darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-06-05 14:00:51 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
eb0b68f368652862732cb47f3fcfe5ea024cfa43
notifications-admin/tests/app/main/views/test_api_integration.py

871 lines
23 KiB
Python
Raw Normal View History

Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
import uuid
from collections import OrderedDict
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from unittest.mock import call
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
import pytest
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
from flask import url_for
define isort first party (app and tests) we were seeing isort produce different outputs locally and in docker - this was due to it having different opinions about whether the tests module (ie all our unit tests) is a first party (local) or third party (pip installed) import. It's a first party import, so by defining this in the setup.cfg isort settings, we can force it to be consistent between environments. Note: I don't know why it was different in the first place though
2018-04-25 14:12:58 +01:00
Stop calling `fake_uuid` fixture directly Pytest is deprecating the direct calling of fixtures. One fixture that we call directly quite a lot is `fake_uuid`. Since it just returns the value of `sample_uuid()` we can either call that instead (where we need a fixed value) or generate a new UUID each time (where a fixed value is not needed).
2018-09-26 16:41:04 +01:00
from tests import sample_uuid, validate_route_permission
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
from tests.conftest import (
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
SERVICE_ONE_ID,
Stop calling mock_get_notications as if it's a function By creating a new function in conftest.py, `create_notifications`, which can be used instead.
2020-01-07 15:24:33 +00:00
create_notifications,
Enforce order and style of imports Done using isort[1], with the following command: ``` isort -rc ./app ./tests ``` Adds linting to the `run_tests.sh` script to stop badly-sorted imports getting re-introduced. Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because I think it gives the cleanest diffs, eg: ``` from third_party import ( lib1, lib2, lib3, lib4, ) ``` 1. https://pypi.python.org/pypi/isort
2018-02-20 11:22:17 +00:00
normalize_spaces,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
)
def test_should_show_api_page(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_login,
api_user_active,
mock_get_service,
mock_has_permissions,
mock_get_notifications
):
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
page = client_request.get(
'main.api_integration',
service_id=SERVICE_ONE_ID,
)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
assert page.h1.string.strip() == 'API integration'
rows = page.find_all('details')
assert len(rows) == 5
Do extra code style checks with flake8-bugbear Flake8 Bugbear checks for some extra things that aren’t code style errors, but are likely to introduce bugs or unexpected behaviour. A good example is having mutable default function arguments, which get shared between every call to the function and therefore mutating a value in one place can unexpectedly cause it to change in another. This commit enables all the extra warnings provided by Flake8 Bugbear, except for the line length one (because we already lint for that separately). It disables: - _B003: Assigning to os.environ_ because I don’t really understand this - _B306: BaseException.message is removed in Python 3_ because I think our exceptions have a custom structure that means the `.message` attribute is still present
2019-11-01 10:43:01 +00:00
for row in rows:
Fix test broken by HTML changes on API page I moved the meta for each message into the `<h3>` in each `<summary>` to make the heading unique. This broke the test.
2019-11-29 17:40:45 +00:00
assert row.select('h3 .govuk-details__summary-text')[0].string.strip() == '07123456789'
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
def test_should_show_api_page_with_lots_of_notifications(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_login,
api_user_active,
mock_get_service,
mock_has_permissions,
mock_get_notifications_with_previous_next
):
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
page = client_request.get(
'main.api_integration',
service_id=SERVICE_ONE_ID,
)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
rows = page.find_all('div', {'class': 'api-notifications-item'})
assert ' '.join(rows[len(rows) - 1].text.split()) == (
'Only showing the first 50 messages. Notify deletes messages after 7 days.'
)
def test_should_show_api_page_with_no_notifications(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_login,
api_user_active,
mock_get_service,
mock_has_permissions,
mock_get_notifications_with_no_notifications
):
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
page = client_request.get(
'main.api_integration',
service_id=SERVICE_ONE_ID,
)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
rows = page.find_all('div', {'class': 'api-notifications-item'})
assert 'When you send messages via the API theyll appear here.' in rows[len(rows) - 1].text.strip()
Link to notification from API integration It’s useful to be able to see what the email or text message looks like, especially if you’ve sent it with a test API key (so it isn’t in your inbox or on your phone). We already have the page for this, so we just need to link to it.
2018-09-06 10:41:36 +01:00
@pytest.mark.parametrize('template_type, link_text', [
('sms', 'View text message'),
('letter', 'View letter'),
('email', 'View email'),
add view link in message log for letter notifications
2018-01-16 11:59:41 +00:00
])
def test_letter_notifications_should_have_link_to_view_letter(
client_request,
mock_has_permissions,
mocker,
template_type,
Link to notification from API integration It’s useful to be able to see what the email or text message looks like, especially if you’ve sent it with a test API key (so it isn’t in your inbox or on your phone). We already have the page for this, so we just need to link to it.
2018-09-06 10:41:36 +01:00
link_text,
add view link in message log for letter notifications
2018-01-16 11:59:41 +00:00
):
Stop calling mock_get_notications as if it's a function By creating a new function in conftest.py, `create_notifications`, which can be used instead.
2020-01-07 15:24:33 +00:00
notifications = create_notifications(template_type=template_type)
mocker.patch('app.notification_api_client.get_notifications_for_service', return_value=notifications)
add view link in message log for letter notifications
2018-01-16 11:59:41 +00:00
page = client_request.get(
'main.api_integration',
Link to notification from API integration It’s useful to be able to see what the email or text message looks like, especially if you’ve sent it with a test API key (so it isn’t in your inbox or on your phone). We already have the page for this, so we just need to link to it.
2018-09-06 10:41:36 +01:00
service_id=SERVICE_ONE_ID,
add view link in message log for letter notifications
2018-01-16 11:59:41 +00:00
)
Link to notification from API integration It’s useful to be able to see what the email or text message looks like, especially if you’ve sent it with a test API key (so it isn’t in your inbox or on your phone). We already have the page for this, so we just need to link to it.
2018-09-06 10:41:36 +01:00
assert page.select_one('details a').text.strip() == link_text
add view link in message log for letter notifications
2018-01-16 11:59:41 +00:00
Display the two new virus states for letters Precompiled letters can now have two additional states: * pending-virus-check * virus-scan-failed Both new states should show in the notifications dashboard, and virus-scan-failed should appear as an error state, with a descriptive message. You should not be able to preview a letter in one of the two new states, so the preview link has been removed for precompiled letters in these states.
