darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-16 18:22:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #37 from alphagov/add-optional-to-address

Browse Source 
Add optional to address
This commit is contained in:
NIcholas Staples
2016-01-27 12:23:05 +00:00
parent 20f71487df 3536aef8c0
commit 8657c0ea40
4 changed files with 155 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/dao/users_dao.py
View File

@@ -1,11 +1,8 @@
import random import random
from datetime import (datetime, timedelta) from datetime import (datetime, timedelta)
from . import DAOException
from sqlalchemy.orm import load_only
from app import db from app import db
from app.models import (User, VerifyCode) from app.models import (User, VerifyCode)
from app.encryption import hashpw
def create_secret_code(): def create_secret_code():

30
app/user/rest.py
View File

@@ -5,12 +5,10 @@ from sqlalchemy.orm.exc import NoResultFound
from app.dao.services_dao import get_model_services from app.dao.services_dao import get_model_services
from app.dao.users_dao import ( from app.dao.users_dao import (
get_model_users, save_model_user, delete_model_user, get_model_users, save_model_user, delete_model_user,
create_user_code, get_user_code, use_user_code, increment_failed_login_count, create_user_code, get_user_code, use_user_code, increment_failed_login_count)
create_secret_code)
from app.schemas import ( from app.schemas import (
user_schema, users_schema, service_schema, services_schema, user_schema, users_schema, service_schema, services_schema, verify_code_schema)
verify_code_schema) from app import db, notify_alpha_client
from app import db
from flask import Blueprint from flask import Blueprint
@@ -114,22 +112,28 @@ def send_user_code(user_id):
return jsonify(result="error", message="Invalid user id"), 400 return jsonify(result="error", message="Invalid user id"), 400
except NoResultFound: except NoResultFound:
return jsonify(result="error", message="User not found"), 404 return jsonify(result="error", message="User not found"), 404
text_pwd = None
verify_code, errors = verify_code_schema.load(request.get_json()) request_json = request.get_json()
verify_code, errors = verify_code_schema.load(request_json)
if errors: if errors:
return jsonify(result="error", message=errors), 400 return jsonify(result="error", message=errors), 400
code = create_user_code(
user, create_secret_code(), verify_code.code_type) from app.dao.users_dao import create_secret_code
secret_code = create_secret_code()
create_user_code(user, secret_code, verify_code.code_type)
# TODO this will need to fixed up when we stop using # TODO this will need to fixed up when we stop using
# notify_alpha_client # notify_alpha_client
if verify_code.code_type == 'sms': if verify_code.code_type == 'sms':
mobile = user.mobile_number if 'to' not in request_json else request_json['to']
notify_alpha_client.send_sms( notify_alpha_client.send_sms(
mobile_number=user.mobile_number, mobile_number=mobile,
message=code.code) message=secret_code)
elif verify_code.code_type == 'email': elif verify_code.code_type == 'email':
email = user.email_address if 'to' not in request_json else request_json['to']
notify_alpha_client.send_email( notify_alpha_client.send_email(
user.email_address, email,
code.code, secret_code,
'notify@digital.cabinet-office.gov.uk', 'notify@digital.cabinet-office.gov.uk',
'Verification code') 'Verification code')
else: else:

27
tests/app/conftest.py
View File

@@ -151,3 +151,30 @@ def sample_admin_service_id(notify_db, notify_db_session):
api_key = ApiKey(**data) api_key = ApiKey(**data)
save_model_api_key(api_key) save_model_api_key(api_key)
return admin_service.id return admin_service.id
@pytest.fixture(scope='function')
def mock_notify_client_send_sms(mocker):
def _send(mobile_number, message):
pass
mock_class = mocker.patch('app.notify_alpha_client.send_sms', side_effect=_send)
return mock_class
@pytest.fixture(scope='function')
def mock_notify_client_send_email(mocker):
def _send(email_address, message, from_address, subject):
pass
mock_class = mocker.patch('app.notify_alpha_client.send_email', side_effect=_send)
return mock_class
@pytest.fixture(scope='function')
def mock_secret_code(mocker):
def _create():
return '11111'
mock_class = mocker.patch('app.dao.users_dao.create_secret_code', side_effect=_create)
return mock_class

