tests/app/organization/test_invite_rest.py

import uuid

import pytest
from flask import current_app, json
from freezegun import freeze_time
from notifications_utils.url_safe_token import generate_token

from app.models import INVITE_PENDING, Notification
from tests import create_admin_authorization_header
from tests.app.db import create_invited_org_user


@pytest.mark.parametrize('platform_admin, expected_invited_by', (
    (True, 'The GOV.UK Notify team'),
    (False, 'Test User')
))
@pytest.mark.parametrize('extra_args, expected_start_of_invite_url', [
    (
        {},
        'http://localhost:6012/organization-invitation/'
    ),
    (
        {'invite_link_host': 'https://www.example.com'},
        'https://www.example.com/organization-invitation/'
    ),
])
def test_create_invited_org_user(
    admin_request,
    sample_organization,
    sample_user,
    mocker,
    org_invite_email_template,
    extra_args,
    expected_start_of_invite_url,
    platform_admin,
    expected_invited_by,
):
    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
    email_address = 'invited_user@example.com'
    sample_user.platform_admin = platform_admin

    data = dict(
        organization=str(sample_organization.id),
        email_address=email_address,
        invited_by=str(sample_user.id),
        **extra_args
    )

    json_resp = admin_request.post(
        'organization_invite.invite_user_to_org',
        organization_id=sample_organization.id,
        _data=data,
        _expected_status=201
    )

    assert json_resp['data']['organization'] == str(sample_organization.id)
    assert json_resp['data']['email_address'] == email_address
    assert json_resp['data']['invited_by'] == str(sample_user.id)
    assert json_resp['data']['status'] == INVITE_PENDING
    assert json_resp['data']['id']

    notification = Notification.query.first()

    assert notification.reply_to_text == sample_user.email_address

    assert len(notification.personalisation.keys()) == 3
    assert notification.personalisation['organization_name'] == 'sample organization'
    assert notification.personalisation['user_name'] == expected_invited_by
    assert notification.personalisation['url'].startswith(expected_start_of_invite_url)
    assert len(notification.personalisation['url']) > len(expected_start_of_invite_url)

    mocked.assert_called_once_with([(str(notification.id))], queue="notify-internal-tasks")


def test_create_invited_user_invalid_email(admin_request, sample_organization, sample_user, mocker):
    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
    email_address = 'notanemail'

    data = {
        'service': str(sample_organization.id),
        'email_address': email_address,
        'invited_by': str(sample_user.id),
    }

    json_resp = admin_request.post(
        'organization_invite.invite_user_to_org',
        organization_id=sample_organization.id,
        _data=data,
        _expected_status=400
    )

    assert json_resp['errors'][0]['message'] == 'email_address Not a valid email address'
    assert mocked.call_count == 0


def test_get_all_invited_users_by_service(admin_request, sample_organization, sample_user):
    for i in range(5):
        create_invited_org_user(
            sample_organization,
            sample_user,
            email_address='invited_user_{}@service.gov.uk'.format(i)
        )

    json_resp = admin_request.get(
        'organization_invite.get_invited_org_users_by_organization',
        organization_id=sample_organization.id
    )

    assert len(json_resp['data']) == 5
    for invite in json_resp['data']:
        assert invite['organization'] == str(sample_organization.id)
        assert invite['invited_by'] == str(sample_user.id)
        assert invite['id']


def test_get_invited_users_by_service_with_no_invites(admin_request, sample_organization):
    json_resp = admin_request.get(
        'organization_invite.get_invited_org_users_by_organization',
        organization_id=sample_organization.id
    )
    assert len(json_resp['data']) == 0


def test_get_invited_user_by_organization(admin_request, sample_invited_org_user):
    json_resp = admin_request.get(
        'organization_invite.get_invited_org_user_by_organization',
        organization_id=sample_invited_org_user.organization.id,
        invited_org_user_id=sample_invited_org_user.id
    )
    assert json_resp['data']['email_address'] == sample_invited_org_user.email_address


def test_get_invited_user_by_organization_when_user_does_not_belong_to_the_org(
    admin_request,
    sample_invited_org_user,
    fake_uuid,
):
    json_resp = admin_request.get(
        'organization_invite.get_invited_org_user_by_organization',
        organization_id=fake_uuid,
        invited_org_user_id=sample_invited_org_user.id,
        _expected_status=404
    )
    assert json_resp['result'] == 'error'


def test_update_org_invited_user_set_status_to_cancelled(admin_request, sample_invited_org_user):
    data = {'status': 'cancelled'}