2018-03-19 15:25:26 +00:00
@pytest.mark.parametrize('status', [
'pending-virus-check', 'virus-scan-failed'
])
def test_should_not_have_link_to_view_letter_for_precompiled_letters_in_virus_states(
client_request,
fake_uuid,
mock_has_permissions,
mocker,
status
):
Stop calling mock_get_notications as if it's a function By creating a new function in conftest.py, `create_notifications`, which can be used instead.
2020-01-07 15:24:33 +00:00
notifications = create_notifications(status=status)
mocker.patch('app.notification_api_client.get_notifications_for_service', return_value=notifications)
Display the two new virus states for letters Precompiled letters can now have two additional states: * pending-virus-check * virus-scan-failed Both new states should show in the notifications dashboard, and virus-scan-failed should appear as an error state, with a descriptive message. You should not be able to preview a letter in one of the two new states, so the preview link has been removed for precompiled letters in these states.
2018-03-19 15:25:26 +00:00
page = client_request.get(
'main.api_integration',
service_id=fake_uuid,
)
assert not page.select_one('details a')
Tests page when client_reference exists in noti
2018-03-19 16:12:14 +00:00
@pytest.mark.parametrize('client_reference, shows_ref', [
('foo', True),
(None, False),
])
def test_letter_notifications_should_show_client_reference(
client_request,
fake_uuid,
mock_has_permissions,
mocker,
client_reference,
shows_ref
):
Stop calling mock_get_notications as if it's a function By creating a new function in conftest.py, `create_notifications`, which can be used instead.
2020-01-07 15:24:33 +00:00
notifications = create_notifications(client_reference=client_reference)
mocker.patch('app.notification_api_client.get_notifications_for_service', return_value=notifications)
Tests page when client_reference exists in noti
2018-03-19 16:12:14 +00:00
page = client_request.get(
'main.api_integration',
service_id=fake_uuid,
)
dt_arr = [p.text for p in page.select('dt')]
if shows_ref:
assert 'client_reference:' in dt_arr
assert page.select_one('dd:nth-of-type(2)').text == 'foo'
else:
assert 'client_reference:' not in dt_arr
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
def test_should_show_api_page_for_live_service(
use client_request to always check the response this'll avoid us accidentally 503ing and ignoring it in tests where we check for "assert my_content not present"
2018-05-03 17:00:05 +01:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_login,
api_user_active,
use client_request to always check the response this'll avoid us accidentally 503ing and ignoring it in tests where we check for "assert my_content not present"
2018-05-03 17:00:05 +01:00
mock_get_notifications,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_get_live_service,
mock_has_permissions
):
use client_request to always check the response this'll avoid us accidentally 503ing and ignoring it in tests where we check for "assert my_content not present"
2018-05-03 17:00:05 +01:00
page = client_request.get(
'main.api_integration',
service_id=uuid.uuid4()
)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
assert 'Your service is in trial mode' not in page.find('main').text
def test_api_documentation_page_should_redirect(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_login,
api_user_active,
mock_get_service,
mock_has_permissions
):
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request.get(
'main.api_documentation',
service_id=SERVICE_ONE_ID,
_expected_status=301,
_expected_redirect=url_for(
'main.documentation',
_external=True,
),
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
)
def test_should_show_empty_api_keys_page(
client,
upgrade flask_login to 0.5.0 flask_login sets a bunch of variables in the session object. We only use one of them, `user_id`. We set that to the user id from the database, and refer to it all over the place. However, in flask_login 0.5.0 they prefix this with an underscore to prevent people accidentally overwriting it etc. So when a user logs in we need to make sure that we set user_id manually so we can still use it. flask_login sets a bunch of variables on the `flask.session` object. However, this session object isn't the one that gets passed in to the request context by flask - that one can only be modified outside of requests from within the session_transaction context manager (see [1]). So, flask_login populates the normal session and then we need to copy all of those values across. We didn't need to do this previously because we already set the `user_id` value on line 20 of tests/__init__.py, but now that flask_login is looking for `_user_id` instead we need to do this properly. [1] https://flask.palletsprojects.com/en/1.1.x/testing/#accessing-and-modifying-sessions
2020-03-06 15:41:13 +00:00
api_user_active,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_login,
mock_get_no_api_keys,
mock_get_service,
mock_has_permissions,
):
upgrade flask_login to 0.5.0 flask_login sets a bunch of variables in the session object. We only use one of them, `user_id`. We set that to the user id from the database, and refer to it all over the place. However, in flask_login 0.5.0 they prefix this with an underscore to prevent people accidentally overwriting it etc. So when a user logs in we need to make sure that we set user_id manually so we can still use it. flask_login sets a bunch of variables on the `flask.session` object. However, this session object isn't the one that gets passed in to the request context by flask - that one can only be modified outside of requests from within the session_transaction context manager (see [1]). So, flask_login populates the normal session and then we need to copy all of those values across. We didn't need to do this previously because we already set the `user_id` value on line 20 of tests/__init__.py, but now that flask_login is looking for `_user_id` instead we need to do this properly. [1] https://flask.palletsprojects.com/en/1.1.x/testing/#accessing-and-modifying-sessions
2020-03-06 15:41:13 +00:00
client.login(api_user_active)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
service_id = str(uuid.uuid4())
response = client.get(url_for('main.api_keys', service_id=service_id))
assert response.status_code == 200
Replace haven't with have not
2019-09-13 13:00:33 +01:00
assert 'You have not created any API keys yet' in response.get_data(as_text=True)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
assert 'Create an API key' in response.get_data(as_text=True)
Put API keys on service model Similar to how we put templates on the service model, it means less logic needs to happen in the view code.
2018-11-07 11:35:24 +00:00
mock_get_no_api_keys.assert_called_once_with(service_id)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
def test_should_show_api_keys_page(
Sort API keys alphabetically Currently the order of API keys seems to be non-deterministic: https://github.com/alphagov/notifications-api/blob/d46caa184e3e91903829336788c96ffeb2baa57d/app/dao/api_key_dao.py#L32-L39 Generally we sort things alphabetically, unless there’s a good reason to do otherwise. This commit sorts the API keys alphabetically.
2018-11-07 12:05:11 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_get_api_keys,
):
Sort API keys alphabetically Currently the order of API keys seems to be non-deterministic: https://github.com/alphagov/notifications-api/blob/d46caa184e3e91903829336788c96ffeb2baa57d/app/dao/api_key_dao.py#L32-L39 Generally we sort things alphabetically, unless there’s a good reason to do otherwise. This commit sorts the API keys alphabetically.
