diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index 532bd9500..7af9ce8ca 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -4,27 +4,15 @@ import uuid
import jwt
import requests
-from flask import (
- Response,
- abort,
- current_app,
- flash,
- redirect,
- render_template,
- request,
- session,
- url_for,
-)
+from flask import Response, current_app, redirect, render_template, request, url_for
from flask_login import current_user
-from markupsafe import Markup
from notifications_utils.url_safe_token import generate_token
from app import login_manager, user_api_client
from app.main import main
-from app.main.forms import LoginForm
from app.main.views.index import error
from app.main.views.verify import activate_user
-from app.models.user import InvitedUser, User
+from app.models.user import User
from app.utils import hide_from_search_engines
from app.utils.login import is_safe_redirect_url
from app.utils.time import is_less_than_days_ago
@@ -129,6 +117,16 @@ def verify_email(user, redirect_url):
)
+def _handle_e2e_tests(redirect_url):
+ current_app.logger.warning("E2E TESTS ARE ENABLED.")
+ current_app.logger.warning(
+ "If you are getting a 404 on signin, comment out E2E vars in .env file!"
+ )
+ user = user_api_client.get_user_by_email(os.getenv("NOTIFY_E2E_TEST_EMAIL"))
+ activate_user(user["id"])
+ return redirect(url_for("main.show_accounts_or_dashboard", next=redirect_url))
+
+
@main.route("/sign-in", methods=(["GET", "POST"]))
@hide_from_search_engines
def sign_in():
@@ -146,67 +144,60 @@ def sign_in():
redirect_url = request.args.get("next")
if os.getenv("NOTIFY_E2E_TEST_EMAIL"):
- current_app.logger.warning("E2E TESTS ARE ENABLED.")
- current_app.logger.warning(
- "If you are getting a 404 on signin, comment out E2E vars in .env file!"
- )
- user = user_api_client.get_user_by_email(os.getenv("NOTIFY_E2E_TEST_EMAIL"))
- activate_user(user["id"])
- return redirect(url_for("main.show_accounts_or_dashboard", next=redirect_url))
+ return _handle_e2e_tests(redirect_url)
- current_app.logger.info(f"current user is {current_user}")
if current_user and current_user.is_authenticated:
if redirect_url and is_safe_redirect_url(redirect_url):
return redirect(redirect_url)
return redirect(url_for("main.show_accounts_or_dashboard"))
- form = LoginForm()
- current_app.logger.info("Got the login form")
- password_reset_url = url_for(".forgot_password", next=request.args.get("next"))
+ # form = LoginForm()
+ # current_app.logger.info("Got the login form")
+ # password_reset_url = url_for(".forgot_password", next=request.args.get("next"))
- if form.validate_on_submit():
- user = User.from_email_address_and_password_or_none(
- form.email_address.data, form.password.data
- )
+ # if form.validate_on_submit():
+ # user = User.from_email_address_and_password_or_none(
+ # form.email_address.data, form.password.data
+ # )
- if user:
- # add user to session to mark us as in the process of signing the user in
- session["user_details"] = {"email": user.email_address, "id": user.id}
+ # if user:
+ # # add user to session to mark us as in the process of signing the user in
+ # session["user_details"] = {"email": user.email_address, "id": user.id}
- if user.state == "pending":
- return redirect(
- url_for("main.resend_email_verification", next=redirect_url)
- )
+ # if user.state == "pending":
+ # return redirect(
+ # url_for("main.resend_email_verification", next=redirect_url)
+ # )
- if user.is_active:
- if session.get("invited_user_id"):
- invited_user = InvitedUser.from_session()
- if user.email_address.lower() != invited_user.email_address.lower():
- flash("You cannot accept an invite for another person.")
- session.pop("invited_user_id", None)
- abort(403)
- else:
- invited_user.accept_invite()
+ # if user.is_active:
+ # if session.get("invited_user_id"):
+ # invited_user = InvitedUser.from_session()
+ # if user.email_address.lower() != invited_user.email_address.lower():
+ # flash("You cannot accept an invite for another person.")
