From a974e6e157e8bcd17f1209b66789a4910363168d Mon Sep 17 00:00:00 2001 From: Adam Shimali Date: Thu, 3 Mar 2016 17:53:16 +0000 Subject: [PATCH 1/3] [WIP] Add call to api to update invitation to accepted. When flow for invited user is complete, that is when user has been added to service, update invitation to accepted --- app/main/views/add_service.py | 9 ++++- app/main/views/invites.py | 34 ++++++++++------ app/notify_client/invite_api_client.py | 7 +++- app/notify_client/user_api_client.py | 4 +- tests/app/main/views/test_accept_invite.py | 46 +++++++++++++--------- tests/conftest.py | 15 +++++-- 6 files changed, 76 insertions(+), 39 deletions(-) diff --git a/app/main/views/add_service.py b/app/main/views/add_service.py index 700d4eb74..05febf569 100644 --- a/app/main/views/add_service.py +++ b/app/main/views/add_service.py @@ -12,7 +12,10 @@ from app.main.dao import services_dao, users_dao from app.main.forms import AddServiceForm from app.notify_client.models import InvitedUser -from app import user_api_client +from app import ( + invite_api_client, + user_api_client +) @main.route("/add-service", methods=['GET', 'POST']) @@ -25,7 +28,9 @@ def add_service(): # if invited user add to service and redirect to dashboard user = users_dao.get_user_by_id(session['user_id']) service_id = invited_user['service'] - user_api_client.add_user_to_service(service_id, user.id, invitation) + user_api_client.add_user_to_service(service_id, user.id, invitation.permissions) + invite_api_client.accept_invite(service_id, invitation.id) + session.pop('invited_user', None) return redirect(url_for('main.service_dashboard', service_id=service_id)) diff --git a/app/main/views/invites.py b/app/main/views/invites.py index cad3bf3b4..4fce06803 100644 --- a/app/main/views/invites.py +++ b/app/main/views/invites.py @@ -1,9 +1,12 @@ from flask import ( redirect, url_for, - session + session, + abort ) +from notifications_python_client.errors import HTTPError + from app.main import main from app import ( invite_api_client, @@ -14,14 +17,23 @@ from app import ( @main.route("/invitation/") def accept_invite(token): - invited_user = invite_api_client.accept_invite(token) - existing_user = user_api_client.get_user_by_email(invited_user.email_address) + try: - if existing_user: - user_api_client.add_user_to_service(invited_user.service, - existing_user.id, - invited_user) - return redirect(url_for('main.service_dashboard', service_id=invited_user.service)) - else: - session['invited_user'] = invited_user.serialize() - return redirect(url_for('main.register_from_invite')) + invited_user = invite_api_client.check_token(token) + existing_user = user_api_client.get_user_by_email(invited_user.email_address) + + if existing_user: + user_api_client.add_user_to_service(invited_user.service, + existing_user.id, + invited_user.permissions) + invite_api_client.accept_invite(invited_user.service, invited_user.id) + return redirect(url_for('main.service_dashboard', service_id=invited_user.service)) + else: + session['invited_user'] = invited_user.serialize() + return redirect(url_for('main.register_from_invite')) + + except HTTPError as e: + if e.status_code == 404: + abort(404) + else: + raise e diff --git a/app/notify_client/invite_api_client.py b/app/notify_client/invite_api_client.py index 6f2712848..03ce6e85c 100644 --- a/app/notify_client/invite_api_client.py +++ b/app/notify_client/invite_api_client.py @@ -31,7 +31,7 @@ class InviteApiClient(BaseAPIClient): invited_users = self._get_invited_users(invites) return invited_users - def accept_invite(self, token): + def check_token(self, token): resp = self.get(url='/invite/{}'.format(token)) return InvitedUser(**resp['data']) @@ -40,6 +40,11 @@ class InviteApiClient(BaseAPIClient): self.post(url='/service/{0}/invite/{1}'.format(service_id, invited_user_id), data=data) + def accept_invite(self, service_id, invited_user_id): + data = {'status': 'accepted'} + self.post(url='/service/{0}/invite/{1}'.format(service_id, invited_user_id), + data=data) + def _get_invited_users(self, invites): invited_users = [] for invite in invites: diff --git a/app/notify_client/user_api_client.py b/app/notify_client/user_api_client.py index ce9d83bce..74c1f9af9 100644 --- a/app/notify_client/user_api_client.py +++ b/app/notify_client/user_api_client.py @@ -94,9 +94,9 @@ class UserApiClient(BaseAPIClient): resp = self.get(endpoint) return [User(data) for data in resp['data']] - def add_user_to_service(self, service_id, user_id, invited_user): + def add_user_to_service(self, service_id, user_id, permissions): endpoint = '/service/{}/users/{}'.format(service_id, user_id) - resp = self.post(endpoint, data=invited_user.serialize(permissions_as_string=True)) + resp = self.post(endpoint, data={'permissions': permissions}) return User(resp['data'], max_failed_login_count=self.max_failed_login_count) def set_user_permissions(self, user_id, service_id, permissions): diff --git a/tests/app/main/views/test_accept_invite.py b/tests/app/main/views/test_accept_invite.py index 7ea04af93..2c0d001be 100644 --- a/tests/app/main/views/test_accept_invite.py +++ b/tests/app/main/views/test_accept_invite.py @@ -7,22 +7,24 @@ def test_existing_user_accept_invite_calls_api_and_redirects_to_dashboard(app_, service_one, api_user_active, sample_invite, - sample_invited_user, - mock_accept_invite, + mock_check_invite_token, mock_get_user_by_email, - mock_add_user_to_service): + mock_add_user_to_service, + mock_accept_invite): expected_service = service_one['id'] expected_redirect_location = 'http://localhost/services/{}/dashboard'.format(expected_service) + expected_permissions = ['send_messages', 'manage_service', 'manage_api_keys'] with app_.test_request_context(): with app_.test_client() as client: response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken')) - mock_accept_invite.assert_called_with('thisisnotarealtoken') + mock_check_invite_token.assert_called_with('thisisnotarealtoken') mock_get_user_by_email.assert_called_with('invited_user@test.gov.uk') - mock_add_user_to_service.assert_called_with(expected_service, api_user_active.id, sample_invited_user) + mock_add_user_to_service.assert_called_with(expected_service, api_user_active.id, expected_permissions) + mock_accept_invite.assert_called_with(expected_service, sample_invite['id']) assert response.status_code == 302 assert response.location == expected_redirect_location @@ -32,21 +34,22 @@ def test_existing_signed_out_user_accept_invite_redirects_to_sign_in(app_, service_one, api_user_active, sample_invite, - sample_invited_user, - mock_accept_invite, + mock_check_invite_token, mock_get_user_by_email, - mock_add_user_to_service): + mock_add_user_to_service, + mock_accept_invite): expected_service = service_one['id'] - + expected_permissions = ['send_messages', 'manage_service', 'manage_api_keys'] with app_.test_request_context(): with app_.test_client() as client: response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken'), follow_redirects=True) - mock_accept_invite.assert_called_with('thisisnotarealtoken') + mock_check_invite_token.assert_called_with('thisisnotarealtoken') mock_get_user_by_email.assert_called_with('invited_user@test.gov.uk') - mock_add_user_to_service.assert_called_with(expected_service, api_user_active.id, sample_invited_user) + mock_add_user_to_service.assert_called_with(expected_service, api_user_active.id, expected_permissions) + mock_accept_invite.assert_called_with(expected_service, sample_invite['id']) assert response.status_code == 200 page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') @@ -56,9 +59,10 @@ def test_existing_signed_out_user_accept_invite_redirects_to_sign_in(app_, def test_new_user_accept_invite_calls_api_and_redirects_to_registration(app_, service_one, sample_invite, - mock_accept_invite, + mock_check_invite_token, mock_dont_get_user_by_email, - mock_add_user_to_service): + mock_add_user_to_service, + mock_accept_invite): expected_redirect_location = 'http://localhost/register-from-invite' @@ -67,7 +71,7 @@ def test_new_user_accept_invite_calls_api_and_redirects_to_registration(app_, response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken')) - mock_accept_invite.assert_called_with('thisisnotarealtoken') + mock_check_invite_token.assert_called_with('thisisnotarealtoken') mock_dont_get_user_by_email.assert_called_with('invited_user@test.gov.uk') assert response.status_code == 302 @@ -77,11 +81,12 @@ def test_new_user_accept_invite_calls_api_and_redirects_to_registration(app_, def test_new_user_accept_invite_completes_new_registration_redirects_to_verify(app_, service_one, sample_invite, - mock_accept_invite, + mock_check_invite_token, mock_dont_get_user_by_email, mock_register_user, mock_send_verify_code, - mock_add_user_to_service): + mock_add_user_to_service, + mock_accept_invite): expected_service = service_one['id'] expected_email = sample_invite['email_address'] @@ -122,8 +127,7 @@ def test_new_user_accept_invite_completes_new_registration_redirects_to_verify(a def test_new_invited_user_verifies_and_added_to_service(app_, service_one, sample_invite, - sample_invited_user, - mock_accept_invite, + mock_check_invite_token, mock_dont_get_user_by_email, mock_register_user, mock_send_verify_code, @@ -131,6 +135,7 @@ def test_new_invited_user_verifies_and_added_to_service(app_, mock_get_user, mock_update_user, mock_add_user_to_service, + mock_accept_invite, mock_get_service, mock_get_service_templates, mock_get_jobs): @@ -156,9 +161,12 @@ def test_new_invited_user_verifies_and_added_to_service(app_, # when they post codes back to admin user should be added to # service and sent on to dash board + expected_permissions = ['send_messages', 'manage_service', 'manage_api_keys'] with client.session_transaction() as session: new_user_id = session['user_id'] - mock_add_user_to_service.assert_called_with(data['service'], new_user_id, sample_invited_user) + mock_add_user_to_service.assert_called_with(data['service'], new_user_id, expected_permissions) + + mock_accept_invite.assert_called_with(data['service'], sample_invite['id']) page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') element = page.find('h2', class_='navigation-service-name').find('a') diff --git a/tests/conftest.py b/tests/conftest.py index 399d10539..2f627e5a8 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -629,14 +629,21 @@ def mock_get_invites_for_service(mocker, service_one, sample_invite): @pytest.fixture(scope='function') -def mock_accept_invite(mocker, sample_invite): - def _accept_token(token): +def mock_check_invite_token(mocker, sample_invite): + def _check_token(token): return InvitedUser(**sample_invite) - return mocker.patch('app.invite_api_client.accept_invite', side_effect=_accept_token) + return mocker.patch('app.invite_api_client.check_token', side_effect=_check_token) + + +@pytest.fixture(scope='function') +def mock_accept_invite(mocker, sample_invite): + def _accept(service_id, invite_id): + return InvitedUser(**sample_invite) + return mocker.patch('app.invite_api_client.accept_invite', side_effect=_accept) @pytest.fixture(scope='function') def mock_add_user_to_service(mocker, service_one, api_user_active): - def _add_user(service_id, user_id, invited_user): + def _add_user(service_id, user_id, permissions): return api_user_active return mocker.patch('app.user_api_client.add_user_to_service', side_effect=_add_user) From 8074c6ea7fd9793c0d43f0ebf3ddb0e57aaa9772 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Fri, 4 Mar 2016 14:42:52 +0000 Subject: [PATCH 2/3] Add cancelled-invite html. If a invited user accepts a cancelled invitation they are directed to a page telling them the invitation is cancelled. Without this they were able to register and were added to the service. --- app/main/views/invites.py | 6 +++++- app/templates/views/cancelled-invitation.html | 14 +++++++++++++ tests/__init__.py | 4 ++-- tests/app/main/views/test_accept_invite.py | 20 ++++++++++++++++++- tests/conftest.py | 4 ++-- 5 files changed, 42 insertions(+), 6 deletions(-) create mode 100644 app/templates/views/cancelled-invitation.html diff --git a/app/main/views/invites.py b/app/main/views/invites.py index 4fce06803..d6d496fe0 100644 --- a/app/main/views/invites.py +++ b/app/main/views/invites.py @@ -2,7 +2,8 @@ from flask import ( redirect, url_for, session, - abort + abort, + render_template ) from notifications_python_client.errors import HTTPError @@ -20,6 +21,9 @@ def accept_invite(token): try: invited_user = invite_api_client.check_token(token) + if invited_user.status == 'cancelled': + return render_template('views/cancelled-invitation.html') + existing_user = user_api_client.get_user_by_email(invited_user.email_address) if existing_user: diff --git a/app/templates/views/cancelled-invitation.html b/app/templates/views/cancelled-invitation.html new file mode 100644 index 000000000..d1b78cd3c --- /dev/null +++ b/app/templates/views/cancelled-invitation.html @@ -0,0 +1,14 @@ +{% extends "withoutnav_template.html" %} +{% block page_title %}Invitation has been cancelled{% endblock %} +{% block maincolumn_content %} +
+
+