2018-11-07 12:05:11 +00:00
page = client_request.get('main.api_keys', service_id=SERVICE_ONE_ID)
rows = [normalize_spaces(row.text) for row in page.select('main tr')]
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
Sort API keys alphabetically Currently the order of API keys seems to be non-deterministic: https://github.com/alphagov/notifications-api/blob/d46caa184e3e91903829336788c96ffeb2baa57d/app/dao/api_key_dao.py#L32-L39 Generally we sort things alphabetically, unless there’s a good reason to do otherwise. This commit sorts the API keys alphabetically.
2018-11-07 12:05:11 +00:00
assert rows[0] == 'API keys Action'
assert rows[1] == 'another key name Revoked 1 January at 1:00am'
assert rows[2] == 'some key name Revoke'
mock_get_api_keys.assert_called_once_with(SERVICE_ONE_ID)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
Use fixtures that get services in Pytest 5 compatible way
2020-01-07 10:47:00 +00:00
@pytest.mark.parametrize('restricted, can_send_letters, expected_options', [
(True, False, [
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
(
'Live sends to anyone '
'Not available because your service is in trial mode'
),
Rename ‘whitelist’ to ‘guest list’ in UI This commit changes all the places where a user would see the term ‘whitelist’ in the content of page to say guestlist instead. We’re removing the term ‘whitelist’ for two reasons. The first reason is that we agree with the National Cyber Security Centre say: > It's fairly common to say whitelisting and blacklisting to describe > desirable and undesirable things in cyber security. For instance, when > talking about which applications you will allow or deny on your > corporate network; or deciding which bad passwords you want your users > not to be able to use. > However, there's an issue with the terminology. It only makes sense if > you equate white with 'good, permitted, safe' and black with 'bad, > dangerous, forbidden'. There are some obvious problems with this. So > in the name of helping to stamp out racism in cyber security, we will > avoid this casually pejorative wording on our website in the future. > No, it's not the biggest issue in the world - but to borrow a slogan > from elsewhere: every little helps. – https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white The second reason is that we’ve observed some users think that they have to put recipients in the whitelist even when they’re already with in the team. We think that the term ‘whitelist’ might be reinforcing this mental model because of how ‘whitelists’ might work in other applications. We considered the following alternatives or concepts: - Development - Recipients - Sandbox - Extended team - Smoke test recipients - Allowed - Nominated - Bonus - Additional - Safe - Team list - Trusted contacts - Designated people - Guest list - Team key list We also considered not giving it a name, and explaining it as a nuance of how the team key works. After mocking this up it felt more disjoined. We think it’s still useful for the thing to have a name so that it’s easy to refer to between the docs and the UI. We like the term ‘guest list’ because: - of how it sits with team members – members and guests in the abstract - a guest list is a concept that a lot of people will be familiar with – a list of people who can access a thing - ‘guest’ is very different to ‘recipient’ – we want to mitigate any confusion between this and the (emergency) contact lists
2020-06-12 09:00:08 +01:00
'Team and guest list limits who you can send to',
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'Test pretends to send messages',
]),
Use fixtures that get services in Pytest 5 compatible way
2020-01-07 10:47:00 +00:00
(False, False, [
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'Live sends to anyone',
Rename ‘whitelist’ to ‘guest list’ in UI This commit changes all the places where a user would see the term ‘whitelist’ in the content of page to say guestlist instead. We’re removing the term ‘whitelist’ for two reasons. The first reason is that we agree with the National Cyber Security Centre say: > It's fairly common to say whitelisting and blacklisting to describe > desirable and undesirable things in cyber security. For instance, when > talking about which applications you will allow or deny on your > corporate network; or deciding which bad passwords you want your users > not to be able to use. > However, there's an issue with the terminology. It only makes sense if > you equate white with 'good, permitted, safe' and black with 'bad, > dangerous, forbidden'. There are some obvious problems with this. So > in the name of helping to stamp out racism in cyber security, we will > avoid this casually pejorative wording on our website in the future. > No, it's not the biggest issue in the world - but to borrow a slogan > from elsewhere: every little helps. – https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white The second reason is that we’ve observed some users think that they have to put recipients in the whitelist even when they’re already with in the team. We think that the term ‘whitelist’ might be reinforcing this mental model because of how ‘whitelists’ might work in other applications. We considered the following alternatives or concepts: - Development - Recipients - Sandbox - Extended team - Smoke test recipients - Allowed - Nominated - Bonus - Additional - Safe - Team list - Trusted contacts - Designated people - Guest list - Team key list We also considered not giving it a name, and explaining it as a nuance of how the team key works. After mocking this up it felt more disjoined. We think it’s still useful for the thing to have a name so that it’s easy to refer to between the docs and the UI. We like the term ‘guest list’ because: - of how it sits with team members – members and guests in the abstract - a guest list is a concept that a lot of people will be familiar with – a list of people who can access a thing - ‘guest’ is very different to ‘recipient’ – we want to mitigate any confusion between this and the (emergency) contact lists
2020-06-12 09:00:08 +01:00
'Team and guest list limits who you can send to',
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'Test pretends to send messages',
]),
Use fixtures that get services in Pytest 5 compatible way
2020-01-07 10:47:00 +00:00
(False, True, [
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'Live sends to anyone',
(
Rename ‘whitelist’ to ‘guest list’ in UI This commit changes all the places where a user would see the term ‘whitelist’ in the content of page to say guestlist instead. We’re removing the term ‘whitelist’ for two reasons. The first reason is that we agree with the National Cyber Security Centre say: > It's fairly common to say whitelisting and blacklisting to describe > desirable and undesirable things in cyber security. For instance, when > talking about which applications you will allow or deny on your > corporate network; or deciding which bad passwords you want your users > not to be able to use. > However, there's an issue with the terminology. It only makes sense if > you equate white with 'good, permitted, safe' and black with 'bad, > dangerous, forbidden'. There are some obvious problems with this. So > in the name of helping to stamp out racism in cyber security, we will > avoid this casually pejorative wording on our website in the future. > No, it's not the biggest issue in the world - but to borrow a slogan > from elsewhere: every little helps. – https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white The second reason is that we’ve observed some users think that they have to put recipients in the whitelist even when they’re already with in the team. We think that the term ‘whitelist’ might be reinforcing this mental model because of how ‘whitelists’ might work in other applications. We considered the following alternatives or concepts: - Development - Recipients - Sandbox - Extended team - Smoke test recipients - Allowed - Nominated - Bonus - Additional - Safe - Team list - Trusted contacts - Designated people - Guest list - Team key list We also considered not giving it a name, and explaining it as a nuance of how the team key works. After mocking this up it felt more disjoined. We think it’s still useful for the thing to have a name so that it’s easy to refer to between the docs and the UI. We like the term ‘guest list’ because: - of how it sits with team members – members and guests in the abstract - a guest list is a concept that a lot of people will be familiar with – a list of people who can access a thing - ‘guest’ is very different to ‘recipient’ – we want to mitigate any confusion between this and the (emergency) contact lists
2020-06-12 09:00:08 +01:00
'Team and guest list limits who you can send to '
Update tests for content changes.
