diff --git a/app/main/views/verify.py b/app/main/views/verify.py index 0a55ddc74..2abd822b3 100644 --- a/app/main/views/verify.py +++ b/app/main/views/verify.py @@ -22,6 +22,7 @@ def verify(): user_id = session['user_details']['id'] codes = verify_codes_dao.get_codes(user_id) form = VerifyForm(codes) + if form.validate_on_submit(): verify_codes_dao.use_code_for_user_and_type(user_id=user_id, code_type='email') verify_codes_dao.use_code_for_user_and_type(user_id=user_id, code_type='sms') diff --git a/app/notify_client/user_api_client.py b/app/notify_client/user_api_client.py index 71dd8a2fa..b70d8978b 100644 --- a/app/notify_client/user_api_client.py +++ b/app/notify_client/user_api_client.py @@ -73,29 +73,14 @@ class UserApiClient(BaseAPIClient): class User(object): def __init__(self, fields, max_failed_login_count=3): - self.fields = fields - self.max_failed_login_count = max_failed_login_count + self._id = fields.get('id') + self._name = fields.get('name') + self._email_address = fields.get('email_address') + self._mobile_number = fields.get('mobile_number') + self._password_changed_at = fields.get('password_changed_at') self._failed_login_count = 0 - - @property - def id(self): - return self.fields.get('id') - - @property - def name(self): - return self.fields.get('name') - - @property - def email_address(self): - return self.fields.get('email_address') - - @property - def mobile_number(self): - return self.fields.get('mobile_number') - - @property - def password_changed_at(self): - return self.fields.get('password_changed_at') + self._state = fields.get('state') + self.max_failed_login_count = max_failed_login_count def get_id(self): return self.id @@ -106,13 +91,53 @@ class User(object): def is_active(self): return self.state == 'active' + @property + def id(self): + return self._id + + @id.setter + def id(self, id): + self._id = id + + @property + def name(self): + return self._name + + @name.setter + def name(self, name): + self._name = name + + @property + def email_address(self): + return self._email_address + + @email_address.setter + def email_address(self, email_address): + self._email_address = email_address + + @property + def mobile_number(self): + return self._mobile_number + + @mobile_number.setter + def mobile_number(self, mobile_number): + self._mobile_number = mobile_number + + @property + def password_changed_at(self): + return self._password_changed_at + + @password_changed_at.setter + def password_changed_at(self, password_changed_at): + self._password_changed_at = password_changed_at + @property def state(self): - return self.fields['state'] + return self._state @state.setter def state(self, state): - self.fields['state'] = state + self._state = state @property def failed_login_count(self): @@ -126,7 +151,15 @@ class User(object): return False def is_locked(self): - return self.failed_login_count > self.max_failed_login_count + return self.failed_login_count >= self.max_failed_login_count def serialize(self): - return self.fields + return {"id": self.id, + "name": self.name, + "email_address": self.email_address, + "mobile_number": self.mobile_number, + "password_changed_at": self.password_changed_at, + "state": self.state, + "failed_login_count": self.failed_login_count, + "is_locked": self.is_locked() + } diff --git a/tests/app/main/dao/test_service_dao.py b/tests/app/main/dao/test_service_dao.py index 2131eb1d4..c119888bb 100644 --- a/tests/app/main/dao/test_service_dao.py +++ b/tests/app/main/dao/test_service_dao.py @@ -3,20 +3,20 @@ from app.main.dao import services_dao def test_can_insert_new_service(db_, db_session, - mock_api_user, + mock_active_user, mock_create_service, - mock_user_dao_get_by_email): + mock_get_by_email): service_name = 'testing service' - id_ = services_dao.insert_new_service(service_name, mock_api_user.id) + id_ = services_dao.insert_new_service(service_name, mock_active_user.id) mock_create_service.assert_called_once_with( - service_name, False, 1000, True, mock_api_user.id) + service_name, False, 1000, True, mock_active_user.id) def test_unrestrict_service_updates_the_service(db_, db_session, mock_get_service, mock_update_service, - mock_user_dao_get_by_email): + mock_get_by_email): service_one = mock_get_service.side_effect(123)['data'] services_dao.unrestrict_service(service_one['id']) mock_update_service.assert_called_once_with(service_one['id'], @@ -29,10 +29,10 @@ def test_unrestrict_service_updates_the_service(db_, def test_activate_service_update_service(db_, db_session, - mock_api_user, + mock_active_user, mock_get_service, mock_update_service, - mock_user_dao_get_by_email): + mock_get_by_email): service_one = mock_get_service.side_effect(123)['data'] services_dao.activate_service(service_one['id']) mock_update_service.assert_called_once_with(service_one['id'], diff --git a/tests/app/main/dao/test_users_dao.py b/tests/app/main/dao/test_users_dao.py index 733b2930c..b9eb8c999 100644 --- a/tests/app/main/dao/test_users_dao.py +++ b/tests/app/main/dao/test_users_dao.py @@ -6,7 +6,7 @@ from app.models import User from app.main.dao import users_dao -@pytest.mark.xfail(reason='Tests will be moved to api') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_insert_user_should_add_user(db_, db_session): user = User(name='test insert', password='somepassword', @@ -19,7 +19,7 @@ def test_insert_user_should_add_user(db_, db_session): assert saved_user == user -@pytest.mark.xfail(reason='Tests will be moved to api') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_insert_user_with_role_that_does_not_exist_fails(db_, db_session): user = User(name='role does not exist', password='somepassword', @@ -31,7 +31,7 @@ def test_insert_user_with_role_that_does_not_exist_fails(db_, db_session): assert 'insert or update on table "users" violates foreign key constraint "users_role_id_fkey"' in str(error.value) -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_get_user_by_email(db_, db_session): user = User(name='test_get_by_email', password='somepassword', @@ -44,7 +44,7 @@ def test_get_user_by_email(db_, db_session): assert retrieved == user -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_get_all_users_returns_all_users(db_, db_session): user1 = User(name='test one', password='somepassword', @@ -70,7 +70,7 @@ def test_get_all_users_returns_all_users(db_, db_session): assert users == [user1, user2, user3] -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_increment_failed_lockout_count_should_increade_count_by_1(db_, db_session): user = User(name='cannot remember password', password='somepassword', @@ -85,7 +85,7 @@ def test_increment_failed_lockout_count_should_increade_count_by_1(db_, db_sessi assert users_dao.get_user_by_id(user.id).failed_login_count == 1 -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_user_is_locked_if_failed_login_count_is_10_or_greater(db_, db_session): user = User(name='cannot remember password', password='somepassword', @@ -104,7 +104,7 @@ def test_user_is_locked_if_failed_login_count_is_10_or_greater(db_, db_session): assert saved_user.is_locked() is True -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_user_is_active_is_false_if_state_is_inactive(db_, db_session): user = User(name='inactive user', password='somepassword', @@ -131,14 +131,14 @@ def test_should_update_user_to_active(mock_activate_user): assert activated_user.state == 'active' -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_should_throws_error_when_id_does_not_exist(db_, db_session): with