108536490: Implement LoginManager for the admin app.

Also added csrf error handler, will make the session unauthorized if the csrf token is invalid.
2026-05-05 16:38:59 -04:00 · 2015-11-30 11:21:51 +00:00
parent 48b7a7dc37
commit 6f61906fd4
6 changed files with 87 additions and 59 deletions
--- a/tests/app/main/dao/test_users_dao.py
+++ b/tests/app/main/dao/test_users_dao.py
@@ -3,17 +3,17 @@ from datetime import datetime
 import pytest
 import sqlalchemy

-from app.models import Users
+from app.models import User
 from app.main.dao import users_dao


 def test_insert_user_should_add_user(notifications_admin, notifications_admin_db):
-    user = Users(name='test insert',
-                 password='somepassword',
-                 email_address='test@insert.gov.uk',
-                 mobile_number='+441234123412',
-                 created_at=datetime.now(),
-                 role_id=1)
+    user = User(name='test insert',
+                password='somepassword',
+                email_address='test@insert.gov.uk',
+                mobile_number='+441234123412',
+                created_at=datetime.now(),
+                role_id=1)

    users_dao.insert_user(user)
    saved_user = users_dao.get_user_by_id(user.id)
@@ -21,24 +21,24 @@ def test_insert_user_should_add_user(notifications_admin, notifications_admin_db


 def test_insert_user_with_role_that_does_not_exist_fails(notifications_admin, notifications_admin_db):
-    user = Users(name='role does not exist',
-                 password='somepassword',
-                 email_address='test@insert.gov.uk',
-                 mobile_number='+441234123412',
-                 created_at=datetime.now(),
-                 role_id=100)
+    user = User(name='role does not exist',
+                password='somepassword',
+                email_address='test@insert.gov.uk',
+                mobile_number='+441234123412',
+                created_at=datetime.now(),
+                role_id=100)
    with pytest.raises(sqlalchemy.exc.IntegrityError) as error:
        users_dao.insert_user(user)
    assert 'insert or update on table "users" violates foreign key constraint "users_role_id_fkey"' in str(error.value)


 def test_get_user_by_email(notifications_admin, notifications_admin_db):
-    user = Users(name='test_get_by_email',
-                 password='somepassword',
-                 email_address='email@example.gov.uk',
-                 mobile_number='+441234153412',
-                 created_at=datetime.now(),
-                 role_id=1)
+    user = User(name='test_get_by_email',
+                password='somepassword',
+                email_address='email@example.gov.uk',
+                mobile_number='+441234153412',
+                created_at=datetime.now(),
+                role_id=1)

    users_dao.insert_user(user)
    retrieved = users_dao.get_user_by_email(user.email_address)
@@ -46,24 +46,24 @@ def test_get_user_by_email(notifications_admin, notifications_admin_db):


 def test_get_all_users_returns_all_users(notifications_admin, notifications_admin_db):
-    user1 = Users(name='test one',
-                  password='somepassword',
-                  email_address='test1@get_all.gov.uk',
-                  mobile_number='+441234123412',
-                  created_at=datetime.now(),
-                  role_id=1)
-    user2 = Users(name='test two',
-                  password='some2ndpassword',
-                  email_address='test2@get_all.gov.uk',
-                  mobile_number='+441234123412',
-                  created_at=datetime.now(),
-                  role_id=1)
-    user3 = Users(name='test three',
-                  password='some2ndpassword',
-                  email_address='test2@get_all.gov.uk',
-                  mobile_number='+441234123412',
-                  created_at=datetime.now(),
-                  role_id=1)
+    user1 = User(name='test one',
+                 password='somepassword',
+                 email_address='test1@get_all.gov.uk',
+                 mobile_number='+441234123412',
+                 created_at=datetime.now(),
+                 role_id=1)
+    user2 = User(name='test two',
+                 password='some2ndpassword',
+                 email_address='test2@get_all.gov.uk',
+                 mobile_number='+441234123412',
+                 created_at=datetime.now(),
+                 role_id=1)
+    user3 = User(name='test three',
+                 password='some2ndpassword',
+                 email_address='test2@get_all.gov.uk',
+                 mobile_number='+441234123412',
+                 created_at=datetime.now(),
+                 role_id=1)

    users_dao.insert_user(user1)
    users_dao.insert_user(user2)
--- a/tests/app/main/views/test_sign_in.py
+++ b/tests/app/main/views/test_sign_in.py
@@ -1,7 +1,7 @@
 from datetime import datetime

 from app.main.dao import users_dao
-from app.models import Users
+from app.models import User


 def test_render_sign_in_returns_sign_in_template(notifications_admin):
@@ -14,12 +14,12 @@ def test_render_sign_in_returns_sign_in_template(notifications_admin):


 def test_process_sign_in_return_2fa_template(notifications_admin, notifications_admin_db):
-    user = Users(email_address='valid@example.gov.uk',
-                 password='val1dPassw0rd!',
-                 mobile_number='+441234123123',
-                 name='valid',
-                 created_at=datetime.now(),
-                 role_id=1)
+    user = User(email_address='valid@example.gov.uk',
+                password='val1dPassw0rd!',
+                mobile_number='+441234123123',
+                name='valid',
+                created_at=datetime.now(),
+                role_id=1)
    users_dao.insert_user(user)
    response = notifications_admin.test_client().post('/sign-in',
                                                      data={'email_address': 'valid@example.gov.uk',