darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-06-09 16:01:24 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
bb0fb73bc82a4e83712185fe7eb5ae8ffb7205b8
notifications-admin/tests/app/main/views/test_two_factor.py

523 lines
15 KiB
Python
Raw Normal View History

Reduce usage of the platform admin index page This page is slow to load which means: - it’s annoying for us - it’s potentially causing load on the database This commit does two things to reduce the amount we’re unnecessarily looking at this page: 1. Avoid redirecting to it when signing in as a platform admin user 2. Don’t go directly to it when clicking ‘platform admin’ at the top, but instead show a holding page (there’s a fair chance you’ve clicked that link in order to go and manage some email branding or find a user, not wait for stats to load)
2020-03-19 10:49:40 +00:00
import pytest
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from flask import url_for
define isort first party (app and tests) we were seeing isort produce different outputs locally and in docker - this was due to it having different opinions about whether the tests module (ie all our unit tests) is a first party (local) or third party (pip installed) import. It's a first party import, so by defining this in the setup.cfg isort settings, we can force it to be consistent between environments. Note: I don't know why it was different in the first place though
2018-04-25 14:12:58 +01:00
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
from tests.conftest import (
SERVICE_ONE_ID,
normalize_spaces,
set_config,
url_for_endpoint_with_token,
)
Record login including remembered user login events to the api based of flask login signals.
2016-04-27 16:39:17 +01:00
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
@pytest.fixture
def mock_email_validated_recently(mocker):
return mocker.patch('app.main.views.two_factor.email_needs_revalidating', return_value=False)
Turn on redirects revalidate_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:46 +01:00
@pytest.mark.parametrize('request_url', ['two_factor_email_sent', 'revalidate_email_sent'])
Test next redirects with realistic URL This change has been made following PR review, to ensure that special signs are transformed correctly when passing through the next URL.
2020-10-12 12:01:39 +01:00
@pytest.mark.parametrize('redirect_url', [None, f'/services/{SERVICE_ONE_ID}/templates'])
Turn on redirects for two_factor_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:24 +01:00
@pytest.mark.parametrize('email_resent, page_title', [
(None, 'Check your email'),
(True, 'Email resent')
])
def test_two_factor_email_sent_page(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Turn on redirects for two_factor_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:24 +01:00
email_resent,
page_title,
Turn on redirects revalidate_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:46 +01:00
redirect_url,
request_url
Turn on redirects for two_factor_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:24 +01:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
page = client_request.get(
f'main.{request_url}',
next=redirect_url,
email_resent=email_resent,
)
Turn on redirects for two_factor_email_sent This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:24 +01:00
assert page.h1.string == page_title
# there shouldn't be a form for updating mobile number
assert page.find('form') is None
resend_email_link = page.find('a', class_="govuk-link govuk-link--no-visited-state page-footer-secondary-link")
assert resend_email_link.text == 'Not received an email?'
assert resend_email_link['href'] == url_for('main.email_not_received', next=redirect_url)
Turn on redirects two_factor This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:21 +01:00
@pytest.mark.parametrize('redirect_url', [
None,
Test next redirects with realistic URL This change has been made following PR review, to ensure that special signs are transformed correctly when passing through the next URL.
2020-10-12 12:01:39 +01:00
f'/services/{SERVICE_ONE_ID}/templates',
Turn on redirects two_factor This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:21 +01:00
])
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_render_two_factor_page(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user_by_email,
Turn on redirects two_factor This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:21 +01:00
mocker,
redirect_url
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
# TODO this lives here until we work out how to
# reassign the session after it is lost mid register process
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
with client_request.session_transaction() as session:
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_active['id'],
'email': api_user_active['email_address']}
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
mocker.patch('app.user_api_client.get_user', return_value=api_user_active)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.get('main.two_factor_sms', next=redirect_url)
Enable numeric keypad for text message code If you’re signing in on a phone, it’s easier to type the two factor code with a numeric keypad. The most reliable way to get the numeric keypad to show up on multiple devices is: - `type='tel'` (not `type='number'` because that’s only meant for numbers, not string of digits, ie `01234` is not a number) - `pattern='[0-9]*'`, without which it doesn’t work on iOS Based on the guidance here: - https://github.com/alphagov/govuk-design-system-backlog/issues/74 - https://docs.google.com/document/d/1wozIhOdt6wvlgqVReauUnlsJI-3fqUlNuQFwUI7tqAA/edit
2018-05-07 22:26:24 +01:00
assert page.select_one('main p').text.strip() == (
'Weve sent you a text message with a security code.'
)
Do extra code style checks with flake8-bugbear Flake8 Bugbear checks for some extra things that aren’t code style errors, but are likely to introduce bugs or unexpected behaviour. A good example is having mutable default function arguments, which get shared between every call to the function and therefore mutating a value in one place can unexpectedly cause it to change in another. This commit enables all the extra warnings provided by Flake8 Bugbear, except for the line length one (because we already lint for that separately). It disables: - _B003: Assigning to os.environ_ because I don’t really understand this - _B306: BaseException.message is removed in Python 3_ because I think our exceptions have a custom structure that means the `.message` attribute is still present
2019-11-01 10:43:01 +00:00
assert page.select_one('label').text.strip() == (
Refactor `sms_code` functionality into the class So it’s all in one place, not two.
