From 519f8f7f7d4f49e8c92a5b7c04096ffcd2ffbae1 Mon Sep 17 00:00:00 2001 From: Beverly Nguyen Date: Tue, 17 Jun 2025 15:31:58 -0700 Subject: [PATCH 1/8] redirecting users to 404 --- app/main/views/register.py | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/app/main/views/register.py b/app/main/views/register.py index d0ceb65a9..2944aa247 100644 --- a/app/main/views/register.py +++ b/app/main/views/register.py @@ -32,15 +32,7 @@ from app.utils.user import is_gov_user @main.route("/register", methods=["GET", "POST"]) @hide_from_search_engines def register(): - if current_user and current_user.is_authenticated: - return redirect(url_for("main.show_accounts_or_dashboard")) - - form = RegisterUserForm() - if form.validate_on_submit(): - _do_registration(form, send_sms=False) - return redirect(url_for("main.registration_continue")) - - return render_template("views/register.html", form=form) + abort(404) @main.route("/register-from-org-invite", methods=["GET", "POST"]) @@ -108,10 +100,7 @@ def _do_registration(form, send_sms=True, send_email=True, organization_id=None) @main.route("/registration-continue") def registration_continue(): - if not session.get("user_details"): - return redirect(url_for(".show_accounts_or_dashboard")) - else: - raise Exception("Unexpected routing in registration_continue") + abort(404) def get_invite_data_from_redis(state): From c2cda680594e9dc7725aaf617442f90c3587644e Mon Sep 17 00:00:00 2001 From: Beverly Nguyen Date: Tue, 17 Jun 2025 15:47:16 -0700 Subject: [PATCH 2/8] flake8 --- app/main/views/register.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/app/main/views/register.py b/app/main/views/register.py index 2944aa247..0daa6dbc5 100644 --- a/app/main/views/register.py +++ b/app/main/views/register.py @@ -13,12 +13,9 @@ from flask import ( session, url_for, ) -from flask_login import current_user - from app import redis_client, user_api_client from app.main import main from app.main.forms import ( - RegisterUserForm, RegisterUserFromOrgInviteForm, SetupUserProfileForm, ) From 17ec28513032b14cf51eb610e1dd52a55209e4f7 Mon Sep 17 00:00:00 2001 From: Beverly Nguyen Date: Tue, 17 Jun 2025 17:44:44 -0700 Subject: [PATCH 3/8] isort --- app/main/views/register.py | 1 + 1 file changed, 1 insertion(+) diff --git a/app/main/views/register.py b/app/main/views/register.py index 0daa6dbc5..14858d3ec 100644 --- a/app/main/views/register.py +++ b/app/main/views/register.py @@ -13,6 +13,7 @@ from flask import ( session, url_for, ) + from app import redis_client, user_api_client from app.main import main from app.main.forms import ( From d620243e32c43b60f6408b7c1867f225e2c0724a Mon Sep 17 00:00:00 2001 From: Beverly Nguyen Date: Tue, 17 Jun 2025 18:08:41 -0700 Subject: [PATCH 4/8] test --- .ds.baseline | 8 ++--- tests/app/main/views/test_register.py | 42 ++++++++------------------- 2 files changed, 16 insertions(+), 34 deletions(-) diff --git a/.ds.baseline b/.ds.baseline index b7e7b6c11..9df0cc526 100644 --- a/.ds.baseline +++ b/.ds.baseline @@ -527,7 +527,7 @@ "filename": "tests/app/main/views/test_register.py", "hashed_secret": "bdbb156d25d02fd7792865824201dda1c60f4473", "is_verified": false, - "line_number": 122, + "line_number": 115, "is_secret": false }, { @@ -535,7 +535,7 @@ "filename": "tests/app/main/views/test_register.py", "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", "is_verified": false, - "line_number": 199, + "line_number": 185, "is_secret": false }, { @@ -543,7 +543,7 @@ "filename": "tests/app/main/views/test_register.py", "hashed_secret": "bb5b7caa27d005d38039e3797c3ddb9bcd22c3c8", "is_verified": false, - "line_number": 272, + "line_number": 257, "is_secret": false } ], @@ -634,5 +634,5 @@ } ] }, - "generated_at": "2025-06-04T16:12:20Z" + "generated_at": "2025-06-18T01:08:37Z" } diff --git a/tests/app/main/views/test_register.py b/tests/app/main/views/test_register.py index a55307a2b..7e12663b0 100644 --- a/tests/app/main/views/test_register.py +++ b/tests/app/main/views/test_register.py @@ -14,13 +14,7 @@ def test_render_register_returns_template_with_form(client_request, mocker): mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user") client_request.logout() - page = client_request.get_url("/register") - - assert page.find("input", attrs={"name": "auth_type"}).attrs["value"] == "sms_auth" - assert page.select_one("#email_address")["spellcheck"] == "false" - assert page.select_one("#email_address")["autocomplete"] == "email" - assert