2019-09-13 16:00:56 +01:00
'Cannot be used to send letters'
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
),
'Test pretends to send messages',
]),
])
def test_should_show_create_api_key_page(
client_request,
mocker,
api_user_active,
mock_get_api_keys,
Use fixtures that get services in Pytest 5 compatible way
2020-01-07 10:47:00 +00:00
restricted,
can_send_letters,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
expected_options,
Use fixtures that get services in Pytest 5 compatible way
2020-01-07 10:47:00 +00:00
service_one,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
):
Use fixtures that get services in Pytest 5 compatible way
2020-01-07 10:47:00 +00:00
service_one['restricted'] = restricted
if can_send_letters:
service_one['permissions'].append('letter')
mocker.patch('app.service_api_client.get_service', return_value={'data': service_one})
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
page = client_request.get('main.create_api_key', service_id=SERVICE_ONE_ID)
for index, option in enumerate(expected_options):
assert normalize_spaces(page.select('.block-label')[index].text) == option
def test_should_create_api_key_with_type_normal(
Remove old API key and service ID combo Once all our users have upgraded to the latest clients they won’t need this. The latest clients only use the combined key and service ID. Discuss: when can we safely remove it?
2017-02-22 15:40:48 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
api_user_active,
mock_login,
mock_get_api_keys,
mock_get_live_service,
mock_has_permissions,
fake_uuid,
mocker,
):
post = mocker.patch('app.notify_client.api_key_api_client.ApiKeyApiClient.post', return_value={'data': fake_uuid})
Remove old API key and service ID combo Once all our users have upgraded to the latest clients they won’t need this. The latest clients only use the combined key and service ID. Discuss: when can we safely remove it?
2017-02-22 15:40:48 +00:00
page = client_request.post(
'main.create_api_key',
service_id=SERVICE_ONE_ID,
_data={
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'key_name': 'Some default key name 1/2',
'key_type': 'normal'
Remove old API key and service ID combo Once all our users have upgraded to the latest clients they won’t need this. The latest clients only use the combined key and service ID. Discuss: when can we safely remove it?
2017-02-22 15:40:48 +00:00
},
_expected_status=200,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
)
Update buttons on api key pages to govuk-frontend buttons
2020-02-06 14:47:47 +00:00
assert page.select_one('span.api-key__key').text.strip() == (
Remove old API key and service ID combo Once all our users have upgraded to the latest clients they won’t need this. The latest clients only use the combined key and service ID. Discuss: when can we safely remove it?
2017-02-22 15:40:48 +00:00
'some_default_key_name_12-{}-{}'.format(SERVICE_ONE_ID, fake_uuid)
)
post.assert_called_once_with(url='/service/{}/api-key'.format(SERVICE_ONE_ID), data={
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'name': 'Some default key name 1/2',
'key_type': 'normal',
Make user API client return JSON, not a model The data flow of other bits of our application looks like this: ``` API (returns JSON) ⬇ API client (returns a built in type, usually `dict`) ⬇ Model (returns an instance, eg of type `Service`) ⬇ View (returns HTML) ``` The user API client was architected weirdly, in that it returned a model directly, like this: ``` API (returns JSON) ⬇ API client (returns a model, of type `User`, `InvitedUser`, etc) ⬇ View (returns HTML) ``` This mixing of different layers of the application is bad because it makes it hard to write model code that doesn’t have circular dependencies. As our application gets more complicated we will be relying more on models to manage this complexity, so we should make it easy, not hard to write them. It also means that most of our mocking was of the User model, not just the underlying JSON. So it would have been easy to introduce subtle bugs to the user model, because it wasn’t being comprehensively tested. A lot of the changed lines of code in this commit mean changing the tests to mock only the JSON, which means that the model layer gets implicitly tested. For those reasons this commit changes the user API client to return JSON, not an instance of `User` or other models.
2019-05-23 15:27:35 +01:00
'created_by': api_user_active['id']
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
})
def test_cant_create_normal_api_key_in_trial_mode(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
api_user_active,
mock_login,
mock_get_api_keys,
mock_get_service,
mock_has_permissions,
fake_uuid,
mocker,
):
mock_post = mocker.patch('app.notify_client.api_key_api_client.ApiKeyApiClient.post')
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request.post(
'main.create_api_key',
service_id=SERVICE_ONE_ID,
_data={
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'key_name': 'some default key name',
'key_type': 'normal'
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
},
_expected_status=400,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
)
mock_post.assert_not_called()
def test_should_show_confirm_revoke_api_key(
client_request,
mock_get_api_keys,
fake_uuid,
):
page = client_request.get(
'main.revoke_api_key', service_id=SERVICE_ONE_ID, key_id=fake_uuid,
_test_page_title=False,
)
assert normalize_spaces(page.select('.banner-dangerous')[0].text) == (
Update content following review
2018-11-16 11:03:16 +00:00
'Are you sure you want to revoke some key name? '
'You will not be able to use this API key to connect to GOV.UK Notify. '
'Yes, revoke this API key'
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
)
assert mock_get_api_keys.call_args_list == [
call(
Put API keys on service model Similar to how we put templates on the service model, it means less logic needs to happen in the view code.
2018-11-07 11:35:24 +00:00
'596364a0-858e-42c8-9062-a8fe822260eb'
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
),
]
Don’t do multiple get API calls when revoking It’s redundant to make two API calls here, one to get all keys and one to get a single key. Since the API calls are sequential we can speed things up by getting the one key from the list of all keys.
