),
Add flake8 linting to project The GDS Way™[1] recommends using Flake8 to lint Python projects. This commit takes the Flake8 config from Digital Marketplace API[2] and removes the bits we don’t need. It changes the `max_complexity` setting to 14, which is the most complex code we have in this repo currently (we shouldn’t be writing code _more_ complex than what we already have). This commit also fixes the errors found by Flake8, which includes 6(!) tests which were never getting run because they had the same names as existing tests. Here is a full list of the errors that were found and fixed: ``` ./app/__init__.py:2:1: F401 're' imported but unused ./app/__init__.py:4:1: F401 'json' imported but unused ./app/__init__.py:8:1: F401 'dateutil' imported but unused ./app/__init__.py:11:1: F401 'flask.escape' imported but unused ./app/__init__.py:41:1: F401 'app.proxy_fix' imported but unused ./app/__init__.py:129:5: F821 undefined name 'proxy_fix' ./app/__init__.py:221:19: F821 undefined name 'highlight' ./app/__init__.py:221:35: F821 undefined name 'JavascriptLexer' ./app/__init__.py:221:54: F821 undefined name 'HtmlFormatter' ./app/config.py:2:1: F401 'datetime.timedelta' imported but unused ./app/event_handlers.py:2:1: F401 'flask_login.current_user' imported but unused ./app/utils.py:11:1: F401 'dateutil.parser' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.two_factor' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.notifications' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.add_service' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.forgot_password' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.inbound_number' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.styleguide' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.organisations' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.letter_jobs' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.verify' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.conversation' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.api_keys' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.send' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.dashboard' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.jobs' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.manage_users' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.sign_in' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.sign_out' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.code_not_received' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.invites' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.platform_admin' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.providers' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.service_settings' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.index' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.new_password' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.user_profile' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.feedback' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.choose_service' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.templates' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.register' imported but unused ./app/main/forms.py:12:1: F401 'wtforms.SelectField' imported but unused ./app/main/views/api_keys.py:37:29: E241 multiple spaces after ':' ./app/main/views/feedback.py:3:1: F401 'flask.flash' imported but unused ./app/main/views/feedback.py:122:17: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/inbound_number.py:1:1: F401 'flask.url_for' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.session' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.redirect' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.request' imported but unused ./app/main/views/inbound_number.py:13:1: F401 'flask.jsonify' imported but unused ./app/main/views/jobs.py:31:1: F401 'app.utils.get_template' imported but unused ./app/main/views/letter_jobs.py:1:1: F401 'datetime' imported but unused ./app/main/views/letter_jobs.py:6:1: F401 'app.format_datetime_24h' imported but unused ./app/main/views/manage_users.py:111:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/notifications.py:121:5: F841 local variable 'status_args' is assigned to but never used ./app/main/views/organisations.py:1:1: F401 'flask.request' imported but unused ./app/main/views/service_settings.py:77:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/service_settings.py:82:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/service_settings.py:420:13: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/sign_in.py:12:1: F401 'flask_login.confirm_login' imported but unused ./app/main/views/sign_in.py:17:1: F401 'app.service_api_client' imported but unused ./app/main/views/sign_in.py:62:13: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/templates.py:4:1: F401 'flask.json' imported but unused ./app/main/views/templates.py:17:1: F401 'notifications_utils.formatters.escape_html' imported but unused ./app/main/views/templates.py:23:1: F401 'app.utils.get_help_argument' imported but unused ./app/main/views/templates.py:64:13: E123 closing bracket does not match indentation of opening bracket's line ./app/notify_client/service_api_client.py:6:1: F401 '.notification_api_client' imported but unused ./app/notify_client/user_api_client.py:1:1: F401 'uuid' imported but unused ./app/notify_client/user_api_client.py:3:1: F401 'flask.session' imported but unused ./tests/__init__.py:1:1: F401 'csv' imported but unused ./tests/app/main/test_asset_fingerprinter.py:2:1: F401 'os' imported but unused ./tests/app/main/test_asset_fingerprinter.py:4:1: F401 'unittest.mock' imported but unused ./tests/app/main/test_asset_fingerprinter.py:98:9: F841 local variable 'string_with_unicode_character' is assigned to but never used ./tests/app/main/test_errorhandlers.py:2:1: F401 'flask.url_for' imported but unused ./tests/app/main/test_permissions.py:26:13: F841 local variable 'response' is assigned to but never used ./tests/app/main/test_placeholder_form.py:3:1: F401 'wtforms.Label' imported but unused ./tests/app/main/test_placeholder_form.py:11:10: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:10:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:23:65: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:37:48: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:51:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:65:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/views/test_accept_invite.py:356:5: F841 local variable 'element' is assigned to but never used ./tests/app/main/views/test_activity.py:11:1: F811 redefinition of unused 'mock_get_notifications' from line 11 ./tests/app/main/views/test_activity.py:18:1: F401 'datetime.datetime' imported but unused ./tests/app/main/views/test_activity.py:102:5: F841 local variable 'content' is assigned to but never used ./tests/app/main/views/test_activity.py:104:5: F841 local variable 'notification' is assigned to but never used ./tests/app/main/views/test_activity.py:337:5: F841 local variable '_notifications_mock' is assigned to but never used ./tests/app/main/views/test_activity.py:373:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_activity.py:378:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_activity.py:404:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_activity.py:407:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_api_keys.py:354:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_conversation.py:5:1: F401 'bs4.BeautifulSoup' imported but unused ./tests/app/main/views/test_conversation.py:198:5: F841 local variable 'mock_get_inbound_sms' is assigned to but never used ./tests/app/main/views/test_dashboard.py:53:5: F841 local variable 'mock_template_stats' is assigned to but never used ./tests/app/main/views/test_dashboard.py:72:5: F841 local variable 'mock_template_stats' is assigned to but never used ./tests/app/main/views/test_jobs.py:2:1: F401 'uuid' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.urlparse' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.quote' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.parse_qs' imported but unused ./tests/app/main/views/test_jobs.py:9:1: F401 'app.main.views.jobs.get_status_filters' imported but unused ./tests/app/main/views/test_jobs.py:10:1: F401 'tests.notification_json' imported but unused ./tests/app/main/views/test_letters.py:6:1: F401 'tests.service_json' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.REQUESTED_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.DELIVERED_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.SENDING_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.FAILURE_STATUSES' imported but unused ./tests/app/main/views/test_platform_admin.py:242:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_platform_admin.py:247:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:3:1: F401 'unittest.mock.Mock' imported but unused ./tests/app/main/views/test_send.py:18:1: F811 redefinition of unused 'mock_get_service' from line 18 ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.multiple_letter_contact_blocks' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.no_sms_senders' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.multiple_sms_senders' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.no_letter_contact_blocks' imported but unused ./tests/app/main/views/test_send.py:102:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_send.py:870:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_send.py:1367:5: F841 local variable 'service_id' is assigned to but never used ./tests/app/main/views/test_send.py:1451:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:1620:80: E226 missing whitespace around arithmetic operator ./tests/app/main/views/test_send.py:1909:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:1912:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_service_settings.py:13:1: F811 redefinition of unused 'no_reply_to_email_addresses' from line 13 ./tests/app/main/views/test_service_settings.py:13:1: F401 'tests.conftest.single_reply_to_email_address' imported but unused ./tests/app/main/views/test_service_settings.py:28:5: E123 closing bracket does not match indentation of opening bracket's line ./tests/app/main/views/test_service_settings.py:104:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:166:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:186:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:217:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:237:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:257:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:307:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:340:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:466:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:555:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:615:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:719:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:874:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:902:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:954:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:986:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1101:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1121:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1271:1: F811 redefinition of unused 'test_set_letter_contact_block_saves' from line 1189 ./tests/app/main/views/test_service_settings.py:1433:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1495:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1540:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1570:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1589:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1621:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1641:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1658:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1676:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1697:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1759:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1775:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_templates.py:3:1: F401 'uuid' imported but unused ./tests/app/main/views/test_templates.py:11:1: F401 'tests.conftest.mock_get_user' imported but unused ./tests/app/main/views/test_templates.py:514:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:672:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:795:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:835:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_two_factor.py:67:13: E126 continuation line over-indented for hanging indent ./tests/app/notify_client/test_notification_client.py:79:5: F841 local variable 'mock_post' is assigned to but never used ``` 1. https://gds-way.cloudapps.digital/manuals/programming-languages/python/linting.html#how-to-use-flake8 2. https://github.com/alphagov/digitalmarketplace-api/blob/d5ab8afef4a0472f9d266d94ab4ffe1333a9aaad/.flake8
2017-10-18 14:51:26 +01:00
)
The verify view was not passing along the next param to the two factor view. Now if it is passed and it is a url on the same domain that request originates from then it is used.