2018-05-07 22:57:18 +01:00
'Text message code'
)
Enable numeric keypad for text message code If you’re signing in on a phone, it’s easier to type the two factor code with a numeric keypad. The most reliable way to get the numeric keypad to show up on multiple devices is: - `type='tel'` (not `type='number'` because that’s only meant for numbers, not string of digits, ie `01234` is not a number) - `pattern='[0-9]*'`, without which it doesn’t work on iOS Based on the guidance here: - https://github.com/alphagov/govuk-design-system-backlog/issues/74 - https://docs.google.com/document/d/1wozIhOdt6wvlgqVReauUnlsJI-3fqUlNuQFwUI7tqAA/edit
2018-05-07 22:26:24 +01:00
assert page.select_one('input')['type'] == 'tel'
assert page.select_one('input')['pattern'] == '[0-9]*'
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
Turn on redirects two_factor This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:21 +01:00
assert page.select_one(
'a:contains("Not received a text message?")'
)['href'] == url_for('main.check_and_resend_text_code', next=redirect_url)
109638656: Initial implementation for two-factor
2015-12-07 16:56:11 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_and_should_redirect_to_next_url(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_active['id'],
'email': api_user_active['email_address']}
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
'main.two_factor_sms',
next='/services/{}'.format(SERVICE_ONE_ID),
_data={'sms_code': '12345'},
_expected_redirect=url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True
),
Add flake8 linting to project The GDS Way™[1] recommends using Flake8 to lint Python projects. This commit takes the Flake8 config from Digital Marketplace API[2] and removes the bits we don’t need. It changes the `max_complexity` setting to 14, which is the most complex code we have in this repo currently (we shouldn’t be writing code _more_ complex than what we already have). This commit also fixes the errors found by Flake8, which includes 6(!) tests which were never getting run because they had the same names as existing tests. Here is a full list of the errors that were found and fixed: ``` ./app/__init__.py:2:1: F401 're' imported but unused ./app/__init__.py:4:1: F401 'json' imported but unused ./app/__init__.py:8:1: F401 'dateutil' imported but unused ./app/__init__.py:11:1: F401 'flask.escape' imported but unused ./app/__init__.py:41:1: F401 'app.proxy_fix' imported but unused ./app/__init__.py:129:5: F821 undefined name 'proxy_fix' ./app/__init__.py:221:19: F821 undefined name 'highlight' ./app/__init__.py:221:35: F821 undefined name 'JavascriptLexer' ./app/__init__.py:221:54: F821 undefined name 'HtmlFormatter' ./app/config.py:2:1: F401 'datetime.timedelta' imported but unused ./app/event_handlers.py:2:1: F401 'flask_login.current_user' imported but unused ./app/utils.py:11:1: F401 'dateutil.parser' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.two_factor' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.notifications' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.add_service' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.forgot_password' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.inbound_number' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.styleguide' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.organisations' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.letter_jobs' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.verify' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.conversation' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.api_keys' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.send' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.dashboard' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.jobs' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.manage_users' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.sign_in' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.sign_out' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.code_not_received' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.invites' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.platform_admin' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.providers' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.service_settings' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.index' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.new_password' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.user_profile' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.feedback' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.choose_service' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.templates' imported but unused ./app/main/__init__.py:5:1: F401 'app.main.views.register' imported but unused ./app/main/forms.py:12:1: F401 'wtforms.SelectField' imported but unused ./app/main/views/api_keys.py:37:29: E241 multiple spaces after ':' ./app/main/views/feedback.py:3:1: F401 'flask.flash' imported but unused ./app/main/views/feedback.py:122:17: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/inbound_number.py:1:1: F401 'flask.url_for' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.session' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.redirect' imported but unused ./app/main/views/inbound_number.py:1:1: F401 'flask.request' imported but unused ./app/main/views/inbound_number.py:13:1: F401 'flask.jsonify' imported but unused ./app/main/views/jobs.py:31:1: F401 'app.utils.get_template' imported but unused ./app/main/views/letter_jobs.py:1:1: F401 'datetime' imported but unused ./app/main/views/letter_jobs.py:6:1: F401 'app.format_datetime_24h' imported but unused ./app/main/views/manage_users.py:111:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/notifications.py:121:5: F841 local variable 'status_args' is assigned to but never used ./app/main/views/organisations.py:1:1: F401 'flask.request' imported but unused ./app/main/views/service_settings.py:77:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/service_settings.py:82:9: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/service_settings.py:420:13: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/sign_in.py:12:1: F401 'flask_login.confirm_login' imported but unused ./app/main/views/sign_in.py:17:1: F401 'app.service_api_client' imported but unused ./app/main/views/sign_in.py:62:13: E123 closing bracket does not match indentation of opening bracket's line ./app/main/views/templates.py:4:1: F401 'flask.json' imported but unused ./app/main/views/templates.py:17:1: F401 'notifications_utils.formatters.escape_html' imported but unused ./app/main/views/templates.py:23:1: F401 'app.utils.get_help_argument' imported but unused ./app/main/views/templates.py:64:13: E123 closing bracket does not match indentation of opening bracket's line ./app/notify_client/service_api_client.py:6:1: F401 '.notification_api_client' imported but unused ./app/notify_client/user_api_client.py:1:1: F401 'uuid' imported but unused ./app/notify_client/user_api_client.py:3:1: F401 'flask.session' imported but unused ./tests/__init__.py:1:1: F401 'csv' imported but unused ./tests/app/main/test_asset_fingerprinter.py:2:1: F401 'os' imported but unused ./tests/app/main/test_asset_fingerprinter.py:4:1: F401 'unittest.mock' imported but unused ./tests/app/main/test_asset_fingerprinter.py:98:9: F841 local variable 'string_with_unicode_character' is assigned to but never used ./tests/app/main/test_errorhandlers.py:2:1: F401 'flask.url_for' imported but unused ./tests/app/main/test_permissions.py:26:13: F841 local variable 'response' is assigned to but never used ./tests/app/main/test_placeholder_form.py:3:1: