108536490: Initial effort to implement log in

Add endpoint for post to /sign-in Initialise role data
2026-05-27 09:29:22 -04:00 · 2015-11-27 09:47:29 +00:00
parent 4d2b9c7fc2
commit 7f96ef5a25
17 changed files with 183 additions and 56 deletions
--- a/app/main/init.py
+++ b/app/main/init.py
@@ -3,4 +3,4 @@ from flask import Blueprint
 main = Blueprint('main', __name__)


-from app.main.views import index
+from app.main.views import index, sign_in
--- a/app/main/dao/users_dao.py
+++ b/app/main/dao/users_dao.py
@@ -1,8 +1,10 @@
 from app import db
 from app.models import Users
+from app.main.encryption import encrypt


 def insert_user(user):
+    user.password = encrypt(user.password)
    db.session.add(user)
    db.session.commit()

@@ -13,3 +15,7 @@ def get_user_by_id(id):

 def get_all_users():
    return Users.query.all()
+
+
+def get_user_by_email(email_address):
+    return Users.query.filter_by(email_address=email_address).first()
--- a/app/main/encryption.py
+++ b/app/main/encryption.py
@@ -0,0 +1,7 @@
+import hashlib
+from flask import current_app
+
+
+def encrypt(value):
+    key = current_app.config['SECRET_KEY']
+    return hashlib.sha256((key + value).encode('UTF-8')).hexdigest()
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -0,0 +1,14 @@
+from flask_wtf import Form
+from wtforms import StringField, PasswordField
+from wtforms.validators import DataRequired, Email, Length
+
+
+class LoginForm(Form):
+    email_address = StringField('Email address', validators=[
+        Length(255),
+        DataRequired(message='Email cannot be empty'),
+        Email(message='Please enter a valid email address')
+    ])
+    password = PasswordField('Password', validators=[
+        DataRequired(message='Please enter your password')
+    ])
--- a/app/main/views/index.py
+++ b/app/main/views/index.py
@@ -43,11 +43,6 @@ def dashboard():
    return render_template('dashboard.html')


-@main.route("/sign-in")
-def signin():
-    return render_template('signin.html')
-
-
@main.route("/add-service")
 def addservice():
    return render_template('add-service.html')
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -0,0 +1,43 @@
+from datetime import datetime
+
+from flask import render_template, redirect, url_for, jsonify
+from flask_login import login_user
+
+from app.main import main
+from app.main.forms import LoginForm
+from app.main.dao import users_dao
+from app.models import Users
+from app.main.encryption import encrypt
+
+
+@main.route("/sign-in", methods=(['GET']))
+def render_sign_in():
+    return render_template('signin.html', form=LoginForm())
+
+
+@main.route('/sign-in', methods=(['POST']))
+def process_sign_in():
+    form = LoginForm()
+    if form.validate_on_submit():
+        user = users_dao.get_user_by_email(form.email_address)
+        if user is None:
+            return jsonify(authorization=False), 404
+        if user.password == encrypt(form.password):
+            login_user(user)
+        else:
+            return jsonify(authorization=False), 404
+
+    return redirect('/two-factor')
+
+
+@main.route('/create_user', methods=(['POST']))
+def create_user_for_test():
+    form = LoginForm()
+    user = Users(email_address=form.email_address,
+                 name=form.email_address,
+                 password=form.password,
+                 created_at=datetime.now(),
+                 role_id=1)
+    users_dao.insert_user(user)
+
+    return 'created'
--- a/app/templates/signin.html
+++ b/app/templates/signin.html
@@ -1,7 +1,7 @@
 {% extends "admin_template.html" %}

 {% block page_title %}
-Hello world!
+Sign in
 {% endblock %}

 {% block content %}
@@ -12,19 +12,24 @@ Hello world!