+ # session.pop("invited_user_id", None)
+ # abort(403)
+ # else:
+ # invited_user.accept_invite()
- user.send_login_code()
+ # user.send_login_code()
- if user.sms_auth:
- return redirect(url_for(".two_factor_sms", next=redirect_url))
+ # if user.sms_auth:
+ # return redirect(url_for(".two_factor_sms", next=redirect_url))
- if user.email_auth:
- return redirect(
- url_for(".two_factor_email_sent", next=redirect_url)
- )
+ # if user.email_auth:
+ # return redirect(
+ # url_for(".two_factor_email_sent", next=redirect_url)
+ # )
- # Vague error message for login in case of user not known, locked, inactive or password not verified
- flash(
- Markup(
- (
- f"The email address or password you entered is incorrect."
- f" Forgot your password?"
- )
- )
- )
+ # # Vague error message for login in case of user not known, locked, inactive or password not verified
+ # flash(
+ # Markup(
+ # (
+ # f"The email address or password you entered is incorrect."
+ # f" Forgot your password?"
+ # )
+ # )
+ # )
other_device = current_user.logged_in_elsewhere()
@@ -222,10 +213,10 @@ def sign_in():
url = url.replace("STATE", token)
return render_template(
"views/signin.html",
- form=form,
+ # form=form,
again=bool(redirect_url),
other_device=other_device,
- password_reset_url=password_reset_url,
+ # password_reset_url=password_reset_url,
initial_signin_url=url,
)
diff --git a/poetry.lock b/poetry.lock
index 69007e3b5..d9cef6ee5 100644
--- a/poetry.lock
+++ b/poetry.lock
@@ -1278,6 +1278,7 @@ files = [
{file = "lxml-5.2.1-cp36-cp36m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c38d7b9a690b090de999835f0443d8aa93ce5f2064035dfc48f27f02b4afc3d0"},
{file = "lxml-5.2.1-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5670fb70a828663cc37552a2a85bf2ac38475572b0e9b91283dc09efb52c41d1"},
{file = "lxml-5.2.1-cp36-cp36m-manylinux_2_28_x86_64.whl", hash = "sha256:958244ad566c3ffc385f47dddde4145088a0ab893504b54b52c041987a8c1863"},
+ {file = "lxml-5.2.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:b6241d4eee5f89453307c2f2bfa03b50362052ca0af1efecf9fef9a41a22bb4f"},
{file = "lxml-5.2.1-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:2a66bf12fbd4666dd023b6f51223aed3d9f3b40fef06ce404cb75bafd3d89536"},
{file = "lxml-5.2.1-cp36-cp36m-musllinux_1_1_ppc64le.whl", hash = "sha256:9123716666e25b7b71c4e1789ec829ed18663152008b58544d95b008ed9e21e9"},
{file = "lxml-5.2.1-cp36-cp36m-musllinux_1_1_s390x.whl", hash = "sha256:0c3f67e2aeda739d1cc0b1102c9a9129f7dc83901226cc24dd72ba275ced4218"},
@@ -1594,6 +1595,7 @@ files = [
{file = "msgpack-1.0.8-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:5fbb160554e319f7b22ecf530a80a3ff496d38e8e07ae763b9e82fadfe96f273"},
{file = "msgpack-1.0.8-cp39-cp39-win32.whl", hash = "sha256:f9af38a89b6a5c04b7d18c492c8ccf2aee7048aff1ce8437c4683bb5a1df893d"},
{file = "msgpack-1.0.8-cp39-cp39-win_amd64.whl", hash = "sha256:ed59dd52075f8fc91da6053b12e8c89e37aa043f8986efd89e61fae69dc1b011"},
+ {file = "msgpack-1.0.8-py3-none-any.whl", hash = "sha256:24f727df1e20b9876fa6e95f840a2a2651e34c0ad147676356f4bf5fbb0206ca"},
{file = "msgpack-1.0.8.tar.gz", hash = "sha256:95c02b0e27e706e48d0e5426d1710ca78e0f0628d6e89d5b5a5b91a5f12274f3"},
]
diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py
index e89cb6e7b..0b0638382 100644
--- a/tests/app/main/views/test_sign_in.py
+++ b/tests/app/main/views/test_sign_in.py
@@ -134,116 +134,7 @@ def test_logged_in_user_doesnt_do_evil_redirect(client_request):
)
-@pytest.mark.parametrize(
- "redirect_url",
- [
- None,
- f"/services/{SERVICE_ONE_ID}/templates",
- ],
-)
-@pytest.mark.parametrize(
- ("email_address", "password"),
- [
- ("valid@example.gsa.gov", "val1dPassw0rd!"),
- (" valid@example.gsa.gov ", " val1dPassw0rd! "),
- ],
-)
-def test_process_sms_auth_sign_in_return_2fa_template(
- client_request,
- api_user_active,
- mock_send_verify_code,
- mock_get_user,
