from flask import url_for from bs4 import BeautifulSoup def test_should_return_verify_template(app_, api_user_active, mock_send_verify_code): with app_.test_request_context(): with app_.test_client() as client: # TODO this lives here until we work out how to # reassign the session after it is lost mid register process with client.session_transaction() as session: session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id} response = client.get(url_for('main.verify')) assert response.status_code == 200 page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') assert page.h1.text == 'Check your phone' message = page.find_all('p')[1].text assert message == "We’ve sent you a text message with a security code." def test_should_redirect_to_add_service_when_sms_code_is_correct(app_, api_user_active, mock_get_user, mock_update_user, mock_check_verify_code): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id} response = client.post(url_for('main.verify'), data={'sms_code': '12345'}) assert response.status_code == 302 assert response.location == url_for('main.add_service', first='first', _external=True) mock_check_verify_code.assert_called_once_with(api_user_active.id, '12345', 'sms') def test_should_activate_user_after_verify(app_, mocker, api_user_pending, mock_send_verify_code, mock_check_verify_code, mock_update_user): mocker.patch('app.user_api_client.get_user', return_value=api_user_pending) with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id} client.post(url_for('main.verify'), data={'sms_code': '12345'}) assert mock_update_user.called def test_should_return_200_when_sms_code_is_wrong(app_, api_user_active, mock_get_user, mock_check_verify_code_code_not_found): with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id} response = client.post(url_for('main.verify'), data={'sms_code': '12345'}) assert response.status_code == 200 resp_data = response.get_data(as_text=True) assert resp_data.count('Code not found') == 1 def test_verify_email_redirects_to_verify_if_token_valid(app_, mocker, api_user_pending, mock_get_user_pending, mock_send_verify_code, mock_check_verify_code): import json token_data = {"user_id": api_user_pending.id, "secret_code": 12345} mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data)) with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id} response = client.get(url_for('main.verify_email', token='notreal')) assert response.status_code == 302 assert response.location == url_for('main.verify', _external=True) def test_verify_email_redirects_to_email_sent_if_token_expired(app_, mocker, api_user_pending, mock_check_verify_code): from itsdangerous import SignatureExpired mocker.patch('app.main.views.verify.check_token', side_effect=SignatureExpired('expired')) with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id} response = client.get(url_for('main.verify_email', token='notreal')) assert response.status_code == 302 assert response.location == url_for('main.resend_email_verification', _external=True) def test_verify_email_redirects_to_email_sent_if_token_used(app_, mocker, api_user_pending, mock_get_user_pending, mock_send_verify_code, mock_check_verify_code_code_expired): from itsdangerous import SignatureExpired mocker.patch('app.main.views.verify.check_token', side_effect=SignatureExpired('expired')) with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id} response = client.get(url_for('main.verify_email', token='notreal')) assert response.status_code == 302 assert response.location == url_for('main.resend_email_verification', _external=True) def test_verify_email_redirects_to_sign_in_if_user_active(app_, mocker, api_user_active, mock_get_user, mock_send_verify_code, mock_check_verify_code): import json token_data = {"user_id": api_user_active.id, "secret_code": 12345} mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data)) with app_.test_request_context(): with app_.test_client() as client: with client.session_transaction() as session: session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id} response = client.get(url_for('main.verify_email', token='notreal'), follow_redirects=True) page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser') assert page.h1.text == 'Sign in' flash_banner = page.find('div', class_='banner-dangerous').string.strip() assert flash_banner == "That verification link has expired." def test_verify_redirects_to_sign_in_if_not_logged_in(app_): with app_.test_request_context(), app_.test_client() as client: response = client.get(url_for('main.verify')) assert response.location == url_for('main.sign_in', _external=True) assert response.status_code == 302