Revert original update user method and add new attribute update (with strict checking)

2026-02-23 11:51:05 -05:00 · 2016-11-09 15:06:02 +00:00
parent c28aea2de1
commit f3ca33dad3
2 changed files with 30 additions and 2 deletions
--- a/app/notify_client/user_api_client.py
+++ b/app/notify_client/user_api_client.py
@@ -3,6 +3,12 @@ from notifications_python_client.errors import HTTPError

 from app.notify_client.models import User

+ALLOWED_ATTRIBUTES = {
+    'name',
+    'email_address',
+    'mobile_number'
+}
+

 class UserApiClient(BaseAPIClient):
    def __init__(self):
@@ -47,9 +53,22 @@ class UserApiClient(BaseAPIClient):
            users.append(User(user, max_failed_login_count=self.max_failed_login_count))
        return users

-    def update_user(self, user_id, **kwargs):
+    def update_user(self, user):
+        data = user.serialize()
+        url = "/user/{}".format(user.id)
+        user_data = self.put(url, data=data)
+        return User(user_data['data'], max_failed_login_count=self.max_failed_login_count)
+
+    def update_user_attribute(self, user_id, **kwargs):
+        data = dict(kwargs)
+        disallowed_attributes = set(data.keys()) - ALLOWED_ATTRIBUTES
+        if disallowed_attributes:
+            raise TypeError('Not allowed to update user attributes: {}'.format(
+                ", ".join(disallowed_attributes)
+            ))
+
        data = dict(**kwargs)
-        url = "/user/{}".format(user_id)
+        url = "/user/{}/update-attribute".format(user_id)
        user_data = self.put(url, data=data)
        return User(user_data['data'], max_failed_login_count=self.max_failed_login_count)

--- a/tests/app/notify_client/test_user_client.py
+++ b/tests/app/notify_client/test_user_client.py
@@ -1,3 +1,5 @@
+import pytest
+
 from app.notify_client.user_api_client import UserApiClient


@@ -13,3 +15,10 @@ def test_client_uses_correct_find_by_email(mocker, api_user_active):
    client.get_user_by_email(api_user_active.email_address)

    mock_get.assert_called_once_with(expected_url, params=expected_params)
+
+
+def test_client_only_updates_allowed_attributes(mocker):
+    mocker.patch('app.notify_client.current_user', id='1')
+    with pytest.raises(TypeError) as error:
+        UserApiClient().update_user_attribute('user_id', id='1')
+    assert str(error.value) == 'Not allowed to update user attributes: id'