2017-02-24 16:21:41 +00:00
|
|
|
|
import json
|
2018-02-20 11:22:17 +00:00
|
|
|
|
import uuid
|
2015-12-04 16:21:01 +00:00
|
|
|
|
|
2016-03-17 13:07:52 +00:00
|
|
|
|
from bs4 import BeautifulSoup
|
2018-02-20 11:22:17 +00:00
|
|
|
|
from flask import url_for
|
|
|
|
|
|
from itsdangerous import SignatureExpired
|
2018-04-25 14:12:58 +01:00
|
|
|
|
|
2017-10-16 14:58:08 +01:00
|
|
|
|
from tests.conftest import normalize_spaces
|
|
|
|
|
|
|
2015-12-04 16:21:01 +00:00
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
|
def test_should_return_verify_template(
|
2017-02-03 12:07:21 +00:00
|
|
|
|
client,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
api_user_active,
|
|
|
|
|
|
mock_send_verify_code,
|
|
|
|
|
|
):
|
2017-02-03 12:07:21 +00:00
|
|
|
|
# TODO this lives here until we work out how to
|
|
|
|
|
|
# reassign the session after it is lost mid register process
|
|
|
|
|
|
with client.session_transaction() as session:
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
session['user_details'] = {'email_address': api_user_active['email_address'], 'id': api_user_active['id']}
|
2017-02-03 12:07:21 +00:00
|
|
|
|
response = client.get(url_for('main.verify'))
|
|
|
|
|
|
assert response.status_code == 200
|
2016-03-17 13:07:52 +00:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
|
|
|
|
|
|
assert page.h1.text == 'Check your phone'
|
|
|
|
|
|
message = page.find_all('p')[1].text
|
|
|
|
|
|
assert message == "We’ve sent you a text message with a security code."
|
2015-12-04 17:10:06 +00:00
|
|
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
|
def test_should_redirect_to_add_service_when_sms_code_is_correct(
|
2017-02-03 12:07:21 +00:00
|
|
|
|
client,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
api_user_active,
|
2017-02-24 16:21:41 +00:00
|
|
|
|
mocker,
|
2017-11-09 12:30:12 +00:00
|
|
|
|
mock_update_user_attribute,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
mock_check_verify_code,
|
2018-05-02 10:27:01 +01:00
|
|
|
|
mock_create_event,
|
|
|
|
|
|
fake_uuid,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
):
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
api_user_active['current_session_id'] = str(uuid.UUID(int=1))
|
2017-02-24 16:21:41 +00:00
|
|
|
|
mocker.patch('app.user_api_client.get_user', return_value=api_user_active)
|
|
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
with client.session_transaction() as session:
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
session['user_details'] = {'email_address': api_user_active['email_address'], 'id': api_user_active['id']}
|
2017-02-24 16:21:41 +00:00
|
|
|
|
# user's only just created their account so no session in the cookie
|
|
|
|
|
|
session.pop('current_session_id', None)
|
|
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
response = client.post(url_for('main.verify'),
|
|
|
|
|
|
data={'sms_code': '12345'})
|
|
|
|
|
|
assert response.status_code == 302
|
|
|
|
|
|
assert response.location == url_for('main.add_service', first='first', _external=True)
|
2015-12-04 17:10:06 +00:00
|
|
|
|
|
2017-02-24 16:21:41 +00:00
|
|
|
|
# make sure the current_session_id has changed to what the API returned
|
|
|
|
|
|
with client.session_transaction() as session:
|
|
|
|
|
|
assert session['current_session_id'] == str(uuid.UUID(int=1))
|
|
|
|
|
|
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
mock_check_verify_code.assert_called_once_with(api_user_active['id'], '12345', 'sms')
|
2016-03-17 13:07:52 +00:00
|
|
|
|
|
2015-12-04 17:10:06 +00:00
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
|
def test_should_activate_user_after_verify(
|
2017-02-03 12:07:21 +00:00
|
|
|
|
client,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
mocker,
|
|
|
|
|
|
api_user_pending,
|
|
|
|
|
|
mock_send_verify_code,
|
|
|
|
|
|
mock_check_verify_code,
|
2018-05-02 10:27:01 +01:00
|
|
|
|
mock_create_event,
|
2017-11-09 12:30:12 +00:00
|
|
|
|
mock_activate_user,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
):
|
2016-09-09 15:22:56 +01:00
|
|
|
|
mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
|
2017-02-03 12:07:21 +00:00
|
|
|
|
with client.session_transaction() as session:
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
session['user_details'] = {
|
|
|
|
|
|
'email_address': api_user_pending['email_address'],
|
|
|
|
|
|
'id': api_user_pending['id']
|
|
|
|
|
|
}
|
2017-02-03 12:07:21 +00:00
|
|
|
|
client.post(url_for('main.verify'),
|
|
|
|
|
|
data={'sms_code': '12345'})
|
2017-11-09 12:30:12 +00:00
|
|
|
|
assert mock_activate_user.called
|
2015-12-07 16:08:30 +00:00
|
|
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
|
def test_should_return_200_when_sms_code_is_wrong(
|
2017-10-16 14:58:08 +01:00
|
|
|
|
client_request,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
api_user_active,
|
|
|
|
|
|
mock_check_verify_code_code_not_found,
|
|
|
|
|
|
):
|
2017-10-16 14:58:08 +01:00
|
|
|
|
with client_request.session_transaction() as session:
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
session['user_details'] = {
|
|
|
|
|
|
'email_address': api_user_active['email_address'],
|
|
|
|
|
|
'id': api_user_active['id'],
|
|
|
|
|
|
}
|
2017-10-16 14:58:08 +01:00
|
|
|
|
|
|
|
|
|
|
page = client_request.post(
|
|
|
|
|
|
'main.verify',
|
|
|
|
|
|
_data={'sms_code': '12345'},
|
|
|
|
|
|
_expected_status=200,
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
