tests/app/service_invite/test_service_invite_rest.py

import json
import uuid

import pytest
from flask import current_app
from freezegun import freeze_time
from notifications_utils.url_safe_token import generate_token

from app.models import EMAIL_AUTH_TYPE, SMS_AUTH_TYPE, Notification
from tests import create_admin_authorization_header
from tests.app.db import create_invited_user


@pytest.mark.parametrize('extra_args, expected_start_of_invite_url', [
    (
        {},
        'http://localhost:6012/invitation/'
    ),
    (
        {'invite_link_host': 'https://www.example.com'},
        'https://www.example.com/invitation/'
    ),
])
def test_create_invited_user(
    admin_request,
    sample_service,
    mocker,
    invitation_email_template,
    extra_args,
    expected_start_of_invite_url,
):
    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
    email_address = 'invited_user@service.gov.uk'
    invite_from = sample_service.users[0]

    data = dict(
        service=str(sample_service.id),
        email_address=email_address,
        from_user=str(invite_from.id),
        permissions='send_messages,manage_service,manage_api_keys',
        auth_type=EMAIL_AUTH_TYPE,
        folder_permissions=['folder_1', 'folder_2', 'folder_3'],
        **extra_args
    )

    json_resp = admin_request.post(
        'service_invite.create_invited_user',
        service_id=sample_service.id,
        _data=data,
        _expected_status=201
    )

    assert json_resp['data']['service'] == str(sample_service.id)
    assert json_resp['data']['email_address'] == email_address
    assert json_resp['data']['from_user'] == str(invite_from.id)
    assert json_resp['data']['permissions'] == 'send_messages,manage_service,manage_api_keys'
    assert json_resp['data']['auth_type'] == EMAIL_AUTH_TYPE
    assert json_resp['data']['id']
    assert json_resp['data']['folder_permissions'] == ['folder_1', 'folder_2', 'folder_3']

    notification = Notification.query.first()

    assert notification.reply_to_text == invite_from.email_address

    assert len(notification.personalisation.keys()) == 3
    assert notification.personalisation['service_name'] == 'Sample service'
    assert notification.personalisation['user_name'] == 'Test User'
    assert notification.personalisation['url'].startswith(expected_start_of_invite_url)
    assert len(notification.personalisation['url']) > len(expected_start_of_invite_url)
    assert str(notification.template_id) == current_app.config['INVITATION_EMAIL_TEMPLATE_ID']

    mocked.assert_called_once_with([(str(notification.id))], queue="notify-internal-tasks")


def test_create_invited_user_without_auth_type(admin_request, sample_service, mocker, invitation_email_template):
    mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
    email_address = 'invited_user@service.gov.uk'
    invite_from = sample_service.users[0]

    data = {
        'service': str(sample_service.id),
        'email_address': email_address,
        'from_user': str(invite_from.id),
        'permissions': 'send_messages,manage_service,manage_api_keys',
        'folder_permissions': []
    }

    json_resp = admin_request.post(
        'service_invite.create_invited_user',
        service_id=sample_service.id,
        _data=data,
        _expected_status=201
    )

    assert json_resp['data']['auth_type'] == SMS_AUTH_TYPE


def test_create_invited_user_invalid_email(client, sample_service, mocker, fake_uuid):
    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
    email_address = 'notanemail'
    invite_from = sample_service.users[0]

    data = {
        'service': str(sample_service.id),
        'email_address': email_address,
        'from_user': str(invite_from.id),
        'permissions': 'send_messages,manage_service,manage_api_keys',
        'folder_permissions': [fake_uuid, fake_uuid]
    }

    data = json.dumps(data)

    auth_header = create_admin_authorization_header()

    response = client.post(
        '/service/{}/invite'.format(sample_service.id),
        headers=[('Content-Type', 'application/json'), auth_header],
        data=data
    )
    assert response.status_code == 400
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['result'] == 'error'
    assert json_resp['message'] == {'email_address': ['Not a valid email address']}
    assert mocked.call_count == 0


def test_get_all_invited_users_by_service(client, notify_db_session, sample_service):
    invites = []
    for i in range(0, 5):
        email = 'invited_user_{}@service.gov.uk'.format(i)
        invited_user = create_invited_user(sample_service, to_email_address=email)
        invites.append(invited_user)