+ The invitation you were sent has been cancelled. +

+

+ The person that sent you the invitation decided that it was sent in error and has cancelled the invitation. +

+
+
+{% endblock %} diff --git a/tests/__init__.py b/tests/__init__.py index f5028b65b..a712ce968 100644 --- a/tests/__init__.py +++ b/tests/__init__.py @@ -48,12 +48,12 @@ def api_key_json(id_, name, expiry_date=None): } -def invite_json(id, from_user, service_id, email_address, permissions, created_at): +def invite_json(id, from_user, service_id, email_address, permissions, created_at, status): return {'id': id, 'from_user': from_user, 'service': service_id, 'email_address': email_address, - 'status': 'pending', + 'status': status, 'permissions': permissions, 'created_at': created_at } diff --git a/tests/app/main/views/test_accept_invite.py b/tests/app/main/views/test_accept_invite.py index 2c0d001be..8518309fc 100644 --- a/tests/app/main/views/test_accept_invite.py +++ b/tests/app/main/views/test_accept_invite.py @@ -2,6 +2,10 @@ from flask import url_for from bs4 import BeautifulSoup +import app +from tests.conftest import sample_invite as create_sample_invite +from tests.conftest import mock_check_invite_token as mock_check_token_invite + def test_existing_user_accept_invite_calls_api_and_redirects_to_dashboard(app_, service_one, @@ -58,7 +62,6 @@ def test_existing_signed_out_user_accept_invite_redirects_to_sign_in(app_, def test_new_user_accept_invite_calls_api_and_redirects_to_registration(app_, service_one, - sample_invite, mock_check_invite_token, mock_dont_get_user_by_email, mock_add_user_to_service, @@ -78,6 +81,21 @@ def test_new_user_accept_invite_calls_api_and_redirects_to_registration(app_, assert response.location == expected_redirect_location +def test_cancelled_invited_user_accepts_invited_redirect_to_cancelled_invitation(app_, + service_one, + mocker + ): + with app_.test_request_context(): + with app_.test_client() as client: + cancelled_invitation = create_sample_invite(mocker, service_one, status='cancelled') + mock_check_token_invite(mocker, cancelled_invitation) + response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken')) + + app.invite_api_client.check_token.assert_called_with('thisisnotarealtoken') + assert response.status_code == 200 + assert 'Invitation has been cancelled' in response.get_data(as_text=True) + + def test_new_user_accept_invite_completes_new_registration_redirects_to_verify(app_, service_one, sample_invite, diff --git a/tests/conftest.py b/tests/conftest.py index 2f627e5a8..cfd37f045 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -585,7 +585,7 @@ def mock_s3_upload(mocker): @pytest.fixture(scope='function') -def sample_invite(mocker, service_one): +def sample_invite(mocker, service_one, status='pending'): import datetime id = str(uuid.uuid4()) from_user = service_one['users'][0] @@ -593,7 +593,7 @@ def sample_invite(mocker, service_one): service_id = service_one['id'] permissions = 'send_messages,manage_service,manage_api_keys' created_at = str(datetime.datetime.now()) - return invite_json(id, from_user, service_id, email_address, permissions, created_at) + return