    json_resp = admin_request.post(
        'organization_invite.update_org_invite_status',
        organization_id=sample_invited_org_user.organization_id,
        invited_org_user_id=sample_invited_org_user.id,
        _data=data
    )
    assert json_resp['data']['status'] == 'cancelled'


def test_update_org_invited_user_for_wrong_service_returns_404(admin_request, sample_invited_org_user, fake_uuid):
    data = {'status': 'cancelled'}

    json_resp = admin_request.post(
        'organization_invite.update_org_invite_status',
        organization_id=fake_uuid,
        invited_org_user_id=sample_invited_org_user.id,
        _data=data,
        _expected_status=404
    )
    assert json_resp['message'] == 'No result found'


def test_update_org_invited_user_for_invalid_data_returns_400(admin_request, sample_invited_org_user):
    data = {'status': 'garbage'}

    json_resp = admin_request.post(
        'organization_invite.update_org_invite_status',
        organization_id=sample_invited_org_user.organization_id,
        invited_org_user_id=sample_invited_org_user.id,
        _data=data,
        _expected_status=400
    )
    assert len(json_resp['errors']) == 1
    assert json_resp['errors'][0]['message'] == 'status garbage is not one of [pending, accepted, cancelled]'


@pytest.mark.parametrize('endpoint_format_str', [
    '/invite/organization/{}',
    '/invite/organization/check/{}',
])
def test_validate_invitation_token_returns_200_when_token_valid(client, sample_invited_org_user, endpoint_format_str):
    token = generate_token(str(sample_invited_org_user.id), current_app.config['SECRET_KEY'],
                           current_app.config['DANGEROUS_SALT'])

    url = endpoint_format_str.format(token)
    auth_header = create_admin_authorization_header()
    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 200
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['data'] == sample_invited_org_user.serialize()


def test_validate_invitation_token_for_expired_token_returns_400(client):
    with freeze_time('2016-01-01T12:00:00'):
        token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
                               current_app.config['DANGEROUS_SALT'])
    url = '/invite/organization/{}'.format(token)
    auth_header = create_admin_authorization_header()
    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 400
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['result'] == 'error'
    assert json_resp['message'] == {
        'invitation': 'Your invitation to GOV.UK Notify has expired. '
                      'Please ask the person that invited you to send you another one'}


def test_validate_invitation_token_returns_400_when_invited_user_does_not_exist(client):
    token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
                           current_app.config['DANGEROUS_SALT'])
    url = '/invite/organization/{}'.format(token)
    auth_header = create_admin_authorization_header()
    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 404
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['result'] == 'error'
    assert json_resp['message'] == 'No result found'


def test_validate_invitation_token_returns_400_when_token_is_malformed(client):
    token = generate_token(
        str(uuid.uuid4()),
        current_app.config['SECRET_KEY'],
        current_app.config['DANGEROUS_SALT']
    )[:-2]

    url = '/invite/organization/{}'.format(token)
    auth_header = create_admin_authorization_header()
    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 400
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['result'] == 'error'
    assert json_resp['message'] == {
        'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'
    }


def test_get_invited_org_user(admin_request, sample_invited_org_user):
    json_resp = admin_request.get(
        'organization_invite.get_invited_org_user',
        invited_org_user_id=sample_invited_org_user.id
    )
    assert json_resp['data']['id'] == str(sample_invited_org_user.id)
    assert json_resp['data']['email_address'] == sample_invited_org_user.email_address
    assert json_resp['data']['organization'] == str(sample_invited_org_user.organization_id)


def test_get_invited_org_user_404s_if_invite_doesnt_exist(admin_request, sample_invited_org_user, fake_uuid):
    json_resp = admin_request.get(
        'organization_invite.get_invited_org_user',
        invited_org_user_id=fake_uuid,
        _expected_status=404
    )
    assert json_resp['result'] == 'error'
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								import uuid
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								import pytest
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								from flask import current_app, json
 								from freezegun import freeze_time
 								from notifications_utils.url_safe_token import generate_token
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
-												Run auto-correct on app/ and tests/

											
										
										
											2021-03-10 13:55:06 +00:00
+								from app.models import INVITE_PENDING, Notification
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								from tests import create_admin_authorization_header
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								from tests.app.db import create_invited_org_user
-												Let the Notify team invite people to an organisation

We want to start granting access to the org page. But it will be a bit
weird if the invites come from us personally, since the people we’re
inviting don’t know us.

It makes more sense, and sounds more official if the invites appear to
come from the ‘GOV.UK Notify team’ instead.