    url = '/service/{}/invite'.format(sample_service.id)

    auth_header = create_admin_authorization_header()

    response = client.get(
        url,
        headers=[('Content-Type', 'application/json'), auth_header]
    )
    assert response.status_code == 200
    json_resp = json.loads(response.get_data(as_text=True))

    invite_from = sample_service.users[0]

    for invite in json_resp['data']:
        assert invite['service'] == str(sample_service.id)
        assert invite['from_user'] == str(invite_from.id)
        assert invite['auth_type'] == SMS_AUTH_TYPE
        assert invite['id']


def test_get_invited_users_by_service_with_no_invites(client, notify_db_session, sample_service):
    url = '/service/{}/invite'.format(sample_service.id)

    auth_header = create_admin_authorization_header()

    response = client.get(
        url,
        headers=[('Content-Type', 'application/json'), auth_header]
    )
    assert response.status_code == 200
    json_resp = json.loads(response.get_data(as_text=True))
    assert len(json_resp['data']) == 0


def test_get_invited_user_by_service(admin_request, sample_invited_user):
    json_resp = admin_request.get(
        'service_invite.get_invited_user_by_service',
        service_id=sample_invited_user.service.id,
        invited_user_id=sample_invited_user.id
    )
    assert json_resp['data']['email_address'] == sample_invited_user.email_address


def test_get_invited_user_by_service_when_user_does_not_belong_to_the_service(
    admin_request,
    sample_invited_user,
    fake_uuid,
):
    json_resp = admin_request.get(
        'service_invite.get_invited_user_by_service',
        service_id=fake_uuid,
        invited_user_id=sample_invited_user.id,
        _expected_status=404
    )
    assert json_resp['result'] == 'error'


def test_update_invited_user_set_status_to_cancelled(client, sample_invited_user):
    data = {'status': 'cancelled'}
    url = '/service/{0}/invite/{1}'.format(sample_invited_user.service_id, sample_invited_user.id)
    auth_header = create_admin_authorization_header()
    response = client.post(url,
                           data=json.dumps(data),
                           headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 200
    json_resp = json.loads(response.get_data(as_text=True))['data']
    assert json_resp['status'] == 'cancelled'


def test_update_invited_user_for_wrong_service_returns_404(client, sample_invited_user, fake_uuid):
    data = {'status': 'cancelled'}
    url = '/service/{0}/invite/{1}'.format(fake_uuid, sample_invited_user.id)
    auth_header = create_admin_authorization_header()
    response = client.post(url, data=json.dumps(data),
                           headers=[('Content-Type', 'application/json'), auth_header])
    assert response.status_code == 404
    json_response = json.loads(response.get_data(as_text=True))['message']
    assert json_response == 'No result found'


def test_update_invited_user_for_invalid_data_returns_400(client, sample_invited_user):
    data = {'status': 'garbage'}
    url = '/service/{0}/invite/{1}'.format(sample_invited_user.service_id, sample_invited_user.id)
    auth_header = create_admin_authorization_header()
    response = client.post(url, data=json.dumps(data),
                           headers=[('Content-Type', 'application/json'), auth_header])
    assert response.status_code == 400


@pytest.mark.parametrize('endpoint_format_str', [
    '/invite/service/{}',
    '/invite/service/check/{}',
])
def test_validate_invitation_token_returns_200_when_token_valid(client, sample_invited_user, endpoint_format_str):
    token = generate_token(str(sample_invited_user.id), current_app.config['SECRET_KEY'],
                           current_app.config['DANGEROUS_SALT'])
    url = endpoint_format_str.format(token)
    auth_header = create_admin_authorization_header()
    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 200
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['data']['id'] == str(sample_invited_user.id)
    assert json_resp['data']['email_address'] == sample_invited_user.email_address
    assert json_resp['data']['from_user'] == str(sample_invited_user.user_id)
    assert json_resp['data']['service'] == str(sample_invited_user.service_id)
    assert json_resp['data']['status'] == sample_invited_user.status
    assert json_resp['data']['permissions'] == sample_invited_user.permissions
    assert json_resp['data']['folder_permissions'] == sample_invited_user.folder_permissions


