darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-22 00:11:16 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
3d8a58deabfcef13cdbfdd298564b1b16367d329
notifications-api/tests/app/user/test_rest_verify.py

309 lines
12 KiB
Python
Raw Normal View History

All tests working, second time around.
2016-01-21 17:29:24 +00:00
import json
Changes as per code review comments. Fix my backward date math :P
2017-02-15 17:41:07 +00:00
import uuid
Added task for sending email verification links out on intial registration. Left original email code endpoint in as it is still used for things like email change.
2016-03-17 13:06:17 +00:00
from datetime import (
datetime,
timedelta
)
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
import pytest
[WIP] use send_sms task to send sms code. Tests are broken because the template data for the Notify service is being delete after every test. Need a way to seed the data for the test.
2016-06-03 15:15:46 +01:00
from flask import url_for, current_app
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
from freezegun import freeze_time
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
from app.dao.services_dao import dao_update_service, dao_fetch_service_by_id
Added task for sending email verification links out on intial registration. Left original email code endpoint in as it is still used for things like email change.
2016-03-17 13:06:17 +00:00
from app.models import (
VerifyCode,
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
User,
Notification
Added task for sending email verification links out on intial registration. Left original email code endpoint in as it is still used for things like email change.
2016-03-17 13:06:17 +00:00
)
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
from app import db
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
import app.celery.tasks
Added task for sending email verification links out on intial registration. Left original email code endpoint in as it is still used for things like email change.
2016-03-17 13:06:17 +00:00
All tests working, second time around.
2016-01-21 17:29:24 +00:00
from tests import create_authorization_header
Added task for sending email verification links out on intial registration. Left original email code endpoint in as it is still used for things like email change.
2016-03-17 13:06:17 +00:00
All tests working, second time around.
2016-01-21 17:29:24 +00:00
Add current_session_id to the user model, update on login when we change the last logged in time, set the current session id to a random uuid this way, we can compare it to the cookie a user has, and if they differ then we can log them out also update user.logged_in_at at 2FA rather than password check, since that feels more accurate
2017-02-17 14:06:16 +00:00
@freeze_time('2016-01-01T12:00:00')
def test_user_verify_code(client, sample_sms_code):
sample_sms_code.user.logged_in_at = datetime.utcnow() - timedelta(days=1)
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
assert not VerifyCode.query.first().code_used
Add current_session_id to the user model, update on login when we change the last logged in time, set the current session id to a random uuid this way, we can compare it to the cookie a user has, and if they differ then we can log them out also update user.logged_in_at at 2FA rather than password check, since that feels more accurate
2017-02-17 14:06:16 +00:00
assert sample_sms_code.user.current_session_id is None
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
data = json.dumps({
'code_type': sample_sms_code.code_type,
'code': sample_sms_code.txt_code})
auth_header = create_authorization_header()
resp = client.post(
url_for('user.verify_user_code', user_id=sample_sms_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
assert VerifyCode.query.first().code_used
Add current_session_id to the user model, update on login when we change the last logged in time, set the current session id to a random uuid this way, we can compare it to the cookie a user has, and if they differ then we can log them out also update user.logged_in_at at 2FA rather than password check, since that feels more accurate
2017-02-17 14:06:16 +00:00
assert sample_sms_code.user.logged_in_at == datetime.utcnow()
assert sample_sms_code.user.current_session_id is not None
All tests working, second time around.
2016-01-21 17:29:24 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
def test_user_verify_code_missing_code(client,
sample_sms_code):
assert not VerifyCode.query.first().code_used
data = json.dumps({'code_type': sample_sms_code.code_type})
auth_header = create_authorization_header()
resp = client.post(
url_for('user.verify_user_code', user_id=sample_sms_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 400
assert not VerifyCode.query.first().code_used
assert User.query.get(sample_sms_code.user.id).failed_login_count == 0
def test_user_verify_code_bad_code_and_increments_failed_login_count(client,
sample_sms_code):
assert not VerifyCode.query.first().code_used
data = json.dumps({
'code_type': sample_sms_code.code_type,
'code': "blah"})
auth_header = create_authorization_header()
resp = client.post(
url_for('user.verify_user_code', user_id=sample_sms_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 404
assert not VerifyCode.query.first().code_used
assert User.query.get(sample_sms_code.user.id).failed_login_count == 1
def test_user_verify_code_expired_code_and_increments_failed_login_count(
client,
sample_sms_code):
assert not VerifyCode.query.first().code_used
sample_sms_code.expiry_datetime = (
datetime.utcnow() - timedelta(hours=1))
db.session.add(sample_sms_code)
db.session.commit()
data = json.dumps({
'code_type': sample_sms_code.code_type,
'code': sample_sms_code.txt_code})
auth_header = create_authorization_header()
resp = client.post(
url_for('user.verify_user_code', user_id=sample_sms_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 400
assert not VerifyCode.query.first().code_used
assert User.query.get(sample_sms_code.user.id).failed_login_count == 1
All tests working, second time around.
