darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 02:42:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into provide_logout_link

Browse Source
This commit is contained in:
Nicholas Staples
2016-01-06 17:06:04 +00:00
parent 79c15ec9cf c7f130e503
commit 0a4ea6ca2e
23 changed files with 413 additions and 408 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
tests/app/main/test_validators.py
View File

@@ -4,14 +4,11 @@ from app.main.forms import RegisterUserForm
def test_should_raise_validation_error_for_password(notifications_admin):
form = RegisterUserForm()
form = RegisterUserForm([], [])
form.name.data = 'test'
form.email_address.data = 'teset@example.gov.uk'
form.mobile_number.data = '+441231231231'
form.password.data = 'password1234'
try:
form.validate()
fail()
except:
assert 'That password is blacklisted, too common' in form.errors['password']
form.validate()
assert 'That password is blacklisted, too common' in form.errors['password']

202
tests/app/main/views/test_code_not_received.py
View File

@@ -1,151 +1,163 @@
from app.main.dao import verify_codes_dao, users_dao
from tests.app.main import create_test_user
from flask import url_for
def test_should_render_email_code_not_received_template_and_populate_email_address(notifications_admin,
notifications_admin_db,
notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
response = client.get('/email-not-received')
assert response.status_code == 200
assert 'Check your email address is correct and then resend the confirmation code' \
in response.get_data(as_text=True)
assert 'value="test@user.gov.uk"' in response.get_data(as_text=True)
notify_db_session,
mocker):
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
response = client.get(url_for('main.check_and_resend_email_code'))
assert response.status_code == 200
assert 'Check your email address is correct and then resend the confirmation code' \
in response.get_data(as_text=True)
assert 'value="test@user.gov.uk"' in response.get_data(as_text=True)
def test_should_check_and_resend_email_code_redirect_to_verify(notifications_admin,
notifications_admin_db,
notify_db_session,
mocker):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user.id, code='12345', code_type='email')
response = client.post('/email-not-received',
data={'email_address': 'test@user.gov.uk'})
assert response.status_code == 302
assert response.location == 'http://localhost/verify'
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user.id, code='12345', code_type='email')
response = client.post(url_for('main.check_and_resend_email_code'),
data={'email_address': 'test@user.gov.uk'})
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
def test_should_render_text_code_not_received_template(notifications_admin,
notifications_admin_db,
notify_db_session,
mocker):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user.id, code='12345', code_type='sms')
response = client.get('/text-not-received')
assert response.status_code == 200
assert 'Check your mobile phone number is correct and then resend the confirmation code.' \
in response.get_data(as_text=True)
assert 'value="+441234123412"'
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user.id, code='12345', code_type='sms')
response = client.get(url_for('main.check_and_resend_text_code'))
assert response.status_code == 200
assert 'Check your mobile phone number is correct and then resend the confirmation code.' \
in response.get_data(as_text=True)
assert 'value="+441234123412"'
def test_should_check_and_redirect_to_verify(notifications_admin,
notifications_admin_db,
notify_db_session,
mocker):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user.id, code='12345', code_type='sms')
response = client.post('/text-not-received',
data={'mobile_number': '+441234123412'})
assert response.status_code == 302
assert response.location == 'http://localhost/verify'
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user.id, code='12345', code_type='sms')
response = client.post(url_for('main.check_and_resend_text_code'),
data={'mobile_number': '+441234123412'})
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