pytest.raises(AttributeError) as error: users_dao.activate_user(123) assert '''object has no attribute 'state''''' in str(error.value) -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_should_update_email_address(db_, db_session): user = User(name='Update Email', password='somepassword', @@ -155,7 +155,7 @@ def test_should_update_email_address(db_, db_session): assert updated.email_address == 'new_email@testit.gov.uk' -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_should_update_password(db_, db_session): user = User(name='Update Email', password='somepassword', @@ -176,7 +176,7 @@ def test_should_update_password(db_, db_session): assert updated.password_changed_at > start -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_should_return_list_of_all_email_addresses(db_, db_session): first = User(name='First Person', password='somepassword', @@ -198,7 +198,7 @@ def test_should_return_list_of_all_email_addresses(db_, db_session): assert expected == [x.email_address for x in email_addresses] -@pytest.mark.xfail(reason='Not implemented yet on api client') +@pytest.mark.skipif(True, reason='Database tests to move to api and ineraction tests done here') def test_should_update_state_to_request_password_reset(db_, db_session): user = User(name='Requesting Password Resest', password='somepassword', diff --git a/tests/app/main/test_user.py b/tests/app/main/test_user.py new file mode 100644 index 000000000..1042f3b26 --- /dev/null +++ b/tests/app/main/test_user.py @@ -0,0 +1,27 @@ +from app.notify_client.user_api_client import User + + +def test_user(): + user_data = {'id': 1, + 'name': 'Test User', + 'email_address': 'test@user.gov.uk', + 'mobile_number': '+4412341234', + 'state': 'pending', + 'failed_login_count': 0 + } + user = User(user_data) + + assert user.id == 1 + assert user.name == 'Test User' + assert user.email_address == 'test@user.gov.uk' + assert user.mobile_number == '+4412341234' + assert user.state == 'pending' + + # user has three failed logins before being locked + assert user.max_failed_login_count == 3 + assert user.failed_login_count == 0 + assert not user.is_locked() + + # set failed logins to threshold + user.failed_login_count = 3 + assert user.is_locked() diff --git a/tests/app/main/test_validators.py b/tests/app/main/test_validators.py index c3ec28f2c..f447b8436 100644 --- a/tests/app/main/test_validators.py +++ b/tests/app/main/test_validators.py @@ -2,7 +2,7 @@ from app.main.dao import users_dao from app.main.forms import RegisterUserForm -def test_should_raise_validation_error_for_password(app_, mock_user_dao_get_by_email): +def test_should_raise_validation_error_for_password(app_, mock_get_by_email): form = RegisterUserForm(users_dao.get_user_by_email) form.name.data = 'test' form.email_address.data = 'teset@example.gov.uk' diff --git a/tests/app/main/views/test_add_service.py b/tests/app/main/views/test_add_service.py index e7d14e1db..952bd88d1 100644 --- a/tests/app/main/views/test_add_service.py +++ b/tests/app/main/views/test_add_service.py @@ -7,14 +7,13 @@ from app.models import User def test_get_should_render_add_service_template(app_, db_, db_session, - mock_api_user, mock_get_service, mock_get_services, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.add_service')) assert response.status_code == 200 assert 'Set up notifications for your service' in response.get_data(as_text=True) @@ -25,12 +24,11 @@ def test_should_add_service_and_redirect_to_next_page(app_, db_session, mock_create_service, mock_get_services, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.post( url_for('main.add_service'), data={'name': 'testing the post'}) @@ -43,14 +41,13 @@ def test_should_add_service_and_redirect_to_next_page(app_, def test_should_return_form_errors_when_service_name_is_empty(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_get_service, mock_get_services, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.post(url_for('main.add_service'), data={}) assert response.status_code == 200 assert 'Service name can not be empty' in response.get_data(as_text=True) @@ -60,12 +57,11 @@ def test_should_return_form_errors_with_duplicate_service_name(app_, db_, db_session, mock_get_services, - mock_user_loader, - mock_api_user, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.post( url_for('main.add_service'), data={'name': 'service_one'}) assert response.status_code == 200 diff --git a/tests/app/main/views/test_api_keys.py b/tests/app/main/views/test_api_keys.py index 71eed1353..2d47fc20a 100644 --- a/tests/app/main/views/test_api_keys.py +++ b/tests/app/main/views/test_api_keys.py @@ -5,12 +5,11 @@ from flask import url_for def test_should_show_api_keys_and_documentation_page(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.documentation', service_id=123)) assert response.status_code == 200 @@ -19,13 +18,12 @@ def test_should_show_api_keys_and_documentation_page(app_, def test_should_show_empty_api_keys_page(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email, + mock_active_user, + mock_get_by_email, mock_get_no_api_keys): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.api_keys', service_id=123)) assert response.status_code == 200 @@ -37,13 +35,12 @@ def test_should_show_empty_api_keys_page(app_, def test_should_show_api_keys_page(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email, + mock_active_user, + mock_get_by_email, mock_get_api_keys): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.api_keys', service_id=123)) assert response.status_code == 200 @@ -56,13 +53,12 @@ def test_should_show_api_keys_page(app_, def test_should_show_name_api_key_page(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email, + mock_active_user, + mock_get_by_email, mock_get_api_keys): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.create_api_key', service_id=123)) assert response.status_code == 200 @@ -71,14 +67,13 @@ def test_should_show_name_api_key_page(app_, def test_should_render_show_api_key(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email, + mock_active_user, + mock_get_by_email, mock_create_api_key, mock_get_api_keys): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.post(url_for('main.create_api_key', service_id=123), data={'key_name': 'some default key name'}) @@ -90,13 +85,12 @@ def test_should_render_show_api_key(app_, def test_should_show_confirm_revoke_api_key(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email, + mock_active_user, + mock_get_by_email, mock_get_api_keys): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.revoke_api_key', service_id=123, key_id=321)) assert response.status_code == 200 @@ -107,14 +101,13 @@ def test_should_show_confirm_revoke_api_key(app_, def test_should_redirect_after_revoking_api_key(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email, + mock_active_user, + mock_get_by_email, mock_revoke_api_key, mock_get_api_keys): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.post(url_for('main.revoke_api_key', service_id=123, key_id=321)) assert response.status_code == 302 diff --git a/tests/app/main/views/test_code_not_received.py b/tests/app/main/views/test_code_not_received.py index 9603e9793..ed63fe34e 100644 --- a/tests/app/main/views/test_code_not_received.py +++ b/tests/app/main/views/test_code_not_received.py @@ -1,5 +1,4 @@ from app.main.dao import verify_codes_dao -from tests import create_test_api_user from flask import url_for @@ -8,12 +7,12 @@ def test_should_render_email_code_not_received_template_and_populate_email_addre