page.select_one("#password")["autocomplete"] == "new-password" - assert "Create an account" in page.text + client_request.get_url("/register", _expected_status=404) def test_logged_in_user_redirects_to_account( @@ -28,8 +22,7 @@ def test_logged_in_user_redirects_to_account( ): client_request.get( "main.register", - _expected_status=302, - _expected_redirect=url_for("main.show_accounts_or_dashboard"), + _expected_status=404, ) @@ -99,7 +92,7 @@ def test_register_continue_handles_missing_session_sensibly(client_request, mock # session is not set client_request.get( "main.registration_continue", - _expected_redirect=url_for("main.show_accounts_or_dashboard"), + _expected_status=404, ) @@ -113,7 +106,7 @@ def test_process_register_returns_200_when_mobile_number_is_invalid( mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user") client_request.logout() - page = client_request.post( + client_request.post( "main.register", _data={ "name": "Bad Mobile", @@ -121,11 +114,9 @@ def test_process_register_returns_200_when_mobile_number_is_invalid( "mobile_number": "not good", "password": "validPassword!", # noqa }, - _expected_status=200, + _expected_status=404, ) - assert "The string supplied did not seem to be a phone number" in page.text - def test_should_return_200_when_email_is_not_gov_uk( client_request, mock_get_organizations, mocker @@ -133,7 +124,7 @@ def test_should_return_200_when_email_is_not_gov_uk( mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user") client_request.logout() - page = client_request.post( + client_request.post( "main.register", _data={ "name": "Firstname Lastname", @@ -141,11 +132,7 @@ def test_should_return_200_when_email_is_not_gov_uk( "mobile_number": "2020900123", "password": "validPassword!", }, - _expected_status=200, - ) - - assert "Enter a public sector email address." in normalize_spaces( - page.select_one(".usa-error-message").text + _expected_status=404, ) @@ -179,9 +166,8 @@ def test_should_add_user_details_to_session( "mobile_number": "+12023123123", "password": "validPassword!", }, + _expected_status=404, ) - with client_request.session_transaction() as session: - assert session["user_details"]["email"] == email_address def test_should_return_200_if_password_is_on_list_of_commonly_used_passwords( @@ -198,10 +184,9 @@ def test_should_return_200_if_password_is_on_list_of_commonly_used_passwords( "mobile_number": "+12021234123", "password": "password", # noqa }, - _expected_status=200, + _expected_status=404, ) - assert "Choose a password that’s harder to guess" in page.text def test_register_with_existing_email_sends_emails( @@ -224,7 +209,7 @@ def test_register_with_existing_email_sends_emails( client_request.post( "main.register", _data=user_data, - _expected_redirect=url_for("main.registration_continue"), + _expected_status=404, ) @@ -383,19 +368,16 @@ def test_cannot_register_with_sms_auth_and_missing_mobile_number( mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user") client_request.logout() - page = client_request.post( + client_request.post( "main.register", _data={ "name": "Missing Mobile", "email_address": "missing_mobile@example.gsa.gov", "password": "validPassword!", }, - _expected_status=200, + _expected_status=404, ) - err = page.select_one(".usa-error-message") - assert err.text.strip() == "Error: Cannot be empty" - assert err.attrs["data-error-label"] == "mobile_number" def test_check_invited_user_email_address_matches_expected(mocker): From 3fbbb1b06d7642fa63e7009bffaf44a5267833c9 Mon Sep 17 00:00:00 2001 From: Beverly Nguyen Date: Wed, 18 Jun 2025 09:51:31 -0700 Subject: [PATCH 5/8] flake8 --- .ds.baseline | 4 ++-- tests/app/main/views/test_register.py | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.ds.baseline b/.ds.baseline index 9df0cc526..2afd5fb32 100644 --- a/.ds.baseline +++ b/.ds.baseline @@ -543,7 +543,7 @@ "filename": "tests/app/main/views/test_register.py", "hashed_secret": "bb5b7caa27d005d38039e3797c3ddb9bcd22c3c8", "is_verified": false, - "line_number": 257, + "line_number": 256, "is_secret": false } ], @@ -634,5 +634,5 @@ } ] }, - "generated_at": "2025-06-18T01:08:37Z" + "generated_at": "2025-06-18T16:51:20Z" } diff --git a/tests/app/main/views/test_register.py b/tests/app/main/views/test_register.py index 7e12663b0..a2129eee7 100644 --- a/tests/app/main/views/test_register.py +++ b/tests/app/main/views/test_register.py @@ -176,7 +176,7 @@ def