fix logged in user not having auth type set from invite

2026-06-23 08:49:46 -04:00 · 2017-11-15 14:59:03 +00:00
parent 3bb083bc89
commit ab4504f517
2 changed files with 32 additions and 2 deletions
--- a/app/main/views/invites.py
+++ b/app/main/views/invites.py
@@ -72,6 +72,8 @@ def accept_invite(token):
        if existing_user in service_users:
            return redirect(url_for('main.service_dashboard', service_id=invited_user.service))
        else:
+            if invited_user.auth_type != existing_user.auth_type:
+                user_api_client.update_user_attribute(existing_user.id, auth_type=invited_user.auth_type)
            user_api_client.add_user_to_service(invited_user.service,
                                                existing_user.id,
                                                invited_user.permissions)
--- a/tests/app/main/views/test_accept_invite.py
+++ b/tests/app/main/views/test_accept_invite.py
@@ -24,7 +24,6 @@ def test_existing_user_accept_invite_calls_api_and_redirects_to_dashboard(
    mocker.patch('app.main.views.invites.check_token')

    expected_service = service_one['id']
-    expected_redirect_location = 'http://localhost/services/{}/dashboard'.format(expected_service)
    expected_permissions = ['send_messages', 'manage_service', 'manage_api_keys']

    response = client.get(url_for('main.accept_invite', token='thisisnotarealtoken'))
@@ -35,7 +34,7 @@ def test_existing_user_accept_invite_calls_api_and_redirects_to_dashboard(
    mock_add_user_to_service.assert_called_with(expected_service, api_user_active.id, expected_permissions)

    assert response.status_code == 302
-    assert response.location == expected_redirect_location
+    assert response.location == url_for('main.service_dashboard', service_id=expected_service, _external=True)


 def test_existing_user_with_no_permissions_accept_invite(
@@ -396,3 +395,32 @@ def test_gives_message_if_token_has_expired(
    assert response.status_code == 400
    assert 'Your invitation to GOV.UK Notify has expired' in page.find('h1').text
    assert not mock_check_invite_token.called
+
+
+def test_existing_user_accept_sets_email_auth(
+    client_request,
+    api_user_active,
+    service_one,
+    sample_invite,
+    mock_get_user_by_email,
+    mock_get_users_by_service,
+    mock_accept_invite,
+    mock_update_user_attribute,
+    mock_add_user_to_service,
+    mocker
+):
+    mocker.patch('app.main.views.invites.check_token')
+    sample_invite['email_address'] = api_user_active.email_address
+    sample_invite['auth_type'] = 'email_auth'
+    invited_user = InvitedUser(**sample_invite)
+    mocker.patch('app.invite_api_client.check_token', return_value=invited_user)
+
+    response = client_request.get(
+        'main.accept_invite',
+        token='thisisnotarealtoken',
+        _expected_status=302,
+        _expected_redirect=url_for('main.service_dashboard', service_id=service_one['id'], _external=True),
+    )
+
+    mock_update_user_attribute.assert_called_with(api_user_active.id, auth_type='email_auth')
+    mock_add_user_to_service.assert_called_with(ANY, api_user_active.id, ANY)