2018-11-07 11:53:29 +00:00
def test_should_404_for_api_key_that_doesnt_exist(
client_request,
mock_get_api_keys,
):
client_request.get(
'main.revoke_api_key', service_id=SERVICE_ONE_ID, key_id='key-doesnt-exist',
_expected_status=404,
)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
def test_should_redirect_after_revoking_api_key(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
api_user_active,
mock_login,
mock_revoke_api_key,
mock_get_api_keys,
mock_get_service,
mock_has_permissions,
fake_uuid,
):
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request.post(
'main.revoke_api_key',
service_id=SERVICE_ONE_ID,
key_id=fake_uuid,
_expected_status=302,
_expected_redirect=url_for(
'.api_keys',
service_id=SERVICE_ONE_ID,
_external=True,
),
)
Don’t do multiple get API calls when revoking It’s redundant to make two API calls here, one to get all keys and one to get a single key. Since the API calls are sequential we can speed things up by getting the one key from the list of all keys.
2018-11-07 11:53:29 +00:00
mock_revoke_api_key.assert_called_once_with(service_id=SERVICE_ONE_ID, key_id=fake_uuid)
mock_get_api_keys.assert_called_once_with(SERVICE_ONE_ID,)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
@pytest.mark.parametrize('route', [
'main.api_keys',
'main.create_api_key',
'main.revoke_api_key'
])
def test_route_permissions(
mocker,
app_,
Don’t do multiple get API calls when revoking It’s redundant to make two API calls here, one to get all keys and one to get a single key. Since the API calls are sequential we can speed things up by getting the one key from the list of all keys.
2018-11-07 11:53:29 +00:00
fake_uuid,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
api_user_active,
service_one,
mock_get_api_keys,
route,
):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
200,
Don’t do multiple get API calls when revoking It’s redundant to make two API calls here, one to get all keys and one to get a single key. Since the API calls are sequential we can speed things up by getting the one key from the list of all keys.
2018-11-07 11:53:29 +00:00
url_for(route, service_id=service_one['id'], key_id=fake_uuid),
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
['manage_api_keys'],
api_user_active,
service_one)
@pytest.mark.parametrize('route', [
'main.api_keys',
'main.create_api_key',
'main.revoke_api_key'
])
def test_route_invalid_permissions(
mocker,
app_,
Don’t do multiple get API calls when revoking It’s redundant to make two API calls here, one to get all keys and one to get a single key. Since the API calls are sequential we can speed things up by getting the one key from the list of all keys.
2018-11-07 11:53:29 +00:00
fake_uuid,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
api_user_active,
service_one,
mock_get_api_keys,
route,
):
with app_.test_request_context():
validate_route_permission(
mocker,
app_,
"GET",
403,
Don’t do multiple get API calls when revoking It’s redundant to make two API calls here, one to get all keys and one to get a single key. Since the API calls are sequential we can speed things up by getting the one key from the list of all keys.
2018-11-07 11:53:29 +00:00
url_for(route, service_id=service_one['id'], key_id=fake_uuid),
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
['view_activity'],
api_user_active,
service_one)
def test_should_show_whitelist_page(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
mock_login,
api_user_active,
mock_get_service,
mock_has_permissions,
Rename API client methods to remove term ‘whitelist’ See c31264d4c for rationale. To avoid confusion the codebase should use the same terminology as the UI.
2020-06-12 09:05:26 +01:00
mock_get_guest_list,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
):
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
page = client_request.get(
Rename endpoint to remove term ‘whitelist’ See c31264d4c for rationale. To avoid confusion the codebase should use the same terminology as the UI.
2020-06-12 09:03:40 +01:00
'main.guest_list',
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
service_id=SERVICE_ONE_ID,
)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
textboxes = page.find_all('input', {'type': 'text'})
for index, value in enumerate(
['test@example.com'] + [''] * 4 + ['07900900000'] + [''] * 4
):
assert textboxes[index]['value'] == value
def test_should_update_whitelist(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Rename API client methods to remove term ‘whitelist’ See c31264d4c for rationale. To avoid confusion the codebase should use the same terminology as the UI.
2020-06-12 09:05:26 +01:00
mock_update_guest_list,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
):
data = OrderedDict([
('email_addresses-1', 'test@example.com'),
('email_addresses-3', 'test@example.com'),
('phone_numbers-0', '07900900000'),
('phone_numbers-2', '+1800-555-555'),
])
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request.post(
Rename endpoint to remove term ‘whitelist’ See c31264d4c for rationale. To avoid confusion the codebase should use the same terminology as the UI.
2020-06-12 09:03:40 +01:00
'main.guest_list',
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
service_id=SERVICE_ONE_ID,
_data=data,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
)
Rename API client methods to remove term ‘whitelist’ See c31264d4c for rationale. To avoid confusion the codebase should use the same terminology as the UI.
2020-06-12 09:05:26 +01:00
mock_update_guest_list.assert_called_once_with(SERVICE_ONE_ID, {
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'email_addresses': ['test@example.com', 'test@example.com'],
'phone_numbers': ['07900900000', '+1800-555-555']})
def test_should_validate_whitelist_items(
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
client_request,
Rename API client methods to remove term ‘whitelist’ See c31264d4c for rationale. To avoid confusion the codebase should use the same terminology as the UI.
2020-06-12 09:05:26 +01:00
mock_update_guest_list,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
):
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
page = client_request.post(
Rename endpoint to remove term ‘whitelist’ See c31264d4c for rationale. To avoid confusion the codebase should use the same terminology as the UI.