test_should_return_200_if_password_is_on_list_of_commonly_used_passwords( mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user") client_request.logout() - page = client_request.post( + client_request.post( "main.register", _data={ "name": "Bad Mobile", @@ -188,7 +188,6 @@ def test_should_return_200_if_password_is_on_list_of_commonly_used_passwords( ) - def test_register_with_existing_email_sends_emails( client_request, api_user_active, @@ -379,7 +378,6 @@ def test_cannot_register_with_sms_auth_and_missing_mobile_number( ) - def test_check_invited_user_email_address_matches_expected(mocker): mock_flash = mocker.patch("app.main.views.register.flash") mock_abort = mocker.patch("app.main.views.register.abort") From 775a14583d847b57712ec6b7c34f104621ac19b9 Mon Sep 17 00:00:00 2001 From: Beverly Nguyen Date: Wed, 18 Jun 2025 10:05:33 -0700 Subject: [PATCH 6/8] flake8 --- .ds.baseline | 8 ++++---- tests/app/main/views/test_register.py | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.ds.baseline b/.ds.baseline index fa3f33ce2..05da37138 100644 --- a/.ds.baseline +++ b/.ds.baseline @@ -527,7 +527,7 @@ "filename": "tests/app/main/views/test_register.py", "hashed_secret": "bdbb156d25d02fd7792865824201dda1c60f4473", "is_verified": false, - "line_number": 115, + "line_number": 114, "is_secret": false }, { @@ -535,7 +535,7 @@ "filename": "tests/app/main/views/test_register.py", "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8", "is_verified": false, - "line_number": 185, + "line_number": 184, "is_secret": false }, { @@ -543,7 +543,7 @@ "filename": "tests/app/main/views/test_register.py", "hashed_secret": "bb5b7caa27d005d38039e3797c3ddb9bcd22c3c8", "is_verified": false, - "line_number": 256, + "line_number": 255, "is_secret": false } ], @@ -634,5 +634,5 @@ } ] }, - "generated_at": "2025-06-10T18:39:51Z" + "generated_at": "2025-06-18T17:05:12Z" } diff --git a/tests/app/main/views/test_register.py b/tests/app/main/views/test_register.py index a2129eee7..8652c2448 100644 --- a/tests/app/main/views/test_register.py +++ b/tests/app/main/views/test_register.py @@ -7,7 +7,6 @@ from flask import url_for from app.main.views.register import check_invited_user_email_address_matches_expected from app.models.user import User -from tests.conftest import normalize_spaces def test_render_register_returns_template_with_form(client_request, mocker): From a4d19648b2fef10538ea66b9240f8e3952cf8f48 Mon Sep 17 00:00:00 2001 From: Beverly Nguyen Date: Wed, 18 Jun 2025 15:14:53 -0700 Subject: [PATCH 7/8] pytest --- tests/app/main/views/test_index.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/app/main/views/test_index.py b/tests/app/main/views/test_index.py index bbd2c9682..a97eec4f6 100644 --- a/tests/app/main/views/test_index.py +++ b/tests/app/main/views/test_index.py @@ -65,7 +65,6 @@ def test_robots(client_request): ("endpoint", "kwargs"), [ ("sign_in", {}), - ("register", {}), pytest.param("index", {}, marks=pytest.mark.xfail(raises=AssertionError)), ], ) From 3755922a6a1982a7ac90ec5bcfd53337fa8a5cad Mon Sep 17 00:00:00 2001 From: Beverly Nguyen Date: Wed, 18 Jun 2025 15:26:49 -0700 Subject: [PATCH 8/8] upgrade urllib3 --- poetry.lock | 8 ++++---- pyproject.toml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index 641e506d6..6b641b9ab 100644 --- a/poetry.lock +++ b/poetry.lock @@ -3788,14 +3788,14 @@ files = [ [[package]] name = "urllib3" -version = "2.4.0" +version = "2.5.0" description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false python-versions = ">=3.9" groups = ["main", "dev"] files = [ - {file = "urllib3-2.4.0-py3-none-any.whl", hash = "sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813"}, - {file = "urllib3-2.4.0.tar.gz", hash = "sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466"}, + {file = "urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc"}, + {file = "urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760"}, ] [package.extras] @@ -4129,4 +4129,4 @@ cffi = ["cffi (>=1.11)"] [metadata] lock-version = "2.1" python-versions = "^3.12.2" -content-hash = "acc8897a5d775035e535d20a130a984636c954bb4a597f4f479dccd1bf172ba2" +content-hash = "7f20e459ede76661153628d1029308d1ddfaa9de31a05347d3003b5f3abfe42d" diff --git a/pyproject.toml b/pyproject.toml index e591c3fe7..f92e9ee42 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -68,7 +68,7 @@ python-dateutil = "^2.9.0.post0" pyyaml = "^6.0.1" requests = "^2.32.4" six = "^1.16.0" -urllib3 = "^2.2.2" +urllib3 = "^2.5.0" webencodings = "^0.5.1" virtualenv = "<20.30"