def test_should_update_email_address_resend_code(notifications_admin,
notifications_admin_db,
notify_db_session,
mocker):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='email')
response = client.post('/email-not-received',
data={'email_address': 'new@address.gov.uk'})
assert response.status_code == 302
assert response.location == 'http://localhost/verify'
updated_user = users_dao.get_user_by_id(user.id)
assert updated_user.email_address == 'new@address.gov.uk'
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='email')
response = client.post(url_for('main.check_and_resend_email_code'),
data={'email_address': 'new@address.gov.uk'})
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
updated_user = users_dao.get_user_by_id(user.id)
assert updated_user.email_address == 'new@address.gov.uk'
def test_should_update_mobile_number_resend_code(notifications_admin,
notifications_admin_db,
notify_db_session,
mocker):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
response = client.post('/text-not-received',
data={'mobile_number': '+443456789012'})
assert response.status_code == 302
assert response.location == 'http://localhost/verify'
updated_user = users_dao.get_user_by_id(user.id)
assert updated_user.mobile_number == '+443456789012'
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
_set_up_mocker(mocker)
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
response = client.post(url_for('main.check_and_resend_text_code'),
data={'mobile_number': '+443456789012'})
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
updated_user = users_dao.get_user_by_id(user.id)
assert updated_user.mobile_number == '+443456789012'
def test_should_render_verification_code_not_received(notifications_admin,
notifications_admin_db,
notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
response = client.get('/verification-not-received')
assert response.status_code == 200
assert 'Resend verification code' in response.get_data(as_text=True)
assert 'If you no longer have access to the phone with the number you registered for this service, ' \
'speak to your service manager to reset the number.' in response.get_data(as_text=True)
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
response = client.get(url_for('main.verification_code_not_received'))
assert response.status_code == 200
assert 'Resend verification code' in response.get_data(as_text=True)
assert 'If you no longer have access to the phone with the number you registered for this service, ' \
'speak to your service manager to reset the number.' in response.get_data(as_text=True)
def test_check_and_redirect_to_two_factor(notifications_admin,
notifications_admin_db,
notify_db_session,
mocker):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
_set_up_mocker(mocker)
response = client.get('/send-new-code')
assert response.status_code == 302
assert response.location == 'http://localhost/two-factor'
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
_set_up_mocker(mocker)
response = client.get(url_for('main.check_and_resend_verification_code'))
assert response.status_code == 302
assert response.location == url_for('main.two_factor', _external=True)
def test_should_create_new_code_for_user(notifications_admin,
notifications_admin_db,
notify_db_session,
mocker):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
_set_up_mocker(mocker)
response = client.get('/send-new-code')
assert response.status_code == 302
assert response.location == 'http://localhost/two-factor'
codes = verify_codes_dao.get_codes(user_id=user.id, code_type='sms')
assert len(codes) == 2
for x in ([used.code_used for used in codes]):
assert x is False
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
_set_up_mocker(mocker)
response = client.get(url_for('main.check_and_resend_verification_code'))
assert response.status_code == 302
assert response.location == url_for('main.two_factor', _external=True)
codes = verify_codes_dao.get_codes(user_id=user.id, code_type='sms')
assert len(codes) == 2
for x in ([used.code_used for used in codes]):
assert x is False
def _set_up_mocker(mocker):