2016-01-21 17:29:24 +00:00
Capture logged in at when password is verified
2016-03-07 15:01:40 +00:00
@freeze_time("2016-01-01 10:00:00.000000")
Add current_session_id to the user model, update on login when we change the last logged in time, set the current session id to a random uuid this way, we can compare it to the cookie a user has, and if they differ then we can log them out also update user.logged_in_at at 2FA rather than password check, since that feels more accurate
2017-02-17 14:06:16 +00:00
def test_user_verify_password(client, sample_user):
yesterday = datetime.utcnow() - timedelta(days=1)
sample_user.logged_in_at = yesterday
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
data = json.dumps({'password': 'password'})
auth_header = create_authorization_header()
resp = client.post(
url_for('user.verify_user_password', user_id=sample_user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
Add current_session_id to the user model, update on login when we change the last logged in time, set the current session id to a random uuid this way, we can compare it to the cookie a user has, and if they differ then we can log them out also update user.logged_in_at at 2FA rather than password check, since that feels more accurate
2017-02-17 14:06:16 +00:00
assert User.query.get(sample_user.id).logged_in_at == yesterday
All tests working, second time around.
2016-01-21 17:29:24 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
def test_user_verify_password_invalid_password(client,
Updated send user code to use an optional to field to send emails Added tests for send_user_code
2016-01-27 11:51:02 +00:00
sample_user):
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
data = json.dumps({'password': 'bad password'})
auth_header = create_authorization_header()
Record and persist failed login count on api.
2016-01-25 11:14:23 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
assert sample_user.failed_login_count == 0
Record and persist failed login count on api.
2016-01-25 11:14:23 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
resp = client.post(
url_for('user.verify_user_password', user_id=sample_user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 400
json_resp = json.loads(resp.get_data(as_text=True))
assert 'Incorrect password' in json_resp['message']['password']
assert sample_user.failed_login_count == 1
All tests working, second time around.
2016-01-21 17:29:24 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
def test_user_verify_password_valid_password_resets_failed_logins(client,
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0.
2016-01-28 11:32:46 +00:00
sample_user):
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
data = json.dumps({'password': 'bad password'})
auth_header = create_authorization_header()
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0.
2016-01-28 11:32:46 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
assert sample_user.failed_login_count == 0
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0.
2016-01-28 11:32:46 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
resp = client.post(
url_for('user.verify_user_password', user_id=sample_user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 400
json_resp = json.loads(resp.get_data(as_text=True))
assert 'Incorrect password' in json_resp['message']['password']
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0.
2016-01-28 11:32:46 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
assert sample_user.failed_login_count == 1
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0.
2016-01-28 11:32:46 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
data = json.dumps({'password': 'password'})
auth_header = create_authorization_header()
resp = client.post(
url_for('user.verify_user_password', user_id=sample_user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0.
2016-01-28 11:32:46 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
assert resp.status_code == 204
assert sample_user.failed_login_count == 0
If failed login count > 0 and user subsequently logs in sucessfully, then failed logins set to 0.
2016-01-28 11:32:46 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
def test_user_verify_password_missing_password(client,
Updated send user code to use an optional to field to send emails Added tests for send_user_code
2016-01-27 11:51:02 +00:00
sample_user):
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
auth_header = create_authorization_header()
resp = client.post(
url_for('user.verify_user_password', user_id=sample_user.id),
Changes as per code review comments. Fix my backward date math :P
2017-02-15 17:41:07 +00:00
data=json.dumps({'bingo': 'bongo'}),
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 400
json_resp = json.loads(resp.get_data(as_text=True))
assert 'Required field missing data' in json_resp['message']['password']
Updated send user code to use an optional to field to send emails Added tests for send_user_code
2016-01-27 11:51:02 +00:00
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
@pytest.mark.parametrize('research_mode', [True, False])
[WIP] use send_sms task to send sms code. Tests are broken because the template data for the Notify service is being delete after every test. Need a way to seed the data for the test.