2016-03-14 16:30:48 +00:00
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
def test_should_send_email_and_redirect_to_info_page_if_user_needs_to_revalidate_email(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
api_user_active,
mock_get_user,
mock_check_verify_code,
mock_create_event,
mock_send_verify_code,
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mocker,
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mocker.patch("app.user_api_client.get_user", return_value=api_user_active)
mocker.patch(
"app.main.views.two_factor.email_needs_revalidating", return_value=True
)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_active["id"],
"email": api_user_active["email_address"],
}
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
next=f"/services/{SERVICE_ONE_ID}",
_data={"sms_code": "123456"},
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_expected_redirect=url_for(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.revalidate_email_sent", next=f"/services/{SERVICE_ONE_ID}"
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
),
Turn on redirects two_factor This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:21 +01:00
)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mock_send_verify_code.assert_called_with(
api_user_active["id"], "email", None, mocker.ANY
)
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_and_not_redirect_to_external_url(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_active["id"],
"email": api_user_active["email_address"],
}
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
next="http://www.google.com",
_data={"sms_code": "123456"},
_expected_redirect=url_for("main.show_accounts_or_dashboard"),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
)
Skip ‘choose service’ page if user has one service We used to do this by redirecting on the choose service page. However when we lost the dropdown and this page also became the page for adding a new service (in 3617f2e936aadbdf71d582e58d88a16629ee5ca2) the redirect was removed. This commit re-adds the redirect on the two factor page, so that it only happens on first login. So the flows are: **Multiple services** ``` `Sign in` → `Enter two factor code` → `Choose service` → `Service dashboard` ``` **One service** ``` `Sign in` → `Enter two factor code` → `Service dashboard` ``` **No services (you’ve deleted all your services)** `Sign in` → `Enter two factor code` → `Choose service` → `Add new service`
2016-02-05 14:25:48 +00:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
@pytest.mark.parametrize(
"platform_admin",
Reformatted a handful more tests Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2023-09-08 17:58:06 -04:00
[
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
True,
False,
Reformatted a handful more tests Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2023-09-08 17:58:06 -04:00
],
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
)
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
def test_should_login_user_and_redirect_to_show_accounts(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Reduce usage of the platform admin index page This page is slow to load which means: - it’s annoying for us - it’s potentially causing load on the database This commit does two things to reduce the amount we’re unnecessarily looking at this page: 1. Avoid redirecting to it when signing in as a platform admin user 2. Don’t go directly to it when clicking ‘platform admin’ at the top, but instead show a holding page (there’s a fair chance you’ve clicked that link in order to go and manage some email branding or find a user, not wait for stats to load)
2020-03-19 10:49:40 +00:00
platform_admin,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_active["id"],
"email": api_user_active["email_address"],
}
api_user_active["platform_admin"] = platform_admin
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
_data={"sms_code": "123456"},
_expected_redirect=url_for("main.show_accounts_or_dashboard"),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
)
109638656: Implement two factor verify flow When user enters valid sms code they are redirected to the dashboard. Otherwise, form errors are present.
2015-12-08 12:36:54 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_return_200_with_sms_code_error_when_sms_code_is_wrong(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user_by_email,
mock_check_verify_code_code_not_found,
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mocker,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_active["id"],
"email": api_user_active["email_address"],
}
mocker.patch("app.user_api_client.get_user", return_value=api_user_active)
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
_data={"sms_code": "234567"},
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_expected_status=200,
)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert "Code not found" in page.text
110880218: Completed implementation of resend the verificaton code
2015-12-31 13:16:59 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_when_multiple_valid_codes_exist(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_active["id"],
"email": api_user_active["email_address"],
}
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
_data={"sms_code": "234567"},
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_expected_status=302,
)
Remember me functionality added and tested. Merge extra. Fixed comment.
2016-02-23 15:45:19 +00:00
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_sms_should_set_password_when_new_password_exists_in_session(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_check_verify_code,
mock_get_services_with_one_service,
Update two-factor to use new update password endpoint and refactor tests
2017-02-20 14:55:28 +00:00
mock_update_user_password,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_active["id"],
"email": api_user_active["email_address"],
"password": "changedpassword",
}
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
_data={"sms_code": "123456"},
_expected_redirect=url_for("main.show_accounts_or_dashboard"),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
)
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
Fix reset password flow It was broken because of mismatch in update password argument
2020-02-18 14:28:03 +00:00
mock_update_user_password.assert_called_once_with(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
api_user_active["id"],
"changedpassword",
Fix reset password flow It was broken because of mismatch in update password argument
2020-02-18 14:28:03 +00:00
)
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_sms_returns_error_when_user_is_locked(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
api_user_locked,
mock_get_locked_user,
Fix the user flow when the user account is locked. The user has 10 tries at the password, after which the account is locked. The same is true for the verify code, the user will have 10 tries before the user account is locked.