db_session, mock_send_sms, mock_send_email, - mock_api_user, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address + session['user_email'] = mock_active_user.email_address response = client.get(url_for('main.check_and_resend_email_code')) assert response.status_code == 200 assert 'Check your email address is correct and then resend the confirmation code' \ @@ -26,14 +25,14 @@ def test_should_check_and_resend_email_code_redirect_to_verify(app_, db_session, mock_send_sms, mock_send_email, - mock_api_user, - mock_user_dao_get_by_email, - mock_user_dao_update_email): + mock_active_user, + mock_get_by_email, + mock_update_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(mock_api_user.id, code='12345', code_type='email') + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(mock_active_user.id, code='12345', code_type='email') response = client.post(url_for('main.check_and_resend_email_code'), data={'email_address': 'test@user.gov.uk'}) assert response.status_code == 302 @@ -45,13 +44,13 @@ def test_should_render_text_code_not_received_template(app_, db_session, mock_send_sms, mock_send_email, - mock_api_user, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(mock_api_user.id, code='12345', code_type='sms') + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(mock_active_user.id, code='12345', code_type='sms') response = client.get(url_for('main.check_and_resend_text_code')) assert response.status_code == 200 assert 'Check your mobile phone number is correct and then resend the confirmation code.' \ @@ -64,14 +63,14 @@ def test_should_check_and_redirect_to_verify(app_, db_session, mock_send_sms, mock_send_email, - mock_api_user, - mock_user_dao_get_by_email, - mock_user_dao_update_mobile): + mock_active_user, + mock_get_by_email, + mock_update_mobile): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(mock_api_user.id, code='12345', code_type='sms') + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(mock_active_user.id, code='12345', code_type='sms') response = client.post(url_for('main.check_and_resend_text_code'), data={'mobile_number': '+447700900460'}) assert response.status_code == 302 @@ -83,19 +82,19 @@ def test_should_update_email_address_resend_code(app_, db_session, mock_send_sms, mock_send_email, - mock_api_user, - mock_user_dao_get_by_email, - mock_user_dao_update_email): + mock_active_user, + mock_get_by_email, + mock_update_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='email') + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(user_id=mock_active_user.id, code='12345', code_type='email') response = client.post(url_for('main.check_and_resend_email_code'), data={'email_address': 'new@address.gov.uk'}) assert response.status_code == 302 assert response.location == url_for('main.verify', _external=True) - assert mock_api_user.email_address == 'new@address.gov.uk' + assert mock_active_user.email_address == 'new@address.gov.uk' def test_should_update_mobile_number_resend_code(app_, @@ -103,29 +102,29 @@ def test_should_update_mobile_number_resend_code(app_, db_session, mock_send_sms, mock_send_email, - mock_api_user, - mock_user_dao_get_by_email, - mock_user_dao_update_mobile): + mock_active_user, + mock_get_by_email, + mock_update_mobile): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(user_id=mock_active_user.id, code='12345', code_type='sms') response = client.post(url_for('main.check_and_resend_text_code'), data={'mobile_number': '+447700900460'}) assert response.status_code == 302 assert response.location == url_for('main.verify', _external=True) - assert mock_api_user.mobile_number == '+447700900460' + assert mock_active_user.mobile_number == '+447700900460' def test_should_render_verification_code_not_received(app_, db_, db_session, - mock_api_user): + mock_active_user): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address + session['user_email'] = mock_active_user.email_address response = client.get(url_for('main.verification_code_not_received')) assert response.status_code == 200 assert 'Resend verification code' in response.get_data(as_text=True) @@ -136,14 +135,14 @@ def test_should_render_verification_code_not_received(app_, def test_check_and_redirect_to_two_factor(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_send_sms, mock_send_email, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address + session['user_email'] = mock_active_user.email_address response = client.get(url_for('main.check_and_resend_verification_code')) assert response.status_code == 302 assert response.location == url_for('main.two_factor', _external=True) @@ -152,19 +151,19 @@ def test_check_and_redirect_to_two_factor(app_, def test_should_create_new_code_for_user(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_send_sms, mock_send_email, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(user_id=mock_active_user.id, code='12345', code_type='sms') response = client.get(url_for('main.check_and_resend_verification_code')) assert response.status_code == 302 assert response.location == url_for('main.two_factor', _external=True) - codes = verify_codes_dao.get_codes(user_id=mock_api_user.id, code_type='sms') + codes = verify_codes_dao.get_codes(user_id=mock_active_user.id, code_type='sms') assert len(codes) == 2 for x in ([used.code_used for used in codes]): assert x is False diff --git a/tests/app/main/views/test_dashboard.py b/tests/app/main/views/test_dashboard.py index 67520c8e2..6bbeccb11 100644 --- a/tests/app/main/views/test_dashboard.py +++ b/tests/app/main/views/test_dashboard.py @@ -7,8 +7,7 @@ def test_should_show_recent_jobs_on_dashboard(app_, db_session, mock_api_user, mock_get_service, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: client.login(mock_api_user) diff --git a/tests/app/main/views/test_forgot_password.py b/tests/app/main/views/test_forgot_password.py index 03ffb9955..2c70eb12f 100644 --- a/tests/app/main/views/test_forgot_password.py +++ b/tests/app/main/views/test_forgot_password.py @@ -1,6 +1,4 @@ from flask import url_for -from app.main.dao import users_dao -from tests import create_test_user def test_should_render_forgot_password(app_, db_, db_session): @@ -15,15 +13,15 @@ def test_should_redirect_to_password_reset_sent_and_state_updated(app_, db_, db_session, mock_send_email, - mock_api_user, - mock_user_dao_get_by_email, - mock_user_dao_password_reset): + mock_active_user, + mock_get_by_email, + mock_password_reset): with app_.test_request_context(): response = app_.test_client().post( url_for('.forgot_password'), - data={'email_address': mock_api_user.email_address}) + data={'email_address': mock_active_user.email_address}) assert response.status_code == 200 assert ( 'You have been sent an email containing a link' ' to reset your password.') in response.get_data(as_text=True) - assert mock_api_user.state == 'request_password_reset' + assert mock_active_user.state == 'request_password_reset' diff --git a/tests/app/main/views/test_index.py b/tests/app/main/views/test_index.py index 6d4a2b067..dc5e524c1 100644 --- a/tests/app/main/views/test_index.py +++ b/tests/app/main/views/test_index.py @@ -4,12 +4,11 @@ from flask import url_for def test_logged_in_user_redirects_to_choose_service(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.index')) assert response.status_code == 302 diff --git a/tests/app/main/views/test_jobs.py b/tests/app/main/views/test_jobs.py index c10605570..3ac620fd0 100644 --- a/tests/app/main/views/test_jobs.py +++ b/tests/app/main/views/test_jobs.py @@ -1,27 +1,33 @@ from flask import url_for -from app.models import User -from tests import create_test_user -def test_should_return_list_of_all_jobs(app_, db_, db_session, service_one, mock_api_user, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_return_list_of_all_jobs(app_, + db_, + db_session, + service_one, + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.view_jobs', service_id=101)) assert response.status_code == 200 assert 'You haven’t sent any notifications yet' in response.get_data(as_text=True) -def test_should_show_page_for_one_job(app_, db_, db_session, service_one, mock_api_user, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_page_for_one_job(app_, + db_, + db_session, + service_one, + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: # TODO filename will be part of job metadata not in session with client.session_transaction() as s: s[456] = 'dispatch_20151114.csv' - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.view_job', service_id=123, job_id=456)) assert response.status_code == 200 @@ -29,11 +35,15 @@ def test_should_show_page_for_one_job(app_, db_, db_session, service_one, mock_a assert 'Test message 1' in response.get_data(as_text=True) -def test_should_show_page_for_one_notification(app_, db_, db_session, service_one, mock_api_user, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_page_for_one_notification(app_, + db_, + db_session, + service_one, + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for( 'main.view_notification', service_id=101, diff --git a/tests/app/main/views/test_new_password.py b/tests/app/main/views/test_new_password.py index 8904278fc..2a1b3d2e4 100644 --- a/tests/app/main/views/test_new_password.py +++ b/tests/app/main/views/test_new_password.py @@ -3,43 +3,49 @@ from flask import url_for from app.main.dao import users_dao from app.main.encryption import check_hash from app.notify_client.sender import generate_token -from tests import create_test_user import pytest -def test_should_render_new_password_template(app_, db_, db_session, mock_api_user, - mock_user_dao_get_new_password): +def test_should_render_new_password_template(app_, + db_, + db_session, + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - token = generate_token(mock_api_user.email_address) + mock_active_user.state = 'request_password_reset' + token = generate_token(mock_active_user.email_address) response = client.get(url_for('.new_password', token=token)) assert response.status_code == 200 assert ' You can now create a new password for your account.' in response.get_data(as_text=True) -# def test_should_render_new_password_template_with_message_of_bad_token(app_, db_, db_session, -# mock_user_dao_get_by_email): -# with app_.test_request_context(): -# with app_.test_client() as client: -# create_test_user('request_password_reset') -# token = generate_token('no_user@d.gov.uk') -# response = client.get(url_for('.new_password', token=token)) -# assert response.status_code == 200 -# assert 'Message about email address does not exist. Some one needs to figure out the words here.' in \ -# response.get_data(as_text=True) +@pytest.mark.skipif(True, reason='Password reset no implemented') +def test_should_render_new_password_template_with_message_of_bad_token(app_, + db_, + db_session, + mock_get_by_email): + with app_.test_request_context(): + with app_.test_client() as client: + token = generate_token('no_user@d.gov.uk') + response = client.get(url_for('.new_password', token=token)) + assert response.status_code == 200 + assert 'Message about email address does not exist. Some one needs to figure out the words here.' in \ + response.get_data(as_text=True) -@pytest.mark.xfail(reason='Password reset not implemented') + +@pytest.mark.skipif(True, reason='Password reset no implemented') def test_should_redirect_to_two_factor_when_password_reset_is_successful(app_, db_, db_session, mock_send_sms, - mock_api_user, - mock_user_dao_get_new_password): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - mock_api_user.state = 'request_password_reset' - token = generate_token(mock_api_user.email_address) + mock_active_user.state = 'request_password_reset' + token = generate_token(mock_active_user.email_address) response = client.post(url_for('.new_password', token=token), data={'new_password': 'a-new_password'}) assert response.status_code == 302 assert response.location == url_for('.two_factor', _external=True) @@ -51,28 +57,28 @@ def test_should_redirect_to_two_factor_when_password_reset_is_successful(app_, def test_should_redirect_to_forgot_password_with_flash_message_when_token_is_expired(app_, db_, db_session, - mock_api_user): + mock_active_user): with app_.test_request_context(): with app_.test_client() as client: app_.config['TOKEN_MAX_AGE_SECONDS'] = -1000 - mock_api_user.state = 'request_password_reset' - token = generate_token(mock_api_user.email_address) + mock_active_user.state = 'request_password_reset' + token = generate_token(mock_active_user.email_address) response = client.post(url_for('.new_password', token=token), data={'new_password': 'a-new_password'}) assert response.status_code == 302 assert response.location == url_for('.forgot_password', _external=True) app_.config['TOKEN_MAX_AGE_SECONDS'] = 3600 -@pytest.mark.xfail(reason='Password reset not implemented') +@pytest.mark.skipif(True, reason='Password reset no implemented') def test_should_redirect_to_forgot_pass_when_user_active_should_be_request_passw_reset(app_, db_, db_session, - mock_api_user, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - mock_api_user.state = 'request_password_reset' - token = generate_token(mock_api_user.email_address) + mock_active_user.state = 'request_password_reset' + token = generate_token(mock_active_user.email_address) response = client.post(url_for('.new_password', token=token), data={'new_password': 'a-new_password'}) assert response.status_code == 302 assert response.location == url_for('.index', _external=True) diff --git a/tests/app/main/views/test_register.py b/tests/app/main/views/test_register.py index 6c070ea98..4a7d55675 100644 --- a/tests/app/main/views/test_register.py +++ b/tests/app/main/views/test_register.py @@ -11,12 +11,11 @@ def test_render_register_returns_template_with_form(app_, db_, db_session): def test_logged_in_user_redirects_to_choose_service(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.register')) assert response.status_code == 302 @@ -30,10 +29,10 @@ def test_process_register_creates_new_user(app_, mock_send_sms, mock_send_email, mock_register_user, - mock_user_by_email_not_found): + mock_get_by_email): user_data = { 'name': 'Some One Valid', - 'email_address': 'someone@example.gov.uk', + 'email_address': 'notfound@example.gov.uk', 'mobile_number': '+4407700900460', 'password': 'validPassword!' } @@ -43,6 +42,7 @@ def test_process_register_creates_new_user(app_, data=user_data) assert response.status_code == 302 assert response.location == url_for('main.verify', _external=True) + assert mock_register_user.called def test_process_register_returns_400_when_mobile_number_is_invalid(app_, @@ -50,7 +50,7 @@ def test_process_register_returns_400_when_mobile_number_is_invalid(app_, db_session, mock_send_sms, mock_send_email, - mock_user_by_email_not_found): + mock_get_by_email): response = app_.test_client().post('/register', data={'name': 'Bad Mobile', 'email_address': 'bad_mobile@example.gov.uk', @@ -66,7 +66,7 @@ def