def test_validate_invitation_token_for_expired_token_returns_400(client):
    with freeze_time('2016-01-01T12:00:00'):
        token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
                               current_app.config['DANGEROUS_SALT'])
    url = '/invite/service/{}'.format(token)
    auth_header = create_admin_authorization_header()
    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 400
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['result'] == 'error'
    assert json_resp['message'] == {
        'invitation': 'Your invitation to GOV.UK Notify has expired. '
                      'Please ask the person that invited you to send you another one'}


def test_validate_invitation_token_returns_400_when_invited_user_does_not_exist(client):
    token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
                           current_app.config['DANGEROUS_SALT'])
    url = '/invite/service/{}'.format(token)
    auth_header = create_admin_authorization_header()
    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 404
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['result'] == 'error'
    assert json_resp['message'] == 'No result found'


def test_validate_invitation_token_returns_400_when_token_is_malformed(client):
    token = generate_token(
        str(uuid.uuid4()),
        current_app.config['SECRET_KEY'],
        current_app.config['DANGEROUS_SALT']
    )[:-2]

    url = '/invite/service/{}'.format(token)
    auth_header = create_admin_authorization_header()
    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])

    assert response.status_code == 400
    json_resp = json.loads(response.get_data(as_text=True))
    assert json_resp['result'] == 'error'
    assert json_resp['message'] == {
        'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'
    }


def test_get_invited_user(admin_request, sample_invited_user):
    json_resp = admin_request.get(
        'service_invite.get_invited_user',
        invited_user_id=sample_invited_user.id
    )
    assert json_resp['data']['id'] == str(sample_invited_user.id)
    assert json_resp['data']['email_address'] == sample_invited_user.email_address
    assert json_resp['data']['service'] == str(sample_invited_user.service_id)
    assert json_resp['data']['permissions'] == sample_invited_user.permissions


def test_get_invited_user_404s_if_invite_doesnt_exist(admin_request, sample_invited_user, fake_uuid):
    json_resp = admin_request.get(
        'service_invite.get_invited_user',
        invited_user_id=fake_uuid,
        _expected_status=404
    )
    assert json_resp['result'] == 'error'
-												[WIP] added endpoint and dao to create invites for users.

Droped token as later code to send email invite can generate
timebased url to send to user. That can then be checked
against configurable time threshold for expiry. Therefore
no need to store a token.

											
										
										
											2016-02-24 14:01:19 +00:00
+								import json
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								import uuid
-												Run auto-correct on app/ and tests/

											
										
										
											2021-03-10 13:55:06 +00:00
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
+								import pytest
-												Send broadcast invite email for broadcast service invites

This means the copy is more accurate and mentions sending emergency
alerts rather than previous copy about sending emails texts and letters.

											
										
										
											2020-09-15 16:45:24 +01:00
+								from flask import current_app
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								from freezegun import freeze_time
 								from notifications_utils.url_safe_token import generate_token
-												[WIP] added endpoint and dao to create invites for users.

Droped token as later code to send email invite can generate
timebased url to send to user. That can then be checked
against configurable time threshold for expiry. Therefore
no need to store a token.

											
										
										
											2016-02-24 14:01:19 +00:00
-												Run auto-correct on app/ and tests/

											
										
										
											2021-03-10 13:55:06 +00:00
+								from app.models import EMAIL_AUTH_TYPE, SMS_AUTH_TYPE, Notification
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								from tests import create_admin_authorization_header
-												Stop calling fixures as functions in the tests

											
										
										
											2019-10-31 15:02:30 +00:00
+								from tests.app.db import create_invited_user
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
+								@pytest.mark.parametrize('extra_args, expected_start_of_invite_url', [
 								    (
 								        {},
 								        'http://localhost:6012/invitation/'
 								    ),
 								    (
 								        {'invite_link_host': 'https://www.example.com'},
 								        'https://www.example.com/invitation/'
 								    ),
 								])
 								def test_create_invited_user(
 								    admin_request,
 								    sample_service,
 								    mocker,
 								    invitation_email_template,
 								    extra_args,
 								    expected_start_of_invite_url,
 								):
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
 								    email_address = 'invited_user@service.gov.uk'
 								    invite_from = sample_service.users[0]
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
+								    data = dict(
 								        service=str(sample_service.id),
 								        email_address=email_address,
 								        from_user=str(invite_from.id),
 								        permissions='send_messages,manage_service,manage_api_keys',
 								        auth_type=EMAIL_AUTH_TYPE,
-												Update invited user tests to take folder_permissions into account

