darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-23 17:01:35 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
8bc1091f7325e3e56fce84f7069f11df1fb32b31
notifications-api/tests/app/user/test_rest.py

1279 lines
39 KiB
Python
Raw Normal View History

more tests
2023-08-14 15:32:22 -07:00
import json
Fix import order check
2021-05-19 08:21:35 +01:00
import uuid
Fix reset password flow It was broken because of unhappy marshmallow schema and flag name mismatch
2020-02-18 14:48:23 +00:00
from datetime import datetime
Bump moto version to try solve dependencies version conflict Also update mock import statements in some test files as they stopped working with this dependency update.
2021-07-08 14:10:58 +01:00
from unittest import mock
Fix bug in PermissionDAO Refactor user/test_rest Remove conftest/sample_admin_service
2016-03-01 10:34:27 +00:00
Run auto-correct on app/ and tests/
2021-03-10 13:55:06 +00:00
import pytest
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
from flask import current_app
Use GOV.UK Notify service to send the forgot password email link using the template to create the message.
2016-06-16 10:43:41 +01:00
from freezegun import freeze_time
Fix bug in PermissionDAO Refactor user/test_rest Remove conftest/sample_admin_service
2016-03-01 10:34:27 +00:00
code review feedback, fix setup.cfg and reformat
2023-08-25 08:10:33 -07:00
from app.dao.service_user_dao import dao_get_service_user, dao_update_service_user
Even more cleanup. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-21 14:14:45 -05:00
from app.enums import AuthType, KeyType, NotificationType, PermissionType
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
from app.models import Notification, Permission, User
Run auto-correct on app/ and tests/
2021-03-10 13:55:06 +00:00
from tests.app.db import (
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
create_organization,
Run auto-correct on app/ and tests/
2021-03-10 13:55:06 +00:00
create_service,
create_template_folder,
create_user,
)
Service and User API added, working with tests. Still need to polish the edges and add more tests.
2016-01-11 15:07:13 +00:00
add auth_type to schemas to enable updating in endpoints
2017-10-30 11:53:55 +00:00
def test_get_user_list(admin_request, sample_service):
Service and User API added, working with tests. Still need to polish the edges and add more tests.
2016-01-11 15:07:13 +00:00
"""
Tests GET endpoint '/' to retrieve entire user list.
"""
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.get("user.get_user")
add auth_type to schemas to enable updating in endpoints
2017-10-30 11:53:55 +00:00
# it may have the notify user in the DB still :weary:
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert len(json_resp["data"]) >= 1
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
sample_user = sample_service.users[0]
Cleaning things up, trying to get tests to work. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-17 17:28:46 -05:00
expected_permissions = PermissionType.defaults()
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
fetched = next(x for x in json_resp["data"] if x["id"] == str(sample_user.id))
assert sample_user.name == fetched["name"]
assert sample_user.mobile_number == fetched["mobile_number"]
assert sample_user.email_address == fetched["email_address"]
assert sample_user.state == fetched["state"]
assert sorted(expected_permissions) == sorted(
fetched["permissions"][str(sample_service.id)]
)
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
more tests
2023-08-14 15:32:22 -07:00
def test_get_all_users(admin_request):
create_user()
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.get("user.get_all_users")
more tests
2023-08-14 15:32:22 -07:00
json_resp_str = json.dumps(json_resp)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert "Test User" in json_resp_str
assert "+12028675309" in json_resp_str
more tests
2023-08-14 15:32:22 -07:00
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
def test_get_user(admin_request, sample_service, sample_organization):
Service and User API added, working with tests. Still need to polish the edges and add more tests.
2016-01-11 15:07:13 +00:00
"""
Tests GET endpoint '/<user_id>' to retrieve a single service.
"""
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
sample_user = sample_service.users[0]
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
sample_user.organizations = [sample_organization]
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.get("user.get_user", user_id=sample_user.id)
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
Cleaning things up, trying to get tests to work. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-17 17:28:46 -05:00
expected_permissions = PermissionType.defaults()
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
fetched = json_resp["data"]
assert fetched["id"] == str(sample_user.id)
assert fetched["name"] == sample_user.name
assert fetched["mobile_number"] == sample_user.mobile_number
assert fetched["email_address"] == sample_user.email_address
assert fetched["state"] == sample_user.state
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert fetched["auth_type"] == AuthType.SMS
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert fetched["permissions"].keys() == {str(sample_service.id)}
assert fetched["services"] == [str(sample_service.id)]
assert fetched["organizations"] == [str(sample_organization.id)]
assert fetched["can_use_webauthn"] is False
assert sorted(fetched["permissions"][str(sample_service.id)]) == sorted(
expected_permissions
)
def test_get_user_doesnt_return_inactive_services_and_orgs(
admin_request, sample_service, sample_organization
):
replace user_schema with serialize method on user model this is so that we can filter out inactive organisations and services note: can't remove user schema completely, as we still use it in POST /user to create new users
2018-03-06 17:47:29 +00:00
"""
Tests GET endpoint '/<user_id>' to retrieve a single service.
"""
sample_service.active = False
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
sample_organization.active = False
replace user_schema with serialize method on user model this is so that we can filter out inactive organisations and services note: can't remove user schema completely, as we still use it in POST /user to create new users
2018-03-06 17:47:29 +00:00
sample_user = sample_service.users[0]
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
sample_user.organizations = [sample_organization]
replace user_schema with serialize method on user model this is so that we can filter out inactive organisations and services note: can't remove user schema completely, as we still use it in POST /user to create new users
2018-03-06 17:47:29 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.get("user.get_user", user_id=sample_user.id)
replace user_schema with serialize method on user model this is so that we can filter out inactive organisations and services note: can't remove user schema completely, as we still use it in POST /user to create new users
2018-03-06 17:47:29 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
fetched = json_resp["data"]
replace user_schema with serialize method on user model this is so that we can filter out inactive organisations and services note: can't remove user schema completely, as we still use it in POST /user to create new users
2018-03-06 17:47:29 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert fetched["id"] == str(sample_user.id)
assert fetched["services"] == []
assert fetched["organizations"] == []
assert fetched["permissions"] == {}
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_post_user(admin_request, notify_db_session):
Service and User API added, working with tests. Still need to polish the edges and add more tests.
2016-01-11 15:07:13 +00:00
"""
Tests POST endpoint '/' to create a user.