F401 'wtforms.Label' imported but unused ./tests/app/main/test_placeholder_form.py:11:10: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:10:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:23:65: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:37:48: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:51:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/test_two_factor_form.py:65:67: F841 local variable 'req' is assigned to but never used ./tests/app/main/views/test_accept_invite.py:356:5: F841 local variable 'element' is assigned to but never used ./tests/app/main/views/test_activity.py:11:1: F811 redefinition of unused 'mock_get_notifications' from line 11 ./tests/app/main/views/test_activity.py:18:1: F401 'datetime.datetime' imported but unused ./tests/app/main/views/test_activity.py:102:5: F841 local variable 'content' is assigned to but never used ./tests/app/main/views/test_activity.py:104:5: F841 local variable 'notification' is assigned to but never used ./tests/app/main/views/test_activity.py:337:5: F841 local variable '_notifications_mock' is assigned to but never used ./tests/app/main/views/test_activity.py:373:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_activity.py:378:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_activity.py:404:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_activity.py:407:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_api_keys.py:354:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_conversation.py:5:1: F401 'bs4.BeautifulSoup' imported but unused ./tests/app/main/views/test_conversation.py:198:5: F841 local variable 'mock_get_inbound_sms' is assigned to but never used ./tests/app/main/views/test_dashboard.py:53:5: F841 local variable 'mock_template_stats' is assigned to but never used ./tests/app/main/views/test_dashboard.py:72:5: F841 local variable 'mock_template_stats' is assigned to but never used ./tests/app/main/views/test_jobs.py:2:1: F401 'uuid' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.urlparse' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.quote' imported but unused ./tests/app/main/views/test_jobs.py:3:1: F401 'urllib.parse.parse_qs' imported but unused ./tests/app/main/views/test_jobs.py:9:1: F401 'app.main.views.jobs.get_status_filters' imported but unused ./tests/app/main/views/test_jobs.py:10:1: F401 'tests.notification_json' imported but unused ./tests/app/main/views/test_letters.py:6:1: F401 'tests.service_json' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.REQUESTED_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.DELIVERED_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.SENDING_STATUSES' imported but unused ./tests/app/main/views/test_notifications.py:5:1: F401 'app.utils.FAILURE_STATUSES' imported but unused ./tests/app/main/views/test_platform_admin.py:242:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_platform_admin.py:247:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:3:1: F401 'unittest.mock.Mock' imported but unused ./tests/app/main/views/test_send.py:18:1: F811 redefinition of unused 'mock_get_service' from line 18 ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.multiple_letter_contact_blocks' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.no_sms_senders' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.multiple_sms_senders' imported but unused ./tests/app/main/views/test_send.py:18:1: F401 'tests.conftest.no_letter_contact_blocks' imported but unused ./tests/app/main/views/test_send.py:102:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_send.py:870:5: F841 local variable 'response' is assigned to but never used ./tests/app/main/views/test_send.py:1367:5: F841 local variable 'service_id' is assigned to but never used ./tests/app/main/views/test_send.py:1451:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:1620:80: E226 missing whitespace around arithmetic operator ./tests/app/main/views/test_send.py:1909:13: E126 continuation line over-indented for hanging indent ./tests/app/main/views/test_send.py:1912:9: E121 continuation line under-indented for hanging indent ./tests/app/main/views/test_service_settings.py:13:1: F811 redefinition of unused 'no_reply_to_email_addresses' from line 13 ./tests/app/main/views/test_service_settings.py:13:1: F401 'tests.conftest.single_reply_to_email_address' imported but unused ./tests/app/main/views/test_service_settings.py:28:5: E123 closing bracket does not match indentation of opening bracket's line ./tests/app/main/views/test_service_settings.py:104:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:166:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:186:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:217:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:237:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:257:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:307:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:340:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:466:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:555:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:615:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:719:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:874:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:902:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:954:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:986:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1101:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1121:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1271:1: F811 redefinition of unused 'test_set_letter_contact_block_saves' from line 1189 ./tests/app/main/views/test_service_settings.py:1433:5: F841 local variable 'page' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1495:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1540:5: F841 local variable 'mocked_get_fn' is assigned to but never used ./tests/app/main/views/test_service_settings.py:1570:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1589:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1621:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1641:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1658:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1676:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1697:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1759:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_service_settings.py:1775:1: F811 redefinition of unused 'single_reply_to_email_address' from line 13 ./tests/app/main/views/test_templates.py:3:1: F401 'uuid' imported but unused ./tests/app/main/views/test_templates.py:11:1: F401 'tests.conftest.mock_get_user' imported but unused ./tests/app/main/views/test_templates.py:514:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:672:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:795:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_templates.py:835:1: F811 redefinition of unused 'mock_get_user' from line 11 ./tests/app/main/views/test_two_factor.py:67:13: E126 continuation line over-indented for hanging indent ./tests/app/notify_client/test_notification_client.py:79:5: F841 local variable 'mock_post' is assigned to but never used ``` 1. https://gds-way.cloudapps.digital/manuals/programming-languages/python/linting.html#how-to-use-flake8 2. https://github.com/alphagov/digitalmarketplace-api/blob/d5ab8afef4a0472f9d266d94ab4ffe1333a9aaad/.flake8
2017-10-18 14:51:26 +01:00
)
The verify view was not passing along the next param to the two factor view. Now if it is passed and it is a url on the same domain that request originates from then it is used.
