Merge pull request #92 from alphagov/user-by-email

Add endpoint for getting user by email address

app/dao/users_dao.py

@@ -64,6 +64,10 @@ def get_model_users(user_id=None):
     return User.query.filter_by().all()
 
 
+def get_user_by_email(email):
+    return User.query.filter_by(email_address=email).first()
+
+
 def increment_failed_login_count(user):
     user.failed_login_count += 1
     db.session.add(user)

app/user/rest.py

@@ -9,8 +9,10 @@ from app.dao.users_dao import (
     get_user_code,
     use_user_code,
     increment_failed_login_count,
-    reset_failed_login_count
+    reset_failed_login_count,
+    get_user_by_email
 )
+
 from app.schemas import (
     old_request_verify_code_schema,
     user_schema,
@@ -191,3 +193,16 @@ def get_user(user_id=None):
         return jsonify(result="error", message="not found"), 404
     result = users_schema.dump(users) if isinstance(users, list) else user_schema.dump(users)
     return jsonify(data=result.data)
+
+
+@user.route('/email', methods=['GET'])
+def get_by_email():
+    email = request.args.get('email')
+    if not email:
+        return jsonify(result="error", message="invalid request"), 400
+    user = get_user_by_email(email)
+    if not user:
+        return jsonify(result="error", message="not found"), 404
+    result = user_schema.dump(user)
+
+    return jsonify(data=result.data)

tests/app/dao/test_users_dao.py

@@ -1,5 +1,4 @@
 from sqlalchemy.exc import DataError
-from sqlalchemy.orm.exc import NoResultFound
 
 import pytest
 
@@ -8,7 +7,8 @@ from app.dao.users_dao import (
     get_model_users,
     delete_model_user,
     increment_failed_login_count,
-    reset_failed_login_count
+    reset_failed_login_count,
+    get_user_by_email
 )
 
 from tests.app.conftest import sample_user as create_sample_user
@@ -84,3 +84,9 @@ def test_reset_failed_login_should_set_failed_logins_to_0(notify_api, notify_db,
     assert sample_user.failed_login_count == 1
     reset_failed_login_count(sample_user)
     assert sample_user.failed_login_count == 0
+
+
+def test_get_user_by_email(notify_api, notify_db, notify_db_session, sample_user):
+    email = sample_user.email_address
+    user_from_db = get_user_by_email(email)
+    assert sample_user == user_from_db

tests/app/user/test_rest.py

@@ -394,3 +394,64 @@ def test_put_remove_permissions(notify_api, notify_db, notify_db_session, sample
                 "permissions": permissions
             }
             assert json_resp['data'] == expected
+
+
+def test_get_user_by_email(notify_api, notify_db, notify_db_session, sample_user, sample_admin_service_id):
+
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            header = create_authorization_header(service_id=sample_admin_service_id,
+                                                 path=url_for('user.get_by_email'), method='GET')
+            url = url_for('user.get_by_email', email=sample_user.email_address)
+            resp = client.get(url, headers=[header])
+            assert resp.status_code == 200
+            json_resp = json.loads(resp.get_data(as_text=True))
+            expected = {
+                "name": "Test User",
+                "email_address": sample_user.email_address,
+                "id": sample_user.id,
+                "mobile_number": "+447700900986",
+                "password_changed_at": None,
+                "logged_in_at": None,
+                "state": "active",
+                "failed_login_count": 0,
+                "permissions": []
+            }
+
+            assert json_resp['data'] == expected
+
+
+def test_get_user_by_email_not_found_returns_400(notify_api,
+                                                 notify_db,
+                                                 notify_db_session,
+                                                 sample_user,
+                                                 sample_admin_service_id):
+
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            header = create_authorization_header(service_id=sample_admin_service_id,
+                                                 path=url_for('user.get_by_email'), method='GET')
+            url = url_for('user.get_by_email', email='no_user@digital.gov.uk')
+            resp = client.get(url, headers=[header])
+            assert resp.status_code == 404
+            json_resp = json.loads(resp.get_data(as_text=True))
+            assert json_resp['result'] == 'error'
+            assert json_resp['message'] == 'not found'
+
+
+def test_get_user_by_email_bad_url_returns_404(notify_api,
+                                               notify_db,
+                                               notify_db_session,
+                                               sample_user,
+                                               sample_admin_service_id):
+
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            header = create_authorization_header(service_id=sample_admin_service_id,
+                                                 path=url_for('user.get_by_email'), method='GET')
+            url = '/user/email'
+            resp = client.get(url, headers=[header])
+            assert resp.status_code == 400
+            json_resp = json.loads(resp.get_data(as_text=True))
+            assert json_resp['result'] == 'error'
+            assert json_resp['message'] == 'invalid request'