darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-11 05:43:44 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
b3cb3a761a0ae9fa0b7fda060f7df9da2c8a0607
notifications-admin/tests/app/main/views/test_two_factor.py
Imdad Ahad 9eab8a726f - Add test to check that two-factor auth activates a user as expected 
- Ensure DB user activation statusupdate only executed when required
- Fix test_should_activate_user_after_verify
2016-09-09 15:22:56 +01:00

246 lines
12 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
from flask import url_for
from tests.conftest import SERVICE_ONE_ID
from unittest.mock import ANY
def test_should_render_two_factor_page(app_,
api_user_active,
mock_get_user_by_email):
with app_.test_request_context():
with app_.test_client() as client:
# TODO this lives here until we work out how to
# reassign the session after it is lost mid register process
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.get(url_for('main.two_factor'))
assert response.status_code == 200
assert '''Weve sent you a text message with a security code.''' in response.get_data(as_text=True)
def test_should_login_user_and_redirect_to_service_dashboard(app_,
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service,
mock_events):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True
)
mock_events.assert_called_with('sucessful_login', ANY)
def test_should_login_user_and_should_redirect_to_next_url(app_,
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor', next='/services/{}/dashboard'.format(SERVICE_ONE_ID)),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True
)
def test_should_login_user_and_not_redirect_to_external_url(app_,
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor', next='http://www.google.com'),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True
)
def test_should_login_user_and_redirect_to_choose_services(app_,
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for('main.choose_service', _external=True)
def test_should_return_200_with_sms_code_error_when_sms_code_is_wrong(app_,
api_user_active,
mock_get_user_by_email,
mock_check_verify_code_code_not_found):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '23456'})
assert response.status_code == 200
assert 'Code not found' in response.get_data(as_text=True)
def test_should_login_user_when_multiple_valid_codes_exist(app_,
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '23456'})
assert response.status_code == 302
def test_remember_me_set(app_,
api_user_active,
mock_get_user,
mock_get_user_by_email,
mock_check_verify_code,
mock_get_services_with_one_service):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '23456', 'remember_me': True})
assert response.status_code == 302
def test_two_factor_should_set_password_when_new_password_exists_in_session(app_,
api_user_active,
mock_get_user,
mock_check_verify_code,
mock_get_services_with_one_service,
mock_update_user):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_active.id,
'email': api_user_active.email_address,
'password': 'changedpassword'}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True
)
api_user_active.password = 'changedpassword'
mock_update_user.assert_called_once_with(api_user_active)
def test_two_factor_reset_login_count_called(app_,
api_user_locked,
mock_get_locked_user,
mock_update_user,
mock_check_verify_code,
mock_get_services_with_one_service):
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
new_password = "1234567890"
session['user_details'] = {
'id': api_user_locked.id,
'email': api_user_locked.email_address,
'password': new_password
}
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for(
'main.service_dashboard',
service_id=SERVICE_ONE_ID,
_external=True
)
api_user_locked.reset_failed_login_count()
api_user_locked.password = new_password
mock_update_user.assert_called_with(api_user_locked)
def test_two_factor_should_redirect_to_sign_in_if_user_not_in_session(app_,
api_user_active,
mock_get_user):
with app_.test_request_context():
with app_.test_client() as client:
response = client.post(url_for('main.two_factor'),
data={'sms_code': '12345'})
assert response.status_code == 302
assert response.location == url_for('main.sign_in', _external=True)
def test_two_factor_should_activate_pending_user(app_,
mocker,
api_user_pending,
mock_check_verify_code,
mock_update_user
):
mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
mocker.patch('app.service_api_client.get_services', return_value={'data': []})
with app_.test_request_context():
with app_.test_client() as client:
with client.session_transaction() as session:
session['user_details'] = {
'id': api_user_pending.id,
'email_address': api_user_pending.email_address
}
client.post(url_for('main.two_factor'), data={'sms_code': '12345'})
assert mock_update_user.called
assert api_user_pending.is_active
Reference in New Issue View Git Blame Copy Permalink