"""
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
User.query.delete()
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
data = {
"name": "Test User",
code review feedback remove british fake email addresses
2023-08-16 07:19:18 -07:00
"email_address": "user@digital.fake.gov",
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
"password": "password",
Update tests to focus on US numbers
2023-01-04 16:35:25 -05:00
"mobile_number": "+12028675309",
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
add auth_type to schemas to enable updating in endpoints
2017-10-30 11:53:55 +00:00
"permissions": {},
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
"auth_type": AuthType.EMAIL,
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.post("user.create_user", _data=data, _expected_status=201)
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
user = User.query.filter_by(email_address="user@digital.fake.gov").first()
Replace how `.load` is called https://marshmallow.readthedocs.io/en/stable/upgrading.html#schemas-are-always-strict `.load` doesn't return a `(data, errors)` tuple any more - only data is returned. A `ValidationError` is raised if validation fails. The code now relies on the `marshmallow_validation_error` error handler to handle errors instead of having to raise an `InvalidRequest`. This has no effect on the response that is returned (a test has been modified to check). Also added a new `password` field to the `UserSchema` so that we don't have to specially check for password errors in the `.create_user` endpoint - we can let marshmallow handle them.
2022-05-06 15:25:14 +01:00
assert user.check_password("password")
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["data"]["email_address"] == user.email_address
assert json_resp["data"]["id"] == str(user.id)
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert user.auth_type == AuthType.EMAIL
add auth_type to schemas to enable updating in endpoints
2017-10-30 11:53:55 +00:00
def test_post_user_without_auth_type(admin_request, notify_db_session):
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
User.query.delete()
add auth_type to schemas to enable updating in endpoints
2017-10-30 11:53:55 +00:00
data = {
"name": "Test User",
code review feedback remove british fake email addresses
2023-08-16 07:19:18 -07:00
"email_address": "user@digital.fake.gov",
add auth_type to schemas to enable updating in endpoints
2017-10-30 11:53:55 +00:00
"password": "password",
Update tests to focus on US numbers
2023-01-04 16:35:25 -05:00
"mobile_number": "+12028675309",
add auth_type to schemas to enable updating in endpoints
2017-10-30 11:53:55 +00:00
"permissions": {},
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.post("user.create_user", _data=data, _expected_status=201)
add auth_type to schemas to enable updating in endpoints
2017-10-30 11:53:55 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
user = User.query.filter_by(email_address="user@digital.fake.gov").first()
assert json_resp["data"]["id"] == str(user.id)
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert user.auth_type == AuthType.SMS
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_post_user_missing_attribute_email(admin_request, notify_db_session):
Add more tests.
2016-01-11 18:09:10 +00:00
"""
Tests POST endpoint '/' missing attribute email.
"""
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
User.query.delete()
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
data = {
"name": "Test User",
"password": "password",
Update tests to focus on US numbers
2023-01-04 16:35:25 -05:00
"mobile_number": "+12028675309",
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"permissions": {},
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.post("user.create_user", _data=data, _expected_status=400)
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
assert User.query.count() == 0
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert {"email_address": ["Missing data for required field."]} == json_resp[
"message"
]
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_create_user_missing_attribute_password(admin_request, notify_db_session):
Add rest of user model fields to api. First step to moving user interactions to api.
2016-01-19 11:38:29 +00:00
"""
Tests POST endpoint '/' missing attribute password.
"""
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
User.query.delete()
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
data = {
"name": "Test User",
code review feedback remove british fake email addresses
2023-08-16 07:19:18 -07:00
"email_address": "user@digital.fake.gov",
Update tests to focus on US numbers
2023-01-04 16:35:25 -05:00
"mobile_number": "+12028675309",
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
"logged_in_at": None,
"state": "active",
"failed_login_count": 0,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"permissions": {},
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.post("user.create_user", _data=data, _expected_status=400)
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
assert User.query.count() == 0
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert {"password": ["Missing data for required field."]} == json_resp["message"]
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_can_create_user_with_email_auth_and_no_mobile(
admin_request, notify_db_session
):
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
data = {
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": "Test User",
"email_address": "user@digital.fake.gov",
"password": "password",
"mobile_number": None,
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
"auth_type": AuthType.EMAIL,
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.post("user.create_user", _data=data, _expected_status=201)
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert json_resp["data"]["auth_type"] == AuthType.EMAIL
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["data"]["mobile_number"] is None
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_cannot_create_user_with_sms_auth_and_no_mobile(
admin_request, notify_db_session
):
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
data = {
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": "Test User",
"email_address": "user@digital.fake.gov",
"password": "password",
"mobile_number": None,
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
"auth_type": AuthType.SMS,
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.post("user.create_user", _data=data, _expected_status=400)
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert (
json_resp["message"]
Trying to get the Auth Types to work right. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-29 16:09:27 -05:00
== "Mobile number must be set if auth_type is set to AuthType.SMS"
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
)
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
def test_cannot_create_user_with_empty_strings(admin_request, notify_db_session):
data = {
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": "",
"email_address": "",
"password": "password",
"mobile_number": "",
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
"auth_type": AuthType.EMAIL,
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
resp = admin_request.post("user.create_user", _data=data, _expected_status=400)
assert resp["message"] == {
"email_address": ["Not a valid email address"],
"mobile_number": [
"Invalid phone number: The string supplied did not seem to be a phone number."
],
"name": ["Invalid name"],
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
@pytest.mark.parametrize(
"user_attribute, user_value",
[
("name", "New User"),
("email_address", "newuser@mail.com"),
("mobile_number", "+4407700900460"),
],
)
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_post_user_attribute(admin_request, sample_user, user_attribute, user_value):
Add separate endpoint to update a single user attr
2016-11-07 17:42:23 +00:00
assert getattr(sample_user, user_attribute) != user_value
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
update_dict = {user_attribute: user_value}
Add separate endpoint to update a single user attr
2016-11-07 17:42:23 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json_resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.update_user_attribute", user_id=sample_user.id, _data=update_dict
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
)
Add separate endpoint to update a single user attr
2016-11-07 17:42:23 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["data"][user_attribute] == user_value
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
assert getattr(sample_user, user_attribute) == user_value
Add separate endpoint to update a single user attr
2016-11-07 17:42:23 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
@pytest.mark.parametrize(
"user_attribute, user_value, arguments",
[
("name", "New User", None),
(
"email_address",
"newuser@mail.com",
dict(
api_key_id=None,
Even more cleanup. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-21 14:14:45 -05:00
key_type=KeyType.NORMAL,
Even more cleanup. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-20 17:00:54 -05:00
notification_type=NotificationType.EMAIL,
fix tests
2024-01-22 10:55:09 -08:00
personalisation={},
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
recipient="newuser@mail.com",
reply_to_text="notify@gov.uk",
service=mock.ANY,
template_id=uuid.UUID("c73f1d71-4049-46d5-a647-d013bdeca3f0"),
template_version=1,
),
),
(
"mobile_number",
"+4407700900460",
dict(
api_key_id=None,
Even more cleanup. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-21 14:14:45 -05:00
key_type=KeyType.NORMAL,
Even more cleanup. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-20 17:00:54 -05:00
notification_type=NotificationType.SMS,
fix tests
2024-01-22 10:55:09 -08:00
personalisation={},
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
recipient="+4407700900460",
reply_to_text="testing",
service=mock.ANY,
template_id=uuid.UUID("8a31520f-4751-4789-8ea1-fe54496725eb"),
template_version=1,
),
),
],
)
Send confirmation emails to users when team manager edits their email address or mobile number.
