From 57e9c1d6e6f749c9e67847cd82ffafc89832af2e Mon Sep 17 00:00:00 2001 From: Pea Tyczynska Date: Tue, 10 Jul 2018 16:33:13 +0100 Subject: [PATCH] Validate against empty form submission for find_users_by_email This included: - creating a new form SearchUsersByEmailForm with validation on its search field - introducing 400 status to the view if the form does not validate - fixing the POST request data structure in the tests (it was incorrect before and uncaught due to lack of validation and mocking the response from the API. --- app/main/forms.py | 9 +++++++++ app/main/views/find_users.py | 9 ++++++--- tests/app/main/views/test_find_users.py | 18 ++++++++++++++++-- 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/app/main/forms.py b/app/main/forms.py index 826080376..2a2e3a5df 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -853,6 +853,15 @@ class SearchTemplatesForm(StripWhitespaceForm): search = SearchField('Search by name') +class SearchUsersByEmailForm(StripWhitespaceForm): + + search = SearchField('Search by name or email address', + validators=[ + DataRequired("You need to enter full or partial e-mail address to search by.") + ] + ) + + class SearchUsersForm(StripWhitespaceForm): search = SearchField('Search by name or email address') diff --git a/app/main/views/find_users.py b/app/main/views/find_users.py index 96992df19..13c98fb50 100644 --- a/app/main/views/find_users.py +++ b/app/main/views/find_users.py @@ -4,19 +4,22 @@ from flask_login import login_required from app import user_api_client from app.main import main from app.utils import user_is_platform_admin -from app.main.forms import SearchUsersForm +from app.main.forms import SearchUsersByEmailForm @main.route("/find-users-by-email", methods=['GET', 'POST']) @login_required @user_is_platform_admin def find_users_by_email(): - form = SearchUsersForm() + form = SearchUsersByEmailForm() users_found = None + status = 200 if form.validate_on_submit(): users_found = user_api_client.find_users_by_full_or_partial_email(form.search.data)['data'] + elif request.method == 'POST': + status = 400 return render_template( 'views/find-users/find-users-by-email.html', form=form, users_found=users_found - ) + ), status diff --git a/tests/app/main/views/test_find_users.py b/tests/app/main/views/test_find_users.py index eddc35557..ace7e803c 100644 --- a/tests/app/main/views/test_find_users.py +++ b/tests/app/main/views/test_find_users.py @@ -30,7 +30,7 @@ def test_find_users_by_email_displays_users_found( mock_get_user(mocker, user=platform_admin_user) client.login(platform_admin_user) mocker.patch('app.user_api_client.find_users_by_full_or_partial_email', return_value={"data": [user_json()]}, autospec=True) - response = client.post(url_for('main.find_users_by_email', data=[{"email": "twilight.sparkle"}])) + response = client.post(url_for('main.find_users_by_email'), data={"search": "twilight.sparkle"}) assert response.status_code == 200 document = html.fromstring(response.get_data(as_text=True)) @@ -44,8 +44,22 @@ def test_find_users_by_email_displays_message_if_no_users_found( mock_get_user(mocker, user=platform_admin_user) client.login(platform_admin_user) mocker.patch('app.user_api_client.find_users_by_full_or_partial_email', return_value={"data": []}, autospec=True) - response = client.post(url_for('main.find_users_by_email', data=[{"email": "twilight.sparkle"}])) + response = client.post(url_for('main.find_users_by_email'), data={"search": "twilight.sparkle"}) assert response.status_code == 200 document = html.fromstring(response.get_data(as_text=True)) assert "No users found." in document.text_content() + + +def test_find_users_by_email_validates_against_empty_search_submission( + client, + platform_admin_user, + mocker +): + mock_get_user(mocker, user=platform_admin_user) + client.login(platform_admin_user) + response = client.post(url_for('main.find_users_by_email'), data={"search": ""}) + assert response.status_code == 400 + + document = html.fromstring(response.get_data(as_text=True)) + assert "You need to enter full or partial e-mail address to search by." in document.text_content()