assert len(page.select('.error-message')) == 1
|
|
|
|
|
|
assert normalize_spaces(page.select_one('.error-message').text) == (
|
|
|
|
|
|
'Code not found'
|
|
|
|
|
|
)
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
|
def test_verify_email_redirects_to_verify_if_token_valid(
|
2017-02-03 12:07:21 +00:00
|
|
|
|
client,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
mocker,
|
|
|
|
|
|
api_user_pending,
|
|
|
|
|
|
mock_get_user_pending,
|
|
|
|
|
|
mock_send_verify_code,
|
|
|
|
|
|
mock_check_verify_code,
|
|
|
|
|
|
):
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
token_data = {"user_id": api_user_pending['id'], "secret_code": 'UNUSED'}
|
2016-04-14 12:00:55 +01:00
|
|
|
|
mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data))
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
with client.session_transaction() as session:
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
session['user_details'] = {
|
|
|
|
|
|
'email_address': api_user_pending['email_address'],
|
|
|
|
|
|
'id': api_user_pending['id'],
|
|
|
|
|
|
}
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
response = client.get(url_for('main.verify_email', token='notreal'))
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
assert response.status_code == 302
|
|
|
|
|
|
assert response.location == url_for('main.verify', _external=True)
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
2017-11-01 14:39:14 +00:00
|
|
|
|
assert not mock_check_verify_code.called
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
mock_send_verify_code.assert_called_once_with(api_user_pending['id'], 'sms', api_user_pending['mobile_number'])
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
with client.session_transaction() as session:
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
assert session['user_details'] == {'email': api_user_pending['email_address'], 'id': api_user_pending['id']}
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
|
|
|
|
|
|
2017-11-01 14:39:14 +00:00
|
|
|
|
def test_verify_email_redirects_to_email_sent_if_token_expired(
|
2017-02-03 12:07:21 +00:00
|
|
|
|
client,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
mocker,
|
|
|
|
|
|
api_user_pending,
|
|
|
|
|
|
):
|
2016-04-14 12:00:55 +01:00
|
|
|
|
mocker.patch('app.main.views.verify.check_token', side_effect=SignatureExpired('expired'))
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
response = client.get(url_for('main.verify_email', token='notreal'))
|
2016-03-22 13:38:35 +00:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
assert response.status_code == 302
|
|
|
|
|
|
assert response.location == url_for('main.resend_email_verification', _external=True)
|
2016-03-29 12:13:36 +01:00
|
|
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
|
def test_verify_email_redirects_to_sign_in_if_user_active(
|
2017-02-03 12:07:21 +00:00
|
|
|
|
client,
|
2017-02-03 10:42:01 +00:00
|
|
|
|
mocker,
|
|
|
|
|
|
api_user_active,
|
|
|
|
|
|
mock_get_user,
|
|
|
|
|
|
mock_send_verify_code,
|
|
|
|
|
|
mock_check_verify_code,
|
|
|
|
|
|
):
|
Make user API client return JSON, not a model
The data flow of other bits of our application looks like this:
```
API (returns JSON)
⬇
API client (returns a built in type, usually `dict`)
⬇
Model (returns an instance, eg of type `Service`)
⬇
View (returns HTML)
```
The user API client was architected weirdly, in that it returned a model
directly, like this:
```
API (returns JSON)
⬇
API client (returns a model, of type `User`, `InvitedUser`, etc)
⬇
View (returns HTML)
```
This mixing of different layers of the application is bad because it
makes it hard to write model code that doesn’t have circular
dependencies. As our application gets more complicated we will be
relying more on models to manage this complexity, so we should make it
easy, not hard to write them.
It also means that most of our mocking was of the User model, not just
the underlying JSON. So it would have been easy to introduce subtle bugs
to the user model, because it wasn’t being comprehensively tested. A lot
of the changed lines of code in this commit mean changing the tests to
mock only the JSON, which means that the model layer gets implicitly
tested.
For those reasons this commit changes the user API client to return
JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
|
|
|
|
token_data = {"user_id": api_user_active['id'], "secret_code": 12345}
|
2016-04-14 12:00:55 +01:00
|
|
|
|
mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data))
|
2016-03-29 12:13:36 +01:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
response = client.get(url_for('main.verify_email', token='notreal'), follow_redirects=True)
|
|
|
|
|
|
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
|
|
|
|
|
|
assert page.h1.text == 'Sign in'
|
|
|
|
|
|
flash_banner = page.find('div', class_='banner-dangerous').string.strip()
|
|
|
|
|
|
assert flash_banner == "That verification link has expired."
|
2016-06-17 11:36:30 +01:00
|
|
|
|
|
|
|
|
|
|
|
2017-02-03 10:42:01 +00:00
|
|
|
|
def test_verify_redirects_to_sign_in_if_not_logged_in(
|
2017-02-03 12:07:21 +00:00
|
|
|
|
client
|
2017-02-03 10:42:01 +00:00
|
|
|
|
):
|
2017-02-03 12:07:21 +00:00
|
|
|
|
response = client.get(url_for('main.verify'))
|
2016-06-17 11:36:30 +01:00
|
|
|
|
|
2017-02-03 12:07:21 +00:00
|
|
|
|
assert response.location == url_for('main.sign_in', _external=True)
|
|
|
|
|
|
assert response.status_code == 302
|