2019-02-26 16:25:04 +00:00
def test_post_user_attribute_with_updated_by(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
admin_request,
mocker,
sample_user,
user_attribute,
user_value,
arguments,
team_member_email_edit_template,
team_member_mobile_edit_template,
Send confirmation emails to users when team manager edits their email address or mobile number.
2019-02-26 16:25:04 +00:00
):
code review feedback remove british fake email addresses
2023-08-16 07:19:18 -07:00
updater = create_user(name="Service Manago", email="notify_manago@digital.fake.gov")
Send confirmation emails to users when team manager edits their email address or mobile number.
2019-02-26 16:25:04 +00:00
assert getattr(sample_user, user_attribute) != user_value
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
update_dict = {user_attribute: user_value, "updated_by": str(updater.id)}
mock_persist_notification = mocker.patch("app.user.rest.persist_notification")
mocker.patch("app.user.rest.send_notification_to_queue")
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json_resp = admin_request.post(
More fixes, removing literal "created" from code. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-21 11:27:38 -05:00
"user.update_user_attribute",
user_id=sample_user.id,
_data=update_dict,
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["data"][user_attribute] == user_value
Send confirmation emails to users when team manager edits their email address or mobile number.
2019-02-26 16:25:04 +00:00
if arguments:
mock_persist_notification.assert_called_once_with(**arguments)
else:
mock_persist_notification.assert_not_called()
Send text message that are to an international number from a number rather than "Notify" Update `send_user_2fa_code` to send from number when recipient is international Update `update_user_attribute` to send from number when recipient is international
2021-02-17 09:52:04 +00:00
def test_post_user_attribute_with_updated_by_sends_notification_to_international_from_number(
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request, mocker, sample_user, team_member_mobile_edit_template
Send text message that are to an international number from a number rather than "Notify" Update `send_user_2fa_code` to send from number when recipient is international Update `update_user_attribute` to send from number when recipient is international
2021-02-17 09:52:04 +00:00
):
updater = create_user(name="Service Manago")
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
update_dict = {"mobile_number": "+601117224412", "updated_by": str(updater.id)}
mocker.patch("app.user.rest.send_notification_to_queue")
Send text message that are to an international number from a number rather than "Notify" Update `send_user_2fa_code` to send from number when recipient is international Update `update_user_attribute` to send from number when recipient is international
2021-02-17 09:52:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
More fixes, removing literal "created" from code. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-21 11:27:38 -05:00
"user.update_user_attribute",
user_id=sample_user.id,
_data=update_dict,
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
)
Send text message that are to an international number from a number rather than "Notify" Update `send_user_2fa_code` to send from number when recipient is international Update `update_user_attribute` to send from number when recipient is international
2021-02-17 09:52:04 +00:00
notification = Notification.query.first()
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert (
notification.reply_to_text
== current_app.config["NOTIFY_INTERNATIONAL_SMS_SENDER"]
)
Send text message that are to an international number from a number rather than "Notify" Update `send_user_2fa_code` to send from number when recipient is international Update `update_user_attribute` to send from number when recipient is international
2021-02-17 09:52:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_archive_user(mocker, admin_request, sample_user):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
archive_mock = mocker.patch("app.user.rest.dao_archive_user")
Add endpoint to archive a user This archives a user if their state is 'active'.
2019-05-21 15:59:23 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
More fixes, removing literal "created" from code. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-21 11:27:38 -05:00
"user.archive_user",
user_id=sample_user.id,
_expected_status=204,
Add endpoint to archive a user This archives a user if their state is 'active'.
2019-05-21 15:59:23 +01:00
)
archive_mock.assert_called_once_with(sample_user)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_archive_user_when_user_does_not_exist_gives_404(
mocker, admin_request, fake_uuid, notify_db_session
):
archive_mock = mocker.patch("app.user.rest.dao_archive_user")
Add endpoint to archive a user This archives a user if their state is 'active'.
2019-05-21 15:59:23 +01:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
admin_request.post("user.archive_user", user_id=fake_uuid, _expected_status=404)
Add endpoint to archive a user This archives a user if their state is 'active'.
2019-05-21 15:59:23 +01:00
archive_mock.assert_not_called()
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_archive_user_when_user_cannot_be_archived(mocker, admin_request, sample_user):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
mocker.patch("app.dao.users_dao.user_can_be_archived", return_value=False)
Add endpoint to archive a user This archives a user if their state is 'active'.
2019-05-21 15:59:23 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json_resp = admin_request.post(
More fixes, removing literal "created" from code. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-21 11:27:38 -05:00
"user.archive_user",
user_id=sample_user.id,
_expected_status=400,
Add endpoint to archive a user This archives a user if their state is 'active'.
2019-05-21 15:59:23 +01:00
)
msg = "User cant be removed from a service - check all services have another team member with manage_settings"
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["message"] == msg
Add endpoint to archive a user This archives a user if their state is 'active'.