											
										
										
											2019-03-11 14:33:51 +00:00
+								        folder_permissions=['folder_1', 'folder_2', 'folder_3'],
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
+								        **extra_args
 								    )
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
-												add auth_type to schemas to enable updating in endpoints

											
										
										
											2017-10-30 11:53:55 +00:00
+								    json_resp = admin_request.post(
-												rename invite blueprints

nb: the routes are not changing as part of this, only file paths and
blueprint names.

invite -> service_invite

this blueprint handles fetching invites for a service, creating invites,
etc.

accept_invite -> global_invite

this blueprint handles accepting invites for now, but will also involve
retrieving service/org user invite data without knowing the service/org
id associated. i'm not in love with this name and open to suggestions,
but i wanted to contrast it from service_invite and
organisation/invite_rest.py.

											
										
										
											2021-03-05 20:13:56 +00:00
+								        'service_invite.create_invited_user',
-												add auth_type to schemas to enable updating in endpoints

											
										
										
											2017-10-30 11:53:55 +00:00
+								        service_id=sample_service.id,
 								        _data=data,
 								        _expected_status=201
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    )
 								    assert json_resp['data']['service'] == str(sample_service.id)
 								    assert json_resp['data']['email_address'] == email_address
 								    assert json_resp['data']['from_user'] == str(invite_from.id)
 								    assert json_resp['data']['permissions'] == 'send_messages,manage_service,manage_api_keys'
-												add auth_type to schemas to enable updating in endpoints

											
										
										
											2017-10-30 11:53:55 +00:00
+								    assert json_resp['data']['auth_type'] == EMAIL_AUTH_TYPE
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    assert json_resp['data']['id']
-												Update invited user tests to take folder_permissions into account

											
										
										
											2019-03-11 14:33:51 +00:00
+								    assert json_resp['data']['folder_permissions'] == ['folder_1', 'folder_2', 'folder_3']
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
 								    notification = Notification.query.first()
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
-												Change reply to address for invitation emails to be invitation sender

If someone receives an invitation email for Notify the reply-to address
of the email was the GOV.UK Notify email address. This has been changed
to be the email address of the user who sent the invite.

Pivotal story: https://www.pivotaltracker.com/story/show/153094646

											
										
										
											2017-12-18 11:39:21 +00:00
+								    assert notification.reply_to_text == invite_from.email_address
-												Allow admin to domain to use for invite links

When we’re doing user research we often:
- start the task by inviting the participant to a service on Notify
- have them use a prototype version of the admin app, hosted on a
  different domain

Currently we can’t do both of these things together, because the invite
emails always send people to `notifications.service.gov.uk` (because
it’s the API that sends the emails, and the prototype admin app points
at the production API).

This commit changes the API to optionally allow an instance of the admin
app to specify which domain should be used when generating invite links.

											
										
										
											2017-12-20 14:38:49 +00:00
 								    assert len(notification.personalisation.keys()) == 3
 								    assert notification.personalisation['service_name'] == 'Sample service'
 								    assert notification.personalisation['user_name'] == 'Test User'
 								    assert notification.personalisation['url'].startswith(expected_start_of_invite_url)
 								    assert len(notification.personalisation['url']) > len(expected_start_of_invite_url)
-												Send broadcast invite email for broadcast service invites

This means the copy is more accurate and mentions sending emergency
alerts rather than previous copy about sending emails texts and letters.

											
										
										
											2020-09-15 16:45:24 +01:00
+								    assert str(notification.template_id) == current_app.config['INVITATION_EMAIL_TEMPLATE_ID']
 								    mocked.assert_called_once_with([(str(notification.id))], queue="notify-internal-tasks")
-												add auth_type to schemas to enable updating in endpoints

											
										
										
											2017-10-30 11:53:55 +00:00
+								def test_create_invited_user_without_auth_type(admin_request, sample_service, mocker, invitation_email_template):
-												more flake8. lots of unused imports and variables that didn't get used. i tried to preserve old variable names as comments when it looked like they were useful (eg when they were describing timestamps)

											
										