test_should_return_400_when_email_is_not_gov_uk(app_, db_session, mock_send_sms, mock_send_email, - mock_user_by_email_not_found): + mock_get_by_email): response = app_.test_client().post('/register', data={'name': 'Bad Mobile', 'email_address': 'bad_mobile@example.not.right', @@ -83,11 +83,10 @@ def test_should_add_verify_codes_on_session(app_, mock_send_sms, mock_send_email, mock_register_user, - mock_user_loader, - mock_user_by_email_not_found): + mock_get_by_email): user_data = { 'name': 'Test Codes', - 'email_address': 'test@example.gov.uk', + 'email_address': 'notfound@example.gov.uk', 'mobile_number': '+4407700900460', 'password': 'validPassword!' } @@ -99,7 +98,10 @@ def test_should_add_verify_codes_on_session(app_, assert 'notify_admin_session' in response.headers.get('Set-Cookie') -def test_should_return_400_if_password_is_blacklisted(app_, db_, db_session, mock_user_by_email_not_found): +def test_should_return_400_if_password_is_blacklisted(app_, + db_, + db_session, + mock_get_by_email): response = app_.test_client().post('/register', data={'name': 'Bad Mobile', 'email_address': 'bad_mobile@example.not.right', diff --git a/tests/app/main/views/test_service_settings.py b/tests/app/main/views/test_service_settings.py index 70458a9f0..77e7a0f89 100644 --- a/tests/app/main/views/test_service_settings.py +++ b/tests/app/main/views/test_service_settings.py @@ -1,11 +1,15 @@ from flask import (url_for, session) -def test_should_show_overview(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_overview(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get(url_for( 'main.service_settings', service_id=service_id)) @@ -16,11 +20,15 @@ def test_should_show_overview(app_, db_, db_session, mock_api_user, mock_get_ser assert mock_get_service.called -def test_should_show_service_name(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_service_name(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get(url_for( 'main.service_name_change', service_id=service_id)) @@ -31,11 +39,15 @@ def test_should_show_service_name(app_, db_, db_session, mock_api_user, mock_get service = mock_get_service.side_effect(service_id)['data'] -def test_should_redirect_after_change_service_name(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_redirect_after_change_service_name(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.post(url_for( 'main.service_name_change', service_id=service_id)) @@ -50,13 +62,12 @@ def test_should_redirect_after_change_service_name(app_, db_, db_session, mock_a def test_should_show_service_name_confirmation(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_get_service, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get(url_for( 'main.service_name_change_confirm', service_id=service_id)) @@ -70,14 +81,13 @@ def test_should_show_service_name_confirmation(app_, def test_should_redirect_after_service_name_confirmation(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_get_service, mock_update_service, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 service_new_name = 'New Name' with client.session_transaction() as session: @@ -94,11 +104,15 @@ def test_should_redirect_after_service_name_confirmation(app_, assert mock_update_service.called -def test_should_show_request_to_go_live(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_request_to_go_live(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get( url_for('main.service_request_to_go_live', service_id=service_id)) @@ -112,14 +126,13 @@ def test_should_show_request_to_go_live(app_, db_, db_session, mock_api_user, mo def test_should_redirect_after_request_to_go_live(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_get_service, mock_update_service, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.post(url_for( 'main.service_request_to_go_live', service_id=service_id)) @@ -132,11 +145,15 @@ def test_should_redirect_after_request_to_go_live(app_, assert mock_update_service.called -def test_should_show_status_page(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_status_page(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get(url_for( 'main.service_status_change', service_id=service_id)) @@ -150,13 +167,12 @@ def test_should_show_status_page(app_, db_, db_session, mock_api_user, mock_get_ def test_should_show_redirect_after_status_change(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_get_service, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.post(url_for( 'main.service_status_change', service_id=service_id)) @@ -168,11 +184,15 @@ def test_should_show_redirect_after_status_change(app_, assert mock_get_service.called -def test_should_show_status_confirmation(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_status_confirmation(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get(url_for( 'main.service_status_change_confirm', service_id=service_id)) @@ -186,14 +206,13 @@ def test_should_show_status_confirmation(app_, db_, db_session, mock_api_user, m def test_should_redirect_after_status_confirmation(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_get_service, mock_update_service, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.post(url_for( 'main.service_status_change_confirm', service_id=service_id)) @@ -206,11 +225,15 @@ def test_should_redirect_after_status_confirmation(app_, assert mock_update_service.called -def test_should_show_delete_page(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_delete_page(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get(url_for( 'main.service_delete', service_id=service_id)) @@ -220,11 +243,15 @@ def test_should_show_delete_page(app_, db_, db_session, mock_api_user, mock_get_ assert mock_get_service.called -def test_should_show_redirect_after_deleting_service(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_redirect_after_deleting_service(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.post(url_for( 'main.service_delete', service_id=service_id)) @@ -235,11 +262,15 @@ def test_should_show_redirect_after_deleting_service(app_, db_, db_session, mock assert delete_url == response.location -def test_should_show_delete_confirmation(app_, db_, db_session, mock_api_user, mock_get_service, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_show_delete_confirmation(app_, + db_, + db_session, + mock_active_user, + mock_get_service, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get(url_for( 'main.service_delete_confirm', service_id=service_id)) @@ -252,14 +283,13 @@ def test_should_show_delete_confirmation(app_, db_, db_session, mock_api_user, m def test_should_redirect_delete_confirmation(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_get_service, mock_delete_service, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.post(url_for( 'main.service_delete_confirm', service_id=service_id)) diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py index 65be3b100..613cd62de 100644 --- a/tests/app/main/views/test_sign_in.py +++ b/tests/app/main/views/test_sign_in.py @@ -1,11 +1,5 @@ -from datetime import datetime - -from app.main.dao import users_dao -from app.models import User from flask import url_for -import pytest - def test_render_sign_in_returns_sign_in_template(app_): with app_.test_request_context(): @@ -20,12 +14,11 @@ def test_render_sign_in_returns_sign_in_template(app_): def test_logged_in_user_redirects_to_choose_service(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.get(url_for('main.sign_in')) assert response.status_code == 302 @@ -38,10 +31,9 @@ def test_process_sign_in_return_2fa_template(app_, db_session, mock_send_sms, mock_send_email, - mock_user_dao_get_user, - mock_user_loader, - mock_user_dao_get_by_email, - mock_user_dao_checkpassword): + mock_get_user, + mock_get_by_email, + mock_user_checkpassword): with app_.test_request_context(): response = app_.test_client().post( url_for('main.sign_in'), data={ @@ -51,16 +43,12 @@ def test_process_sign_in_return_2fa_template(app_, assert response.location == 'http://localhost/two-factor' -def test_should_return_locked_out_true_when_user_is_locked(app_, - db_, - db_session, - mock_user_dao_get_user, - mock_inactive_user_dao_get_by_email): +def test_should_return_locked_out_true_when_user_is_locked(app_, mock_get_by_email): with app_.test_request_context(): for _ in range(10): app_.test_client().post( url_for('main.sign_in'), data={ - 'email_address': 'valid@example.gov.uk', + 'email_address': 'locked_user@example.gov.uk', 'password': 'whatIsMyPassword!'