2019-05-21 15:59:23 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_get_user_by_email(admin_request, sample_service):
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
sample_user = sample_service.users[0]
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.get("user.get_by_email", email=sample_user.email_address)
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
Cleaning things up, trying to get tests to work. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-17 17:28:46 -05:00
expected_permissions = PermissionType.defaults()
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
fetched = json_resp["data"]
assert str(sample_user.id) == fetched["id"]
assert sample_user.name == fetched["name"]
assert sample_user.mobile_number == fetched["mobile_number"]
assert sample_user.email_address == fetched["email_address"]
assert sample_user.state == fetched["state"]
assert sorted(expected_permissions) == sorted(
fetched["permissions"][str(sample_service.id)]
)
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_get_user_by_email_not_found_returns_404(admin_request, sample_user):
json_resp = admin_request.get(
More fixes, removing literal "created" from code. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-21 11:27:38 -05:00
"user.get_by_email",
email="no_user@digital.fake.gov",
_expected_status=404,
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["result"] == "error"
assert json_resp["message"] == "No result found"
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_get_user_by_email_bad_url_returns_404(admin_request, sample_user):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
json_resp = admin_request.get("user.get_by_email", _expected_status=400)
assert json_resp["result"] == "error"
assert json_resp["message"] == "Invalid request. Email query string param required"
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
def test_fetch_user_by_email(admin_request, notify_db_session):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
user = create_user(email="foo@bar.com")
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
create_user(email="foo@bar.com.other_email")
create_user(email="other_email.foo@bar.com")
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.fetch_user_by_email",
_data={"email": user.email_address},
_expected_status=200,
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["data"]["id"] == str(user.id)
assert resp["data"]["email_address"] == user.email_address
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
def test_fetch_user_by_email_not_found_returns_404(admin_request, notify_db_session):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
create_user(email="foo@bar.com.other_email")
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.fetch_user_by_email",
_data={"email": "doesnt@exist.com"},
_expected_status=404,
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["result"] == "error"
assert resp["message"] == "No result found"
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_fetch_user_by_email_without_email_returns_400(
admin_request, notify_db_session
):
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.fetch_user_by_email", _data={}, _expected_status=400
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["result"] == "error"
assert resp["message"] == {"email": ["Missing data for required field."]}
add POST get user by email endpoint the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2021-03-05 12:38:14 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_get_user_with_permissions(admin_request, sample_user_service_permission):
json_resp = admin_request.get(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.get_user",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user_service_permission.user.id),
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
permissions = json_resp["data"]["permissions"]
assert (
sample_user_service_permission.permission
in permissions[str(sample_user_service_permission.service.id)]
)
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_set_user_permissions(admin_request, sample_user, sample_service):
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.set_permissions",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
service_id=str(sample_service.id),
Down to 11 errors left to fix for tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-02-08 17:15:03 -05:00
_data={"permissions": [{"permission": PermissionType.MANAGE_SETTINGS}]},
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
_expected_status=204,
)
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
permission = Permission.query.filter_by(
permission=PermissionType.MANAGE_SETTINGS
).first()
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
assert permission.user == sample_user
assert permission.service == sample_service
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert permission.permission == PermissionType.MANAGE_SETTINGS
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_set_user_permissions_multiple(admin_request, sample_user, sample_service):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
data = {
"permissions": [
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
{"permission": PermissionType.MANAGE_SETTINGS},
{"permission": PermissionType.MANAGE_TEMPLATES},
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
]
}
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.set_permissions",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
service_id=str(sample_service.id),
_data=data,
_expected_status=204,
)
Change permissions endpoint to accept data in new format The data posted to the `set_permissions` endpoint is currently sent as a list of permissions: `[{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]`. This endpoint is going to also be used for folder permissions, so the data now needs to be nested: `{'permissions': [{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]}` This changes the set_permissions endpoint to accept data in either format. Once admin is sending data in the new format, the code can be simplified.
2019-02-21 14:48:24 +00:00
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
permission = Permission.query.filter_by(
permission=PermissionType.MANAGE_SETTINGS
).first()
Change permissions endpoint to accept data in new format The data posted to the `set_permissions` endpoint is currently sent as a list of permissions: `[{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]`. This endpoint is going to also be used for folder permissions, so the data now needs to be nested: `{'permissions': [{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]}` This changes the set_permissions endpoint to accept data in either format. Once admin is sending data in the new format, the code can be simplified.
2019-02-21 14:48:24 +00:00
assert permission.user == sample_user
assert permission.service == sample_service
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert permission.permission == PermissionType.MANAGE_SETTINGS
permission = Permission.query.filter_by(
permission=PermissionType.MANAGE_TEMPLATES
).first()
Change permissions endpoint to accept data in new format The data posted to the `set_permissions` endpoint is currently sent as a list of permissions: `[{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]`. This endpoint is going to also be used for folder permissions, so the data now needs to be nested: `{'permissions': [{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]}` This changes the set_permissions endpoint to accept data in either format. Once admin is sending data in the new format, the code can be simplified.
2019-02-21 14:48:24 +00:00
assert permission.user == sample_user
assert permission.service == sample_service
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert permission.permission == PermissionType.MANAGE_TEMPLATES
Change permissions endpoint to accept data in new format The data posted to the `set_permissions` endpoint is currently sent as a list of permissions: `[{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]`. This endpoint is going to also be used for folder permissions, so the data now needs to be nested: `{'permissions': [{'permission': MANAGE_SETTINGS}, {'permission': MANAGE_TEMPLATES}]}` This changes the set_permissions endpoint to accept data in either format. Once admin is sending data in the new format, the code can be simplified.
2019-02-21 14:48:24 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_set_user_permissions_remove_old(admin_request, sample_user, sample_service):
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
data = {"permissions": [{"permission": PermissionType.MANAGE_SETTINGS}]}
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.set_permissions",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
service_id=str(sample_service.id),
_data=data,
_expected_status=204,
)
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
query = Permission.query.filter_by(user=sample_user)
assert query.count() == 1
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert query.first().permission == PermissionType.MANAGE_SETTINGS
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_set_user_folder_permissions(admin_request, sample_user, sample_service):
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
tf1 = create_template_folder(sample_service)
tf2 = create_template_folder(sample_service)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
data = {"permissions": [], "folder_permissions": [str(tf1.id), str(tf2.id)]}
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.set_permissions",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
service_id=str(sample_service.id),
_data=data,
_expected_status=204,
)
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
service_user = dao_get_service_user(sample_user.id, sample_service.id)
assert len(service_user.folders) == 2
assert tf1 in service_user.folders
assert tf2 in service_user.folders
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_set_user_folder_permissions_when_user_does_not_belong_to_service(
admin_request, sample_user
):
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
service = create_service()
tf1 = create_template_folder(service)
tf2 = create_template_folder(service)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
data = {"permissions": [], "folder_permissions": [str(tf1.id), str(tf2.id)]}
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.set_permissions",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
service_id=str(service.id),
_data=data,
_expected_status=404,
)
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
def test_set_user_folder_permissions_does_not_affect_permissions_for_other_services(
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request,
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
sample_user,
sample_service,
):
tf1 = create_template_folder(sample_service)
tf2 = create_template_folder(sample_service)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
service_2 = create_service(sample_user, service_name="other service")
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
tf3 = create_template_folder(service_2)
sample_service_user = dao_get_service_user(sample_user.id, sample_service.id)
sample_service_user.folders = [tf1]
dao_update_service_user(sample_service_user)
service_2_user = dao_get_service_user(sample_user.id, service_2.id)
service_2_user.folders = [tf3]
dao_update_service_user(service_2_user)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
data = {"permissions": [], "folder_permissions": [str(tf2.id)]}
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.set_permissions",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
service_id=str(sample_service.id),
_data=data,
_expected_status=204,
)
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
assert sample_service_user.folders == [tf2]
assert service_2_user.folders == [tf3]
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_update_user_folder_permissions(admin_request, sample_user, sample_service):
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
tf1 = create_template_folder(sample_service)
tf2 = create_template_folder(sample_service)
tf3 = create_template_folder(sample_service)
service_user = dao_get_service_user(sample_user.id, sample_service.id)
service_user.folders = [tf1, tf2]
dao_update_service_user(service_user)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
data = {"permissions": [], "folder_permissions": [str(tf2.id), str(tf3.id)]}
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.set_permissions",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
service_id=str(sample_service.id),
_data=data,
_expected_status=204,
)
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
assert len(service_user.folders) == 2
assert tf2 in service_user.folders
assert tf3 in service_user.folders
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_remove_user_folder_permissions(admin_request, sample_user, sample_service):
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
tf1 = create_template_folder(sample_service)
tf2 = create_template_folder(sample_service)
service_user = dao_get_service_user(sample_user.id, sample_service.id)
service_user.folders = [tf1, tf2]
dao_update_service_user(service_user)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
data = {"permissions": [], "folder_permissions": []}
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.set_permissions",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
service_id=str(sample_service.id),
_data=data,
_expected_status=204,
)
Allow user folder permissions to be updated Updated the endpoint for `.set_permissions` to update a user's folder permissions as well as permissions for a service. User folder permissions are optional for now, since Admin is not currently passing this data through.