2016-06-03 15:15:46 +01:00
@freeze_time("2016-01-01 11:09:00.061258")
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
def test_send_user_sms_code(client,
[WIP] use send_sms task to send sms code. Tests are broken because the template data for the Notify service is being delete after every test. Need a way to seed the data for the test.
2016-06-03 15:15:46 +01:00
sample_user,
Fix tests for sending sms codes. Since the unit tests delete the data in between tests I need to add the template data for the test for send sms code.
2016-06-06 11:51:12 +01:00
sms_code_template,
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
mocker,
research_mode):
Refactor user/<user_id>/code into two endpoints. - Created new endpoint user/<user_id>/sms-code to send the sms verification code to the user. - Create new endpoirtn user/<user_id>/email-code to send the email verifcation code to the user. - Marked the old methods, schema, tests with a TODO to be deleted when the admin app is no longer sending messages to /user/<user_id>/code - Added error handlers for DataError and NoResultFound. Data error catches invalid input errors. - Added error handler for SqlAlchemyError which catches any other database errors. - Removed the need for the try catches around the db calls in the user endpoints with the addition of the db error handlers. - We may want to wrap db excpetions in the dao, if we want the No results found message to be more specific and say no result found for user.
2016-02-19 11:37:35 +00:00
"""
Tests POST endpoint /user/<user_id>/sms-code
"""
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
if research_mode:
notify_service = dao_fetch_service_by_id(current_app.config['NOTIFY_SERVICE_ID'])
notify_service.research_mode = True
dao_update_service(notify_service)
Fix tests for sending sms codes. Since the unit tests delete the data in between tests I need to add the template data for the test for send sms code.
2016-06-06 11:51:12 +01:00
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
auth_header = create_authorization_header()
mocked = mocker.patch('app.user.rest.create_secret_code', return_value='11111')
mocker.patch('app.celery.provider_tasks.deliver_sms.apply_async')
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
resp = client.post(
url_for('user.send_user_sms_code', user_id=sample_user.id),
data=json.dumps({}),
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
assert mocked.call_count == 1
assert VerifyCode.query.count() == 1
assert VerifyCode.query.first().check_code('11111')
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
assert Notification.query.count() == 1
notification = Notification.query.first()
assert notification.personalisation == {'verify_code': '11111'}
assert notification.to == sample_user.mobile_number
assert str(notification.service_id) == current_app.config['NOTIFY_SERVICE_ID']
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
app.celery.provider_tasks.deliver_sms.apply_async.assert_called_once_with(
([str(notification.id)]),
queue="notify"
)
Refactor user/<user_id>/code into two endpoints. - Created new endpoint user/<user_id>/sms-code to send the sms verification code to the user. - Create new endpoirtn user/<user_id>/email-code to send the email verifcation code to the user. - Marked the old methods, schema, tests with a TODO to be deleted when the admin app is no longer sending messages to /user/<user_id>/code - Added error handlers for DataError and NoResultFound. Data error catches invalid input errors. - Added error handler for SqlAlchemyError which catches any other database errors. - Removed the need for the try catches around the db calls in the user endpoints with the addition of the db error handlers. - We may want to wrap db excpetions in the dao, if we want the No results found message to be more specific and say no result found for user.
2016-02-19 11:37:35 +00:00
[WIP] use send_sms task to send sms code. Tests are broken because the template data for the Notify service is being delete after every test. Need a way to seed the data for the test.
2016-06-03 15:15:46 +01:00
@freeze_time("2016-01-01 11:09:00.061258")
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
def test_send_user_code_for_sms_with_optional_to_field(client,
[WIP] use send_sms task to send sms code. Tests are broken because the template data for the Notify service is being delete after every test. Need a way to seed the data for the test.
2016-06-03 15:15:46 +01:00
sample_user,
Fix tests for sending sms codes. Since the unit tests delete the data in between tests I need to add the template data for the test for send sms code.
