Make sure caseworking users clear their invite

There was a bug where caseworking users skipped the part of the invite
flow where their invite was cleared from the session. This caused
a 500 if they later tried to create another service.

This commit makes sure that both types of user have the invite cleared
from the session after accepting it.
This commit is contained in:
Chris Hill-Scott
2018-07-05 11:45:09 +01:00
parent 9da9e85293
commit b21c0da683
4 changed files with 98 additions and 9 deletions

View File

@@ -62,13 +62,13 @@ def old_service_dashboard(service_id):
@user_has_permissions('view_activity', 'send_messages')
def service_dashboard(service_id):
if not current_user.has_permissions('view_activity'):
return redirect(url_for('main.choose_template', service_id=service_id))
if session.get('invited_user'):
session.pop('invited_user', None)
session['service_id'] = service_id
if not current_user.has_permissions('view_activity'):
return redirect(url_for('main.choose_template', service_id=service_id))
return render_template(
'views/dashboard/dashboard.html',
updates_url=url_for(".service_dashboard_updates", service_id=service_id),

View File

@@ -3,12 +3,11 @@ import functools
import pytest
from flask import url_for
from tests.conftest import client_request as client_request_factory
@pytest.fixture
def get_service_settings_page(
logged_in_platform_admin_client,
client_request,
platform_admin_user,
service_one,
mock_get_inbound_number_for_service,
mock_get_letter_email_branding,
@@ -18,8 +17,8 @@ def get_service_settings_page(
no_letter_contact_blocks,
single_sms_sender,
):
platform_admin_request = client_request_factory(logged_in_platform_admin_client)
return functools.partial(platform_admin_request.get, 'main.service_settings', service_id=service_one['id'])
client_request.login(platform_admin_user)
return functools.partial(client_request.get, 'main.service_settings', service_id=service_one['id'])
@pytest.mark.parametrize('service_fields, endpoint, kwargs, text', [

View File

@@ -1,11 +1,17 @@
from unittest.mock import ANY, Mock
import pytest
from bs4 import BeautifulSoup
from flask import url_for
from notifications_python_client.errors import HTTPError
import app
from app.notify_client.models import InvitedUser
from tests.conftest import (
SERVICE_ONE_ID,
active_caseworking_user,
active_user_with_permissions,
)
from tests.conftest import mock_check_invite_token as mock_check_token_invite
from tests.conftest import normalize_spaces
from tests.conftest import sample_invite as create_sample_invite
@@ -82,6 +88,81 @@ def test_if_existing_user_accepts_twice_they_redirect_to_sign_in(
)
def test_invite_goes_in_session(
client_request,
mocker,
sample_invite,
mock_get_service,
api_user_active,
mock_check_invite_token,
mock_get_user_by_email,
mock_get_users_by_service,
mock_add_user_to_service,
mock_accept_invite,
):
invite = InvitedUser(**sample_invite)
invite.email_address = 'test@user.gov.uk'
mocker.patch('app.invite_api_client.check_token', return_value=invite)
client_request.get(
'main.accept_invite',
token='thisisnotarealtoken',
_expected_status=302,
_expected_redirect=url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True,
),
_follow_redirects=False,
)
with client_request.session_transaction() as session:
assert session['invited_user']['email_address'] == invite.email_address
@pytest.mark.parametrize('user, landing_page_title', [
(active_user_with_permissions, 'Dashboard'),
(active_caseworking_user, 'Choose a template'),
])
def test_accepting_invite_removes_invite_from_session(
client_request,
mocker,
sample_invite,
mock_get_service,
service_one,
mock_check_invite_token,
mock_get_user_by_email,
mock_get_users_by_service,
mock_add_user_to_service,
mock_accept_invite,
mock_get_service_templates,
mock_get_template_statistics,
mock_get_jobs,
mock_get_service_statistics,
mock_get_usage,
mock_get_inbound_sms_summary,
fake_uuid,
user,
landing_page_title,
):
invite = InvitedUser(**sample_invite)
user = user(fake_uuid)
invite.email_address = user.email_address
mocker.patch('app.invite_api_client.check_token', return_value=invite)
client_request.login(user)
page = client_request.get(
'main.accept_invite',
token='thisisnotarealtoken',
_follow_redirects=True,
)
assert page.h1.string == landing_page_title
with client_request.session_transaction() as session:
assert 'invited_user' not in session
def test_existing_user_of_service_get_redirected_to_signin(
client,
mocker,

View File

@@ -2597,7 +2597,13 @@ def os_environ():
@pytest.fixture
def client_request(logged_in_client):
def client_request(
logged_in_client,
active_user_with_permissions,
mocker,
service_one,
fake_uuid,
):
class ClientRequest:
@staticmethod
@@ -2606,6 +2612,9 @@ def client_request(logged_in_client):
with logged_in_client.session_transaction() as session:
yield session
def login(user, service=service_one):
logged_in_client.login(user, mocker, service)
@staticmethod
def get(
endpoint,