2019-02-22 11:26:44 +00:00
assert service_user.folders == []
Added an endpoint and celery task to email a reset password url.
2016-03-07 14:34:53 +00:00
Use GOV.UK Notify service to send the forgot password email link using the template to create the message.
2016-06-16 10:43:41 +01:00
@freeze_time("2016-01-01 11:09:00.061258")
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_send_user_reset_password_should_send_reset_password_link(
admin_request, sample_user, mocker, password_reset_email_template
):
mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
data = {"email": sample_user.email_address}
add reply-to-text to user/rest persist notifications
2017-11-27 14:36:54 +00:00
notify_service = password_reset_email_template.service
Added an endpoint and celery task to email a reset password url.
2016-03-07 14:34:53 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_user_reset_password",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
_data=data,
_expected_status=204,
)
Refactor send_user_reset_password to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 5th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 11:55:26 +00:00
notification = Notification.query.first()
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
mocked.assert_called_once_with(
[str(notification.id)], queue="notify-internal-tasks"
)
assert (
notification.reply_to_text
== notify_service.get_default_reply_to_email_address()
)
@pytest.mark.parametrize(
"data, expected_url",
(
(
{
"email": "notify@digital.fake.gov",
},
("http://localhost:6012/new-password/"),
),
(
{
"email": "notify@digital.fake.gov",
"admin_base_url": "https://different.example.com",
},
("https://different.example.com/new-password/"),
),
),
)
Allow admin app to specify domain for password reset This follows the pattern for invite emails where the admin app tells the API which domain to use when generating the link. This will starting working once this admin change is merged: - [ ] https://github.com/alphagov/notifications-admin/pull/4150/files It won’t break anything if it’s merged before the admin change.
2022-02-02 16:42:55 +00:00
@freeze_time("2016-01-01 11:09:00.061258")
def test_send_user_reset_password_should_use_provided_base_url(
admin_request,
sample_user,
password_reset_email_template,
mocker,
data,
expected_url,
):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
Allow admin app to specify domain for password reset This follows the pattern for invite emails where the admin app tells the API which domain to use when generating the link. This will starting working once this admin change is merged: - [ ] https://github.com/alphagov/notifications-admin/pull/4150/files It won’t break anything if it’s merged before the admin change.
2022-02-02 16:42:55 +00:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_user_reset_password",
Allow admin app to specify domain for password reset This follows the pattern for invite emails where the admin app tells the API which domain to use when generating the link. This will starting working once this admin change is merged: - [ ] https://github.com/alphagov/notifications-admin/pull/4150/files It won’t break anything if it’s merged before the admin change.
2022-02-02 16:42:55 +00:00
_data=data,
_expected_status=204,
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert Notification.query.first().personalisation["url"].startswith(expected_url)
Allow admin app to specify domain for password reset This follows the pattern for invite emails where the admin app tells the API which domain to use when generating the link. This will starting working once this admin change is merged: - [ ] https://github.com/alphagov/notifications-admin/pull/4150/files It won’t break anything if it’s merged before the admin change.
2022-02-02 16:42:55 +00:00
Put redirect link in reset password email link This is so when users reset their password they are still redirected to pages they were meant to visit. This change was done specifically so everyone who is meant to see broadcast tour sees it, but it will improve lives of all users who wanted to visit a page on Notify but then had to reset their password in the process
2020-10-05 16:49:50 +01:00
@freeze_time("2016-01-01 11:09:00.061258")
def test_send_user_reset_password_reset_password_link_contains_redirect_link_if_present_in_request(
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request, sample_user, mocker, password_reset_email_template
Put redirect link in reset password email link This is so when users reset their password they are still redirected to pages they were meant to visit. This change was done specifically so everyone who is meant to see broadcast tour sees it, but it will improve lives of all users who wanted to visit a page on Notify but then had to reset their password in the process
2020-10-05 16:49:50 +01:00
):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
data = {"email": sample_user.email_address, "next": "blob"}
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_user_reset_password",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
_data=data,
_expected_status=204,
)
Put redirect link in reset password email link This is so when users reset their password they are still redirected to pages they were meant to visit. This change was done specifically so everyone who is meant to see broadcast tour sees it, but it will improve lives of all users who wanted to visit a page on Notify but then had to reset their password in the process
2020-10-05 16:49:50 +01:00
notification = Notification.query.first()
assert "?next=blob" in notification.content
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
mocked.assert_called_once_with(
[str(notification.id)], queue="notify-internal-tasks"
)
Put redirect link in reset password email link This is so when users reset their password they are still redirected to pages they were meant to visit. This change was done specifically so everyone who is meant to see broadcast tour sees it, but it will improve lives of all users who wanted to visit a page on Notify but then had to reset their password in the process
2020-10-05 16:49:50 +01:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_send_user_reset_password_should_return_400_when_email_is_missing(
admin_request, mocker
):
mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
data = {}
Make email a required field for the email_data_schema.
2016-07-08 10:57:20 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json_resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_user_reset_password",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
_data=data,
_expected_status=400,
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["message"] == {"email": ["Missing data for required field."]}
Refactor send_user_reset_password to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 5th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 11:55:26 +00:00
assert mocked.call_count == 0
Make email a required field for the email_data_schema.
2016-07-08 10:57:20 +01:00
Refactor send_user_reset_password to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 5th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 11:55:26 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_send_user_reset_password_should_return_400_when_user_doesnot_exist(
admin_request, mocker
):
mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
bad_email_address = "bad@email.gov.uk"
data = {"email": bad_email_address}
Added an endpoint and celery task to email a reset password url.
2016-03-07 14:34:53 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json_resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_user_reset_password",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
_data=data,
_expected_status=404,
)
Added an endpoint and celery task to email a reset password url.
2016-03-07 14:34:53 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["message"] == "No result found"
Refactor send_user_reset_password to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 5th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 11:55:26 +00:00
assert mocked.call_count == 0
Send email address in the data rather than the user_id as a path param. Remove unused OldRequestVerifyCodeSchema.