2016-03-14 16:30:48 +00:00
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
def test_should_send_email_and_redirect_to_info_page_if_user_needs_to_revalidate_email(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
api_user_active,
mock_get_user,
mock_check_verify_code,
mock_create_event,
mock_send_verify_code,
mocker
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
mocker.patch('app.user_api_client.get_user', return_value=api_user_active)
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mocker.patch('app.main.views.two_factor.email_needs_revalidating', return_value=True)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
with client_request.session_transaction() as session:
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
session['user_details'] = {
'id': api_user_active['id'],
'email': api_user_active['email_address']}
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
'main.two_factor_sms',
next=f'/services/{SERVICE_ONE_ID}',
_data={'sms_code': '12345'},
_expected_redirect=url_for(
'main.revalidate_email_sent',
_external=True,
next=f'/services/{SERVICE_ONE_ID}'
),
Turn on redirects two_factor This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:42:21 +01:00
)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
mock_send_verify_code.assert_called_with(api_user_active['id'], 'email', None, mocker.ANY)
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_and_not_redirect_to_external_url(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_active['id'],
'email': api_user_active['email_address']}
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
'main.two_factor_sms',
next='http://www.google.com',
_data={'sms_code': '12345'},
_expected_redirect=url_for('main.show_accounts_or_dashboard', _external=True)
)
Skip ‘choose service’ page if user has one service We used to do this by redirecting on the choose service page. However when we lost the dropdown and this page also became the page for adding a new service (in 3617f2e936aadbdf71d582e58d88a16629ee5ca2) the redirect was removed. This commit re-adds the redirect on the two factor page, so that it only happens on first login. So the flows are: **Multiple services** ``` `Sign in` → `Enter two factor code` → `Choose service` → `Service dashboard` ``` **One service** ``` `Sign in` → `Enter two factor code` → `Service dashboard` ``` **No services (you’ve deleted all your services)** `Sign in` → `Enter two factor code` → `Choose service` → `Add new service`
2016-02-05 14:25:48 +00:00
Reduce usage of the platform admin index page This page is slow to load which means: - it’s annoying for us - it’s potentially causing load on the database This commit does two things to reduce the amount we’re unnecessarily looking at this page: 1. Avoid redirecting to it when signing in as a platform admin user 2. Don’t go directly to it when clicking ‘platform admin’ at the top, but instead show a holding page (there’s a fair chance you’ve clicked that link in order to go and manage some email branding or find a user, not wait for stats to load)
2020-03-19 10:49:40 +00:00
@pytest.mark.parametrize('platform_admin', (
True, False,
))
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
def test_should_login_user_and_redirect_to_show_accounts(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Reduce usage of the platform admin index page This page is slow to load which means: - it’s annoying for us - it’s potentially causing load on the database This commit does two things to reduce the amount we’re unnecessarily looking at this page: 1. Avoid redirecting to it when signing in as a platform admin user 2. Don’t go directly to it when clicking ‘platform admin’ at the top, but instead show a holding page (there’s a fair chance you’ve clicked that link in order to go and manage some email branding or find a user, not wait for stats to load)
2020-03-19 10:49:40 +00:00
platform_admin,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_active['id'],
'email': api_user_active['email_address']}
Reduce usage of the platform admin index page This page is slow to load which means: - it’s annoying for us - it’s potentially causing load on the database This commit does two things to reduce the amount we’re unnecessarily looking at this page: 1. Avoid redirecting to it when signing in as a platform admin user 2. Don’t go directly to it when clicking ‘platform admin’ at the top, but instead show a holding page (there’s a fair chance you’ve clicked that link in order to go and manage some email branding or find a user, not wait for stats to load)
2020-03-19 10:49:40 +00:00
api_user_active['platform_admin'] = platform_admin
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
'main.two_factor_sms',
_data={'sms_code': '12345'},
_expected_redirect=url_for('main.show_accounts_or_dashboard', _external=True)
)
109638656: Implement two factor verify flow When user enters valid sms code they are redirected to the dashboard. Otherwise, form errors are present.