6
tests/app/main/views/test_register.py
View File

@@ -30,7 +30,7 @@ def test_process_register_returns_400_when_mobile_number_is_invalid(notification
'mobile_number': 'not good',
'password': 'validPassword!'})
assert response.status_code == 400
assert response.status_code == 200
assert 'Please enter a +44 mobile number' in response.get_data(as_text=True)
@@ -45,7 +45,7 @@ def test_should_return_400_when_email_is_not_gov_uk(notifications_admin,
'mobile_number': '+44123412345',
'password': 'validPassword!'})
assert response.status_code == 400
assert response.status_code == 200
assert 'Please enter a gov.uk email address' in response.get_data(as_text=True)
@@ -73,5 +73,5 @@ def test_should_return_400_if_password_is_blacklisted(notifications_admin, notif
'mobile_number': '+44123412345',
'password': 'password1234'})
response.status_code == 400
response.status_code == 200
assert 'That password is blacklisted, too common' in response.get_data(as_text=True)

84
tests/app/main/views/test_sign_in.py
View File

@@ -2,10 +2,12 @@ from datetime import datetime
from app.main.dao import users_dao
from app.models import User
from flask import url_for
def test_render_sign_in_returns_sign_in_template(notifications_admin):
response = notifications_admin.test_client().get('/sign-in')
with notifications_admin.test_request_context():
response = notifications_admin.test_client().get(url_for('main.sign_in'))
assert response.status_code == 200
assert 'Sign in' in response.get_data(as_text=True)
assert 'Email address' in response.get_data(as_text=True)
@@ -23,9 +25,11 @@ def test_process_sign_in_return_2fa_template(notifications_admin, notifications_
role_id=1,
state='active')
users_dao.insert_user(user)
response = notifications_admin.test_client().post('/sign-in',
data={'email_address': 'valid@example.gov.uk',
'password': 'val1dPassw0rd!'})
with notifications_admin.test_request_context():
response = notifications_admin.test_client().post(
url_for('main.sign_in'), data={
'email_address': 'valid@example.gov.uk',
'password': 'val1dPassw0rd!'})
assert response.status_code == 302
assert response.location == 'http://localhost/two-factor'
@@ -41,23 +45,27 @@ def test_should_return_locked_out_true_when_user_is_locked(notifications_admin,
role_id=1,
state='active')
users_dao.insert_user(user)
for _ in range(10):
notifications_admin.test_client().post('/sign-in',
data={'email_address': 'valid@example.gov.uk',
'password': 'whatIsMyPassword!'})
with notifications_admin.test_request_context():
for _ in range(10):
notifications_admin.test_client().post(
url_for('main.sign_in'), data={
'email_address': 'valid@example.gov.uk',
'password': 'whatIsMyPassword!'})
response = notifications_admin.test_client().post('/sign-in',
data={'email_address': 'valid@example.gov.uk',
'password': 'val1dPassw0rd!'})
response = notifications_admin.test_client().post(
url_for('main.sign_in'), data={
'email_address': 'valid@example.gov.uk',
'password': 'val1dPassw0rd!'})
assert response.status_code == 401
assert '"locked_out": true' in response.get_data(as_text=True)
assert response.status_code == 200
assert 'Username or password is incorrect' in response.get_data(as_text=True)
another_bad_attempt = notifications_admin.test_client().post('/sign-in',
data={'email_address': 'valid@example.gov.uk',
'password': 'whatIsMyPassword!'})
assert another_bad_attempt.status_code == 401
assert '"locked_out": true' in response.get_data(as_text=True)
another_bad_attempt = notifications_admin.test_client().post(
url_for('main.sign_in'), data={
'email_address': 'valid@example.gov.uk',
'password': 'whatIsMyPassword!'})
assert another_bad_attempt.status_code == 200
assert 'Username or password is incorrect' in response.get_data(as_text=True)
def test_should_return_active_user_is_false_if_user_is_inactive(notifications_admin,
@@ -72,23 +80,27 @@ def test_should_return_active_user_is_false_if_user_is_inactive(notifications_ad
state='inactive')
users_dao.insert_user(user)
response = notifications_admin.test_client().post('/sign-in',
data={'email_address': 'inactive_user@example.gov.uk',
'password': 'val1dPassw0rd!'})
with notifications_admin.test_request_context():
response = notifications_admin.test_client().post(
url_for('main.sign_in'), data={
'email_address': 'inactive_user@example.gov.uk',
'password': 'val1dPassw0rd!'})
assert response.status_code == 401
assert '"active_user": false' in response.get_data(as_text=True)
assert response.status_code == 200
assert 'Username or password is incorrect' in response.get_data(as_text=True)
def test_should_return_401_when_user_does_not_exist(notifications_admin, notifications_admin_db, notify_db_session):
response = notifications_admin.test_client().post('/sign-in',
data={'email_address': 'does_not_exist@gov.uk',
'password': 'doesNotExist!'})
assert response.status_code == 401
def test_should_return_200_when_user_does_not_exist(notifications_admin, notifications_admin_db, notify_db_session):
with notifications_admin.test_request_context():
response = notifications_admin.test_client().post(
url_for('main.sign_in'), data={
'email_address': 'does_not_exist@gov.uk',
'password': 'doesNotExist!'})
assert response.status_code == 200
assert 'Username or password is incorrect' in response.get_data(as_text=True)
def test_should_return_400_when_user_is_not_active(notifications_admin, notifications_admin_db, notify_db_session):
def test_should_return_200_when_user_is_not_active(notifications_admin, notifications_admin_db, notify_db_session):
user = User(email_address='PendingUser@example.gov.uk',
password='val1dPassw0rd!',
mobile_number='+441234123123',
@@ -97,11 +109,13 @@ def test_should_return_400_when_user_is_not_active(notifications_admin, notifica
role_id=1,
state='pending')
users_dao.insert_user(user)
response = notifications_admin.test_client().post('/sign-in',
data={'email_address': 'PendingUser@example.gov.uk',
'password': 'val1dPassw0rd!'})
assert response.status_code == 401
assert '"active_user": false' in response.get_data(as_text=True)
with notifications_admin.test_request_context():
response = notifications_admin.test_client().post(
url_for('main.sign_in'), data={
'email_address': 'PendingUser@example.gov.uk',
'password': 'val1dPassw0rd!'})
assert response.status_code == 200
assert 'Username or password is incorrect' in response.get_data(as_text=True)
def _set_up_mocker(mocker):

