Validate against empty form submission for find_users_by_email

This included: - creating a new form SearchUsersByEmailForm with validation on its search field - introducing 400 status to the view if the form does not validate - fixing the POST request data structure in the tests (it was incorrect before and uncaught due to lack of validation and mocking the response from the API.
2026-06-24 01:11:15 -04:00 · 2018-07-10 16:33:13 +01:00
parent d1a05e2ec5
commit 57e9c1d6e6
3 changed files with 31 additions and 5 deletions
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -853,6 +853,15 @@ class SearchTemplatesForm(StripWhitespaceForm):
    search = SearchField('Search by name')


+class SearchUsersByEmailForm(StripWhitespaceForm):
+
+    search = SearchField('Search by name or email address',
+        validators=[
+            DataRequired("You need to enter full or partial e-mail address to search by.")
+        ]
+    )
+
+
 class SearchUsersForm(StripWhitespaceForm):

    search = SearchField('Search by name or email address')
--- a/app/main/views/find_users.py
+++ b/app/main/views/find_users.py
@@ -4,19 +4,22 @@ from flask_login import login_required
 from app import user_api_client
 from app.main import main
 from app.utils import user_is_platform_admin
-from app.main.forms import SearchUsersForm
+from app.main.forms import SearchUsersByEmailForm


@main.route("/find-users-by-email", methods=['GET', 'POST'])
@login_required
@user_is_platform_admin
 def find_users_by_email():
-    form = SearchUsersForm()
+    form = SearchUsersByEmailForm()
    users_found = None
+    status = 200
    if form.validate_on_submit():
        users_found = user_api_client.find_users_by_full_or_partial_email(form.search.data)['data']
+    elif request.method == 'POST':
+        status = 400
    return render_template(
        'views/find-users/find-users-by-email.html',
        form=form,
        users_found=users_found
-    )
+    ), status
--- a/tests/app/main/views/test_find_users.py
+++ b/tests/app/main/views/test_find_users.py
@@ -30,7 +30,7 @@ def test_find_users_by_email_displays_users_found(
    mock_get_user(mocker, user=platform_admin_user)
    client.login(platform_admin_user)
    mocker.patch('app.user_api_client.find_users_by_full_or_partial_email', return_value={"data": [user_json()]}, autospec=True)
-    response = client.post(url_for('main.find_users_by_email', data=[{"email": "twilight.sparkle"}]))
+    response = client.post(url_for('main.find_users_by_email'), data={"search": "twilight.sparkle"})
    assert response.status_code == 200

    document = html.fromstring(response.get_data(as_text=True))
@@ -44,8 +44,22 @@ def test_find_users_by_email_displays_message_if_no_users_found(
    mock_get_user(mocker, user=platform_admin_user)
    client.login(platform_admin_user)
    mocker.patch('app.user_api_client.find_users_by_full_or_partial_email', return_value={"data": []}, autospec=True)
-    response = client.post(url_for('main.find_users_by_email', data=[{"email": "twilight.sparkle"}]))
+    response = client.post(url_for('main.find_users_by_email'), data={"search": "twilight.sparkle"})
    assert response.status_code == 200

    document = html.fromstring(response.get_data(as_text=True))
    assert "No users found." in document.text_content()
+
+
+def test_find_users_by_email_validates_against_empty_search_submission(
+        client,
+        platform_admin_user,
+        mocker
+):
+    mock_get_user(mocker, user=platform_admin_user)
+    client.login(platform_admin_user)
+    response = client.post(url_for('main.find_users_by_email'), data={"search": ""})
+    assert response.status_code == 400
+
+    document = html.fromstring(response.get_data(as_text=True))
+    assert "You need to enter full or partial e-mail address to search by." in document.text_content()