2015-12-08 12:36:54 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_return_200_with_sms_code_error_when_sms_code_is_wrong(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user_by_email,
mock_check_verify_code_code_not_found,
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
mocker
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_active['id'],
'email': api_user_active['email_address']}
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
mocker.patch('app.user_api_client.get_user', return_value=api_user_active)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post(
'main.two_factor_sms',
_data={'sms_code': '23456'},
_expected_status=200,
)
assert 'Code not found' in page.text
110880218: Completed implementation of resend the verificaton code
2015-12-31 13:16:59 +00:00
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
def test_should_login_user_when_multiple_valid_codes_exist(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_active['id'],
'email': api_user_active['email_address']}
Send 2fa email and move user to waiting page when they need to re-validate email access
2020-01-27 18:10:45 +00:00
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
'main.two_factor_sms',
_data={'sms_code': '23456'},
_expected_status=302,
)
Remember me functionality added and tested. Merge extra. Fixed comment.
2016-02-23 15:45:19 +00:00
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_sms_should_set_password_when_new_password_exists_in_session(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
api_user_active,
mock_get_user,
mock_check_verify_code,
mock_get_services_with_one_service,
Update two-factor to use new update password endpoint and refactor tests
2017-02-20 14:55:28 +00:00
mock_update_user_password,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_active['id'],
'email': api_user_active['email_address'],
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
'password': 'changedpassword'}
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post(
'main.two_factor_sms',
_data={'sms_code': '12345'},
_expected_redirect=url_for('main.show_accounts_or_dashboard', _external=True),
)
redirect to show_accounts_or_dashboard on login show_accounts_or_dashboard has logic about where you should redirect to. If we let it do this, then that's nicer than duplicating its logic. We found that it wasn't accounting for orgs in redirects properly.
2018-03-19 16:38:57 +00:00
Fix reset password flow It was broken because of mismatch in update password argument
2020-02-18 14:28:03 +00:00
mock_update_user_password.assert_called_once_with(
Remove old method of updating `email_access_validated_at` Previously we were passing a flag to the API which handled this. Now we are doing it at the time of clicking the link, not at the time of storing the new password. We don’t need to update the timestamp twice, so this commit removes the code which tells the API to do it.
2021-08-17 16:43:35 +01:00
api_user_active['id'], 'changedpassword',
Fix reset password flow It was broken because of mismatch in update password argument
2020-02-18 14:28:03 +00:00
)
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_sms_returns_error_when_user_is_locked(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
api_user_locked,
mock_get_locked_user,
Fix the user flow when the user account is locked. The user has 10 tries at the password, after which the account is locked. The same is true for the verify code, the user will have 10 tries before the user account is locked.
2017-02-28 14:41:31 +00:00
mock_check_verify_code_code_not_found,
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
mock_get_services_with_one_service
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
with client_request.session_transaction() as session:
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_locked['id'],
'email': api_user_locked['email_address'],
Updated error message is the code is not the right size or data type. Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)
2017-02-15 14:56:22 +00:00
}
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post(
'main.two_factor_sms',
_data={'sms_code': '12345'},
_expected_status=200,
)
assert 'Code not found' in page.text
In case user details were not in session the redirect did not use url_for to redirect to sign in.
2016-06-06 14:46:16 +01:00
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_sms_post_should_redirect_to_sign_in_if_user_not_in_session(
create webauthn 2fa page if user has `webauthn_auth` as their auth type, then redirect them to an interstitial that prompts them to click on a button which right now just logs to the JS console, but in a future commit will open up the webauthn browser prompt content is unsurprisingly not final.
2021-05-14 11:20:56 +01:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
create webauthn 2fa page if user has `webauthn_auth` as their auth type, then redirect them to an interstitial that prompts them to click on a button which right now just logs to the JS console, but in a future commit will open up the webauthn browser prompt content is unsurprisingly not final.
2021-05-14 11:20:56 +01:00
client_request.post(
rename two_factor to two_factor_sms it's a bit confusing now that there are three endpoints. the other two are already renamed two_factor_email and two_factor_webauthn
2021-05-14 19:15:12 +01:00
'main.two_factor_sms',
create webauthn 2fa page if user has `webauthn_auth` as their auth type, then redirect them to an interstitial that prompts them to click on a button which right now just logs to the JS console, but in a future commit will open up the webauthn browser prompt content is unsurprisingly not final.
2021-05-14 11:20:56 +01:00
_data={'sms_code': '12345'},
_expected_redirect=url_for('main.sign_in', _external=True)
)
rename two_factor to two_factor_sms it's a bit confusing now that there are three endpoints. the other two are already renamed two_factor_email and two_factor_webauthn
2021-05-14 19:15:12 +01:00
@pytest.mark.parametrize('endpoint', ['main.two_factor_webauthn', 'main.two_factor_sms'])
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_endpoints_get_should_redirect_to_sign_in_if_user_not_in_session(
create webauthn 2fa page if user has `webauthn_auth` as their auth type, then redirect them to an interstitial that prompts them to click on a button which right now just logs to the JS console, but in a future commit will open up the webauthn browser prompt content is unsurprisingly not final.