}) response = app_.test_client().post( @@ -79,11 +67,8 @@ def test_should_return_locked_out_true_when_user_is_locked(app_, assert 'Username or password is incorrect' in response.get_data(as_text=True) -def test_should_return_active_user_is_false_if_user_is_inactive(app_, - db_, - db_session, - mock_user_dao_get_user, - mock_inactive_user_dao_get_by_email): +def test_should_return_active_user_is_false_if_user_is_inactive(app_, mock_get_by_email): + with app_.test_request_context(): response = app_.test_client().post( url_for('main.sign_in'), data={ @@ -94,29 +79,21 @@ def test_should_return_active_user_is_false_if_user_is_inactive(app_, assert 'Username or password is incorrect' in response.get_data(as_text=True) -def test_should_return_200_when_user_does_not_exist(app_, - db_, - db_session, - mock_user_dao_get_user, - mock_user_dao_get_by_email): +def test_should_return_200_when_user_does_not_exist(app_, mock_get_by_email): with app_.test_request_context(): response = app_.test_client().post( url_for('main.sign_in'), data={ - 'email_address': 'does_not_exist@gov.uk', + 'email_address': 'notfound@gov.uk', 'password': 'doesNotExist!'}) assert response.status_code == 200 assert 'Username or password is incorrect' in response.get_data(as_text=True) -def test_should_return_200_when_user_is_not_active(app_, - db_, - db_session, - mock_user_dao_get_user, - mock_user_dao_get_by_email): +def test_should_return_200_when_user_is_not_active(app_, mock_get_by_email): with app_.test_request_context(): response = app_.test_client().post( url_for('main.sign_in'), data={ - 'email_address': 'PendingUser@example.gov.uk', + 'email_address': 'pending_user@example.gov.uk', 'password': 'val1dPassw0rd!'}) assert response.status_code == 200 assert 'Username or password is incorrect' in response.get_data(as_text=True) diff --git a/tests/app/main/views/test_sign_out.py b/tests/app/main/views/test_sign_out.py index 47b5c8367..a433b28ac 100644 --- a/tests/app/main/views/test_sign_out.py +++ b/tests/app/main/views/test_sign_out.py @@ -14,19 +14,16 @@ def test_render_sign_out_redirects_to_sign_in(app_): def test_sign_out_user(app_, - db_, - db_session, mock_send_sms, mock_send_email, mock_get_service, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): email = 'valid@example.gov.uk' password = 'val1dPassw0rd!' with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) # Check we are logged in response = client.get( url_for('main.service_dashboard', service_id="123")) diff --git a/tests/app/main/views/test_sms.py b/tests/app/main/views/test_sms.py index e2e72e241..4bb8ccabe 100644 --- a/tests/app/main/views/test_sms.py +++ b/tests/app/main/views/test_sms.py @@ -4,13 +4,15 @@ from flask import url_for import moto -def test_upload_empty_csvfile_returns_to_upload_page(app_, db_, db_session, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): +def test_upload_empty_csvfile_returns_to_upload_page(app_, + db_, + db_session, + mock_send_sms, + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) upload_data = {'file': (BytesIO(''.encode('utf-8')), 'emtpy.csv')} response = client.post(url_for('main.send_sms', service_id=123), data=upload_data, follow_redirects=True) @@ -22,19 +24,15 @@ def test_upload_empty_csvfile_returns_to_upload_page(app_, db_, db_session, @moto.mock_s3 def test_upload_csvfile_with_invalid_phone_shows_check_page_with_errors(app_, - db_, - db_session, - mocker, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): contents = 'phone\n+44 123\n+44 456' file_data = (BytesIO(contents.encode('utf-8')), 'invalid.csv') with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) upload_data = {'file': file_data} response = client.post(url_for('main.send_sms', service_id=123), data=upload_data, @@ -49,12 +47,9 @@ def test_upload_csvfile_with_invalid_phone_shows_check_page_with_errors(app_, @moto.mock_s3 def test_upload_csvfile_with_valid_phone_shows_first3_and_last3_numbers(app_, - db_, - db_session, mocker, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): contents = 'phone\n+44 7700 900981\n+44 7700 900982\n+44 7700 900983\n+44 7700 900984\n+44 7700 900985\n+44 7700 900986\n+44 7700 900987\n+44 7700 900988\n+44 7700 900989' # noqa @@ -62,7 +57,7 @@ def test_upload_csvfile_with_valid_phone_shows_first3_and_last3_numbers(app_, with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) upload_data = {'file': file_data} response = client.post(url_for('main.send_sms', service_id=123), data=upload_data, @@ -87,12 +82,9 @@ def test_upload_csvfile_with_valid_phone_shows_first3_and_last3_numbers(app_, @moto.mock_s3 def test_upload_csvfile_with_valid_phone_shows_all_if_6_or_less_numbers(app_, - db_, - db_session, mocker, - mock_api_user, - mock_user_loader, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): contents = 'phone\n+44 7700 900981\n+44 7700 900982\n+44 7700 900983\n+44 7700 900984\n+44 7700 900985\n+44 7700 900986' # noqa @@ -100,7 +92,7 @@ def test_upload_csvfile_with_valid_phone_shows_all_if_6_or_less_numbers(app_, with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) upload_data = {'file': file_data} response = client.post(url_for('main.send_sms', service_id=123), data=upload_data, @@ -120,11 +112,12 @@ def test_upload_csvfile_with_valid_phone_shows_all_if_6_or_less_numbers(app_, @moto.mock_s3 -def test_should_redirect_to_job(app_, db_, db_session, mocker, mock_api_user, - mock_user_loader, mock_user_dao_get_by_email): +def test_should_redirect_to_job(app_, + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) response = client.post(url_for('main.check_sms', service_id=123, upload_id='someid')) diff --git a/tests/app/main/views/test_templates.py b/tests/app/main/views/test_templates.py index cdf7284cf..75393668e 100644 --- a/tests/app/main/views/test_templates.py +++ b/tests/app/main/views/test_templates.py @@ -5,13 +5,12 @@ from flask import url_for def test_should_return_list_of_all_templates(app_, db_, db_session, - mock_api_user, + mock_active_user, mock_get_service_templates, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: - client.login(mock_api_user) + client.login(mock_active_user) service_id = 123 response = client.get(url_for( '.manage_service_templates', service_id=service_id)) @@ -25,8 +24,7 @@ def test_should_show_page_for_one_templates(app_, db_session, mock_api_user, mock_get_service_template, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: client.login(mock_api_user) @@ -48,8 +46,7 @@ def test_should_redirect_when_saving_a_template(app_, mock_api_user, mock_get_service_template, mock_update_service_template, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: client.login(mock_api_user) @@ -82,8 +79,7 @@ def test_should_show_delete_template_page(app_, db_session, mock_api_user, mock_get_service_template, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: client.login(mock_api_user) @@ -106,8 +102,7 @@ def test_should_redirect_when_deleting_a_template(app_, mock_api_user, mock_get_service_template, mock_delete_service_template, - mock_user_loader, - mock_user_dao_get_by_email): + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: client.login(mock_api_user) diff --git a/tests/app/main/views/test_two_factor.py b/tests/app/main/views/test_two_factor.py index a6e397a7e..513e74330 100644 --- a/tests/app/main/views/test_two_factor.py +++ b/tests/app/main/views/test_two_factor.py @@ -1,27 +1,34 @@ -from flask import json, url_for +from flask import url_for from app.main.dao import verify_codes_dao -from tests import create_test_user -def test_should_render_two_factor_page(app_, db_, db_session, mock_api_user, mock_user_dao_get_by_email): +def test_should_render_two_factor_page(app_, + db_, + db_session, + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: # TODO this lives here until we work out how to # reassign the session after it is lost mid register process with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address + session['user_email'] = mock_active_user.email_address response = client.get(url_for('main.two_factor')) assert response.status_code == 200 assert '''We've sent you a text message with a verification code.''' in response.get_data(as_text=True) -def test_should_login_user_and_redirect_to_dashboard(app_, db_, db_session, mock_api_user, mock_user_dao_get_by_email): +def test_should_login_user_and_redirect_to_dashboard(app_, + db_, + db_session, + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(user_id=mock_active_user.id, code='12345', code_type='sms') response = client.post(url_for('main.two_factor'), data={'sms_code': '12345'}) @@ -32,13 +39,13 @@ def test_should_login_user_and_redirect_to_dashboard(app_, db_, db_session, mock def test_should_return_200_with_sms_code_error_when_sms_code_is_wrong(app_, db_, db_session, - mock_api_user, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(user_id=mock_active_user.id, code='12345', code_type='sms') response = client.post(url_for('main.two_factor'), data={'sms_code': '23456'}) assert response.status_code == 200 @@ -48,19 +55,19 @@ def test_should_return_200_with_sms_code_error_when_sms_code_is_wrong(app_, def test_should_login_user_when_multiple_valid_codes_exist(app_, db_, db_session, - mock_api_user, - mock_user_dao_get_by_email): + mock_active_user, + mock_get_by_email): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_email'] = mock_api_user.email_address - verify_codes_dao.add_code(user_id=mock_api_user.id, code='23456', code_type='sms') - verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') - verify_codes_dao.add_code(user_id=mock_api_user.id, code='34567', code_type='sms') - assert len(verify_codes_dao.get_codes(user_id=mock_api_user.id, code_type='sms')) == 3 + session['user_email'] = mock_active_user.email_address + verify_codes_dao.add_code(user_id=mock_active_user.id, code='23456', code_type='sms') + verify_codes_dao.add_code(user_id=mock_active_user.id, code='12345', code_type='sms') + verify_codes_dao.add_code(user_id=mock_active_user.id, code='34567', code_type='sms') + assert len(verify_codes_dao.get_codes(user_id=mock_active_user.id, code_type='sms')) == 3 response = client.post(url_for('main.two_factor'), data={'sms_code': '23456'}) assert response.status_code == 302 - codes = verify_codes_dao.get_codes(user_id=mock_api_user.id, code_type='sms') + codes = verify_codes_dao.get_codes(user_id=mock_active_user.id, code_type='sms') # query will only return codes where code_used == False assert len(codes) == 0 diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py index 1d58a3b90..902ddc33d 100644 --- a/tests/app/main/views/test_verify.py +++ b/tests/app/main/views/test_verify.py @@ -1,8 +1,5 @@ -from flask import json, url_for -from app.main.dao import users_dao, verify_codes_dao -from tests import create_test_api_user - -import pytest +from flask import url_for +from app.main.dao import verify_codes_dao def test_should_return_verify_template(app_, db_, db_session, mock_api_user): @@ -23,9 +20,8 @@ def test_should_redirect_to_add_service_when_code_are_correct(app_, db_, db_session, mock_api_user, - mock_user_dao_get_user, - mock_activate_user, - mock_user_loader): + mock_get_user, + mock_activate_user): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: @@ -39,20 +35,20 @@ def test_should_redirect_to_add_service_when_code_are_correct(app_, assert response.location == url_for('main.add_service', first='first', _external=True) -# def test_should_activate_user_after_verify(app_, db_, db_session, mock_api_user, mock_activate_user): -# with app_.test_request_context(): -# with app_.test_client() as client: -# with client.session_transaction() as session: -# session['user_details'] = {'email_address': mock_api_user.email_address, 'id': mock_api_user.id} -# verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') -# verify_codes_dao.add_code(user_id=mock_api_user.id, code='23456', code_type='email') -# client.post(url_for('main.verify'), -# data={'sms_code': '12345', -# 'email_code': '23456'}) -# assert mock_api_user.state == 'active' +def test_should_activate_user_after_verify(app_, db_, db_session, mock_api_user, mock_activate_user, mock_get_user): + with app_.test_request_context(): + with app_.test_client() as client: + with client.session_transaction() as session: + session['user_details'] = {'email_address': mock_api_user.email_address, 'id': mock_api_user.id} + verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') + verify_codes_dao.add_code(user_id=mock_api_user.id, code='23456', code_type='email') + client.post(url_for('main.verify'), + data={'sms_code': '12345', + 'email_code': '23456'}) + assert mock_api_user.state == 'active' -def test_should_return_200_when_codes_are_wrong(app_, db_, db_session, mock_api_user, mock_user_dao_get_user): +def test_should_return_200_when_codes_are_wrong(app_, db_, db_session, mock_api_user, mock_get_user): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: @@ -68,23 +64,25 @@ def test_should_return_200_when_codes_are_wrong(app_, db_, db_session, mock_api_ assert resp_data.count('Code does not match') == 2 -# def test_should_mark_all_codes_as_used_when_many_codes_exist(app_, -# db_, -# db_session, -# mock_api_user): -# with app_.test_request_context(): -# with app_.test_client() as client: -# with client.session_transaction() as session: -# session['user_details'] = {'email_address': mock_api_user.email_address, 'id': mock_api_user.id} -# code1 = verify_codes_dao.add_code(user_id=mock_api_user.id, code='23345', code_type='sms') -# code2 = verify_codes_dao.add_code(user_id=mock_api_user.id, code='98456', code_type='email') -# code3 = verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') -# code4 = verify_codes_dao.add_code(user_id=mock_api_user.id, code='23412', code_type='email') -# response = client.post(url_for('main.verify'), -# data={'sms_code': '23345', -# 'email_code': '23412'}) -# assert response.status_code == 302 -# assert verify_codes_dao.get_code_by_id(code1).code_used is True -# assert verify_codes_dao.get_code_by_id(code2).code_used is True -# assert