										
											2017-11-28 17:21:21 +00:00
+								    mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
-												add auth_type to schemas to enable updating in endpoints

											
										
										
											2017-10-30 11:53:55 +00:00
+								    email_address = 'invited_user@service.gov.uk'
 								    invite_from = sample_service.users[0]
 								    data = {
 								        'service': str(sample_service.id),
 								        'email_address': email_address,
 								        'from_user': str(invite_from.id),
 								        'permissions': 'send_messages,manage_service,manage_api_keys',
-												Update invited user tests to take folder_permissions into account

											
										
										
											2019-03-11 14:33:51 +00:00
+								        'folder_permissions': []
-												add auth_type to schemas to enable updating in endpoints

											
										
										
											2017-10-30 11:53:55 +00:00
+								    }
 								    json_resp = admin_request.post(
-												rename invite blueprints

nb: the routes are not changing as part of this, only file paths and
blueprint names.

invite -> service_invite

this blueprint handles fetching invites for a service, creating invites,
etc.

accept_invite -> global_invite

this blueprint handles accepting invites for now, but will also involve
retrieving service/org user invite data without knowing the service/org
id associated. i'm not in love with this name and open to suggestions,
but i wanted to contrast it from service_invite and
organisation/invite_rest.py.

											
										
										
											2021-03-05 20:13:56 +00:00
+								        'service_invite.create_invited_user',
-												add auth_type to schemas to enable updating in endpoints

											
										
										
											2017-10-30 11:53:55 +00:00
+								        service_id=sample_service.id,
 								        _data=data,
 								        _expected_status=201
 								    )
 								    assert json_resp['data']['auth_type'] == SMS_AUTH_TYPE
-												Update invited user tests to take folder_permissions into account

											
										
										
											2019-03-11 14:33:51 +00:00
+								def test_create_invited_user_invalid_email(client, sample_service, mocker, fake_uuid):
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
 								    email_address = 'notanemail'
 								    invite_from = sample_service.users[0]
 								    data = {
 								        'service': str(sample_service.id),
 								        'email_address': email_address,
 								        'from_user': str(invite_from.id),
-												Update invited user tests to take folder_permissions into account

											
										
										
											2019-03-11 14:33:51 +00:00
+								        'permissions': 'send_messages,manage_service,manage_api_keys',
 								        'folder_permissions': [fake_uuid, fake_uuid]
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    }
 								    data = json.dumps(data)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
 								    response = client.post(
 								        '/service/{}/invite'.format(sample_service.id),
 								        headers=[('Content-Type', 'application/json'), auth_header],
 								        data=data
 								    )
 								    assert response.status_code == 400
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['result'] == 'error'
-												bump utils to 13.0.1

brings in a fix to InvalidEmail/Phone/AddressExceptions not being
instantiated correctly. `exception.message` is not a python standard,
so we shouldn't be relying on it to transmit exception reasons -
rather we should be using `str(exception)` instead. This involved a
handful of small changes to the schema validation

											
										
										
											2017-01-09 16:22:27 +00:00
+								    assert json_resp['message'] == {'email_address': ['Not a valid email address']}
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    assert mocked.call_count == 0
-												remove usage of notify_db fixture in unit tests

* notify_db fixture creates the database connection and ensures the test
  db exists and has migrations applied etc. It will run once per session
  (test run).
* notify_db_session fixture runs after your test finishes and deletes
  all non static (eg type table) data.

In unit tests that hit the database (ie: most of them), 99% of the time
we will need to use notify_db_session to ensure everything is reset. The
only time we don't need to use it is when we're querying things such as
"ensure get X works when database is empty". This is such a low
percentage of tests that it's easier for us to just use
notify_db_session every time, and ensure that all our tests run much
more consistently, at the cost of a small bit of performance when
running tests.

We used to use notify_db to access the session object for manually
adding, committing, etc. To dissuade usage of that fixture I've moved
that to the `notify_db_session`. I've then removed all uses of notify_db
that I could find in the codebase.

As a note, if you're writing a test that uses a `sample_x` fixture, all
of those fixtures rely on notify_db_session so you'll get the teardown
functionality for free. If you're just calling eg `create_x` db.py
functions, then you'll need to make you add notify_db_session fixture to
your test, even if you aren't manually accessing the session.