 		<p>If you do not have an account, you can <a href="register">register</a>.</p>

-  		<p>
-  		<label class="form-label" for="email">Email address</label>
-  		<input class="form-control-2-3" id="email" type="text"><br>
-  		</p>
-  		<p>
-  		<label class="form-label" for="password">Password</label>
-  		<input class="form-control-1-4" id="password" type="password"><br>
-  		<span class="font-xsmall"><a href="forgot-password">Forgotten password?</a></span>
-  		</p>
+		<form autocomplete="off" action="" method="post">

-  		<p>
-  		<a class="button" href="two-factor" role="button">Continue</a>
-  		</p>
+			<p>
+			<label class="form-label">Email address</label>
+			{{ form.email_address(class="form-control-2-3", autocomplete="off") }} <br>
+			</p>
+			<p>
+			<label class="form-label">Password</label>
+				 {{ form.password(class="form-control-1-4", autocomplete="off") }} <br>
+			</p>
+			<p>
+			<span class="font-xsmall"><a href="">Forgotten password?</a></span>
+			</p>
+
+			<p>
+			<a class="button" href="two-factor" role="button">Continue</a>
+			</p>
+		</form>
 	</div>
 </div>

--- a/config.py
+++ b/config.py
@@ -9,6 +9,7 @@ class Config(object):
    SQLALCHEMY_RECORD_QUERIES = True
    SQLALCHEMY_DATABASE_URI = 'postgresql://localhost/notifications_admin'
    MAX_FAILED_LOGIN_COUNT = 10
+    SECRET_KEY = 'secret-key-unique-changeme'


 class Development(Config):
--- a/migrations/versions/20_initialise_data.py
+++ b/migrations/versions/20_initialise_data.py
@@ -0,0 +1,16 @@
+# revision identifiers, used by Alembic.
+revision = '20_initialise_data'
+down_revision = None
+
+from alembic import op
+
+def upgrade():
+    op.bulk_insert('roles',
+                   [
+                       {'role': 'plaform_admin'},
+                       {'role': 'service_user'}
+                   ])
+
+def downgrade():
+    op.drop_table('users')
+    op.drop_table('roles')
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,3 +6,5 @@ Flask-SQLAlchemy==2.0
 psycopg2==2.6.1
 SQLAlchemy==1.0.5
 SQLAlchemy-Utils==0.30.5
+Flask-WTF==0.11
+Flask-Login==0.2.11
--- a/tests/app/main/dao/test_get_all_users.py
+++ b/tests/app/main/dao/test_get_all_users.py
@@ -1,32 +0,0 @@
-from datetime import datetime
-
-from app.main.dao import users_dao
-from app.models import Users
-
-
-def test_get_all_users_returns_all_users(notifications_admin, notifications_admin_db):
-    user1 = Users(name='test one',
-                  password='somepassword',
-                  email_address='test1@get_all.gov.uk',
-                  mobile_number='+441234123412',
-                  created_at=datetime.now(),
-                  role_id=1)
-    user2 = Users(name='test two',
-                  password='some2ndpassword',
-                  email_address='test2@get_all.gov.uk',
-                  mobile_number='+441234123412',
-                  created_at=datetime.now(),
-                  role_id=1)
-    user3 = Users(name='test three',
-                  password='some2ndpassword',
-                  email_address='test2@get_all.gov.uk',
-                  mobile_number='+441234123412',
-                  created_at=datetime.now(),
-                  role_id=1)
-
-    users_dao.insert_user(user1)
-    users_dao.insert_user(user2)
-    users_dao.insert_user(user3)
-    users = users_dao.get_all_users()
-    assert len(users) == 3
-    assert users == [user1, user2, user3]
--- a/tests/app/main/dao/test_roles_dao.py
+++ b/tests/app/main/dao/test_roles_dao.py
@@ -13,9 +13,12 @@ def test_insert_role_should_be_able_to_get_role(notifications_admin, notificatio
    assert saved_role == role


-def test_insert_role_will_throw_error_if_role_already_exists():
+def test_insert_role_will_throw_error_if_role_already_exists(notifications_admin, notifications_admin_db):
+    role1 = roles_dao.get_role_by_id(1)
+    assert role1.id == 1
+
    role = Roles(id=1, role='cannot create a duplicate')