invite_json(id, from_user, service_id, email_address, permissions, created_at, status) @pytest.fixture(scope='function') From 41b08b7ca1f9328d565090dfd427ba400633b8e2 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Fri, 4 Mar 2016 15:17:04 +0000 Subject: [PATCH 3/3] Added from_user name and service name for the cancelled invitation message. --- app/main/views/invites.py | 7 ++++++- app/templates/views/cancelled-invitation.html | 7 +++++-- tests/app/main/views/test_accept_invite.py | 7 +++++-- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/app/main/views/invites.py b/app/main/views/invites.py index d6d496fe0..0df0306fb 100644 --- a/app/main/views/invites.py +++ b/app/main/views/invites.py @@ -9,6 +9,7 @@ from flask import ( from notifications_python_client.errors import HTTPError from app.main import main +from app.main.dao.services_dao import get_service_by_id_or_404 from app import ( invite_api_client, user_api_client @@ -22,7 +23,11 @@ def accept_invite(token): invited_user = invite_api_client.check_token(token) if invited_user.status == 'cancelled': - return render_template('views/cancelled-invitation.html') + from_user = user_api_client.get_user(invited_user.from_user) + service = get_service_by_id_or_404(invited_user.service) + return render_template('views/cancelled-invitation.html', + from_user=from_user.name, + service_name=service['name']) existing_user = user_api_client.get_user_by_email(invited_user.email_address) diff --git a/app/templates/views/cancelled-invitation.html b/app/templates/views/cancelled-invitation.html index d1b78cd3c..1e418505f 100644 --- a/app/templates/views/cancelled-invitation.html +++ b/app/templates/views/cancelled-invitation.html @@ -4,10 +4,13 @@

- The invitation you were sent has been cancelled. + The invitation you were sent has been cancelled

- The person that sent you the invitation decided that it was sent in error and has cancelled the invitation. + {{ from_user }} decided to cancel this invitation. +

+

+ If you need access to {{ service_name }}, you’ll have to ask them to invite you again.

diff --git a/tests/app/main/views/test_accept_invite.py b/tests/app/main/views/test_accept_invite.py index 8518309fc..3a83f7578 100644 --- a/tests/app/main/views/test_accept_invite.py +++ b/tests/app/main/views/test_accept_invite.py @@ -83,7 +83,9 @@ def test_new_user_accept_invite_calls_api_and_redirects_to_registration(app_, def test_cancelled_invited_user_accepts_invited_redirect_to_cancelled_invitation(app_, service_one, - mocker + mocker, + mock_get_user, + mock_get_service ): with app_.test_request_context(): with app_.test_client() as client: @@ -93,7 +95,8 @@ def test_cancelled_invited_user_accepts_invited_redirect_to_cancelled_invitation app.invite_api_client.check_token.assert_called_with('thisisnotarealtoken') assert response.status_code == 200 - assert 'Invitation has been cancelled' in response.get_data(as_text=True) + page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') + assert page.h1.string.strip() == 'The invitation you were sent has been cancelled' def test_new_user_accept_invite_completes_new_registration_redirects_to_verify(app_,