darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-12 14:34:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
a088409dfeba315d3719e9e6d147ddf96cd75b0f
notifications-admin/tests/app/main/views/test_verify.py
Kenneth Kehl 058a999ed0 ugh
2024-07-11 09:38:32 -07:00

269 lines
7.9 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import json
import uuid
from unittest.mock import Mock
import pytest
from flask import session as flask_session
from flask import url_for
from itsdangerous import SignatureExpired
from notifications_python_client.errors import HTTPError
from app.main.views.verify import activate_user
from tests.conftest import create_user
def test_should_return_verify_template(
client_request,
api_user_active,
mock_send_verify_code,
):
client_request.logout()
# TODO this lives here until we work out how to
# reassign the session after it is lost mid register process
with client_request.session_transaction() as session:
session["user_details"] = {
"email_address": api_user_active["email_address"],
"id": api_user_active["id"],
}
page = client_request.get("main.verify")
assert page.h1.text == "Check your phone"
message = page.select("main p")[0].text
assert message == "Weve sent you a text message with a security code."
@pytest.mark.skip("TODO unskip asap")
def test_should_redirect_to_add_service_when_sms_code_is_correct(
client_request,
api_user_active,
mocker,
mock_update_user_attribute,
mock_check_verify_code,
mock_create_event,
fake_uuid,
):
api_user_active["current_session_id"] = str(uuid.UUID(int=1))
mocker.patch("app.user_api_client.get_user", return_value=api_user_active)
with client_request.session_transaction() as session:
session["user_details"] = {
"email_address": api_user_active["email_address"],
"id": api_user_active["id"],
}
# user's only just created their account so no session in the cookie
session.pop("current_session_id", None)
client_request.post(
"main.verify",
_data={"sms_code": "123456"},
_expected_redirect=url_for("main.add_service", first="first"),
)
# make sure the current_session_id has changed to what the API returned
with client_request.session_transaction() as session:
assert session["current_session_id"] == str(uuid.UUID(int=1))
mock_check_verify_code.assert_called_once_with(
api_user_active["id"], "123456", "sms"
)
def test_should_activate_user_after_verify(
client_request,
mocker,
api_user_pending,
mock_send_verify_code,
mock_check_verify_code,
mock_create_event,
mock_activate_user,
):
client_request.logout()
mocker.patch("app.user_api_client.get_user", return_value=api_user_pending)
with client_request.session_transaction() as session:
session["user_details"] = {
"email_address": api_user_pending["email_address"],
"id": api_user_pending["id"],
}
client_request.post("main.verify", _data={"sms_code": "123456"})
assert mock_activate_user.called
def test_should_return_200_when_sms_code_is_wrong(
client_request,
api_user_active,
mock_check_verify_code_code_not_found,
):
with client_request.session_transaction() as session:
session["user_details"] = {
"email_address": api_user_active["email_address"],
"id": api_user_active["id"],
}
page = client_request.post(
"main.verify",
_data={"sms_code": "123456"},
_expected_status=200,
)
assert len(page.select(".usa-error-message")) == 1
assert "Code not found" in page.select_one(".usa-error-message").text
def test_verify_email_redirects_to_verify_if_token_valid(
client_request,
mocker,
api_user_pending,
mock_get_user_pending,
mock_send_verify_code,
mock_check_verify_code,
):
token_data = {"user_id": api_user_pending["id"], "secret_code": "UNUSED"}
mocker.patch(
"app.main.views.verify.check_token", return_value=json.dumps(token_data)
)
client_request.get(
"main.verify_email",
token="notreal",
_expected_redirect=url_for("main.verify"),
)
assert not mock_check_verify_code.called
mock_send_verify_code.assert_called_once_with(
api_user_pending["id"], "sms", api_user_pending["mobile_number"]
)
with client_request.session_transaction() as session:
assert session["user_details"] == {
"email": api_user_pending["email_address"],
"id": api_user_pending["id"],
}
def test_verify_email_doesnt_verify_sms_if_user_on_email_auth(
client_request,
mocker,
mock_send_verify_code,
mock_check_verify_code,
mock_activate_user,
fake_uuid,
):
pending_user_with_email_auth = create_user(
auth_type="email_auth", state="pending", id=fake_uuid
)
mocker.patch(
"app.user_api_client.get_user", return_value=pending_user_with_email_auth
)
token_data = {
"user_id": pending_user_with_email_auth["id"],
"secret_code": "UNUSED",
}
mocker.patch(
"app.main.views.verify.check_token", return_value=json.dumps(token_data)
)
client_request.get(
"main.verify_email",
token="notreal",
_expected_redirect=url_for("main.add_service", first="first"),
)
assert not mock_check_verify_code.called
assert not mock_send_verify_code.called
mock_activate_user.assert_called_once_with(pending_user_with_email_auth["id"])
# user is logged in
with client_request.session_transaction() as session:
assert session["user_id"] == pending_user_with_email_auth["id"]
def test_verify_email_redirects_to_email_sent_if_token_expired(
client_request,
mocker,
api_user_pending,
):
client_request.logout()
mocker.patch(
"app.main.views.verify.check_token", side_effect=SignatureExpired("expired")
)
client_request.get(
"main.verify_email",
token="notreal",
_expected_redirect=url_for("main.resend_email_verification"),
)
def test_verify_email_redirects_to_sign_in_if_user_active(
client_request,
mocker,
api_user_active,
mock_get_user,
mock_send_verify_code,
mock_check_verify_code,
):
mocker.patch("app.notify_client.user_api_client.UserApiClient.deactivate_user")
client_request.logout()
token_data = {"user_id": api_user_active["id"], "secret_code": 12345}
mocker.patch(
"app.main.views.verify.check_token", return_value=json.dumps(token_data)
)
page = client_request.get(
"main.verify_email", token="notreal", _follow_redirects=True
)
assert page.h1.text == "Sign in"
flash_banner = page.find("div", class_="banner-dangerous").string.strip()
assert flash_banner == "That verification link has expired."
def test_verify_redirects_to_sign_in_if_not_logged_in(client_request):
client_request.logout()
client_request.get(
"main.verify",
_expected_redirect=url_for("main.sign_in"),
)
@pytest.mark.skip("TODO unskip asap")
def test_activate_user_redirects_to_service_dashboard_if_user_already_belongs_to_service(
mocker,
client_request,
service_one,
sample_invite,
api_user_active,
mock_login,
mock_get_service,
mock_get_invited_user_by_id,
):
mocker.patch(
"app.user_api_client.add_user_to_service",
side_effect=HTTPError(
response=Mock(
status_code=400,
json={
"result": "error",
"message": {
f"User id: {api_user_active['id']} already part of service id: {service_one['id']}"
},
},
),
message=f"User id: {api_user_active['id']} already part of service id: {service_one['id']}",
),
)
# Can't use `with client.session_transaction()...` here since activate_session is not a view function
flask_session["invited_user_id"] = sample_invite["id"]
response = activate_user(api_user_active["id"])
assert response.location == url_for(
"main.service_dashboard", service_id=service_one["id"]
)
flask_session.pop("invited_user_id")
Reference in New Issue View Git Blame Copy Permalink