2021-05-14 11:20:56 +01:00
client_request,
endpoint,
):
client_request.get(
endpoint,
_expected_redirect=url_for('main.sign_in', _external=True)
)
- Add test to check that two-factor auth activates a user as expected - Ensure DB user activation statusupdate only executed when required - Fix test_should_activate_user_after_verify
2016-09-09 15:22:56 +01:00
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
def test_two_factor_webauthn_should_have_auth_signin_button(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
platform_admin_user,
mocker,
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
mock_get_user = mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
with client_request.session_transaction() as session:
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
session['user_details'] = {'id': platform_admin_user['id'], 'email': platform_admin_user['email_address']}
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.get('main.two_factor_webauthn')
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
button = page.select_one("button[data-module=authenticate-security-key]")
assert button.text.strip() == 'Check security key'
assert button.name == 'button'
mock_get_user.assert_called_once_with(platform_admin_user['id'])
def test_two_factor_webauthn_should_reject_non_webauthn_auth_users(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
platform_admin_user,
mocker,
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
platform_admin_user['auth_type'] = 'sms_auth'
mocker.patch('app.user_api_client.get_user', return_value=platform_admin_user)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
with client_request.session_transaction() as session:
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
session['user_details'] = {'id': platform_admin_user['id'], 'email': platform_admin_user['email_address']}
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.get(
'main.two_factor_webauthn',
_expected_status=403,
)
ensure webauthn page aborts if user isn't allowed
2021-06-10 19:27:17 +01:00
remove old `/two-factor` endpoint and update test names we redirect people to `/two-factor-sms` since #26ad20719
2021-06-11 18:09:28 +01:00
def test_two_factor_sms_should_activate_pending_user(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
mocker,
api_user_pending,
mock_check_verify_code,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mock_create_event,
replace user PUT with POSTs the update_user fn was used in two places, for things that are handled fine by update_user_attribute. Reduce complexity in the API by killing the PUT, which is more dangerous (might silently overwrite things that shouldn't be, like "last_logged_in_at" etc). Had to change the code not received mobile number form, and the activate user function.
2017-11-09 12:30:12 +00:00
mock_activate_user,
DRY-up email revalidation check Previously this was duplicated between the "two_factor" and the "webauthn" views, and required more test setup. This DRYs up the check and tests it once, using mocks to simplify the view tests. As part of DRYing up the check into a util module, I've also moved the "is_less_than_days_ago" function it uses.
2021-06-14 12:40:12 +01:00
mock_email_validated_recently,
Normalize whitespace in test arguments We have a bunch of different styles of handling when function definitions span multiple lines, which they almost always do with tests. Here’s why an argument per line, single indent is best: - cleaner diffs when you change the name of a method (one line change instead of multiple lines) - works better on narrow screens, eg Github’s diff view, or with two terminals side by side on a laptop screen - works with any editor’s indenting shortcuts, no need for an IDE Also, trailing comma in the list of arguments is good because adding a new argument to a method becomes a one line, not two line diff.
2017-02-03 10:42:01 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
- Add test to check that two-factor auth activates a user as expected - Ensure DB user activation statusupdate only executed when required - Fix test_should_activate_user_after_verify
2016-09-09 15:22:56 +01:00
mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
mocker.patch('app.service_api_client.get_services', return_value={'data': []})
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
with client_request.session_transaction() as session:
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
session['user_details'] = {
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'id': api_user_pending['id'],
'email_address': api_user_pending['email_address']
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
}
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post('main.two_factor_sms', _data={'sms_code': '12345'})
Use `client` and `logged_in_client` fixtures Wherever possible, because Don’t Repeat Yourself.
2017-02-03 12:07:21 +00:00
replace user PUT with POSTs the update_user fn was used in two places, for things that are handled fine by update_user_attribute. Reduce complexity in the API by killing the PUT, which is more dangerous (might silently overwrite things that shouldn't be, like "last_logged_in_at" etc). Had to change the code not received mobile number form, and the activate user function.
2017-11-09 12:30:12 +00:00
assert mock_activate_user.called
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
@pytest.mark.parametrize('extra_args, expected_encoded_next_arg', (
({}, ''),
({'next': 'https://example.com'}, '?next=https%3A%2F%2Fexample.com')
Add a second URL for the email auth endpoint We’re going to add an interstitial page that redirects to this new URL. But we don’t want that redirect to 404 while the change is deploying, because some boxes will have the new URL and some won’t. So let’s deploy the new URL to all the boxes first, then the redirect page can safely take over the new one. The new URL is going to be `post` not `get` because that feels more HTTP-y, so we need to make sure that’s part of this change too.
