mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-17 21:20:32 -04:00
Completion of forgot-password endpoints.
Start implementation for new-password endpoints. Created PasswordResetToken model ToDo: create and save token, send valid url to user, check validity of token, update user's password, redirect to /two-factor.
This commit is contained in:
16
tests/app/main/dao/test_password_reset_token.py
Normal file
16
tests/app/main/dao/test_password_reset_token.py
Normal file
@@ -0,0 +1,16 @@
|
||||
import uuid
|
||||
|
||||
from app.main.dao import password_reset_token_dao
|
||||
from app.models import PasswordResetToken
|
||||
from tests.app.main import create_test_user
|
||||
|
||||
|
||||
def test_should_insert_and_return_token(notifications_admin, notifications_admin_db, notify_db_session):
|
||||
user = create_test_user('active')
|
||||
token_id = uuid.uuid4()
|
||||
reset_token = PasswordResetToken(token=str(token_id),
|
||||
user_id=user.id)
|
||||
|
||||
password_reset_token_dao.insert(reset_token)
|
||||
saved_token = password_reset_token_dao.get_token(str(token_id))
|
||||
assert saved_token.token == str(token_id)
|
||||
@@ -1,8 +1,6 @@
|
||||
from datetime import datetime
|
||||
|
||||
import pytest
|
||||
import sqlalchemy
|
||||
|
||||
from app.main.encryption import check_hash
|
||||
from app.models import User
|
||||
from app.main.dao import users_dao
|
||||
@@ -183,3 +181,26 @@ def test_should_update_password(notifications_admin, notifications_admin_db, not
|
||||
assert check_hash('newpassword', updated.password)
|
||||
assert updated.password_changed_at < datetime.now()
|
||||
assert updated.password_changed_at > start
|
||||
|
||||
|
||||
def test_should_return_list_of_all_email_addresses(notifications_admin, notifications_admin_db, notify_db_session):
|
||||
first = User(name='First Person',
|
||||
password='somepassword',
|
||||
email_address='first@it.gov.uk',
|
||||
mobile_number='+441234123412',
|
||||
created_at=datetime.now(),
|
||||
role_id=1,
|
||||
state='active')
|
||||
second = User(name='Second Person',
|
||||
password='somepassword',
|
||||
email_address='second@it.gov.uk',
|
||||
mobile_number='+441234123412',
|
||||
created_at=datetime.now(),
|
||||
role_id=1,
|
||||
state='active')
|
||||
users_dao.insert_user(first)
|
||||
users_dao.insert_user(second)
|
||||
|
||||
email_addresses = users_dao.get_all_users()
|
||||
expected = [first.email_address, second.email_address]
|
||||
assert expected == [x.email_address for x in email_addresses]
|
||||
|
||||
13
tests/app/main/test_forgot_password_form.py
Normal file
13
tests/app/main/test_forgot_password_form.py
Normal file
@@ -0,0 +1,13 @@
|
||||
from werkzeug.datastructures import MultiDict
|
||||
|
||||
from app.main.forms import ForgotPasswordForm
|
||||
|
||||
|
||||
def test_should_return_validation_error_if_email_address_does_not_exist(notifications_admin,
|
||||
notifications_admin_db,
|
||||
notify_db_session):
|
||||
with notifications_admin.test_request_context():
|
||||
form = ForgotPasswordForm(['first@it.gov.uk', 'second@it.gov.uk'],
|
||||
formdata=MultiDict([('email_address', 'not_found@it.gov.uk')]))
|
||||
form.validate()
|
||||
assert {'email_address': ['Please enter the email address that you registered with']} == form.errors
|
||||
@@ -1,4 +1,6 @@
|
||||
from flask import current_app
|
||||
import uuid
|
||||
|
||||
from tests.app.main import create_test_user
|
||||
|
||||
|
||||
def test_should_render_forgot_password(notifications_admin, notifications_admin_db, notify_db_session):
|
||||
@@ -8,9 +10,30 @@ def test_should_render_forgot_password(notifications_admin, notifications_admin_
|
||||
in response.get_data(as_text=True)
|
||||
|
||||
|
||||
def test_should_return_400_when_email_is_invalid(notifications_admin, notifications_admin_db, notify_db_session):
|
||||
def test_should_have_validate_error_when_email_does_not_exist(notifications_admin,
|
||||
notifications_admin_db,
|
||||
notify_db_session):
|
||||
create_test_user('active')
|
||||
response = notifications_admin.test_client().post('/forgot-password',
|
||||
data={'email_address': 'not_a_valid_email'})
|
||||
x = current_app._get_current_object()
|
||||
assert response.status_code == 400
|
||||
assert 'Please enter a valid email address' in response.get_data(as_text=True)
|
||||
data={'email_address': 'email_does_not@exist.gov.uk'})
|
||||
assert response.status_code == 200
|
||||
assert 'Please enter the email address that you registered with' in response.get_data(as_text=True)
|
||||
|
||||
|
||||
def test_should_redirect_to_password_reset_sent(notifications_admin,
|
||||
notifications_admin_db,
|
||||
mocker,
|
||||
notify_db_session,
|
||||
):
|
||||
_set_up_mocker(mocker)
|
||||
create_test_user('active')
|
||||
response = notifications_admin.test_client().post('/forgot-password',
|
||||
data={'email_address': 'test@user.gov.uk'})
|
||||
|
||||
assert response.status_code == 200
|
||||
assert 'You have been sent an email containing a url to reset your password.' in response.get_data(as_text=True)
|
||||
|
||||
|
||||
def _set_up_mocker(mocker):
|
||||
mocker.patch("app.admin_api_client.send_sms")
|
||||
mocker.patch("app.admin_api_client.send_email")
|
||||
|
||||
Reference in New Issue
Block a user