78
tests/app/main/views/test_two_factor.py
View File

@@ -1,56 +1,60 @@
from flask import json
from flask import json, url_for
from app.main.dao import verify_codes_dao
from tests.app.main import create_test_user
def test_should_render_two_factor_page(notifications_admin, notifications_admin_db, notify_db_session):
response = notifications_admin.test_client().get('/two-factor')
assert response.status_code == 200
assert '''We've sent you a text message with a verification code.''' in response.get_data(as_text=True)
with notifications_admin.test_request_context():
response = notifications_admin.test_client().get(url_for('main.two_factor'))
assert response.status_code == 200
assert '''We've sent you a text message with a verification code.''' in response.get_data(as_text=True)
def test_should_login_user_and_redirect_to_dashboard(notifications_admin, notifications_admin_db, notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
response = client.post('/two-factor',
data={'sms_code': '12345'})
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == 'http://localhost/dashboard'
assert response.status_code == 302
assert response.location == url_for('main.dashboard', _external=True)
def test_should_return_400_with_sms_code_error_when_sms_code_is_wrong(notifications_admin,
def test_should_return_200_with_sms_code_error_when_sms_code_is_wrong(notifications_admin,
notifications_admin_db,
notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
response = client.post('/two-factor',
data={'sms_code': '23456'})
assert response.status_code == 400
assert {'sms_code': ['Code does not match']} == json.loads(response.get_data(as_text=True))
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
response = client.post(url_for('main.two_factor'),
data={'sms_code': '23456'})
assert response.status_code == 200
assert 'Code does not match' in response.get_data(as_text=True)
def test_should_login_user_when_multiple_valid_codes_exist(notifications_admin,
notifications_admin_db,
notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='34567', code_type='sms')
assert len(verify_codes_dao.get_codes(user_id=user.id, code_type='sms')) == 3
response = client.post('/two-factor',
data={'sms_code': '23456'})
assert response.status_code == 302
codes = verify_codes_dao.get_codes(user_id=user.id, code_type='sms')
# query will only return codes where code_used == False
assert len(codes) == 0
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('active')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='34567', code_type='sms')
assert len(verify_codes_dao.get_codes(user_id=user.id, code_type='sms')) == 3
response = client.post(url_for('main.two_factor'),
data={'sms_code': '23456'})
assert response.status_code == 302
codes = verify_codes_dao.get_codes(user_id=user.id, code_type='sms')
# query will only return codes where code_used == False
assert len(codes) == 0