2016-03-07 15:21:05 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_send_user_reset_password_should_return_400_when_data_is_not_email_address(
admin_request, mocker
):
mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
bad_email_address = "bad.email.gov.uk"
data = {"email": bad_email_address}
Send email address in the data rather than the user_id as a path param. Remove unused OldRequestVerifyCodeSchema.
2016-03-07 15:21:05 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json_resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_user_reset_password",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
_data=data,
_expected_status=400,
)
Send email address in the data rather than the user_id as a path param. Remove unused OldRequestVerifyCodeSchema.
2016-03-07 15:21:05 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["message"] == {"email": ["Not a valid email address"]}
Refactor send_user_reset_password to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 5th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-20 11:55:26 +00:00
assert mocked.call_count == 0
Add new email template for the GOV.UK Notify service, to send an email to users that register with the same email address. Add a new endpoint to send the email.
2016-07-07 17:23:07 +01:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_send_already_registered_email(
admin_request, sample_user, already_registered_template, mocker
):
data = {"email": sample_user.email_address}
mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
add reply-to-text to user/rest persist notifications
2017-11-27 14:36:54 +00:00
notify_service = already_registered_template.service
Add new email template for the GOV.UK Notify service, to send an email to users that register with the same email address. Add a new endpoint to send the email.
2016-07-07 17:23:07 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_already_registered_email",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
_data=data,
_expected_status=204,
)
Make email a required field for the email_data_schema.
2016-07-08 10:57:20 +01:00
Refactor send_already_registered_email to persist and send message to the notify queue. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages. 4th task for story: https://www.pivotaltracker.com/story/show/135839709
2016-12-19 17:35:13 +00:00
notification = Notification.query.first()
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
mocked.assert_called_once_with(
([str(notification.id)]), queue="notify-internal-tasks"
)
assert (
notification.reply_to_text
== notify_service.get_default_reply_to_email_address()
)
Make email a required field for the email_data_schema.
2016-07-08 10:57:20 +01:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_send_already_registered_email_returns_400_when_data_is_missing(
admin_request, sample_user
):
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
data = {}
replace notify_api with client fixture in user/test_rest.py
2017-02-16 17:44:04 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json_resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_already_registered_email",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
_data=data,
_expected_status=400,
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["message"] == {"email": ["Missing data for required field."]}
Change email confirmation - New endpoint to send a user an email to verify the email address when they want to change it.
2016-10-12 13:06:39 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_send_user_confirm_new_email_returns_204(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
admin_request, sample_user, change_email_confirmation_template, mocker
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
new_email = "new_address@dig.gov.uk"
data = {"email": new_email}
add reply-to-text to user/rest persist notifications
2017-11-27 14:36:54 +00:00
notify_service = change_email_confirmation_template.service
Update the send_user_confirm_new_email to persist the notification then put on the "notify" queue for delivery. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages.
2016-12-19 15:19:05 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_user_confirm_new_email",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
_data=data,
_expected_status=204,
)
Fix extra space in test
2016-12-19 15:33:30 +00:00
notification = Notification.query.first()
mocked.assert_called_once_with(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
([str(notification.id)]), queue="notify-internal-tasks"
)
assert (
notification.reply_to_text
== notify_service.get_default_reply_to_email_address()
)
Update the send_user_confirm_new_email to persist the notification then put on the "notify" queue for delivery. The reason for doing this is to ensure the tasks performed for the Notify users are not queued behind a large job, a way to ensure priority for messages.
2016-12-19 15:19:05 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_send_user_confirm_new_email_returns_400_when_email_missing(
admin_request, sample_user, mocker
):
mocked = mocker.patch("app.celery.provider_tasks.deliver_email.apply_async")
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
data = {}
json_resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.send_user_confirm_new_email",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
_data=data,
_expected_status=400,
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["message"] == {"email": ["Missing data for required field."]}
Fix extra space in test
2016-12-19 15:33:30 +00:00
mocked.assert_not_called()
Add schema and separate endpoint to update a user password
2017-02-07 11:27:13 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
@freeze_time("2020-02-14T12:00:00")
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_update_user_password_saves_correctly(admin_request, sample_service):
Add schema and separate endpoint to update a user password
2017-02-07 11:27:13 +00:00
sample_user = sample_service.users[0]
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
new_password = "1234567890"
data = {"_password": "1234567890"}
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json_resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.update_password", user_id=str(sample_user.id), _data=data
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json_resp["data"]["password_changed_at"] is not None
data = {"password": new_password}
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.verify_user_password",
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
user_id=str(sample_user.id),
_data=data,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_expected_status=204,
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
)
ensure we reset failed_login_count when appropriate in verify_user_password, if succesful we reset the failed_login_count. now we use failed_login_count for 2FA attempts, we need to make sure we reset it in other places too, so that people don't get blocked, especially in the reset-password user journey. * verify_user_code - if it's succesful, reset the failed_login_count * update_password - reset failed_login_count because either * you're logged in and so it's 0 anyway * you're resetting your password via pword reset link, and the old count isn't relevant anymore
2017-02-16 15:20:30 +00:00
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
def test_activate_user(admin_request, sample_user):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
sample_user.state = "pending"
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
resp = admin_request.post("user.activate_user", user_id=sample_user.id)
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["data"]["id"] == str(sample_user.id)
assert resp["data"]["state"] == "active"
assert sample_user.state == "active"
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
def test_activate_user_fails_if_already_active(admin_request, sample_user):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
resp = admin_request.post(
"user.activate_user", user_id=sample_user.id, _expected_status=400
)
assert resp["message"] == "User already active"
assert sample_user.state == "active"
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
allow updating auth type
2017-10-31 10:36:53 +00:00
def test_update_user_auth_type(admin_request, sample_user):
Trying to get the Auth Types to work right. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-29 16:09:27 -05:00
assert sample_user.auth_type == AuthType.SMS
allow updating auth type
2017-10-31 10:36:53 +00:00
resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.update_user_attribute",
allow updating auth type
2017-10-31 10:36:53 +00:00
user_id=sample_user.id,
Trying to get the Auth Types to work right. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-29 16:09:27 -05:00
_data={"auth_type": AuthType.EMAIL},
allow updating auth type
2017-10-31 10:36:53 +00:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["data"]["id"] == str(sample_user.id)
Trying to get the Auth Types to work right. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-29 16:09:27 -05:00
assert resp["data"]["auth_type"] == AuthType.EMAIL
add separate activate user endpoint
2017-11-09 14:27:24 +00:00
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
def test_can_set_email_auth_and_remove_mobile_at_same_time(admin_request, sample_user):
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
sample_user.auth_type = AuthType.SMS
add separate activate user endpoint
2017-11-09 14:27:24 +00:00
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.update_user_attribute",
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
user_id=sample_user.id,
_data={
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"mobile_number": None,
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
"auth_type": AuthType.EMAIL,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
},
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
)
add separate activate user endpoint
2017-11-09 14:27:24 +00:00
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
assert sample_user.mobile_number is None
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
assert sample_user.auth_type == AuthType.EMAIL
add separate activate user endpoint
2017-11-09 14:27:24 +00:00
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
def test_cannot_remove_mobile_if_sms_auth(admin_request, sample_user):
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
sample_user.auth_type = AuthType.SMS
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
json_resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.update_user_attribute",
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
user_id=sample_user.id,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_data={"mobile_number": None},
_expected_status=400,
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert (
json_resp["message"]
Trying to get the Auth Types to work right. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-29 16:09:27 -05:00
== "Mobile number must be set if auth_type is set to AuthType.SMS"
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
)
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
def test_can_remove_mobile_if_email_auth(admin_request, sample_user):
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
sample_user.auth_type = AuthType.EMAIL
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.update_user_attribute",
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
user_id=sample_user.id,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_data={"mobile_number": None},
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
)
assert sample_user.mobile_number is None
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_cannot_update_user_with_mobile_number_as_empty_string(
admin_request, sample_user
):
Cleaning up tests. Signed-off-by: Cliff Hill <Clifford.hill@gsa.gov>
2024-01-16 15:12:57 -05:00
sample_user.auth_type = AuthType.EMAIL
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.update_user_attribute",
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
user_id=sample_user.id,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_data={"mobile_number": ""},
_expected_status=400,
make user mobile num nullable if user has email_auth enabled
2017-11-09 14:18:47 +00:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["message"]["mobile_number"] == [
"Invalid phone number: The string supplied did not seem to be a phone number."