2020-05-04 12:37:05 +01:00
))
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
def test_valid_two_factor_email_link_shows_interstitial(
client_request,
valid_token,
mocker,
extra_args,
expected_encoded_next_arg,
):
mock_check_code = mocker.patch('app.user_api_client.check_verify_code')
encoded_token = valid_token.replace('%2E', '.')
token_url = url_for(
'main.two_factor_email_interstitial',
token=encoded_token,
**extra_args
)
# This must match the URL we put in the emails
assert token_url == f'/email-auth/{encoded_token}{expected_encoded_next_arg}'
client_request.logout()
page = client_request.get_url(token_url)
assert normalize_spaces(page.select_one('main .js-hidden').text) == (
'Sign in '
'Continue to dashboard'
)
form = page.select_one('form')
expected_form_id = 'use-email-auth'
assert 'action' not in form
assert form['method'] == 'post'
assert form['id'] == expected_form_id
Fix flake8 and isort errors Note, isort now has default behaviour of searching recursively so we no longer need the `-rc` flag
2021-03-08 15:36:23 +00:00
assert page.select_one('main script').string.strip() == (
Add interstitial page before using email auth token Some email clients will pre-fetch links in emails to check whether they’re safe. This has the unfortunate side effect of claiming the token that’s in the link. Long term, we don’t want to let the link be used multiple times, because this reduces how secure it is (eg someone with access to your browser history could re-use the link even if you’d signed out). Instead, this commit adds an extra page which is served when the user clicks the link from the email. This page includes a form which submits to the actual URL that uses the token, thereby not claiming the token as soon as the page is loaded. For convenience, this page also includes some Javascript which clicks the link on the user’s behalf. If the user has Javascript turned off they will see the link and can click it themselves. This is going on the assumption that whatever the email clients are doing when prefetching the link doesn’t involve running any Javascript. This Javascript is inlined so that: - it is run as fast as possible - it’s more resilient – even if our assets domain is unreachable or the connection is interrupted, it will still run
2020-05-04 12:27:51 +01:00
f'document.getElementById("{expected_form_id}").submit();'
)
assert mock_check_code.called is False
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_valid_two_factor_email_link_logs_in_user(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
valid_token,
mock_get_user,
mock_get_services_with_one_service,
don't swallow HTTP errors from create_event tests weren't patching out create_event (which is invoked every time a user logs in). This was getting caught by our egress proxy on jenkins. We didn't notice because the event handler code was swallowing all exceptions and not re-raising. This changes that code to no longer swallow exceptions. Since we did that, we also need to update all the tests that test log-in to mock the call
2018-05-02 10:27:01 +01:00
mocker,
mock_create_event,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
mocker.patch('app.user_api_client.check_verify_code', return_value=(True, ''))
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.post_url(
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_expected_redirect=url_for('main.show_accounts_or_dashboard', _external=True)
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
@pytest.mark.parametrize('redirect_url', [
None,
Test next redirects with realistic URL This change has been made following PR review, to ensure that special signs are transformed correctly when passing through the next URL.
2020-10-12 12:01:39 +01:00
f'/services/{SERVICE_ONE_ID}/templates',
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
])
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_has_expired(
Rename "app_" fixture to "notify_admin" This naming was introduced in 2016 without explanation [1]. I find it confusing because: - It's reminiscent of "_app", which is a Python convention indicating the variable is internal, so maybe avoid using it. - It suggests there's some other "app" fixture I should be using (there isn't, though). The Python style guide describes using an underscore suffix to avoid clashes with inbuilt names [1], which is sort of applicable if we need to import the "app" module [2]. However, we can also avoid clashes by choosing a different name, without the strange underscore. [1]: https://github.com/alphagov/notifications-admin/commit/3b1d521c10a515dab85700a1103912cf47ed414c [2]: https://github.com/alphagov/notifications-admin/blob/78824f54fdf7288172387f8ed3b332d26d74e083/tests/app/main/views/test_forgot_password.py#L5
2021-05-12 14:57:21 +01:00
notify_admin,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
valid_token,
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
mock_send_verify_code,
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
fake_uuid,
redirect_url
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
Rename "app_" fixture to "notify_admin" This naming was introduced in 2016 without explanation [1]. I find it confusing because: - It's reminiscent of "_app", which is a Python convention indicating the variable is internal, so maybe avoid using it. - It suggests there's some other "app" fixture I should be using (there isn't, though). The Python style guide describes using an underscore suffix to avoid clashes with inbuilt names [1], which is sort of applicable if we need to import the "app" module [2]. However, we can also avoid clashes by choosing a different name, without the strange underscore. [1]: https://github.com/alphagov/notifications-admin/commit/3b1d521c10a515dab85700a1103912cf47ed414c [2]: https://github.com/alphagov/notifications-admin/blob/78824f54fdf7288172387f8ed3b332d26d74e083/tests/app/main/views/test_forgot_password.py#L5
2021-05-12 14:57:21 +01:00
with set_config(notify_admin, 'EMAIL_2FA_EXPIRY_SECONDS', -1):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post_url(
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token, next=redirect_url),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_follow_redirects=True,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
assert page.h1.text.strip() == 'The link has expired'
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
assert page.select_one('a:contains("Sign in again")')['href'] == url_for('main.sign_in', next=redirect_url)
Remove uses of .assert_not_called I prefer to avoid `assert_not_called`, because if I make a typo like this, the tests will still pass: ``` app.invite_api_client.create_invite.asset_not_called() ``` It’s harder to have a false positive with the statement written this way: ``` assert app.invite_api_client.create_invite.called is False ```
2020-08-28 13:26:14 +01:00
assert mock_send_verify_code.called is False
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_is_invalid(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
token = 12345
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post(
'main.two_factor_email',
token=token,
_follow_redirects=True,
_expected_status=404,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
assert normalize_spaces(
page.select_one('.banner-dangerous').text
) == "Theres something wrong with the link youve used."