2016-06-06 11:51:12 +01:00
sms_code_template,
[WIP] use send_sms task to send sms code. Tests are broken because the template data for the Notify service is being delete after every test. Need a way to seed the data for the test.
2016-06-03 15:15:46 +01:00
mocker):
Refactor user/<user_id>/code into two endpoints. - Created new endpoint user/<user_id>/sms-code to send the sms verification code to the user. - Create new endpoirtn user/<user_id>/email-code to send the email verifcation code to the user. - Marked the old methods, schema, tests with a TODO to be deleted when the admin app is no longer sending messages to /user/<user_id>/code - Added error handlers for DataError and NoResultFound. Data error catches invalid input errors. - Added error handler for SqlAlchemyError which catches any other database errors. - Removed the need for the try catches around the db calls in the user endpoints with the addition of the db error handlers. - We may want to wrap db excpetions in the dao, if we want the No results found message to be more specific and say no result found for user.
2016-02-19 11:37:35 +00:00
"""
Send Notify's 2FA codes via only the `notify` queue This means that these codes won't be delayed by large jobs going through the send-sms/email queues. send_user_sms_code now works much more like the endpoints for sending notifications, by persisting the notification and only using the deliver_sms task (instead of using send_sms as well). The workers consuming the `notify` queue should be able to handle the deliver task as well, so no change should be needed to the celery workers to support this. I think there's also a change in behaviour here: previously, if the Notify service was in research mode, 2FA codes would not have been sent out, making it impossible to log into the admin. Now, a call to this endpoint will always send out the notification even if we've put the Notify service into research mode, since we set the notification's key type to normal and ignore the service's research mode setting when sending the notification to the queue.
2016-12-09 14:55:24 +00:00
Tests POST endpoint /user/<user_id>/sms-code with optional to field
Fix tests for sending sms codes. Since the unit tests delete the data in between tests I need to add the template data for the test for send sms code.
2016-06-06 11:51:12 +01:00
"""
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
to_number = '+441119876757'
mocked = mocker.patch('app.user.rest.create_secret_code', return_value='11111')
mocker.patch('app.celery.provider_tasks.deliver_sms.apply_async')
auth_header = create_authorization_header()
resp = client.post(
url_for('user.send_user_sms_code', user_id=sample_user.id),
data=json.dumps({'to': to_number}),
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
assert mocked.call_count == 1
notification = Notification.query.first()
assert notification.to == to_number
app.celery.provider_tasks.deliver_sms.apply_async.assert_called_once_with(
([str(notification.id)]),
queue="notify"
)
Refactor user/<user_id>/code into two endpoints. - Created new endpoint user/<user_id>/sms-code to send the sms verification code to the user. - Create new endpoirtn user/<user_id>/email-code to send the email verifcation code to the user. - Marked the old methods, schema, tests with a TODO to be deleted when the admin app is no longer sending messages to /user/<user_id>/code - Added error handlers for DataError and NoResultFound. Data error catches invalid input errors. - Added error handler for SqlAlchemyError which catches any other database errors. - Removed the need for the try catches around the db calls in the user endpoints with the addition of the db error handlers. - We may want to wrap db excpetions in the dao, if we want the No results found message to be more specific and say no result found for user.
2016-02-19 11:37:35 +00:00
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
def test_send_sms_code_returns_404_for_bad_input_data(client):
uuid_ = uuid.uuid4()
auth_header = create_authorization_header()
resp = client.post(
url_for('user.send_user_sms_code', user_id=uuid_),
Changes as per code review comments. Fix my backward date math :P
2017-02-15 17:41:07 +00:00
data=json.dumps({}),
Set the expiry time on a verify code (2fa) to 10 minutes. When the verify code is wrong or expired increment the failed to login count for the user. When the verify code is successfully used reset the failed login count to 0.
2017-02-14 14:04:11 +00:00
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 404
assert json.loads(resp.get_data(as_text=True))['message'] == 'No result found'
Refactor user/<user_id>/code into two endpoints. - Created new endpoint user/<user_id>/sms-code to send the sms verification code to the user. - Create new endpoirtn user/<user_id>/email-code to send the email verifcation code to the user. - Marked the old methods, schema, tests with a TODO to be deleted when the admin app is no longer sending messages to /user/<user_id>/code - Added error handlers for DataError and NoResultFound. Data error catches invalid input errors. - Added error handler for SqlAlchemyError which catches any other database errors. - Removed the need for the try catches around the db calls in the user endpoints with the addition of the db error handlers. - We may want to wrap db excpetions in the dao, if we want the No results found message to be more specific and say no result found for user.