]
make sure you can't edit password
2017-11-10 15:24:37 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_cannot_update_user_password_using_attributes_method(
admin_request, sample_user
):
make sure you can't edit password
2017-11-10 15:24:37 +00:00
resp = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.update_user_attribute",
make sure you can't edit password
2017-11-10 15:24:37 +00:00
user_id=sample_user.id,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_data={"password": "foo"},
_expected_status=400,
make sure you can't edit password
2017-11-10 15:24:37 +00:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp == {
"message": {"_schema": ["Unknown field name password"]},
"result": "error",
}
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
def test_get_orgs_and_services_nests_services(admin_request, sample_user):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
org1 = create_organization(name="org1")
org2 = create_organization(name="org2")
service1 = create_service(service_name="service1")
service2 = create_service(service_name="service2")
service3 = create_service(service_name="service3")
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
org1.services = [service1, service2]
org2.services = []
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
sample_user.organizations = [org1, org2]
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
sample_user.services = [service1, service2, service3]
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
resp = admin_request.get(
"user.get_organizations_and_services_for_user", user_id=sample_user.id
)
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
assert set(resp.keys()) == {
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"organizations",
"services",
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["organizations"] == [
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": org1.name,
"id": str(org1.id),
"count_of_live_services": 2,
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
},
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": org2.name,
"id": str(org2.id),
"count_of_live_services": 0,
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
},
]
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["services"] == [
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": service1.name,
"id": str(service1.id),
"restricted": False,
"organization": str(org1.id),
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
},
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": service2.name,
"id": str(service2.id),
"restricted": False,
"organization": str(org1.id),
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
},
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": service3.name,
"id": str(service3.id),
"restricted": False,
"organization": None,
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
},
]
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
def test_get_orgs_and_services_only_returns_active(admin_request, sample_user):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
org1 = create_organization(name="org1", active=True)
org2 = create_organization(name="org2", active=False)
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
# in an active org
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
service1 = create_service(service_name="service1", active=True)
service2 = create_service(service_name="service2", active=False)
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
# active but in an inactive org
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
service3 = create_service(service_name="service3", active=True)
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
# not in an org
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
service4 = create_service(service_name="service4", active=True)
service5 = create_service(service_name="service5", active=False)
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
org1.services = [service1, service2]
org2.services = [service3]
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
sample_user.organizations = [org1, org2]
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
sample_user.services = [service1, service2, service3, service4, service5]
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
resp = admin_request.get(
"user.get_organizations_and_services_for_user", user_id=sample_user.id
)
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
assert set(resp.keys()) == {
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"organizations",
"services",
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["organizations"] == [
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": org1.name,
"id": str(org1.id),
"count_of_live_services": 1,
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
}
]
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["services"] == [
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": service1.name,
"id": str(service1.id),
"restricted": False,
"organization": str(org1.id),
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
},
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": service3.name,
"id": str(service3.id),
"restricted": False,
"organization": str(org2.id),
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
},
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": service4.name,
"id": str(service4.id),
"restricted": False,
"organization": None,
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
},
]
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_get_orgs_and_services_only_shows_users_orgs_and_services(
admin_request, sample_user
):
other_user = create_user(email="other@user.com")
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
org1 = create_organization(name="org1")
org2 = create_organization(name="org2")
service1 = create_service(service_name="service1")
service2 = create_service(service_name="service2")
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
org1.services = [service1]
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
sample_user.organizations = [org2]
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
sample_user.services = [service1]
notify-api-332 rename organisation
2023-07-10 11:06:29 -07:00
other_user.organizations = [org1, org2]
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
other_user.services = [service1, service2]
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
resp = admin_request.get(
"user.get_organizations_and_services_for_user", user_id=sample_user.id
)
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
assert set(resp.keys()) == {
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"organizations",
"services",
use joinedload to only hit the database once per request also: * only include active orgs * write lots of tests
2018-03-13 13:07:02 +00:00
}
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["organizations"] == [
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": org2.name,
"id": str(org2.id),
"count_of_live_services": 0,
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
}
]
# 'services' always returns the org_id no matter whether the user
# belongs to that org or not
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert resp["services"] == [
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
{
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"name": service1.name,
"id": str(service1.id),
"restricted": False,
"organization": str(org1.id),
Return all required org and services info for user The admin app now needs to know a few extra things about orgs and services in order to list them. At the moment it does this by making multiple API calls. This commit adds extra fields to the existing response. Once the admin app is using this fields we’ll be able to remove: - `reponse['services_without_organisations']` - `reponse['organisations']['services']`
2019-06-12 10:34:15 +01:00
}
]
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_find_users_by_email_finds_user_by_partial_email(
notify_db_session, admin_request
):
create_user(email="findel.mestro@foo.com")
create_user(email="me.ignorra@foo.com")
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
data = {"email": "findel"}
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
users = admin_request.post(
"user.find_users_by_email",
_data=data,
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert len(users["data"]) == 1
assert users["data"][0]["email_address"] == "findel.mestro@foo.com"
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_find_users_by_email_finds_user_by_full_email(notify_db_session, admin_request):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
create_user(email="findel.mestro@foo.com")
create_user(email="me.ignorra@foo.com")
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
data = {"email": "findel.mestro@foo.com"}
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
users = admin_request.post(
"user.find_users_by_email",
_data=data,
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert len(users["data"]) == 1
assert users["data"][0]["email_address"] == "findel.mestro@foo.com"
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
def test_find_users_by_email_handles_no_results(notify_db_session, admin_request):
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
create_user(email="findel.mestro@foo.com")
create_user(email="me.ignorra@foo.com")
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
data = {"email": "rogue"}
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
users = admin_request.post(
"user.find_users_by_email",
_data=data,
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert users["data"] == []
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_search_for_users_by_email_handles_incorrect_data_format(
notify_db_session, admin_request
):
create_user(email="findel.mestro@foo.com")
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
data = {"email": 1}
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
clean up user tests an API build failed because one of the tests expected the database to be empty, but it actually wasn't. This is probably because another test run earlier on that worker did not clear down properly. I took the opportunity to refresh all of these tests to ensure they all correctly tear down, and also use the more modern admin_request fixture ratehr than the old client one that required us to specify headers and do json parsing etc.