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
@pytest.mark.parametrize('redirect_url', [
None,
Test next redirects with realistic URL This change has been made following PR review, to ensure that special signs are transformed correctly when passing through the next URL.
2020-10-12 12:01:39 +01:00
f'/services/{SERVICE_ONE_ID}/templates',
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
])
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_is_already_used(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
valid_token,
Updated code used flow
2017-11-09 17:06:24 +00:00
mocker,
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
mock_send_verify_code,
redirect_url
Updated code used flow
2017-11-09 17:06:24 +00:00
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
mocker.patch('app.user_api_client.check_verify_code', return_value=(False, 'Code has expired'))
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post_url(
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token, next=redirect_url),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_follow_redirects=True,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
assert page.h1.text.strip() == 'The link has expired'
Turn on redirects two_factor_email This is part of the work to make sure user is redirected to the page they initially were meant to visit after they sign in.
2020-10-09 11:41:47 +01:00
assert page.select_one('a:contains("Sign in again")')['href'] == url_for('main.sign_in', next=redirect_url)
Remove uses of .assert_not_called I prefer to avoid `assert_not_called`, because if I make a typo like this, the tests will still pass: ``` app.invite_api_client.create_invite.asset_not_called() ``` It’s harder to have a false positive with the statement written this way: ``` assert app.invite_api_client.create_invite.called is False ```
2020-08-28 13:26:14 +01:00
assert mock_send_verify_code.called is False
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_when_user_is_locked_out(
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
valid_token,
Updated code used flow
2017-11-09 17:06:24 +00:00
mocker,
mock_send_verify_code
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
):
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
client_request.logout()
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
mocker.patch('app.user_api_client.check_verify_code', return_value=(False, 'Code not found'))
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
page = client_request.post_url(
Stop url_for double-encoding .'s in password test One of the changes this pulls in is encoding of periods in the token used for new password requests. In real-life the resulting URL is build by concatenating the base url with the token so it isn't processed further. The test for new password requests builds the URL with url_for. This encodes the result returned so the periods are encoded twice.
2018-10-18 14:34:07 +01:00
url_for_endpoint_with_token('main.two_factor_email', token=valid_token),
Replace uses of `client.get` and `client.post` We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `client`. This is not as good because it: - returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests which had a `client.get(…)` or `client.post(…)` statement to use their equivalents on `client_request` instead. Subsequent commits will remove uses of `client` in other tests, but doing it this way means the work can be broken up into more manageable chunks.
2022-01-04 15:40:42 +00:00
_follow_redirects=True,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
assert page.h1.text.strip() == 'The link has expired'
Remove uses of .assert_not_called I prefer to avoid `assert_not_called`, because if I make a typo like this, the tests will still pass: ``` app.invite_api_client.create_invite.asset_not_called() ``` It’s harder to have a false positive with the statement written this way: ``` assert app.invite_api_client.create_invite.called is False ```
2020-08-28 13:26:14 +01:00
assert mock_send_verify_code.called is False
Stop automatically resending email verification links This commit stops a new email verification link from being sent to a user if they click on an email link which has expired or which has already been used. Instead, they will be see an error message with a link to the sign in page. This stops the situation where someone could log in indefinitely (without the needing to enter their password) by trying to use a used / expired email verification link and receiving a valid link automatically.
2019-01-15 16:32:26 +00:00
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
def test_two_factor_email_link_used_when_user_already_logged_in(
Stop using `logged_in_client` fixture We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `logged_in_client`. This is not as good because: - it returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests using `logged_in_client` to: use `client_request` instead.
2021-12-31 12:08:14 +00:00
client_request,
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
valid_token
):
Stop using `logged_in_client` fixture We have a `client_request` fixture which does a bunch of useful stuff like: - checking the status code of the response - returning a `BeautifulSoup` object Lots of our tests still use an older fixture called `logged_in_client`. This is not as good because: - it returns a raw `Response` object - doesn’t do the additional checks - means our tests contain a lot of repetetive boilerplate like `page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')` This commit converts all the tests using `logged_in_client` to: use `client_request` instead.
2021-12-31 12:08:14 +00:00
client_request.post_url(
url_for_endpoint_with_token('main.two_factor_email', token=valid_token),
_expected_redirect=url_for('main.show_accounts_or_dashboard', _external=True),
alter login flow to allow for email auth login
2017-11-07 16:11:31 +00:00
)
Reference in New Issue Copy Permalink