131
tests/app/user/test_rest_verify.py
View File

@@ -1,7 +1,8 @@
import json import json
from datetime import (datetime, timedelta) from datetime import (datetime, timedelta)
from flask import url_for from flask import url_for
from app.models import (User, Service, VerifyCode)
from app.models import (VerifyCode)
from app import db from app import db
from tests import create_authorization_header from tests import create_authorization_header
@@ -9,7 +10,6 @@ from tests import create_authorization_header
def test_user_verify_code_sms(notify_api, def test_user_verify_code_sms(notify_api,
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_admin_service_id,
sample_sms_code): sample_sms_code):
""" """
Tests POST endpoint '/<user_id>/verify/code' Tests POST endpoint '/<user_id>/verify/code'
@@ -21,7 +21,6 @@ def test_user_verify_code_sms(notify_api,
'code_type': sample_sms_code.code_type, 'code_type': sample_sms_code.code_type,
'code': sample_sms_code.txt_code}) 'code': sample_sms_code.txt_code})
auth_header = create_authorization_header( auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_code', user_id=sample_sms_code.user.id), path=url_for('user.verify_user_code', user_id=sample_sms_code.user.id),
method='POST', method='POST',
request_body=data) request_body=data)
@@ -36,7 +35,6 @@ def test_user_verify_code_sms(notify_api,
def test_user_verify_code_sms_missing_code(notify_api, def test_user_verify_code_sms_missing_code(notify_api,
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_admin_service_id,
sample_sms_code): sample_sms_code):
""" """
Tests POST endpoint '/<user_id>/verify/code' Tests POST endpoint '/<user_id>/verify/code'
@@ -46,7 +44,6 @@ def test_user_verify_code_sms_missing_code(notify_api,
assert not VerifyCode.query.first().code_used assert not VerifyCode.query.first().code_used
data = json.dumps({'code_type': sample_sms_code.code_type}) data = json.dumps({'code_type': sample_sms_code.code_type})
auth_header = create_authorization_header( auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_code', user_id=sample_sms_code.user.id), path=url_for('user.verify_user_code', user_id=sample_sms_code.user.id),
method='POST', method='POST',
request_body=data) request_body=data)
@@ -61,7 +58,6 @@ def test_user_verify_code_sms_missing_code(notify_api,
def test_user_verify_code_email(notify_api, def test_user_verify_code_email(notify_api,
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_admin_service_id,
sample_email_code): sample_email_code):
""" """
Tests POST endpoint '/<user_id>/verify/code' Tests POST endpoint '/<user_id>/verify/code'
@@ -73,7 +69,6 @@ def test_user_verify_code_email(notify_api,
'code_type': sample_email_code.code_type, 'code_type': sample_email_code.code_type,
'code': sample_email_code.txt_code}) 'code': sample_email_code.txt_code})
auth_header = create_authorization_header( auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_code', user_id=sample_email_code.user.id), path=url_for('user.verify_user_code', user_id=sample_email_code.user.id),
method='POST', method='POST',
request_body=data) request_body=data)
@@ -88,7 +83,6 @@ def test_user_verify_code_email(notify_api,
def test_user_verify_code_email_bad_code(notify_api, def test_user_verify_code_email_bad_code(notify_api,
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_admin_service_id,
sample_email_code): sample_email_code):
""" """
Tests POST endpoint '/<user_id>/verify/code' Tests POST endpoint '/<user_id>/verify/code'
@@ -100,7 +94,6 @@ def test_user_verify_code_email_bad_code(notify_api,
'code_type': sample_email_code.code_type, 'code_type': sample_email_code.code_type,
'code': "blah"}) 'code': "blah"})
auth_header = create_authorization_header( auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_code', user_id=sample_email_code.user.id), path=url_for('user.verify_user_code', user_id=sample_email_code.user.id),
method='POST', method='POST',
request_body=data) request_body=data)
@@ -115,7 +108,6 @@ def test_user_verify_code_email_bad_code(notify_api,
def test_user_verify_code_email_expired_code(notify_api, def test_user_verify_code_email_expired_code(notify_api,
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_admin_service_id,
sample_email_code): sample_email_code):
""" """
Tests POST endpoint '/<user_id>/verify/code' Tests POST endpoint '/<user_id>/verify/code'
@@ -131,7 +123,6 @@ def test_user_verify_code_email_expired_code(notify_api,
'code_type': sample_email_code.code_type, 'code_type': sample_email_code.code_type,
'code': sample_email_code.txt_code}) 'code': sample_email_code.txt_code})
auth_header = create_authorization_header( auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_code', user_id=sample_email_code.user.id), path=url_for('user.verify_user_code', user_id=sample_email_code.user.id),
method='POST', method='POST',
request_body=data) request_body=data)
@@ -146,8 +137,7 @@ def test_user_verify_code_email_expired_code(notify_api,
def test_user_verify_password(notify_api, def test_user_verify_password(notify_api,
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_user, sample_user):
sample_admin_service_id):
""" """
Tests POST endpoint '/<user_id>/verify/password' Tests POST endpoint '/<user_id>/verify/password'
""" """
@@ -155,7 +145,6 @@ def test_user_verify_password(notify_api,
with notify_api.test_client() as client: with notify_api.test_client() as client:
data = json.dumps({'password': 'password'}) data = json.dumps({'password': 'password'})
auth_header = create_authorization_header( auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_password', user_id=sample_user.id), path=url_for('user.verify_user_password', user_id=sample_user.id),