2022-05-03 12:11:37 +01:00
json = admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.find_users_by_email", _data=data, _expected_status=400
Add data endpoint for finding users by full or partial email
2018-07-09 17:25:13 +01:00
)
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
assert json["message"] == {"email": ["Not a valid string."]}
Rename method for clarity Added unit test for new method.
2021-02-25 08:10:52 +00:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
@pytest.mark.parametrize(
"number, expected_reply_to",
[
("403-123-4567", "Notify"),
("+30 123 4567 7890", "Notify"),
("+27 123 4569 2312", "notify_international_sender"),
],
)
def test_get_sms_reply_to_for_notify_service(
team_member_mobile_edit_template, number, expected_reply_to
):
Rename method for clarity Added unit test for new method.
2021-02-25 08:10:52 +00:00
# need to import locally to avoid db session errors,
# if this import is with the other imports at the top of the file
# the imports happen in the wrong order and you'll see "dummy session" errors
from app.user.rest import get_sms_reply_to_for_notify_service
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
reply_to = get_sms_reply_to_for_notify_service(
number, team_member_mobile_edit_template
)
assert (
reply_to == current_app.config["NOTIFY_INTERNATIONAL_SMS_SENDER"]
if expected_reply_to == "notify_international_sender"
else current_app.config["FROM_NUMBER"]
)
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
@freeze_time("2020-01-01 11:00")
def test_complete_login_after_webauthn_authentication_attempt_resets_login_if_successful(
admin_request, sample_user
):
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
sample_user.failed_login_count = 1
assert sample_user.current_session_id is None
assert sample_user.logged_in_at is None
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.complete_login_after_webauthn_authentication_attempt",
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
user_id=sample_user.id,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_data={"successful": True},
_expected_status=204,
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
)
assert sample_user.current_session_id is not None
assert sample_user.failed_login_count == 0
assert sample_user.logged_in_at == datetime(2020, 1, 1, 11, 0)
rename verify webauth endpoint to complete it doesn't really do any verification - that's the webauthn code in the browser and the admin app that does that. Instead, this completes the login flow, by marking the user as logged in in the database. Added a docstring that explains this process a bit more, and also added a new route: /<id>/complete/webauthn. We'll move the admin code over to use this new url in time
2021-06-02 11:13:53 +01:00
def test_complete_login_after_webauthn_authentication_attempt_returns_204_when_not_successful(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
admin_request, sample_user
rename verify webauth endpoint to complete it doesn't really do any verification - that's the webauthn code in the browser and the admin app that does that. Instead, this completes the login flow, by marking the user as logged in in the database. Added a docstring that explains this process a bit more, and also added a new route: /<id>/complete/webauthn. We'll move the admin code over to use this new url in time
2021-06-02 11:13:53 +01:00
):
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
# when unsuccessful this endpoint is used to bump the failed count. the endpoint still worked
# properly so should return 204 (no content).
sample_user.failed_login_count = 1
assert sample_user.current_session_id is None
assert sample_user.logged_in_at is None
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.complete_login_after_webauthn_authentication_attempt",
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
user_id=sample_user.id,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_data={"successful": False},
_expected_status=204,
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
)
assert sample_user.current_session_id is None
assert sample_user.failed_login_count == 2
assert sample_user.logged_in_at is None
rename verify webauth endpoint to complete it doesn't really do any verification - that's the webauthn code in the browser and the admin app that does that. Instead, this completes the login flow, by marking the user as logged in in the database. Added a docstring that explains this process a bit more, and also added a new route: /<id>/complete/webauthn. We'll move the admin code over to use this new url in time
2021-06-02 11:13:53 +01:00
def test_complete_login_after_webauthn_authentication_attempt_raises_403_if_max_login_count_exceeded(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
admin_request, sample_user
rename verify webauth endpoint to complete it doesn't really do any verification - that's the webauthn code in the browser and the admin app that does that. Instead, this completes the login flow, by marking the user as logged in in the database. Added a docstring that explains this process a bit more, and also added a new route: /<id>/complete/webauthn. We'll move the admin code over to use this new url in time
2021-06-02 11:13:53 +01:00
):
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
# when unsuccessful this endpoint is used to bump the failed count. the endpoint still worked
# properly so should return 204 (no content).
sample_user.failed_login_count = 10
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.complete_login_after_webauthn_authentication_attempt",
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
user_id=sample_user.id,
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_data={"successful": True},
_expected_status=403,
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
)
assert sample_user.current_session_id is None
assert sample_user.failed_login_count == 10
assert sample_user.logged_in_at is None
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
def test_complete_login_after_webauthn_authentication_attempt_raises_400_if_schema_invalid(
admin_request,
):
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
admin_request.post(
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
"user.complete_login_after_webauthn_authentication_attempt",
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
user_id=uuid.uuid4(),
notify-api-412 use black to enforce python style standards
2023-08-23 10:35:43 -07:00
_data={"successful": "True"},
_expected_status=400,
add endpoint for verifying webauthn login with sms and email auth the api handles verifying logins in the `/<user_id>/verify/code` endpoint, when it checks the code is valid etc. The admin app has already done this for webauthn logins, but we still need an API endpoint so that we can set up the user's db entry to have a new logged in timestamp, a new session id (this is important for logging out other browser sessions), etc. Also, we need to be able to make sure that the user's max login count isn't exceeded. If it's exceeded, we shouldn't let them log in even with a valid webauthn check. This endpoint is a POST where the admin passes in a json dict with key "succesful" being True or False. True sets up the db stuff as mentioned. False just increments the failed login count.
2021-05-17 20:32:01 +01:00
)
Reference in New Issue Copy Permalink