2017-02-28 14:41:31 +00:00
mock_check_verify_code_code_not_found,
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mock_get_services_with_one_service,
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_locked["id"],
"email": api_user_locked["email_address"],
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
}
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
_data={"sms_code": "123456"},
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_expected_status=200,
)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert "Code not found" in page.text
In case user details were not in session the redirect did not use url_for to redirect to sign in.
2016-06-06 14:46:16 +01:00
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_sms_post_should_redirect_to_sign_in_if_user_not_in_session(
create webauthn 2fa page if user has `webauthn_auth` as their auth type, then redirect them to an interstitial that prompts them to click on a button which right now just logs to the JS console, but in a future commit will open up the webauthn browser prompt content is unsurprisingly not final.
2021-05-14 11:20:56 +01:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
create webauthn 2fa page if user has `webauthn_auth` as their auth type, then redirect them to an interstitial that prompts them to click on a button which right now just logs to the JS console, but in a future commit will open up the webauthn browser prompt content is unsurprisingly not final.
2021-05-14 11:20:56 +01:00
client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_sms",
_data={"sms_code": "123456"},
_expected_redirect=url_for("main.sign_in"),
create webauthn 2fa page if user has `webauthn_auth` as their auth type, then redirect them to an interstitial that prompts them to click on a button which right now just logs to the JS console, but in a future commit will open up the webauthn browser prompt content is unsurprisingly not final.
2021-05-14 11:20:56 +01:00
)
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_sms_should_activate_pending_user(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
mocker,
api_user_pending,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
replace user PUT with POSTs the update_user fn was used in two places, for things that are handled fine by update_user_attribute. Reduce complexity in the API by killing the PUT, which is more dangerous (might silently overwrite things that shouldn't be, like "last_logged_in_at" etc). Had to change the code not received mobile number form, and the activate user function.
2017-11-09 12:30:12 +00:00
mock_activate_user,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mocker.patch("app.user_api_client.get_user", return_value=api_user_pending)
mocker.patch("app.service_api_client.get_services", return_value={"data": []})
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
with client_request.session_transaction() as session:
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
session["user_details"] = {
"id": api_user_pending["id"],
"email_address": api_user_pending["email_address"],
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
}
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
client_request.post("main.two_factor_sms", _data={"sms_code": "123456"})
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
replace user PUT with POSTs the update_user fn was used in two places, for things that are handled fine by update_user_attribute. Reduce complexity in the API by killing the PUT, which is more dangerous (might silently overwrite things that shouldn't be, like "last_logged_in_at" etc). Had to change the code not received mobile number form, and the activate user function.
2017-11-09 12:30:12 +00:00
assert mock_activate_user.called
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
@pytest.mark.parametrize(
Reformatted a handful more tests Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2023-09-08 17:58:06 -04:00
("extra_args", "expected_encoded_next_arg"),
[({}, ""), ({"next": "https://example.com"}, "?next=https://example.com")],
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
)
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
def test_valid_two_factor_email_link_shows_interstitial(
client_request,
valid_token,
mocker,
extra_args,
expected_encoded_next_arg,
):
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mock_check_code = mocker.patch("app.user_api_client.check_verify_code")
encoded_token = valid_token.replace("%2E", ".")
