mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-02-23 11:51:05 -05:00
4df12f5f4e
specifically, the 2FA page when you first create an account is different to the login 2FA page and also the 2FA page when you change your phone number is different as well
170 lines
6.0 KiB
Python
170 lines
6.0 KiB
Python
import uuid
|
||
import json
|
||
|
||
from flask import url_for
|
||
from bs4 import BeautifulSoup
|
||
|
||
|
||
def test_should_return_verify_template(
|
||
client,
|
||
api_user_active,
|
||
mock_send_verify_code,
|
||
):
|
||
# TODO this lives here until we work out how to
|
||
# reassign the session after it is lost mid register process
|
||
with client.session_transaction() as session:
|
||
session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
|
||
response = client.get(url_for('main.verify'))
|
||
assert response.status_code == 200
|
||
|
||
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
|
||
assert page.h1.text == 'Check your phone'
|
||
message = page.find_all('p')[1].text
|
||
assert message == "We’ve sent you a text message with a security code."
|
||
|
||
|
||
def test_should_redirect_to_add_service_when_sms_code_is_correct(
|
||
client,
|
||
api_user_active,
|
||
mocker,
|
||
mock_update_user,
|
||
mock_check_verify_code,
|
||
fake_uuid
|
||
):
|
||
api_user_active.current_session_id = str(uuid.UUID(int=1))
|
||
mocker.patch('app.user_api_client.get_user', return_value=api_user_active)
|
||
|
||
with client.session_transaction() as session:
|
||
session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
|
||
# user's only just created their account so no session in the cookie
|
||
session.pop('current_session_id', None)
|
||
|
||
response = client.post(url_for('main.verify'),
|
||
data={'sms_code': '12345'})
|
||
assert response.status_code == 302
|
||
assert response.location == url_for('main.add_service', first='first', _external=True)
|
||
|
||
# make sure the current_session_id has changed to what the API returned
|
||
with client.session_transaction() as session:
|
||
assert session['current_session_id'] == str(uuid.UUID(int=1))
|
||
|
||
mock_check_verify_code.assert_called_once_with(api_user_active.id, '12345', 'sms')
|
||
|
||
|
||
def test_should_activate_user_after_verify(
|
||
client,
|
||
mocker,
|
||
api_user_pending,
|
||
mock_send_verify_code,
|
||
mock_check_verify_code,
|
||
mock_update_user,
|
||
):
|
||
mocker.patch('app.user_api_client.get_user', return_value=api_user_pending)
|
||
with client.session_transaction() as session:
|
||
session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
|
||
client.post(url_for('main.verify'),
|
||
data={'sms_code': '12345'})
|
||
assert mock_update_user.called
|
||
|
||
|
||
def test_should_return_200_when_sms_code_is_wrong(
|
||
client,
|
||
api_user_active,
|
||
mock_check_verify_code_code_not_found,
|
||
):
|
||
with client.session_transaction() as session:
|
||
session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
|
||
response = client.post(url_for('main.verify'),
|
||
data={'sms_code': '12345'})
|
||
assert response.status_code == 200
|
||
resp_data = response.get_data(as_text=True)
|
||
assert resp_data.count('Code not found') == 1
|
||
|
||
|
||
def test_verify_email_redirects_to_verify_if_token_valid(
|
||
client,
|
||
mocker,
|
||
api_user_pending,
|
||
mock_get_user_pending,
|
||
mock_send_verify_code,
|
||
mock_check_verify_code,
|
||
):
|
||
token_data = {"user_id": api_user_pending.id, "secret_code": 12345}
|
||
mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data))
|
||
|
||
with client.session_transaction() as session:
|
||
session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
|
||
|
||
response = client.get(url_for('main.verify_email', token='notreal'))
|
||
|
||
assert response.status_code == 302
|
||
assert response.location == url_for('main.verify', _external=True)
|
||
|
||
|
||
def test_verify_email_redirects_to_email_sent_if_token_expired(
|
||
client,
|
||
mocker,
|
||
api_user_pending,
|
||
mock_check_verify_code,
|
||
):
|
||
from itsdangerous import SignatureExpired
|
||
mocker.patch('app.main.views.verify.check_token', side_effect=SignatureExpired('expired'))
|
||
|
||
with client.session_transaction() as session:
|
||
session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
|
||
|
||
response = client.get(url_for('main.verify_email', token='notreal'))
|
||
|
||
assert response.status_code == 302
|
||
assert response.location == url_for('main.resend_email_verification', _external=True)
|
||
|
||
|
||
def test_verify_email_redirects_to_email_sent_if_token_used(
|
||
client,
|
||
mocker,
|
||
api_user_pending,
|
||
mock_get_user_pending,
|
||
mock_send_verify_code,
|
||
mock_check_verify_code_code_expired,
|
||
):
|
||
from itsdangerous import SignatureExpired
|
||
mocker.patch('app.main.views.verify.check_token', side_effect=SignatureExpired('expired'))
|
||
|
||
with client.session_transaction() as session:
|
||
session['user_details'] = {'email_address': api_user_pending.email_address, 'id': api_user_pending.id}
|
||
|
||
response = client.get(url_for('main.verify_email', token='notreal'))
|
||
|
||
assert response.status_code == 302
|
||
assert response.location == url_for('main.resend_email_verification', _external=True)
|
||
|
||
|
||
def test_verify_email_redirects_to_sign_in_if_user_active(
|
||
client,
|
||
mocker,
|
||
api_user_active,
|
||
mock_get_user,
|
||
mock_send_verify_code,
|
||
mock_check_verify_code,
|
||
):
|
||
token_data = {"user_id": api_user_active.id, "secret_code": 12345}
|
||
mocker.patch('app.main.views.verify.check_token', return_value=json.dumps(token_data))
|
||
|
||
with client.session_transaction() as session:
|
||
session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
|
||
|
||
response = client.get(url_for('main.verify_email', token='notreal'), follow_redirects=True)
|
||
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
|
||
assert page.h1.text == 'Sign in'
|
||
flash_banner = page.find('div', class_='banner-dangerous').string.strip()
|
||
assert flash_banner == "That verification link has expired."
|
||
|
||
|
||
def test_verify_redirects_to_sign_in_if_not_logged_in(
|
||
client
|
||
):
|
||
response = client.get(url_for('main.verify'))
|
||
|
||
assert response.location == url_for('main.sign_in', _external=True)
|
||
assert response.status_code == 302
|