method='POST', method='POST',
request_body=data) request_body=data)
@@ -169,8 +158,7 @@ def test_user_verify_password(notify_api,
def test_user_verify_password_invalid_password(notify_api, def test_user_verify_password_invalid_password(notify_api,
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_user, sample_user):
sample_admin_service_id):
""" """
Tests POST endpoint '/<user_id>/verify/password' invalid endpoint. Tests POST endpoint '/<user_id>/verify/password' invalid endpoint.
""" """
@@ -178,7 +166,6 @@ def test_user_verify_password_invalid_password(notify_api,
with notify_api.test_client() as client: with notify_api.test_client() as client:
data = json.dumps({'password': 'bad password'}) data = json.dumps({'password': 'bad password'})
auth_header = create_authorization_header( auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_password', user_id=sample_user.id), path=url_for('user.verify_user_password', user_id=sample_user.id),
method='POST', method='POST',
request_body=data) request_body=data)
@@ -198,8 +185,7 @@ def test_user_verify_password_invalid_password(notify_api,
def test_user_verify_password_missing_password(notify_api, def test_user_verify_password_missing_password(notify_api,
notify_db, notify_db,
notify_db_session, notify_db_session,
sample_user, sample_user):
sample_admin_service_id):
""" """
Tests POST endpoint '/<user_id>/verify/password' missing password. Tests POST endpoint '/<user_id>/verify/password' missing password.
""" """
@@ -207,7 +193,6 @@ def test_user_verify_password_missing_password(notify_api,
with notify_api.test_client() as client: with notify_api.test_client() as client:
data = json.dumps({'bingo': 'bongo'}) data = json.dumps({'bingo': 'bongo'})
auth_header = create_authorization_header( auth_header = create_authorization_header(
service_id=sample_admin_service_id,
path=url_for('user.verify_user_password', user_id=sample_user.id), path=url_for('user.verify_user_password', user_id=sample_user.id),
method='POST', method='POST',
request_body=data) request_body=data)
@@ -218,3 +203,109 @@ def test_user_verify_password_missing_password(notify_api,
assert resp.status_code == 400 assert resp.status_code == 400
json_resp = json.loads(resp.get_data(as_text=True)) json_resp = json.loads(resp.get_data(as_text=True))
assert 'Required field missing data' in json_resp['message']['password'] assert 'Required field missing data' in json_resp['message']['password']
def test_send_user_code_for_sms(notify_api,
notify_db,
notify_db_session,
sample_sms_code,
mock_notify_client_send_sms,
mock_secret_code):
"""
Tests POST endpoint '/<user_id>/code' successful sms
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
data = json.dumps({'code_type': 'sms'})
auth_header = create_authorization_header(
path=url_for('user.send_user_code', user_id=sample_sms_code.user.id),
method='POST',
request_body=data)
resp = client.post(
url_for('user.send_user_code', user_id=sample_sms_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
mock_notify_client_send_sms.assert_called_once_with(mobile_number=sample_sms_code.user.mobile_number,
message='11111')
def test_send_user_code_for_sms_with_optional_to_field(notify_api,
notify_db,
notify_db_session,
sample_sms_code,
mock_notify_client_send_sms,
mock_secret_code):
"""
Tests POST endpoint '/<user_id>/code' successful sms with optional to field
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
data = json.dumps({'code_type': 'sms', 'to': '+441119876757'})
auth_header = create_authorization_header(
path=url_for('user.send_user_code', user_id=sample_sms_code.user.id),
method='POST',
request_body=data)
resp = client.post(
url_for('user.send_user_code', user_id=sample_sms_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
mock_notify_client_send_sms.assert_called_once_with(mobile_number='+441119876757',
message='11111')
def test_send_user_code_for_email(notify_api,
notify_db,
notify_db_session,
sample_email_code,
mock_notify_client_send_email,
mock_secret_code):
"""
Tests POST endpoint '/<user_id>/code' successful email
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
data = json.dumps({'code_type': 'email'})
auth_header = create_authorization_header(
path=url_for('user.send_user_code', user_id=sample_email_code.user.id),
method='POST',
request_body=data)
resp = client.post(
url_for('user.send_user_code', user_id=sample_email_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
mock_notify_client_send_email.assert_called_once_with(sample_email_code.user.email_address,
'11111',
'notify@digital.cabinet-office.gov.uk',
'Verification code')
def test_send_user_code_for_email_uses_optional_to_field(notify_api,
notify_db,
notify_db_session,
sample_email_code,
mock_notify_client_send_email,
mock_secret_code):
"""
Tests POST endpoint '/<user_id>/code' successful email with included in body
"""
with notify_api.test_request_context():
with notify_api.test_client() as client:
data = json.dumps({'code_type': 'email', 'to': 'different@email.gov.uk'})
auth_header = create_authorization_header(
path=url_for('user.send_user_code', user_id=sample_email_code.user.id),
method='POST',
request_body=data)
resp = client.post(
url_for('user.send_user_code', user_id=sample_email_code.user.id),
data=data,
headers=[('Content-Type', 'application/json'), auth_header])
assert resp.status_code == 204
mock_notify_client_send_email.assert_called_once_with('different@email.gov.uk',
'11111',
'notify@digital.cabinet-office.gov.uk',
'Verification code')