											
										
										
											2022-05-03 17:00:51 +01:00
+								def test_get_all_invited_users_by_service(client, notify_db_session, sample_service):
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
+								    invites = []
 								    for i in range(0, 5):
 								        email = 'invited_user_{}@service.gov.uk'.format(i)
-												Stop calling fixures as functions in the tests

											
										
										
											2019-10-31 15:02:30 +00:00
+								        invited_user = create_invited_user(sample_service, to_email_address=email)
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
+								        invites.append(invited_user)
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    url = '/service/{}/invite'.format(sample_service.id)
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    response = client.get(
 								        url,
 								        headers=[('Content-Type', 'application/json'), auth_header]
 								    )
 								    assert response.status_code == 200
 								    json_resp = json.loads(response.get_data(as_text=True))
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    invite_from = sample_service.users[0]
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    for invite in json_resp['data']:
 								        assert invite['service'] == str(sample_service.id)
 								        assert invite['from_user'] == str(invite_from.id)
-												add email code verification

by hitting POST /<user_id>/email-code, we create an email two factor
code to send to the user. That email contains a link with a token that
will sign the user in when opened.

Also some other things:

"email verification" (aka when you first create an account) doesn't
hit the API anymore

refactor 2fa code verification and sending to use jsonschema, and share code between sms and email

Die marshmallow die!

											
										
										
											2017-11-03 09:51:50 +00:00
+								        assert invite['auth_type'] == SMS_AUTH_TYPE
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								        assert invite['id']
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												remove usage of notify_db fixture in unit tests

* notify_db fixture creates the database connection and ensures the test
  db exists and has migrations applied etc. It will run once per session
  (test run).
* notify_db_session fixture runs after your test finishes and deletes
  all non static (eg type table) data.

In unit tests that hit the database (ie: most of them), 99% of the time
we will need to use notify_db_session to ensure everything is reset. The
only time we don't need to use it is when we're querying things such as
"ensure get X works when database is empty". This is such a low
percentage of tests that it's easier for us to just use
notify_db_session every time, and ensure that all our tests run much
more consistently, at the cost of a small bit of performance when
running tests.

We used to use notify_db to access the session object for manually
adding, committing, etc. To dissuade usage of that fixture I've moved
that to the `notify_db_session`. I've then removed all uses of notify_db
that I could find in the codebase.

As a note, if you're writing a test that uses a `sample_x` fixture, all
of those fixtures rely on notify_db_session so you'll get the teardown
functionality for free. If you're just calling eg `create_x` db.py
functions, then you'll need to make you add notify_db_session fixture to
your test, even if you aren't manually accessing the session.

											
										
										
											2022-05-03 17:00:51 +01:00
+								def test_get_invited_users_by_service_with_no_invites(client, notify_db_session, sample_service):
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    url = '/service/{}/invite'.format(sample_service.id)
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    response = client.get(
 								        url,
 								        headers=[('Content-Type', 'application/json'), auth_header]
 								    )
 								    assert response.status_code == 200
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert len(json_resp['data']) == 0
-												[WIP] added dao and rest endpoint for retrieving invited users
by service and by id.

											
										
										
											2016-02-25 11:22:36 +00:00
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
+								def test_get_invited_user_by_service(admin_request, sample_invited_user):
 								    json_resp = admin_request.get(
-												rename invite blueprints

nb: the routes are not changing as part of this, only file paths and
blueprint names.

invite -> service_invite

this blueprint handles fetching invites for a service, creating invites,
etc.

accept_invite -> global_invite

this blueprint handles accepting invites for now, but will also involve
retrieving service/org user invite data without knowing the service/org
id associated. i'm not in love with this name and open to suggestions,
but i wanted to contrast it from service_invite and
organisation/invite_rest.py.