2016-02-19 11:37:35 +00:00
Add a limit to the number of active 2fa codes that we create. At the moment that is set to 10.
2017-02-15 16:18:05 +00:00
def test_send_sms_code_returns_204_when_too_many_codes_already_created(client, sample_user):
for i in range(10):
verify_code = VerifyCode(
code_type='sms',
_code=12345,
created_at=datetime.utcnow() - timedelta(minutes=10),
Changes as per code review comments. Fix my backward date math :P
2017-02-15 17:41:07 +00:00
expiry_datetime=datetime.utcnow() + timedelta(minutes=40),
Add a limit to the number of active 2fa codes that we create. At the moment that is set to 10.
2017-02-15 16:18:05 +00:00
user=sample_user
)
db.session.add(verify_code)
db.session.commit()
assert VerifyCode.query.count() == 10
auth_header = create_authorization_header()
resp = client.post(
url_for('user.send_user_sms_code', user_id=sample_user.id),
Changes as per code review comments. Fix my backward date math :P
2017-02-15 17:41:07 +00:00
data=json.dumps({}),
Add a limit to the number of active 2fa codes that we create. At the moment that is set to 10.
2017-02-15 16:18:05 +00:00
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
assert VerifyCode.query.count() == 10
Refactor send_user_email_verification to persist the notification then put on the "notify" queue for delivery. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages.
2016-12-19 15:31:54 +00:00
def test_send_user_email_verification(client,
Use notify to send email verification
2016-06-09 16:41:20 +01:00
sample_user,
mocker,
email_verification_template):
Refactor send_user_email_verification to persist the notification then put on the "notify" queue for delivery. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages.
2016-12-19 15:31:54 +00:00
mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
auth_header = create_authorization_header()
resp = client.post(
url_for('user.send_user_email_verification', user_id=str(sample_user.id)),
Changes as per code review comments. Fix my backward date math :P
2017-02-15 17:41:07 +00:00
data=json.dumps({}),
Refactor send_user_email_verification to persist the notification then put on the "notify" queue for delivery. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages.
2016-12-19 15:31:54 +00:00
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
notification = Notification.query.first()
Refactor send_user_reset_password to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 5th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 11:55:26 +00:00
mocked.assert_called_once_with(([str(notification.id)]), queue="notify")
Refactor send_user_email_verification to persist the notification then put on the "notify" queue for delivery. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages.
2016-12-19 15:31:54 +00:00
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
def test_send_email_verification_returns_404_for_bad_input_data(client, notify_db_session, mocker):
Use notify to send email verification
2016-06-09 16:41:20 +01:00
"""
Tests POST endpoint /user/<user_id>/sms-code return 404 for bad input data
"""
Refactor send_user_reset_password to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 5th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 11:55:26 +00:00
mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
Refactor send_user_email_verification to persist the notification then put on the "notify" queue for delivery. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages.
2016-12-19 15:31:54 +00:00
uuid_ = uuid.uuid4()
auth_header = create_authorization_header()
resp = client.post(
url_for('user.send_user_email_verification', user_id=uuid_),
Changes as per code review comments. Fix my backward date math :P
2017-02-15 17:41:07 +00:00
data=json.dumps({}),
Refactor send_user_email_verification to persist the notification then put on the "notify" queue for delivery. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages.
2016-12-19 15:31:54 +00:00
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 404
assert json.loads(resp.get_data(as_text=True))['message'] == 'No result found'
Refactor send_user_reset_password to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 5th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 11:55:26 +00:00
assert mocked.call_count == 0
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
def test_user_verify_user_code_valid_code_resets_failed_login_count(client, sample_sms_code):
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
sample_sms_code.user.failed_login_count = 1
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
data = json.dumps({
'code_type': sample_sms_code.code_type,
'code': sample_sms_code.txt_code})
resp = client.post(
url_for('user.verify_user_code', user_id=sample_sms_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), create_authorization_header()])
assert resp.status_code == 204
assert sample_sms_code.user.failed_login_count == 0
assert sample_sms_code.code_used
Reference in New Issue Copy Permalink