126
tests/app/main/views/test_verify.py
View File

@@ -1,79 +1,89 @@
from flask import json
from flask import json, url_for
from app.main.dao import users_dao, verify_codes_dao
from tests.app.main import create_test_user
def test_should_return_verify_template(notifications_admin, notifications_admin_db, notify_db_session):
response = notifications_admin.test_client().get('/verify')
assert response.status_code == 200
assert 'Activate your account' in response.get_data(as_text=True)
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
# TODO this lives here until we work out how to
# reassign the session after it is lost mid register process
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
response = client.get(url_for('main.verify'))
assert response.status_code == 200
assert (
"We've sent you confirmation codes by email and text message."
" You need to enter both codes here.") in response.get_data(as_text=True)
def test_should_redirect_to_add_service_when_code_are_correct(notifications_admin,
notifications_admin_db,
notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email')
response = client.post('/verify',
data={'sms_code': '12345',
'email_code': '23456'})
assert response.status_code == 302
assert response.location == 'http://localhost/add-service'
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email')
response = client.post(url_for('main.verify'),
data={'sms_code': '12345',
'email_code': '23456'})
assert response.status_code == 302
assert response.location == url_for('main.add_service', _external=True)
def test_should_activate_user_after_verify(notifications_admin, notifications_admin_db, notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email')
client.post('/verify',
data={'sms_code': '12345',
'email_code': '23456'})
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email')
client.post(url_for('main.verify'),
data={'sms_code': '12345',
'email_code': '23456'})
after_verify = users_dao.get_user_by_id(user.id)
assert after_verify.state == 'active'
after_verify = users_dao.get_user_by_id(user.id)
assert after_verify.state == 'active'
def test_should_return_400_when_codes_are_wrong(notifications_admin, notifications_admin_db, notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='23345', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='98456', code_type='email')
response = client.post('/verify',
data={'sms_code': '12345',
'email_code': '23456'})
assert response.status_code == 400
expected = {'sms_code': ['Code must be 5 digits', 'Code does not match'],
'email_code': ['Code must be 5 digits', 'Code does not match']}
errors = json.loads(response.get_data(as_text=True))
assert len(errors) == 2
assert set(errors) == set(expected)
def test_should_return_200_when_codes_are_wrong(notifications_admin, notifications_admin_db, notify_db_session):
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
verify_codes_dao.add_code(user_id=user.id, code='23345', code_type='sms')
verify_codes_dao.add_code(user_id=user.id, code='98456', code_type='email')
response = client.post(url_for('main.verify'),
data={'sms_code': '12345',
'email_code': '23456'})
assert response.status_code == 200
resp_data = response.get_data(as_text=True)
assert resp_data.count('Code does not match') == 2
def test_should_mark_all_codes_as_used_when_many_codes_exist(notifications_admin,
notifications_admin_db,
notify_db_session):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
code1 = verify_codes_dao.add_code(user_id=user.id, code='23345', code_type='sms')
code2 = verify_codes_dao.add_code(user_id=user.id, code='98456', code_type='email')
code3 = verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
code4 = verify_codes_dao.add_code(user_id=user.id, code='23412', code_type='email')
response = client.post('/verify',
data={'sms_code': '23345',
'email_code': '23412'})
assert response.status_code == 302
assert verify_codes_dao.get_code_by_id(code1).code_used is True
assert verify_codes_dao.get_code_by_id(code2).code_used is True
assert verify_codes_dao.get_code_by_id(code3).code_used is True
assert verify_codes_dao.get_code_by_id(code4).code_used is True
with notifications_admin.test_request_context():
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = create_test_user('pending')
session['user_id'] = user.id
code1 = verify_codes_dao.add_code(user_id=user.id, code='23345', code_type='sms')
code2 = verify_codes_dao.add_code(user_id=user.id, code='98456', code_type='email')
code3 = verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
code4 = verify_codes_dao.add_code(user_id=user.id, code='23412', code_type='email')
response = client.post(url_for('main.verify'),
data={'sms_code': '23345',
'email_code': '23412'})
assert response.status_code == 302
assert verify_codes_dao.get_code_by_id(code1).code_used is True
assert verify_codes_dao.get_code_by_id(code2).code_used is True
assert verify_codes_dao.get_code_by_id(code3).code_used is True
assert verify_codes_dao.get_code_by_id(code4).code_used is True