- Add test to check that two-factor auth activates a user as expected

- Ensure DB user activation statusupdate only executed when required - Fix test_should_activate_user_after_verify
2026-05-27 09:29:22 -04:00 · 2016-09-09 15:22:56 +01:00
parent 171eec5984
commit 9eab8a726f
4 changed files with 31 additions and 5 deletions
--- a/app/main/views/two_factor.py
+++ b/app/main/views/two_factor.py
@@ -26,6 +26,7 @@ def two_factor():
    if form.validate_on_submit():
        try:
            user = user_api_client.get_user(user_id)
+
            services = service_api_client.get_services({'user_id': str(user_id)}).get('data', [])
            # Check if coming from new password page
            if 'password' in session['user_details']:
--- a/app/notify_client/user_api_client.py
+++ b/app/notify_client/user_api_client.py
@@ -124,5 +124,8 @@ class UserApiClient(BaseAPIClient):
        return True

    def activate_user(self, user):
-        user.state = 'active'
-        return self.update_user(user)
+        if user.state == 'pending':
+            user.state = 'active'
+            return self.update_user(user)
+        else:
+            return user
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -222,3 +222,24 @@ def test_two_factor_should_redirect_to_sign_in_if_user_not_in_session(app_,
                                   data={'sms_code': '12345'})
            assert response.status_code == 302
            assert response.location == url_for('main.sign_in', _external=True)
+
+
+def test_two_factor_should_activate_pending_user(app_,
+                                                 mocker,
+                                                 api_user_pending,
+                                                 mock_check_verify_code,
+                                                 mock_update_user
+                                                 ):
+    mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
+    mocker.patch('app.service_api_client.get_services', return_value={'data': []})
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            with client.session_transaction() as session:
+                session['user_details'] = {
+                    'id': api_user_pending.id,
+                    'email_address': api_user_pending.email_address
+                }
+            client.post(url_for('main.two_factor'), data={'sms_code': '12345'})
+
+            assert mock_update_user.called
+            assert api_user_pending.is_active
--- a/tests/app/main/views/test_verify.py
+++ b/tests/app/main/views/test_verify.py
@@ -39,15 +39,16 @@ def test_should_redirect_to_add_service_when_sms_code_is_correct(app_,


 def test_should_activate_user_after_verify(app_,
-                                           api_user_active,
-                                           mock_get_user,
+                                           mocker,
+                                           api_user_pending,
                                           mock_send_verify_code,
                                           mock_check_verify_code,
                                           mock_update_user):
+    mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
    with app_.test_request_context():
        with app_.test_client() as client:
            with client.session_transaction() as session:
-                session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
+                session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
            client.post(url_for('main.verify'),
                        data={'sms_code': '12345'})
            assert mock_update_user.called