mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-07-12 17:34:16 -04:00
make sure invite tokens still check token on admin for error handler to kick in
This commit is contained in:
@@ -440,7 +440,7 @@ def useful_headers_after_request(response):
|
||||
return response
|
||||
|
||||
|
||||
def register_errorhandlers(application):
|
||||
def register_errorhandlers(application): # noqa (C901 too complex)
|
||||
def _error_response(error_code):
|
||||
application.logger.exception('Admin app errored with %s', error_code)
|
||||
resp = make_response(render_template("error/{0}.html".format(error_code)), error_code)
|
||||
|
||||
@@ -4,24 +4,29 @@ from flask import (
|
||||
session,
|
||||
flash,
|
||||
render_template,
|
||||
abort
|
||||
abort,
|
||||
current_app
|
||||
)
|
||||
from markupsafe import Markup
|
||||
from notifications_utils.url_safe_token import check_token
|
||||
from flask_login import current_user
|
||||
|
||||
from app.main import main
|
||||
|
||||
from app import (
|
||||
invite_api_client,
|
||||
user_api_client,
|
||||
service_api_client
|
||||
)
|
||||
|
||||
from flask_login import current_user
|
||||
|
||||
|
||||
@main.route("/invitation/<token>")
|
||||
def accept_invite(token):
|
||||
|
||||
check_token(
|
||||
token,
|
||||
current_app.config['SECRET_KEY'],
|
||||
current_app.config['DANGEROUS_SALT'],
|
||||
current_app.config['EMAIL_EXPIRY_SECONDS']
|
||||
)
|
||||
invited_user = invite_api_client.check_token(token)
|
||||
|
||||
if not current_user.is_anonymous and current_user.email_address != invited_user.email_address:
|
||||
|
||||
@@ -15,8 +15,8 @@ def test_bad_url_returns_page_not_found(client):
|
||||
'/user-profile/email/confirm/MALFORMED_TOKEN',
|
||||
'/verify-email/MALFORMED_TOKEN'
|
||||
])
|
||||
def test_malformed_token_returns_page_not_found(client, url):
|
||||
response = client.get(url)
|
||||
def test_malformed_token_returns_page_not_found(logged_in_client, url):
|
||||
response = logged_in_client.get(url)
|
||||
|
||||
assert response.status_code == 404
|
||||
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
|
||||
|
||||
@@ -13,14 +13,14 @@ def test_existing_user_accept_invite_calls_api_and_redirects_to_dashboard(
|
||||
client,
|
||||
service_one,
|
||||
api_user_active,
|
||||
sample_invite,
|
||||
mock_get_service,
|
||||
mock_check_invite_token,
|
||||
mock_get_user_by_email,
|
||||
mock_get_users_by_service,
|
||||
mock_accept_invite,
|
||||
mock_add_user_to_service,
|
||||
mocker,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
|
||||
expected_service = service_one['id']
|
||||
expected_redirect_location = 'http://localhost/services/{}/dashboard'.format(expected_service)
|
||||
@@ -47,8 +47,8 @@ def test_existing_user_with_no_permissions_accept_invite(
|
||||
mock_get_user_by_email,
|
||||
mock_get_users_by_service,
|
||||
mock_add_user_to_service,
|
||||
mock_get_service,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
|
||||
expected_service = service_one['id']
|
||||
sample_invite['permissions'] = ''
|
||||
@@ -67,6 +67,7 @@ def test_if_existing_user_accepts_twice_they_redirect_to_sign_in(
|
||||
sample_invite,
|
||||
mock_get_service,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
|
||||
sample_invite['status'] = 'accepted'
|
||||
invite = InvitedUser(**sample_invite)
|
||||
@@ -93,6 +94,7 @@ def test_existing_user_of_service_get_redirected_to_signin(
|
||||
mock_get_user_by_email,
|
||||
mock_accept_invite,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
sample_invite['email_address'] = api_user_active.email_address
|
||||
invite = InvitedUser(**sample_invite)
|
||||
mocker.patch('app.invite_api_client.check_token', return_value=invite)
|
||||
@@ -122,7 +124,9 @@ def test_existing_signed_out_user_accept_invite_redirects_to_sign_in(
|
||||
mock_add_user_to_service,
|
||||
mock_accept_invite,
|
||||
mock_get_service,
|
||||
mocker,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
|
||||
expected_service = service_one['id']
|
||||
expected_permissions = ['send_messages', 'manage_service', 'manage_api_keys']
|
||||
@@ -153,7 +157,9 @@ def test_new_user_accept_invite_calls_api_and_redirects_to_registration(
|
||||
mock_add_user_to_service,
|
||||
mock_get_users_by_service,
|
||||
mock_get_service,
|
||||
mocker,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
|
||||
expected_redirect_location = 'http://localhost/register-from-invite'
|
||||
|
||||
@@ -174,7 +180,9 @@ def test_new_user_accept_invite_calls_api_and_views_registration_page(
|
||||
mock_add_user_to_service,
|
||||
mock_get_users_by_service,
|
||||
mock_get_service,
|
||||
mocker,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
|
||||
response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken'), follow_redirects=True)
|
||||
|
||||
@@ -209,6 +217,7 @@ def test_cancelled_invited_user_accepts_invited_redirect_to_cancelled_invitation
|
||||
mock_get_user,
|
||||
mock_get_service,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
cancelled_invitation = create_sample_invite(mocker, service_one, status='cancelled')
|
||||
mock_check_token_invite(mocker, cancelled_invitation)
|
||||
response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken'))
|
||||
@@ -233,7 +242,9 @@ def test_new_user_accept_invite_completes_new_registration_redirects_to_verify(
|
||||
mock_get_users_by_service,
|
||||
mock_add_user_to_service,
|
||||
mock_get_service,
|
||||
mocker,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
|
||||
expected_service = service_one['id']
|
||||
expected_email = sample_invite['email_address']
|
||||
@@ -282,6 +293,7 @@ def test_signed_in_existing_user_cannot_use_anothers_invite(
|
||||
mock_accept_invite,
|
||||
mock_get_service,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
invite = InvitedUser(**sample_invite)
|
||||
mocker.patch('app.invite_api_client.check_token', return_value=invite)
|
||||
mocker.patch('app.user_api_client.get_users_for_service', return_value=[api_user_active])
|
||||
@@ -322,7 +334,9 @@ def test_new_invited_user_verifies_and_added_to_service(
|
||||
mock_get_users_by_service,
|
||||
mock_get_detailed_service,
|
||||
mock_get_usage,
|
||||
mocker,
|
||||
):
|
||||
mocker.patch('app.main.views.invites.check_token')
|
||||
|
||||
# visit accept token page
|
||||
response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken'))
|
||||
|
||||
Reference in New Issue
Block a user