verify_codes_dao.get_code_by_id(code3).code_used is True -# assert verify_codes_dao.get_code_by_id(code4).code_used is True +def test_should_mark_all_codes_as_used_when_many_codes_exist(app_, + db_, + db_session, + mock_api_user, + mock_get_user, + mock_activate_user): + with app_.test_request_context(): + with app_.test_client() as client: + with client.session_transaction() as session: + session['user_details'] = {'email_address': mock_api_user.email_address, 'id': mock_api_user.id} + code1 = verify_codes_dao.add_code(user_id=mock_api_user.id, code='23345', code_type='sms') + code2 = verify_codes_dao.add_code(user_id=mock_api_user.id, code='98456', code_type='email') + code3 = verify_codes_dao.add_code(user_id=mock_api_user.id, code='12345', code_type='sms') + code4 = verify_codes_dao.add_code(user_id=mock_api_user.id, code='23412', code_type='email') + response = client.post(url_for('main.verify'), + data={'sms_code': '12345', + 'email_code': '23412'}) + assert response.status_code == 302 + assert verify_codes_dao.get_code_by_id(code1.id).code_used is True + assert verify_codes_dao.get_code_by_id(code2.id).code_used is True + assert verify_codes_dao.get_code_by_id(code3.id).code_used is True + assert verify_codes_dao.get_code_by_id(code4.id).code_used is True diff --git a/tests/conftest.py b/tests/conftest.py index f4c743cac..c2e74711b 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -119,26 +119,12 @@ def mock_update_service(mocker): @pytest.fixture(scope='function') -def mock_get_services(mocker, mock_api_user): - def _get(user_id): - service_one = service_json( - 1, "service_one", [mock_api_user.id], 1000, True, False) - service_two = service_json( - 2, "service_two", [mock_api_user.id], 1000, True, False) - return {'data': [service_one, service_two]} - - mock_class = mocker.patch( - 'app.notifications_api_client.get_services', side_effect=_get) - return mock_class - - -@pytest.fixture(scope='function') -def mock_get_services(mocker, mock_api_user): +def mock_get_services(mocker, mock_active_user): def _create(user_id): service_one = service_json( - 1, "service_one", [mock_api_user.id], 1000, True, False) + 1, "service_one", [mock_active_user.id], 1000, True, False) service_two = service_json( - 2, "service_two", [mock_api_user.id], 1000, True, False) + 2, "service_two", [mock_active_user.id], 1000, True, False) return {'data': [service_one, service_two]} mock_class = mocker.patch( @@ -164,8 +150,7 @@ def mock_get_service_template(mocker): return {'data': template} return mocker.patch( - 'app.notifications_api_client.get_service_template', - side_effect=_create) + 'app.notifications_api_client.get_service_template', side_effect=_create) @pytest.fixture(scope='function') @@ -238,103 +223,98 @@ def mock_api_user(mocker): @pytest.fixture(scope='function') def mock_register_user(mocker, mock_api_user): + def _register(name, email_address, mobile_number, password): - mock_api_user.fields['name'] = name - mock_api_user.fields['email_address'] = email_address - mock_api_user.fields['mobile_number'] = mobile_number - mock_api_user.fields['password'] = password + mock_api_user.name = name + mock_api_user.email_address = email_address + mock_api_user.mobile_number = mobile_number + mock_api_user.password = password return mock_api_user + return mocker.patch('app.user_api_client.register_user', side_effect=_register) @pytest.fixture(scope='function') -def mock_user_loader(mocker, mock_api_user): - mock_class = mocker.patch('app.main.dao.users_dao.get_user_by_id') - mock_class.return_value = mock_api_user - return mock_class +def mock_active_user(mocker, mock_api_user): + mock_api_user.state = 'active' + return mock_api_user @pytest.fixture(scope='function') -def mock_activate_user(mocker, mock_api_user): - def _activate(mock_api_user): - mock_api_user.state = 'active' - return mock_api_user +def mock_activate_user(mocker): + + def _activate(user): + user.state = 'active' + return user + return mocker.patch('app.user_api_client.update_user', side_effect=_activate) @pytest.fixture(scope='function') -def mock_user_dao_get_user(mocker, mock_api_user): +def mock_get_user(mocker, mock_active_user): + def _get_user(id): - return mock_api_user + return mock_active_user + return mocker.patch('app.main.dao.users_dao.get_user_by_id', side_effect=_get_user) @pytest.fixture(scope='function') -def mock_user_dao_get_by_email(mocker, mock_api_user): - mock_api_user.state = 'active' +def mock_get_by_email(mocker, mock_api_user, mock_active_user, mock_get_user): def _get_user(email_address): - mock_api_user.fields['email_address'] = email_address - return mock_api_user + if email_address == 'notfound@example.gov.uk': + return None + if email_address == 'locked_user@example.gov.uk': + mock_active_user.failed_login_count = 5 + return mock_active_user + if email_address == 'inactive_user@example.gov.uk': + mock_active_user.state = 'inactive' + if email_address == 'pending_user@example.gov.uk': + return mock_api_user + + else: + mock_active_user.email_address = email_address + return mock_active_user return mocker.patch('app.main.dao.users_dao.get_user_by_email', side_effect=_get_user) @pytest.fixture(scope='function') -def mock_inactive_user_dao_get_by_email(mocker, mock_api_user): - def _get_user(email_address): - mock_api_user.fields['email_address'] = email_address - mock_api_user.state = 'pending' - mock_api_user.fields['is_locked'] = True - return mock_api_user - return mocker.patch('app.main.dao.users_dao.get_user_by_email', side_effect=_get_user) +def mock_user_checkpassword(mocker, mock_active_user): - -@pytest.fixture(scope='function') -def mock_user_by_email_not_found(mocker): - return mocker.patch('app.main.dao.users_dao.get_user_by_email', return_value=None) - - -@pytest.fixture(scope='function') -def mock_user_dao_checkpassword(mocker, mock_api_user): - - def _check(mock_api_user, password): + def _check(mock_active_user, password): return True + return mocker.patch('app.main.dao.users_dao.verify_password', side_effect=_check) @pytest.fixture(scope='function') -def mock_user_dao_update_email(mocker, mock_api_user): +def mock_update_email(mocker, mock_active_user): def _update(id, email_address): - mock_api_user.fields['email_address'] = email_address + mock_active_user.email_address = email_address + return mocker.patch('app.main.dao.users_dao.update_email_address', side_effect=_update) @pytest.fixture(scope='function') -def mock_user_dao_update_mobile(mocker, mock_api_user): +def mock_update_mobile(mocker, mock_active_user): def _update(id, mobile_number): - mock_api_user.fields['mobile_number'] = mobile_number + mock_active_user.mobile_number = mobile_number + return mocker.patch('app.main.dao.users_dao.update_mobile_number', side_effect=_update) @pytest.fixture(scope='function') -def mock_user_dao_password_reset(mocker, mock_api_user): +def mock_password_reset(mocker, mock_active_user): def _reset(email): - mock_api_user.state = 'request_password_reset' + mock_active_user.state = 'request_password_reset' return mocker.patch('app.main.dao.users_dao.request_password_reset', side_effect=_reset) -@pytest.fixture(scope='function') -def mock_user_dao_get_new_password(mocker, mock_api_user): - mock_api_user.state = 'request_password_reset' - mock_class = mocker.patch('app.main.dao.users_dao.get_user_by_email') - mock_class.return_value = mock_api_user - return mock_class - - @pytest.fixture(scope='function') def mock_create_api_key(mocker): def _create(service_id, key_name):