2020-06-12 09:03:40 +01:00
'main.guest_list',
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
service_id=SERVICE_ONE_ID,
_data=OrderedDict([
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
('email_addresses-1', 'abc'),
('phone_numbers-0', '123')
Use `client_request` fixture where possible It: - saves repetetive boilerplate code - does some extra checks (eg checking for a `200` response) - makes the codebase less confusing to consistently do the same thing in the same way
2019-03-26 12:35:32 +00:00
]),
_expected_status=200,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
)
Rename ‘whitelist’ to ‘guest list’ in UI This commit changes all the places where a user would see the term ‘whitelist’ in the content of page to say guestlist instead. We’re removing the term ‘whitelist’ for two reasons. The first reason is that we agree with the National Cyber Security Centre say: > It's fairly common to say whitelisting and blacklisting to describe > desirable and undesirable things in cyber security. For instance, when > talking about which applications you will allow or deny on your > corporate network; or deciding which bad passwords you want your users > not to be able to use. > However, there's an issue with the terminology. It only makes sense if > you equate white with 'good, permitted, safe' and black with 'bad, > dangerous, forbidden'. There are some obvious problems with this. So > in the name of helping to stamp out racism in cyber security, we will > avoid this casually pejorative wording on our website in the future. > No, it's not the biggest issue in the world - but to borrow a slogan > from elsewhere: every little helps. – https://www.ncsc.gov.uk/blog-post/terminology-its-not-black-and-white The second reason is that we’ve observed some users think that they have to put recipients in the whitelist even when they’re already with in the team. We think that the term ‘whitelist’ might be reinforcing this mental model because of how ‘whitelists’ might work in other applications. We considered the following alternatives or concepts: - Development - Recipients - Sandbox - Extended team - Smoke test recipients - Allowed - Nominated - Bonus - Additional - Safe - Team list - Trusted contacts - Designated people - Guest list - Team key list We also considered not giving it a name, and explaining it as a nuance of how the team key works. After mocking this up it felt more disjoined. We think it’s still useful for the thing to have a name so that it’s easy to refer to between the docs and the UI. We like the term ‘guest list’ because: - of how it sits with team members – members and guests in the abstract - a guest list is a concept that a lot of people will be familiar with – a list of people who can access a thing - ‘guest’ is very different to ‘recipient’ – we want to mitigate any confusion between this and the (emergency) contact lists
2020-06-12 09:00:08 +01:00
assert page.h1.string.strip() == 'There was a problem with your guest list'
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
jump_links = page.select('.banner-dangerous a')
assert jump_links[0].string.strip() == 'Enter valid email addresses'
assert jump_links[0]['href'] == '#email_addresses'
assert jump_links[1].string.strip() == 'Enter valid phone numbers'
assert jump_links[1]['href'] == '#phone_numbers'
Rename API client methods to remove term ‘whitelist’ See c31264d4c for rationale. To avoid confusion the codebase should use the same terminology as the UI.
2020-06-12 09:05:26 +01:00
assert mock_update_guest_list.called is False
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
@pytest.mark.parametrize('endpoint', [
('main.delivery_status_callback'),
('main.received_text_messages_callback'),
])
@pytest.mark.parametrize('url, bearer_token, expected_errors', [
Update tests for content changes.
2019-09-13 16:00:56 +01:00
("https://example.com", "", "Cannot be empty"),
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
("http://not_https.com", "1234567890", "Must be a valid https URL"),
("https://test.com", "123456789", "Must be at least 10 characters"),
])
def test_callback_forms_validation(
client_request,
service_one,
Use service model to look up service attributes This is better than just keying into the JSON because it means you get an exception straight away when looking up a key that doesn’t exist (which via mocking you could ordinarily miss).
2018-07-20 08:42:01 +01:00
mock_get_valid_service_callback_api,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
endpoint,
url,
bearer_token,
expected_errors
):
if endpoint == 'main.received_text_messages_callback':
service_one['permissions'] = ['inbound_sms']
data = {
"url": url,
"bearer_token": bearer_token,
}
response = client_request.post(
endpoint,
service_id=service_one['id'],
_data=data,
_expected_status=200
)
error_msgs = ' '.join(msg.text.strip() for msg in response.select(".error-message"))
assert error_msgs == expected_errors
allow you to remove URL without removing bearer token
2018-07-06 11:47:35 +01:00
@pytest.mark.parametrize('bearer_token', ['', 'some-bearer-token'])
Allow callbacks to be removed We’ve had a user who’s said: > Seems configured callbacks cannot be removed once they’re set as the > fields have a presence check. Is that intentional? This means it’s not working as they expect. Rather than have to go and change stuff in the database for them, let’s make it work as they’d expect. Only lets you clear the form if you remove both the token and the URL.
2018-04-26 17:23:44 +01:00
@pytest.mark.parametrize('endpoint, expected_delete_url', [
(
'main.delivery_status_callback',
'/service/{}/delivery-receipt-api/{}',
),
(
'main.received_text_messages_callback',
'/service/{}/inbound-api/{}',
),
])
def test_callback_forms_can_be_cleared(
client_request,
service_one,
endpoint,
expected_delete_url,
allow you to remove URL without removing bearer token
2018-07-06 11:47:35 +01:00
bearer_token,
Allow callbacks to be removed We’ve had a user who’s said: > Seems configured callbacks cannot be removed once they’re set as the > fields have a presence check. Is that intentional? This means it’s not working as they expect. Rather than have to go and change stuff in the database for them, let’s make it work as they’d expect. Only lets you clear the form if you remove both the token and the URL.
2018-04-26 17:23:44 +01:00
mocker,
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
fake_uuid,
mock_get_valid_service_callback_api,
mock_get_valid_service_inbound_api,
Allow callbacks to be removed We’ve had a user who’s said: > Seems configured callbacks cannot be removed once they’re set as the > fields have a presence check. Is that intentional? This means it’s not working as they expect. Rather than have to go and change stuff in the database for them, let’s make it work as they’d expect. Only lets you clear the form if you remove both the token and the URL.
2018-04-26 17:23:44 +01:00
):
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
service_one['service_callback_api'] = [fake_uuid]
service_one['inbound_api'] = [fake_uuid]
Allow callbacks to be removed We’ve had a user who’s said: > Seems configured callbacks cannot be removed once they’re set as the > fields have a presence check. Is that intentional? This means it’s not working as they expect. Rather than have to go and change stuff in the database for them, let’s make it work as they’d expect. Only lets you clear the form if you remove both the token and the URL.
2018-04-26 17:23:44 +01:00
service_one['permissions'] = ['inbound_sms']
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
mocked_delete = mocker.patch('app.service_api_client.delete')
Allow callbacks to be removed We’ve had a user who’s said: > Seems configured callbacks cannot be removed once they’re set as the > fields have a presence check. Is that intentional? This means it’s not working as they expect. Rather than have to go and change stuff in the database for them, let’s make it work as they’d expect. Only lets you clear the form if you remove both the token and the URL.
2018-04-26 17:23:44 +01:00
page = client_request.post(
endpoint,
service_id=service_one['id'],
_data={
'url': '',
allow you to remove URL without removing bearer token
2018-07-06 11:47:35 +01:00
'bearer_token': bearer_token,
Allow callbacks to be removed We’ve had a user who’s said: > Seems configured callbacks cannot be removed once they’re set as the > fields have a presence check. Is that intentional? This means it’s not working as they expect. Rather than have to go and change stuff in the database for them, let’s make it work as they’d expect. Only lets you clear the form if you remove both the token and the URL.