											
										
										
											2021-03-05 20:13:56 +00:00
+								        'service_invite.get_invited_user_by_service',
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
+								        service_id=sample_invited_user.service.id,
 								        invited_user_id=sample_invited_user.id
 								    )
 								    assert json_resp['data']['email_address'] == sample_invited_user.email_address
 								def test_get_invited_user_by_service_when_user_does_not_belong_to_the_service(
 								    admin_request,
 								    sample_invited_user,
 								    fake_uuid,
 								):
 								    json_resp = admin_request.get(
-												rename invite blueprints

nb: the routes are not changing as part of this, only file paths and
blueprint names.

invite -> service_invite

this blueprint handles fetching invites for a service, creating invites,
etc.

accept_invite -> global_invite

this blueprint handles accepting invites for now, but will also involve
retrieving service/org user invite data without knowing the service/org
id associated. i'm not in love with this name and open to suggestions,
but i wanted to contrast it from service_invite and
organisation/invite_rest.py.

											
										
										
											2021-03-05 20:13:56 +00:00
+								        'service_invite.get_invited_user_by_service',
-												Add endpoints to get invited users

We want to display flash messages in admin when invites have been
cancelled. This message needs to display the user's email address, so
this commit adds endpoints to GET a single invited service user and org
user so that we can look up the email address of a cancelled user.

											
										
										
											2020-08-17 11:59:55 +01:00
+								        service_id=fake_uuid,
 								        invited_user_id=sample_invited_user.id,
 								        _expected_status=404
 								    )
 								    assert json_resp['result'] == 'error'
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								def test_update_invited_user_set_status_to_cancelled(client, sample_invited_user):
 								    data = {'status': 'cancelled'}
 								    url = '/service/{0}/invite/{1}'.format(sample_invited_user.service_id, sample_invited_user.id)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    response = client.post(url,
 								                           data=json.dumps(data),
 								                           headers=[('Content-Type', 'application/json'), auth_header])
-												New endpoint to update invited user.
Can be used to update status on invited user.

											
										
										
											2016-03-01 13:33:20 +00:00
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    assert response.status_code == 200
 								    json_resp = json.loads(response.get_data(as_text=True))['data']
 								    assert json_resp['status'] == 'cancelled'
-												New endpoint to update invited user.
Can be used to update status on invited user.

											
										
										
											2016-03-01 13:33:20 +00:00
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								def test_update_invited_user_for_wrong_service_returns_404(client, sample_invited_user, fake_uuid):
 								    data = {'status': 'cancelled'}
 								    url = '/service/{0}/invite/{1}'.format(fake_uuid, sample_invited_user.id)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    response = client.post(url, data=json.dumps(data),
 								                           headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 404
 								    json_response = json.loads(response.get_data(as_text=True))['message']
 								    assert json_response == 'No result found'
-												New endpoint to update invited user.
Can be used to update status on invited user.

											
										
										
											2016-03-01 13:33:20 +00:00
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								def test_update_invited_user_for_invalid_data_returns_400(client, sample_invited_user):
 								    data = {'status': 'garbage'}
 								    url = '/service/{0}/invite/{1}'.format(sample_invited_user.service_id, sample_invited_user.id)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												Refactor create_invited_user to persist and send message to the notify queue.

The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to
ensure priority for messages.

6th task for story: https://www.pivotaltracker.com/story/show/135839709

											
										
										
											2016-12-20 15:59:31 +00:00
+								    response = client.post(url, data=json.dumps(data),
 								                           headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 400
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
-												add new `invite/<token_type>/check/<token>` endpoint

having `/invite/service/<token>` and `/invite/service/<id>` as two
separate routes (the first to validate an invite token, the second to
retrieve invite metadata) technically works. Routes are matched from
first to last until a match is found. The metadata endpoint only accepts
UUIDs, so requests with a UUID will be picked up by the correct
endpoint, while requests that don't look like a UUID will carry on
searching for an endpoint, and will find the token validation endpoint.

So while this works correctly for our normal expected input, it only
does so _because the UUID endpoint is first in the file_. This isn't
great, and it makes it harder to reason about the URLs when looking at
them.

To solve this, create the new `invite/service/check/<token>` endpoint.
For backwards compatibility, assign this in parallel with the existing
route - once the admin uses the new route we can remove the old route
and make better guarantees about what endpoint is being hit.

