From 9eab8a726f5ede53c003da2bb79ad69934e1b4b0 Mon Sep 17 00:00:00 2001 From: Imdad Ahad Date: Fri, 9 Sep 2016 15:22:56 +0100 Subject: [PATCH] - Add test to check that two-factor auth activates a user as expected - Ensure DB user activation statusupdate only executed when required - Fix test_should_activate_user_after_verify --- app/main/views/two_factor.py | 1 + app/notify_client/user_api_client.py | 7 +++++-- tests/app/main/views/test_two_factor.py | 21 +++++++++++++++++++++ tests/app/main/views/test_verify.py | 7 ++++--- 4 files changed, 31 insertions(+), 5 deletions(-) diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py index 72359ecb8..81cb0ef20 100644 --- a/app/main/views/two_factor.py +++ b/app/main/views/two_factor.py @@ -26,6 +26,7 @@ def two_factor(): if form.validate_on_submit(): try: user = user_api_client.get_user(user_id) + services = service_api_client.get_services({'user_id': str(user_id)}).get('data', []) # Check if coming from new password page if 'password' in session['user_details']: diff --git a/app/notify_client/user_api_client.py b/app/notify_client/user_api_client.py index 8c43f2eeb..5bd534869 100644 --- a/app/notify_client/user_api_client.py +++ b/app/notify_client/user_api_client.py @@ -124,5 +124,8 @@ class UserApiClient(BaseAPIClient): return True def activate_user(self, user): - user.state = 'active' - return self.update_user(user) + if user.state == 'pending': + user.state = 'active' + return self.update_user(user) + else: + return user diff --git a/tests/app/main/views/test_two_factor.py b/tests/app/main/views/test_two_factor.py index cf234483f..2a5421cf0 100644 --- a/tests/app/main/views/test_two_factor.py +++ b/tests/app/main/views/test_two_factor.py @@ -222,3 +222,24 @@ def test_two_factor_should_redirect_to_sign_in_if_user_not_in_session(app_, data={'sms_code': '12345'}) assert response.status_code == 302 assert response.location == url_for('main.sign_in', _external=True) + + +def test_two_factor_should_activate_pending_user(app_, + mocker, + api_user_pending, + mock_check_verify_code, + mock_update_user + ): + mocker.patch('app.user_api_client.get_user', return_value=api_user_pending) + mocker.patch('app.service_api_client.get_services', return_value={'data': []}) + with app_.test_request_context(): + with app_.test_client() as client: + with client.session_transaction() as session: + session['user_details'] = { + 'id': api_user_pending.id, + 'email_address': api_user_pending.email_address + } + client.post(url_for('main.two_factor'), data={'sms_code': '12345'}) + + assert mock_update_user.called + assert api_user_pending.is_active diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py index 4aaab069b..97f2d4da8 100644 --- a/tests/app/main/views/test_verify.py +++ b/tests/app/main/views/test_verify.py @@ -39,15 +39,16 @@ def test_should_redirect_to_add_service_when_sms_code_is_correct(app_, def test_should_activate_user_after_verify(app_, - api_user_active, - mock_get_user, + mocker, + api_user_pending, mock_send_verify_code, mock_check_verify_code, mock_update_user): + mocker.patch('app.user_api_client.get_user', return_value=api_user_pending) with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: - session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id} + session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id} client.post(url_for('main.verify'), data={'sms_code': '12345'}) assert mock_update_user.called