2018-04-26 17:23:44 +01:00
},
_expected_redirect=url_for(
'main.api_callbacks',
service_id=service_one['id'],
_external=True,
)
)
assert not page.select(".error-message")
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
mocked_delete.assert_called_once_with(
expected_delete_url.format(
service_one['id'], fake_uuid
Allow callbacks to be removed We’ve had a user who’s said: > Seems configured callbacks cannot be removed once they’re set as the > fields have a presence check. Is that intentional? This means it’s not working as they expect. Rather than have to go and change stuff in the database for them, let’s make it work as they’d expect. Only lets you clear the form if you remove both the token and the URL.
2018-04-26 17:23:44 +01:00
)
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
)
@pytest.mark.parametrize('bearer_token', ['', 'some-bearer-token'])
@pytest.mark.parametrize('endpoint, expected_delete_url', [
(
'main.delivery_status_callback',
'/service/{}/delivery-receipt-api/{}',
),
(
'main.received_text_messages_callback',
'/service/{}/inbound-api/{}',
),
])
def test_callback_forms_can_be_cleared_when_callback_and_inbound_apis_are_empty(
client_request,
service_one,
endpoint,
expected_delete_url,
bearer_token,
mocker,
mock_get_empty_service_callback_api,
mock_get_empty_service_inbound_api,
):
service_one['permissions'] = ['inbound_sms']
mocked_delete = mocker.patch('app.service_api_client.delete')
page = client_request.post(
endpoint,
service_id=service_one['id'],
_data={
'url': '',
'bearer_token': bearer_token,
},
_expected_redirect=url_for(
'main.api_callbacks',
service_id=service_one['id'],
_external=True,
)
)
assert not page.select(".error-message")
assert mocked_delete.call_args_list == []
Allow callbacks to be removed We’ve had a user who’s said: > Seems configured callbacks cannot be removed once they’re set as the > fields have a presence check. Is that intentional? This means it’s not working as they expect. Rather than have to go and change stuff in the database for them, let’s make it work as they’d expect. Only lets you clear the form if you remove both the token and the URL.
2018-04-26 17:23:44 +01:00
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
@pytest.mark.parametrize('has_inbound_sms, expected_link', [
(True, 'main.api_callbacks'),
(False, 'main.delivery_status_callback'),
])
def test_callbacks_button_links_straight_to_delivery_status_if_service_has_no_inbound_sms(
client_request,
service_one,
mocker,
mock_get_notifications,
has_inbound_sms,
expected_link
):
if has_inbound_sms:
service_one['permissions'] = ['inbound_sms']
page = client_request.get(
'main.api_integration',
service_id=service_one['id'],
)
assert page.select('.pill-separate-item')[2]['href'] == url_for(
expected_link, service_id=service_one['id']
)
def test_callbacks_page_redirects_to_delivery_status_if_service_has_no_inbound_sms(
client_request,
service_one,
Use service model to look up service attributes This is better than just keying into the JSON because it means you get an exception straight away when looking up a key that doesn’t exist (which via mocking you could ordinarily miss).
2018-07-20 08:42:01 +01:00
mocker,
mock_get_valid_service_callback_api,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
):
page = client_request.get(
'main.api_callbacks',
service_id=service_one['id'],
_follow_redirects=True,
)
assert normalize_spaces(page.select_one('h1').text) == "Callbacks for delivery receipts"
@pytest.mark.parametrize('has_inbound_sms, expected_link', [
(True, 'main.api_callbacks'),
(False, 'main.api_integration'),
])
def test_back_link_directs_to_api_integration_from_delivery_callback_if_no_inbound_sms(
client_request,
service_one,
mocker,
has_inbound_sms,
expected_link
):
if has_inbound_sms:
service_one['permissions'] = ['inbound_sms']
page = client_request.get(
'main.delivery_status_callback',
service_id=service_one['id'],
_follow_redirects=True,
)
Add GOV.UK Design System style back links The Design System has standardised on back links being at the top of the page, decorated with a small text-coloured arrow. I think this makes more sense than having them at the bottom, because it suggests, in some way, being able to go back before commiting to any of the forms on the page. Whereas the things at the bottom of the page should be performing actions on what’s in the page. The reason for making this change now is that it de-clutters the area around the green buttons. This was presenting a design challenge where multiple levels of interaction were happening in the same form. Moving these back links to the top of the page should mean that, in these complicated forms, there’s one fewer thing to compete for the user’s attention. I’ve componentised this into a `page_header` macro so that the change is easier to roll out and maintain.
2019-04-29 11:44:05 +01:00
assert page.select_one('.govuk-back-link')['href'] == url_for(
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
expected_link, service_id=service_one['id']
)
@pytest.mark.parametrize('endpoint', [
('main.delivery_status_callback'),
('main.received_text_messages_callback'),
])
def test_create_delivery_status_and_receive_text_message_callbacks(
client_request,
service_one,
mocker,
mock_get_notifications,
mock_create_service_inbound_api,
mock_create_service_callback_api,
endpoint,
fake_uuid,
):
if endpoint == 'main.received_text_messages_callback':
service_one['permissions'] = ['inbound_sms']
data = {
'url': "https://test.url.com/",
'bearer_token': '1234567890',
'user_id': fake_uuid
}
client_request.post(
endpoint,
service_id=service_one['id'],
_data=data,
)
if endpoint == 'main.received_text_messages_callback':
mock_create_service_inbound_api.assert_called_once_with(
service_one['id'],
url="https://test.url.com/",
bearer_token="1234567890",
user_id=fake_uuid,
)
else:
mock_create_service_callback_api.assert_called_once_with(
service_one['id'],
url="https://test.url.com/",
bearer_token="1234567890",
user_id=fake_uuid,
)
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
def test_update_delivery_status_callback_details(
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
client_request,
service_one,
mock_update_service_callback_api,
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
mock_get_valid_service_callback_api,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
fake_uuid,
):
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
service_one['service_callback_api'] = [fake_uuid]
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
data = {
'url': "https://test.url.com/",
'bearer_token': '1234567890',
'user_id': fake_uuid
}
client_request.post(
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
'main.delivery_status_callback',
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
service_id=service_one['id'],
_data=data,
)
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
mock_update_service_callback_api.assert_called_once_with(
service_one['id'],
url="https://test.url.com/",
bearer_token="1234567890",
user_id=fake_uuid,
callback_api_id=fake_uuid
)
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
def test_update_receive_text_message_callback_details(
client_request,
service_one,
mock_update_service_inbound_api,
mock_get_valid_service_inbound_api,
fake_uuid,