											
										
										
											2020-03-05 11:26:08 +00:00
+								@pytest.mark.parametrize('platform_admin, expected_invited_by', (
 								    (True, 'The GOV.UK Notify team'),
 								    (False, 'Test User')
 								))
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								@pytest.mark.parametrize('extra_args, expected_start_of_invite_url', [
 								    (
 								        {},
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'http://localhost:6012/organization-invitation/'
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    ),
 								    (
 								        {'invite_link_host': 'https://www.example.com'},
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'https://www.example.com/organization-invitation/'
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    ),
 								])
 								def test_create_invited_org_user(
 								    admin_request,
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								    sample_organization,
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    sample_user,
 								    mocker,
 								    org_invite_email_template,
 								    extra_args,
 								    expected_start_of_invite_url,
-												Let the Notify team invite people to an organisation

We want to start granting access to the org page. But it will be a bit
weird if the invites come from us personally, since the people we’re
inviting don’t know us.

It makes more sense, and sounds more official if the invites appear to
come from the ‘GOV.UK Notify team’ instead.

											
										
										
											2020-03-05 11:26:08 +00:00
+								    platform_admin,
 								    expected_invited_by,
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								):
 								    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
 								    email_address = 'invited_user@example.com'
-												Let the Notify team invite people to an organisation

We want to start granting access to the org page. But it will be a bit
weird if the invites come from us personally, since the people we’re
inviting don’t know us.

It makes more sense, and sounds more official if the invites appear to
come from the ‘GOV.UK Notify team’ instead.

											
										
										
											2020-03-05 11:26:08 +00:00
+								    sample_user.platform_admin = platform_admin
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
 								    data = dict(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        organization=str(sample_organization.id),
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								        email_address=email_address,
 								        invited_by=str(sample_user.id),
 								        **extra_args
 								    )
 								    json_resp = admin_request.post(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.invite_user_to_org',
 								        organization_id=sample_organization.id,
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								        _data=data,
 								        _expected_status=201
 								    )
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								    assert json_resp['data']['organization'] == str(sample_organization.id)
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    assert json_resp['data']['email_address'] == email_address
 								    assert json_resp['data']['invited_by'] == str(sample_user.id)
 								    assert json_resp['data']['status'] == INVITE_PENDING
 								    assert json_resp['data']['id']
 								    notification = Notification.query.first()
 								    assert notification.reply_to_text == sample_user.email_address
 								    assert len(notification.personalisation.keys()) == 3
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								    assert notification.personalisation['organization_name'] == 'sample organization'
-												Let the Notify team invite people to an organisation

We want to start granting access to the org page. But it will be a bit
weird if the invites come from us personally, since the people we’re
inviting don’t know us.

It makes more sense, and sounds more official if the invites appear to
come from the ‘GOV.UK Notify team’ instead.

											
										
										
											2020-03-05 11:26:08 +00:00
+								    assert notification.personalisation['user_name'] == expected_invited_by
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    assert notification.personalisation['url'].startswith(expected_start_of_invite_url)
 								    assert len(notification.personalisation['url']) > len(expected_start_of_invite_url)
 								    mocked.assert_called_once_with([(str(notification.id))], queue="notify-internal-tasks")
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								def test_create_invited_user_invalid_email(admin_request, sample_organization, sample_user, mocker):
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
 								    email_address = 'notanemail'
 								    data = {
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'service': str(sample_organization.id),
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								        'email_address': email_address,
 								        'invited_by': str(sample_user.id),
 								    }
 								    json_resp = admin_request.post(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.invite_user_to_org',
 								        organization_id=sample_organization.id,
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								        _data=data,
 								        _expected_status=400
 								    )
 								    assert json_resp['errors'][0]['message'] == 'email_address Not a valid email address'
 								    assert mocked.call_count == 0
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								def test_get_all_invited_users_by_service(admin_request, sample_organization, sample_user):
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    for i in range(5):
 								        create_invited_org_user(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								            sample_organization,
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								            sample_user,
 								            email_address='invited_user_{}@service.gov.uk'.format(i)
 								        )
 								    json_resp = admin_request.get(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.get_invited_org_users_by_organization',
 								        organization_id=sample_organization.id
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    )
 								    assert len(json_resp['data']) == 5
 								    for invite in json_resp['data']:
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        assert invite['organization'] == str(sample_organization.id)
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								        assert invite['invited_by'] == str(sample_user.id)
 								        assert invite['id']
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								def test_get_invited_users_by_service_with_no_invites(admin_request, sample_organization):
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    json_resp = admin_request.get(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.get_invited_org_users_by_organization',
 								        organization_id=sample_organization.id
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    )
 								    assert len(json_resp['data']) == 0
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								def test_get_invited_user_by_organization(admin_request, sample_invited_org_user):
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
+								    json_resp = admin_request.get(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.get_invited_org_user_by_organization',
 								        organization_id=sample_invited_org_user.organization.id,
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
+								        invited_org_user_id=sample_invited_org_user.id
 								    )
 								    assert json_resp['data']['email_address'] == sample_invited_org_user.email_address
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								def test_get_invited_user_by_organization_when_user_does_not_belong_to_the_org(
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
+								    admin_request,
 								    sample_invited_org_user,
 								    fake_uuid,
 								):
 								    json_resp = admin_request.get(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.get_invited_org_user_by_organization',
 								        organization_id=fake_uuid,
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
+								        invited_org_user_id=sample_invited_org_user.id,
 								        _expected_status=404
 								    )
 								    assert json_resp['result'] == 'error'
-												- new endpoint to check the token for an org invitation.
- new endpoint to add user to organisation
- new endpoint to return users for an organisation

