darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 02:42:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

If user is pending it means they have not verified email yet

Browse Source 
Added better checking on re use of consumed verification link.
This commit is contained in:
Adam Shimali
2016-03-29 12:13:36 +01:00
parent 3f73b4bcdb
commit 352f169fb1
4 changed files with 52 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/app/main/views/test_sign_in.py
View File

@@ -1,9 +1,5 @@
from datetime import datetime
from app.main.dao import users_dao
from flask import url_for
from bs4 import BeautifulSoup
def test_render_sign_in_returns_sign_in_template(app_):
@@ -75,9 +71,11 @@ def test_should_return_redirect_when_user_is_pending(app_,
response = app_.test_client().post(
url_for('main.sign_in'), data={
'email_address': 'pending_user@example.gov.uk',
'password': 'val1dPassw0rd!'})
assert response.status_code == 302
assert response.location == url_for('main.verify', _external=True)
'password': 'val1dPassw0rd!'}, follow_redirects=True)
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert page.h1.string == 'Sign in'
flash_banner = page.find('div', class_='banner-dangerous').string.strip()
assert flash_banner == "You haven't verified your email or mobile number yet."
def test_not_fresh_session_login(app_,

40
tests/app/main/views/test_verify.py
View File

@@ -70,18 +70,18 @@ def test_should_return_200_when_sms_code_is_wrong(app_,
def test_verify_email_redirects_to_verify_if_token_valid(app_,
mocker,
api_user_active,
mock_get_user,
api_user_pending,
mock_get_user_pending,
mock_send_verify_code,
mock_check_verify_code):
import json
token_data = {"user_id": api_user_active.id, "secret_code": 12345}
token_data = {"user_id": api_user_pending.id, "secret_code": 12345}
mocker.patch('utils.url_safe_token.check_token', return_value=json.dumps(token_data))
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
response = client.get(url_for('main.verify_email', token='notreal'))
@@ -91,7 +91,7 @@ def test_verify_email_redirects_to_verify_if_token_valid(app_,
def test_verify_email_redirects_to_email_sent_if_token_expired(app_,
mocker,
api_user_active,
api_user_pending,
mock_check_verify_code):
from itsdangerous import SignatureExpired
mocker.patch('utils.url_safe_token.check_token', side_effect=SignatureExpired('expired'))
@@ -99,7 +99,7 @@ def test_verify_email_redirects_to_email_sent_if_token_expired(app_,
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
response = client.get(url_for('main.verify_email', token='notreal'))
@@ -109,8 +109,8 @@ def test_verify_email_redirects_to_email_sent_if_token_expired(app_,
def test_verify_email_redirects_to_email_sent_if_token_used(app_,
mocker,
api_user_active,
mock_get_user,
api_user_pending,
mock_get_user_pending,
mock_send_verify_code,
mock_check_verify_code_code_expired):
from itsdangerous import SignatureExpired
@@ -119,9 +119,31 @@ def test_verify_email_redirects_to_email_sent_if_token_used(app_,
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
response = client.get(url_for('main.verify_email', token='notreal'))
assert response.status_code == 302
assert response.location == url_for('main.resend_email_verification', _external=True)
def test_verify_email_redirects_to_sign_in_if_user_active(app_,
mocker,
api_user_active,
mock_get_user,
mock_send_verify_code,
mock_check_verify_code):
import json
token_data = {"user_id": api_user_active.id, "secret_code": 12345}
mocker.patch('utils.url_safe_token.check_token', return_value=json.dumps(token_data))
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
response = client.get(url_for('main.verify_email', token='notreal'), follow_redirects=True)
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert page.h1.text == 'Sign in'
flash_banner = page.find('div', class_='banner-dangerous').string.strip()
assert flash_banner == "You have already verified your email address."