-    with pytest.raises(sqlalchemy.exc.IntegrityError) as error:
+    with pytest.raises(sqlalchemy.orm.exc.FlushError) as error:
        roles_dao.insert_role(role)
-    assert 'duplicate key value violates unique constraint "roles_pkey"' in str(error.value)
+    assert 'conflicts with persistent instance' in str(error.value)
--- a/tests/app/main/dao/test_users_dao.py
+++ b/tests/app/main/dao/test_users_dao.py
@@ -30,3 +30,44 @@ def test_insert_user_with_role_that_does_not_exist_fails(notifications_admin, no
    with pytest.raises(sqlalchemy.exc.IntegrityError) as error:
        users_dao.insert_user(user)
    assert 'insert or update on table "users" violates foreign key constraint "users_role_id_fkey"' in str(error.value)
+
+
+def test_get_user_by_email(notifications_admin, notifications_admin_db):
+    user = Users(name='test_get_by_email',
+                 password='somepassword',
+                 email_address='email@example.gov.uk',
+                 mobile_number='+441234153412',
+                 created_at=datetime.now(),
+                 role_id=1)
+
+    users_dao.insert_user(user)
+    retrieved = users_dao.get_user_by_email(user.email_address)
+    assert retrieved == user
+
+
+def test_get_all_users_returns_all_users(notifications_admin, notifications_admin_db):
+    user1 = Users(name='test one',
+                  password='somepassword',
+                  email_address='test1@get_all.gov.uk',
+                  mobile_number='+441234123412',
+                  created_at=datetime.now(),
+                  role_id=1)
+    user2 = Users(name='test two',
+                  password='some2ndpassword',
+                  email_address='test2@get_all.gov.uk',
+                  mobile_number='+441234123412',
+                  created_at=datetime.now(),
+                  role_id=1)
+    user3 = Users(name='test three',
+                  password='some2ndpassword',
+                  email_address='test2@get_all.gov.uk',
+                  mobile_number='+441234123412',
+                  created_at=datetime.now(),
+                  role_id=1)
+
+    users_dao.insert_user(user1)
+    users_dao.insert_user(user2)
+    users_dao.insert_user(user3)
+    users = users_dao.get_all_users()
+    assert len(users) == 3
+    assert users == [user1, user2, user3]
--- a/tests/app/main/test_encyption.py
+++ b/tests/app/main/test_encyption.py
@@ -0,0 +1,9 @@
+from app.main import encryption
+
+
+def test_encryption(notifications_admin):
+    value = 's3curePassword!'
+
+    encrypted = encryption.encrypt(value)
+
+    assert encrypted == encryption.encrypt(value)
--- a/tests/app/main/views/init.py
+++ b/tests/app/main/views/init.py
--- a/tests/app/main/views/test_sign_in.py
+++ b/tests/app/main/views/test_sign_in.py
@@ -0,0 +1,17 @@
+
+
+def test_render_sign_in_returns_sign_in_template(notifications_admin):
+    response = notifications_admin.test_client().get('/sign-in')
+    assert response.status_code == 200
+    assert 'Sign in' in response.get_data(as_text=True)
+    assert 'Email address' in response.get_data(as_text=True)
+    assert 'Password' in response.get_data(as_text=True)
+    assert 'Forgotten password?' in response.get_data(as_text=True)
+
+
+def test_process_sign_in_return_2fa_template(notifications_admin):
+    response = notifications_admin.test_client().post('/sign-in',
+                                                      data={'email_address': 'valid@example.gov.uk',
+                                                            'password': 'val1dPassw0rd!'})
+    assert response.status_code == 302
+    assert response.location == 'http://localhost/two-factor'
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -5,7 +5,7 @@ from app import create_app, db
 from app.models import Roles


-@pytest.fixture(scope='module')
+@pytest.fixture(scope='function')
 def notifications_admin(request):
    app = create_app('test')
    ctx = app.app_context()
@@ -18,7 +18,7 @@ def notifications_admin(request):
    return app


-@pytest.fixture(scope='module')
+@pytest.fixture(scope='function')
 def notifications_admin_db(notifications_admin, request):
    metadata = MetaData(db.engine)
    metadata.reflect()