From bab93605199f8391ec3d3412d52412559e5ed315 Mon Sep 17 00:00:00 2001
From: Rebecca Law <rebecca.law@digital.cabinet-office.gov.uk>
Date: Mon, 12 Sep 2016 16:16:02 +0100
Subject: [PATCH 1/2] Fix a bug in the accept invitation that was throwing a
 500. - If the token for invitation was expired, the method would throw a 500
 while creating the erorr message. - Added unit tests.

---
 app/accept_invite/rest.py                     |  3 +-
 tests/app/accept_invite/__init__.py           |  0
 .../accept_invite/test_accept_invite_rest.py  | 59 +++++++++++++++++++
 3 files changed, 60 insertions(+), 2 deletions(-)
 create mode 100644 tests/app/accept_invite/__init__.py
 create mode 100644 tests/app/accept_invite/test_accept_invite_rest.py

diff --git a/app/accept_invite/rest.py b/app/accept_invite/rest.py
index 1a0366f5e..25855ecc8 100644
--- a/app/accept_invite/rest.py
+++ b/app/accept_invite/rest.py
@@ -33,8 +33,7 @@ def get_invited_user_by_token(token):
                                       current_app.config['DANGEROUS_SALT'],
                                       max_age_seconds)
     except SignatureExpired:
-        message = 'Invitation with id {} expired'.format(invited_user_id)
-        errors = {'invitation': [message]}
+        errors = {'invitation': ['Invitation has expired']}
         raise InvalidRequest(errors, status_code=400)
 
     invited_user = get_invited_user_by_id(invited_user_id)
diff --git a/tests/app/accept_invite/__init__.py b/tests/app/accept_invite/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/app/accept_invite/test_accept_invite_rest.py b/tests/app/accept_invite/test_accept_invite_rest.py
new file mode 100644
index 000000000..f5672a1a0
--- /dev/null
+++ b/tests/app/accept_invite/test_accept_invite_rest.py
@@ -0,0 +1,59 @@
+import uuid
+
+import pytest
+from flask import json
+from freezegun import freeze_time
+from notifications_utils.url_safe_token import generate_token
+
+from tests import create_authorization_header
+
+
+def test_accept_invite_for_expired_token_returns_400(notify_api, sample_invited_user):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            with freeze_time('2016-01-01T12:00:00'):
+                token = generate_token(str(sample_invited_user.id), notify_api.config['SECRET_KEY'],
+                                       notify_api.config['DANGEROUS_SALT'])
+        url = '/invite/{}'.format(token)
+        auth_header = create_authorization_header()
+        response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
+
+        assert response.status_code == 400
+        json_resp = json.loads(response.get_data(as_text=True))
+        assert json_resp['result'] == 'error'
+        assert json_resp['message'] == {'invitation': ['Invitation has expired']}
+
+
+def test_accept_invite_returns_200_when_token_valid(notify_api, sample_invited_user):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            token = generate_token(str(sample_invited_user.id), notify_api.config['SECRET_KEY'],
+                                       notify_api.config['DANGEROUS_SALT'])
+            url = '/invite/{}'.format(token)
+            auth_header = create_authorization_header()
+            response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
+
+            assert response.status_code == 200
+            json_resp = json.loads(response.get_data(as_text=True))
+            assert json_resp['data']['id'] == str(sample_invited_user.id)
+            assert json_resp['data']['email_address'] == sample_invited_user.email_address
+            assert json_resp['data']['from_user'] == str(sample_invited_user.user_id)
+            assert json_resp['data']['service']== str(sample_invited_user.service_id)
+            assert json_resp['data']['status'] == sample_invited_user.status
+            assert json_resp['data']['permissions'] == sample_invited_user.permissions
+
+
+
+def test_accept_invite_returns_200_when_token_valid(notify_api):
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            token = generate_token(str(uuid.uuid4()), notify_api.config['SECRET_KEY'],
+                                       notify_api.config['DANGEROUS_SALT'])
+            url = '/invite/{}'.format(token)
+            auth_header = create_authorization_header()
+            response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
+
+            assert response.status_code == 404
+            json_resp = json.loads(response.get_data(as_text=True))
+            assert json_resp['result'] == 'error'
+            assert json_resp['message'] == 'No result found'

From f1b9702dfb42714d4e2537533f0b9a3c819340a6 Mon Sep 17 00:00:00 2001
From: Rebecca Law <rebecca.law@digital.cabinet-office.gov.uk>
Date: Mon, 12 Sep 2016 16:41:48 +0100
Subject: [PATCH 2/2] Fix codestyle

---
 tests/app/accept_invite/test_accept_invite_rest.py | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/tests/app/accept_invite/test_accept_invite_rest.py b/tests/app/accept_invite/test_accept_invite_rest.py
index f5672a1a0..2df8c185f 100644
--- a/tests/app/accept_invite/test_accept_invite_rest.py
+++ b/tests/app/accept_invite/test_accept_invite_rest.py
@@ -4,7 +4,6 @@ import pytest
 from flask import json
 from freezegun import freeze_time
 from notifications_utils.url_safe_token import generate_token
-
 from tests import create_authorization_header
 
 
@@ -28,7 +27,7 @@ def test_accept_invite_returns_200_when_token_valid(notify_api, sample_invited_u
     with notify_api.test_request_context():
         with notify_api.test_client() as client:
             token = generate_token(str(sample_invited_user.id), notify_api.config['SECRET_KEY'],
-                                       notify_api.config['DANGEROUS_SALT'])
+                                   notify_api.config['DANGEROUS_SALT'])
             url = '/invite/{}'.format(token)
             auth_header = create_authorization_header()
             response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
@@ -38,17 +37,16 @@ def test_accept_invite_returns_200_when_token_valid(notify_api, sample_invited_u
             assert json_resp['data']['id'] == str(sample_invited_user.id)
             assert json_resp['data']['email_address'] == sample_invited_user.email_address
             assert json_resp['data']['from_user'] == str(sample_invited_user.user_id)
-            assert json_resp['data']['service']== str(sample_invited_user.service_id)
+            assert json_resp['data']['service'] == str(sample_invited_user.service_id)
             assert json_resp['data']['status'] == sample_invited_user.status
             assert json_resp['data']['permissions'] == sample_invited_user.permissions
 
 
-
-def test_accept_invite_returns_200_when_token_valid(notify_api):
+def test_accept_invite_returns_400_when_invited_user_does_not_exist(notify_api):
     with notify_api.test_request_context():
         with notify_api.test_client() as client:
             token = generate_token(str(uuid.uuid4()), notify_api.config['SECRET_KEY'],
-                                       notify_api.config['DANGEROUS_SALT'])
+                                   notify_api.config['DANGEROUS_SALT'])
             url = '/invite/{}'.format(token)
             auth_header = create_authorization_header()
             response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])