											
										
										
											2018-02-20 17:09:16 +00:00
+								def test_update_org_invited_user_set_status_to_cancelled(admin_request, sample_invited_org_user):
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    data = {'status': 'cancelled'}
 								    json_resp = admin_request.post(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.update_org_invite_status',
 								        organization_id=sample_invited_org_user.organization_id,
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								        invited_org_user_id=sample_invited_org_user.id,
 								        _data=data
 								    )
 								    assert json_resp['data']['status'] == 'cancelled'
-												- new endpoint to check the token for an org invitation.
- new endpoint to add user to organisation
- new endpoint to return users for an organisation

											
										
										
											2018-02-20 17:09:16 +00:00
+								def test_update_org_invited_user_for_wrong_service_returns_404(admin_request, sample_invited_org_user, fake_uuid):
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    data = {'status': 'cancelled'}
 								    json_resp = admin_request.post(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.update_org_invite_status',
 								        organization_id=fake_uuid,
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								        invited_org_user_id=sample_invited_org_user.id,
 								        _data=data,
 								        _expected_status=404
 								    )
 								    assert json_resp['message'] == 'No result found'
-												- new endpoint to check the token for an org invitation.
- new endpoint to add user to organisation
- new endpoint to return users for an organisation

											
										
										
											2018-02-20 17:09:16 +00:00
+								def test_update_org_invited_user_for_invalid_data_returns_400(admin_request, sample_invited_org_user):
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    data = {'status': 'garbage'}
 								    json_resp = admin_request.post(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.update_org_invite_status',
 								        organization_id=sample_invited_org_user.organization_id,
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								        invited_org_user_id=sample_invited_org_user.id,
 								        _data=data,
-												- new endpoint to check the token for an org invitation.
- new endpoint to add user to organisation
- new endpoint to return users for an organisation

											
										
										
											2018-02-20 17:09:16 +00:00
+								        _expected_status=400
-												add tests for org invite rest, and update conftest

											
										
										
											2018-02-19 17:14:01 +00:00
+								    )
-												- new endpoint to check the token for an org invitation.
- new endpoint to add user to organisation
- new endpoint to return users for an organisation

											
										
										
											2018-02-20 17:09:16 +00:00
+								    assert len(json_resp['errors']) == 1
 								    assert json_resp['errors'][0]['message'] == 'status garbage is not one of [pending, accepted, cancelled]'
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
-												add new `invite/<token_type>/check/<token>` endpoint

having `/invite/service/<token>` and `/invite/service/<id>` as two
separate routes (the first to validate an invite token, the second to
retrieve invite metadata) technically works. Routes are matched from
first to last until a match is found. The metadata endpoint only accepts
UUIDs, so requests with a UUID will be picked up by the correct
endpoint, while requests that don't look like a UUID will carry on
searching for an endpoint, and will find the token validation endpoint.

So while this works correctly for our normal expected input, it only
does so _because the UUID endpoint is first in the file_. This isn't
great, and it makes it harder to reason about the URLs when looking at
them.

To solve this, create the new `invite/service/check/<token>` endpoint.
For backwards compatibility, assign this in parallel with the existing
route - once the admin uses the new route we can remove the old route
and make better guarantees about what endpoint is being hit.