):
service_one['inbound_api'] = [fake_uuid]
service_one['permissions'] = ['inbound_sms']
data = {
'url': "https://test.url.com/",
'bearer_token': '1234567890',
'user_id': fake_uuid
}
client_request.post(
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
'main.received_text_messages_callback',
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
service_id=service_one['id'],
_data=data,
)
mock_update_service_inbound_api.assert_called_once_with(
service_one['id'],
url="https://test.url.com/",
bearer_token="1234567890",
user_id=fake_uuid,
inbound_api_id=fake_uuid,
)
def test_update_delivery_status_callback_without_changes_does_not_update(
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
client_request,
service_one,
mock_update_service_callback_api,
fake_uuid,
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
mock_get_valid_service_callback_api,
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
):
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
service_one['service_callback_api'] = [fake_uuid]
data = {"user_id": fake_uuid, "url": "https://hello2.gov.uk", "bearer_token": "bearer_token_set"}
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
client_request.post(
'main.delivery_status_callback',
service_id=service_one['id'],
_data=data,
)
assert mock_update_service_callback_api.called is False
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
def test_update_receive_text_message_callback_without_changes_does_not_update(
client_request,
service_one,
mock_update_service_inbound_api,
fake_uuid,
mock_get_valid_service_inbound_api,
):
service_one['inbound_api'] = [fake_uuid]
service_one['permissions'] = ['inbound_sms']
data = {"user_id": fake_uuid, "url": "https://hello3.gov.uk", "bearer_token": "bearer_token_set"}
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
client_request.post(
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
'main.received_text_messages_callback',
Allow letter templates to select the default contact block from the list
2018-01-03 10:44:36 +00:00
service_id=service_one['id'],
_data=data,
)
Use fixtures for callbacks in a Pytest 5 compatible way
2020-01-07 11:44:35 +00:00
assert mock_update_service_inbound_api.called is False
Delete duplicated tests test_api_keys.py and test_api_integration.py were almost identical files with only a few lines difference between them. By moving one test we can now delete test_api_keys.py
2018-03-20 15:05:35 +00:00
@pytest.mark.parametrize('service_callback_api, delivery_url, expected_1st_table_row', [
(
None, {},
Normalise heading sizes Since we added template folders the templates page has had a ‘medium’ sized heading, where other pages have stuck with a ‘large’ size. This commit rationalises the decision around which pages have which heading size: - ‘navigation’ pages (eg templates, team members, email reply to addresses) have medium sized headings - transactional pages (ie ones which have a green button) keep the larger heading size
2019-04-23 10:03:28 +01:00
'Delivery receipts Not set Change'
Delete duplicated tests test_api_keys.py and test_api_integration.py were almost identical files with only a few lines difference between them. By moving one test we can now delete test_api_keys.py
2018-03-20 15:05:35 +00:00
),
(
Stop calling `fake_uuid` fixture directly Pytest is deprecating the direct calling of fixtures. One fixture that we call directly quite a lot is `fake_uuid`. Since it just returns the value of `sample_uuid()` we can either call that instead (where we need a fixed value) or generate a new UUID each time (where a fixed value is not needed).
2018-09-26 16:41:04 +01:00
sample_uuid(), {'url': 'https://delivery.receipts'},
Normalise heading sizes Since we added template folders the templates page has had a ‘medium’ sized heading, where other pages have stuck with a ‘large’ size. This commit rationalises the decision around which pages have which heading size: - ‘navigation’ pages (eg templates, team members, email reply to addresses) have medium sized headings - transactional pages (ie ones which have a green button) keep the larger heading size
2019-04-23 10:03:28 +01:00
'Delivery receipts https://delivery.receipts Change'
Delete duplicated tests test_api_keys.py and test_api_integration.py were almost identical files with only a few lines difference between them. By moving one test we can now delete test_api_keys.py
2018-03-20 15:05:35 +00:00
),
])
@pytest.mark.parametrize('inbound_api, inbound_url, expected_2nd_table_row', [
(
None, {},
Normalise heading sizes Since we added template folders the templates page has had a ‘medium’ sized heading, where other pages have stuck with a ‘large’ size. This commit rationalises the decision around which pages have which heading size: - ‘navigation’ pages (eg templates, team members, email reply to addresses) have medium sized headings - transactional pages (ie ones which have a green button) keep the larger heading size
2019-04-23 10:03:28 +01:00
'Received text messages Not set Change'
Delete duplicated tests test_api_keys.py and test_api_integration.py were almost identical files with only a few lines difference between them. By moving one test we can now delete test_api_keys.py
2018-03-20 15:05:35 +00:00
),
(
Stop calling `fake_uuid` fixture directly Pytest is deprecating the direct calling of fixtures. One fixture that we call directly quite a lot is `fake_uuid`. Since it just returns the value of `sample_uuid()` we can either call that instead (where we need a fixed value) or generate a new UUID each time (where a fixed value is not needed).
2018-09-26 16:41:04 +01:00
sample_uuid(), {'url': 'https://inbound.sms'},
Normalise heading sizes Since we added template folders the templates page has had a ‘medium’ sized heading, where other pages have stuck with a ‘large’ size. This commit rationalises the decision around which pages have which heading size: - ‘navigation’ pages (eg templates, team members, email reply to addresses) have medium sized headings - transactional pages (ie ones which have a green button) keep the larger heading size
2019-04-23 10:03:28 +01:00
'Received text messages https://inbound.sms Change'
Delete duplicated tests test_api_keys.py and test_api_integration.py were almost identical files with only a few lines difference between them. By moving one test we can now delete test_api_keys.py
2018-03-20 15:05:35 +00:00
),
])
def test_callbacks_page_works_when_no_apis_set(
client_request,
service_one,
mocker,
service_callback_api,
delivery_url,
expected_1st_table_row,
inbound_api,
inbound_url,
expected_2nd_table_row,
):
service_one['permissions'] = ['inbound_sms']
service_one['inbound_api'] = inbound_api
service_one['service_callback_api'] = service_callback_api
mocker.patch('app.service_api_client.get_service_callback_api', return_value=delivery_url)
mocker.patch('app.service_api_client.get_service_inbound_api', return_value=inbound_url)
page = client_request.get('main.api_callbacks',
service_id=service_one['id'],
_follow_redirects=True)
expected_rows = [
expected_1st_table_row,
expected_2nd_table_row,
]
rows = page.select('tbody tr')
assert len(rows) == 2
for index, row in enumerate(expected_rows):
assert row == normalize_spaces(rows[index].text)
Reference in New Issue Copy Permalink