											
										
										
											2021-03-11 20:47:24 +00:00
+								@pytest.mark.parametrize('endpoint_format_str', [
 								    '/invite/service/{}',
 								    '/invite/service/check/{}',
 								])
 								def test_validate_invitation_token_returns_200_when_token_valid(client, sample_invited_user, endpoint_format_str):
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    token = generate_token(str(sample_invited_user.id), current_app.config['SECRET_KEY'],
 								                           current_app.config['DANGEROUS_SALT'])
-												add new `invite/<token_type>/check/<token>` endpoint

having `/invite/service/<token>` and `/invite/service/<id>` as two
separate routes (the first to validate an invite token, the second to
retrieve invite metadata) technically works. Routes are matched from
first to last until a match is found. The metadata endpoint only accepts
UUIDs, so requests with a UUID will be picked up by the correct
endpoint, while requests that don't look like a UUID will carry on
searching for an endpoint, and will find the token validation endpoint.

So while this works correctly for our normal expected input, it only
does so _because the UUID endpoint is first in the file_. This isn't
great, and it makes it harder to reason about the URLs when looking at
them.

To solve this, create the new `invite/service/check/<token>` endpoint.
For backwards compatibility, assign this in parallel with the existing
route - once the admin uses the new route we can remove the old route
and make better guarantees about what endpoint is being hit.

											
										
										
											2021-03-11 20:47:24 +00:00
+								    url = endpoint_format_str.format(token)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 200
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['data']['id'] == str(sample_invited_user.id)
 								    assert json_resp['data']['email_address'] == sample_invited_user.email_address
 								    assert json_resp['data']['from_user'] == str(sample_invited_user.user_id)
 								    assert json_resp['data']['service'] == str(sample_invited_user.service_id)
 								    assert json_resp['data']['status'] == sample_invited_user.status
 								    assert json_resp['data']['permissions'] == sample_invited_user.permissions
 								    assert json_resp['data']['folder_permissions'] == sample_invited_user.folder_permissions
 								def test_validate_invitation_token_for_expired_token_returns_400(client):
 								    with freeze_time('2016-01-01T12:00:00'):
 								        token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
 								                               current_app.config['DANGEROUS_SALT'])
 								    url = '/invite/service/{}'.format(token)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 400
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['result'] == 'error'
 								    assert json_resp['message'] == {
 								        'invitation': 'Your invitation to GOV.UK Notify has expired. '
 								                      'Please ask the person that invited you to send you another one'}
 								def test_validate_invitation_token_returns_400_when_invited_user_does_not_exist(client):
 								    token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
 								                           current_app.config['DANGEROUS_SALT'])
 								    url = '/invite/service/{}'.format(token)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 404
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['result'] == 'error'
 								    assert json_resp['message'] == 'No result found'
 								def test_validate_invitation_token_returns_400_when_token_is_malformed(client):
 								    token = generate_token(
 								        str(uuid.uuid4()),
 								        current_app.config['SECRET_KEY'],
 								        current_app.config['DANGEROUS_SALT']
 								    )[:-2]
 								    url = '/invite/service/{}'.format(token)
-												Split generating authorization headers by type

In response to [1].

[1]: https://github.com/alphagov/notifications-api/pull/3300#discussion_r681653248

											
										
										
											2021-08-04 15:12:09 +01:00
+								    auth_header = create_admin_authorization_header()
-												remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and
organisation/invite_rest.py respectively. Remove the prefix from all the
blueprints to allow this.

											
										
										
											2021-03-11 20:26:44 +00:00
+								    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
 								    assert response.status_code == 400
 								    json_resp = json.loads(response.get_data(as_text=True))
 								    assert json_resp['result'] == 'error'
 								    assert json_resp['message'] == {
 								        'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'
 								    }
 								def test_get_invited_user(admin_request, sample_invited_user):
 								    json_resp = admin_request.get(
 								        'service_invite.get_invited_user',
 								        invited_user_id=sample_invited_user.id
 								    )
 								    assert json_resp['data']['id'] == str(sample_invited_user.id)
 								    assert json_resp['data']['email_address'] == sample_invited_user.email_address
 								    assert json_resp['data']['service'] == str(sample_invited_user.service_id)
 								    assert json_resp['data']['permissions'] == sample_invited_user.permissions
 								def test_get_invited_user_404s_if_invite_doesnt_exist(admin_request, sample_invited_user, fake_uuid):
 								    json_resp = admin_request.get(
 								        'service_invite.get_invited_user',
 								        invited_user_id=fake_uuid,
 								        _expected_status=404
 								    )
 								    assert json_resp['result'] == 'error'