- mock_get_user_by_email,
- mock_verify_password,
- email_address,
- password,
- redirect_url,
-):
- client_request.logout()
- client_request.post(
- "main.sign_in",
- next=redirect_url,
- _data={
- "email_address": email_address,
- "password": password,
- },
- _expected_redirect=url_for(".two_factor_sms", next=redirect_url),
- )
- mock_verify_password.assert_called_with(api_user_active["id"], password)
- mock_get_user_by_email.assert_called_with("valid@example.gsa.gov")
-
-
-@pytest.mark.parametrize(
- "redirect_url",
- [
- None,
- f"/services/{SERVICE_ONE_ID}/templates",
- ],
-)
-def test_process_email_auth_sign_in_return_2fa_template(
- client_request,
- api_user_active_email_auth,
- mock_send_verify_code,
- mock_verify_password,
- mocker,
- redirect_url,
-):
- client_request.logout()
- mocker.patch(
- "app.user_api_client.get_user", return_value=api_user_active_email_auth
- )
- mocker.patch(
- "app.user_api_client.get_user_by_email", return_value=api_user_active_email_auth
- )
-
- client_request.post(
- "main.sign_in",
- next=redirect_url,
- _data={
- "email_address": "valid@example.gsa.gov",
- "password": "val1dPassw0rd!",
- },
- _expected_redirect=url_for(".two_factor_email_sent", next=redirect_url),
- )
-
- mock_send_verify_code.assert_called_with(
- api_user_active_email_auth["id"], "email", None, redirect_url
- )
- mock_verify_password.assert_called_with(
- api_user_active_email_auth["id"], "val1dPassw0rd!"
- )
-
-
-def test_should_return_locked_out_true_when_user_is_locked(
- client_request,
- mock_get_user_by_email_locked,
-):
- client_request.logout()
- page = client_request.post(
- "main.sign_in",
- _data={
- "email_address": "valid@example.gsa.gov",
- "password": "whatIsMyPassword!",
- },
- _expected_status=200,
- )
- assert "The email address or password you entered is incorrect" in page.text
-
-
-def test_should_return_200_when_user_does_not_exist(
- client_request,
- mock_get_user_by_email_not_found,
-):
- client_request.logout()
- page = client_request.post(
- "main.sign_in",
- _data={"email_address": "notfound@gsa.gov", "password": "doesNotExist!"},
- _expected_status=200,
- )
-
- assert "The email address or password you entered is incorrect" in page.text
-
-
+@pytest.mark.skip("TODO is this still relevant post login.gov switch?")
def test_should_return_redirect_when_user_is_pending(
client_request,
mock_get_user_by_email_pending,
@@ -273,6 +164,7 @@ def test_should_return_redirect_when_user_is_pending(
f"/services/{SERVICE_ONE_ID}/templates",
],
)
+@pytest.mark.skip("TODO is this still relevant post login.gov switch?")
def test_should_attempt_redirect_when_user_is_pending(
client_request, mock_get_user_by_email_pending, mock_verify_password, redirect_url
):
@@ -288,37 +180,7 @@ def test_should_attempt_redirect_when_user_is_pending(
)
-def test_email_address_is_treated_case_insensitively_when_signing_in_as_invited_user(
- client_request,
- mocker,
- mock_verify_password,
- api_user_active,
- sample_invite,
- mock_accept_invite,
- mock_send_verify_code,
- mock_get_invited_user_by_id,
-):
- client_request.logout()
- sample_invite["email_address"] = "TEST@user.gsa.gov"
-
- mocker.patch(
- "app.models.user.User.from_email_address_and_password_or_none",
- return_value=User(api_user_active),
- )
-
- with client_request.session_transaction() as session:
- session["invited_user_id"] = sample_invite["id"]
-
- client_request.post(
- "main.sign_in",
- _data={"email_address": "test@user.gsa.gov", "password": "val1dPassw0rd!"},
- )
-
- assert mock_accept_invite.called
- assert mock_send_verify_code.called
- mock_get_invited_user_by_id.assert_called_once_with(sample_invite["id"])
-
-
+@pytest.mark.skip("TODO move this to register and update with login.gov")
def test_when_signing_in_as_invited_user_you_cannot_accept_an_invite_for_another_email_address(
client_request,
mocker,