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
token_url = url_for(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_email_interstitial", token=encoded_token, **extra_args
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
)
# This must match the URL we put in the emails
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert token_url == f"/email-auth/{encoded_token}{expected_encoded_next_arg}"
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
client_request.logout()
page = client_request.get_url(token_url)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert normalize_spaces(page.select_one("main").text) == (
"Click below to complete email re-verification and finish signing in. "
"Verify email"
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
form = page.select_one("form")
expected_form_id = "use-email-auth"
assert "action" not in form
assert form["method"] == "post"
assert form["id"] == expected_form_id
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
assert mock_check_code.called is False
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_valid_two_factor_email_link_logs_in_user(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
valid_token,
mock_get_user,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mocker,
mock_create_event,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mocker.patch("app.user_api_client.check_verify_code", return_value=(True, ""))
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post_url(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
url_for_endpoint_with_token("main.two_factor_email", token=valid_token),
_expected_redirect=url_for("main.show_accounts_or_dashboard"),
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
@pytest.mark.parametrize(
"redirect_url",
[
None,
f"/services/{SERVICE_ONE_ID}/templates",
],
)
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_has_expired(
Rename "app_" fixture to "notify_admin" This naming was introduced in 2016 without explanation [1]. I find it confusing because: - It's reminiscent of "_app", which is a Python convention indicating the variable is internal, so maybe avoid using it. - It suggests there's some other "app" fixture I should be using (there isn't, though). The Python style guide describes using an underscore suffix to avoid clashes with inbuilt names [1], which is sort of applicable if we need to import the "app" module [2]. However, we can also avoid clashes by choosing a different name, without the strange underscore. [1]: https://github.com/alphagov/notifications-admin/commit/3b1d521c10a515dab85700a1103912cf47ed414c [2]: https://github.com/alphagov/notifications-admin/blob/78824f54fdf7288172387f8ed3b332d26d74e083/tests/app/main/views/test_forgot_password.py#L5
2021-05-12 14:57:21 +01:00
notify_admin,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
valid_token,
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
mock_send_verify_code,
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
fake_uuid,
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
redirect_url,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
with set_config(notify_admin, "EMAIL_EXPIRY_SECONDS", -1):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post_url(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
url_for_endpoint_with_token(
"main.two_factor_email", token=valid_token, next=redirect_url
),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_follow_redirects=True,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert page.h1.text.strip() == "This link has expired"
assert page.select_one('a:contains("Sign in again")')["href"] == url_for(
"main.sign_in", next=redirect_url
)
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
Remove uses of .assert_not_called I prefer to avoid `assert_not_called`, because if I make a typo like this, the tests will still pass: ``` app.invite_api_client.create_invite.asset_not_called() ``` It’s harder to have a false positive with the statement written this way: ``` assert app.invite_api_client.create_invite.called is False ```
2020-08-28 13:26:14 +01:00
assert mock_send_verify_code.called is False
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
def test_two_factor_email_link_is_invalid(client_request):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
token = 12345
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
"main.two_factor_email",
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
token=token,
_follow_redirects=True,
_expected_status=404,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert (
normalize_spaces(page.select_one(".banner-dangerous").text)
== "Theres something wrong with the link youve used."
)
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
@pytest.mark.parametrize(
"redirect_url",
[
None,
f"/services/{SERVICE_ONE_ID}/templates",
],
)
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_is_already_used(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
client_request, valid_token, mocker, mock_send_verify_code, redirect_url
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mocker.patch(
"app.user_api_client.check_verify_code",
return_value=(False, "Code has expired"),
)
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post_url(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
url_for_endpoint_with_token(
"main.two_factor_email", token=valid_token, next=redirect_url
),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_follow_redirects=True,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert page.h1.text.strip() == "This link has expired"
assert page.select_one('a:contains("Sign in again")')["href"] == url_for(
"main.sign_in", next=redirect_url
)
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
Remove uses of .assert_not_called I prefer to avoid `assert_not_called`, because if I make a typo like this, the tests will still pass: ``` app.invite_api_client.create_invite.asset_not_called() ``` It’s harder to have a false positive with the statement written this way: ``` assert app.invite_api_client.create_invite.called is False ```
2020-08-28 13:26:14 +01:00
assert mock_send_verify_code.called is False
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_when_user_is_locked_out(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
client_request, valid_token, mocker, mock_send_verify_code
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
mocker.patch(
"app.user_api_client.check_verify_code", return_value=(False, "Code not found")
)
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post_url(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
url_for_endpoint_with_token("main.two_factor_email", token=valid_token),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_follow_redirects=True,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
assert page.h1.text.strip() == "This link has expired"
Remove uses of .assert_not_called I prefer to avoid `assert_not_called`, because if I make a typo like this, the tests will still pass: ``` app.invite_api_client.create_invite.asset_not_called() ``` It’s harder to have a false positive with the statement written this way: ``` assert app.invite_api_client.create_invite.called is False ```
2020-08-28 13:26:14 +01:00
assert mock_send_verify_code.called is False
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_used_when_user_already_logged_in(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
client_request, valid_token
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
Stop using `logged_in_client` fixture We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `logged_in_client`. This is not as good because: - it returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests using `logged_in_client` to: use `client_request` instead.
2021-12-31 12:08:14 +00:00
client_request.post_url(
notify-api-412 use black to enforce python coding style
2023-08-25 09:12:23 -07:00
url_for_endpoint_with_token("main.two_factor_email", token=valid_token),
_expected_redirect=url_for("main.show_accounts_or_dashboard"),
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
Reference in New Issue Copy Permalink