											
										
										
											2021-03-11 20:47:24 +00:00
+								@pytest.mark.parametrize('endpoint_format_str', [
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								    '/invite/organization/{}',
 								    '/invite/organization/check/{}',
-												add new `invite/<token_type>/check/<token>` endpoint

having `/invite/service/<token>` and `/invite/service/<id>` as two
separate routes (the first to validate an invite token, the second to
retrieve invite metadata) technically works. Routes are matched from
first to last until a match is found. The metadata endpoint only accepts
UUIDs, so requests with a UUID will be picked up by the correct
endpoint, while requests that don't look like a UUID will carry on
searching for an endpoint, and will find the token validation endpoint.

So while this works correctly for our normal expected input, it only
does so _because the UUID endpoint is first in the file_. This isn't
great, and it makes it harder to reason about the URLs when looking at
them.

To solve this, create the new `invite/service/check/<token>` endpoint.
For backwards compatibility, assign this in parallel with the existing
route - once the admin uses the new route we can remove the old route
and make better guarantees about what endpoint is being hit.

											
										
										
											2021-03-11 20:47:24 +00:00
+								])
 								def test_validate_invitation_token_returns_200_when_token_valid(client, sample_invited_org_user, endpoint_format_str):
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    token = generate_token(str(sample_invited_org_user.id), current_app.config['SECRET_KEY'],
 								                           current_app.config['DANGEROUS_SALT'])
-												add new `invite/<token_type>/check/<token>` endpoint

having `/invite/service/<token>` and `/invite/service/<id>` as two
separate routes (the first to validate an invite token, the second to
retrieve invite metadata) technically works. Routes are matched from
first to last until a match is found. The metadata endpoint only accepts
UUIDs, so requests with a UUID will be picked up by the correct
endpoint, while requests that don't look like a UUID will carry on
searching for an endpoint, and will find the token validation endpoint.

So while this works correctly for our normal expected input, it only
does so _because the UUID endpoint is first in the file_. This isn't
great, and it makes it harder to reason about the URLs when looking at
them.

To solve this, create the new `invite/service/check/<token>` endpoint.
For backwards compatibility, assign this in parallel with the existing
route - once the admin uses the new route we can remove the old route
and make better guarantees about what endpoint is being hit.

											
										
										
											2021-03-11 20:47:24 +00:00
 								    url = endpoint_format_str.format(token)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 200
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['data'] == sample_invited_org_user.serialize()
 								def test_validate_invitation_token_for_expired_token_returns_400(client):
 								    with freeze_time('2016-01-01T12:00:00'):
 								        token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
 								                               current_app.config['DANGEROUS_SALT'])
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								    url = '/invite/organization/{}'.format(token)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 400
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['result'] == 'error'
 								    assert json_resp['message'] == {
 								        'invitation': 'Your invitation to GOV.UK Notify has expired. '
 								                      'Please ask the person that invited you to send you another one'}
 								def test_validate_invitation_token_returns_400_when_invited_user_does_not_exist(client):
 								    token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
 								                           current_app.config['DANGEROUS_SALT'])
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								    url = '/invite/organization/{}'.format(token)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 404
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['result'] == 'error'
 								    assert json_resp['message'] == 'No result found'
 								def test_validate_invitation_token_returns_400_when_token_is_malformed(client):
 								    token = generate_token(
 								        str(uuid.uuid4()),
 								        current_app.config['SECRET_KEY'],
 								        current_app.config['DANGEROUS_SALT']
 								    )[:-2]
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								    url = '/invite/organization/{}'.format(token)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 400
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['result'] == 'error'
 								    assert json_resp['message'] == {
 								        'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'
 								    }
 								def test_get_invited_org_user(admin_request, sample_invited_org_user):
 								    json_resp = admin_request.get(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.get_invited_org_user',
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								        invited_org_user_id=sample_invited_org_user.id
 								    )
 								    assert json_resp['data']['id'] == str(sample_invited_org_user.id)
 								    assert json_resp['data']['email_address'] == sample_invited_org_user.email_address
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								    assert json_resp['data']['organization'] == str(sample_invited_org_user.organization_id)
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
 								def test_get_invited_org_user_404s_if_invite_doesnt_exist(admin_request, sample_invited_org_user, fake_uuid):
 								    json_resp = admin_request.get(
-												notify-api-332 rename organisation

											
										
										
											2023-07-10 11:06:29 -07:00
+								        'organization_invite.get_invited_org_user',
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								        invited_org_user_id=fake_uuid,
 								        _expected_status=404
 								    )
 								    assert json_resp['result'] == 'error'