remove the global_invite (accept_invite) endpoint

move the endpoints into service_invite/rest.py and organisation/invite_rest.py respectively. Remove the prefix from all the blueprints to allow this.
2026-02-04 02:11:11 -05:00 · 2021-03-11 20:26:44 +00:00
parent 4471189b87
commit eab4a75e29
9 changed files with 267 additions and 205 deletions
--- a/tests/app/service_invite/test_service_invite_rest.py
+++ b/tests/app/service_invite/test_service_invite_rest.py
@@ -1,7 +1,10 @@
 import json
+import uuid

 import pytest
 from flask import current_app
+from freezegun import freeze_time
+from notifications_utils.url_safe_token import generate_token

 from app.models import EMAIL_AUTH_TYPE, SMS_AUTH_TYPE, Notification
 from tests import create_authorization_header
@@ -270,3 +273,89 @@ def test_update_invited_user_for_invalid_data_returns_400(client, sample_invited
    response = client.post(url, data=json.dumps(data),
                           headers=[('Content-Type', 'application/json'), auth_header])
    assert response.status_code == 400
+
+
+def test_validate_invitation_token_returns_200_when_token_valid(client, sample_invited_user):
+    token = generate_token(str(sample_invited_user.id), current_app.config['SECRET_KEY'],
+                           current_app.config['DANGEROUS_SALT'])
+    url = '/invite/service/{}'.format(token)
+    auth_header = create_authorization_header()
+    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
+
+    assert response.status_code == 200
+    json_resp = json.loads(response.get_data(as_text=True))
+    assert json_resp['data']['id'] == str(sample_invited_user.id)
+    assert json_resp['data']['email_address'] == sample_invited_user.email_address
+    assert json_resp['data']['from_user'] == str(sample_invited_user.user_id)
+    assert json_resp['data']['service'] == str(sample_invited_user.service_id)
+    assert json_resp['data']['status'] == sample_invited_user.status
+    assert json_resp['data']['permissions'] == sample_invited_user.permissions
+    assert json_resp['data']['folder_permissions'] == sample_invited_user.folder_permissions
+
+
+def test_validate_invitation_token_for_expired_token_returns_400(client):
+    with freeze_time('2016-01-01T12:00:00'):
+        token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
+                               current_app.config['DANGEROUS_SALT'])
+    url = '/invite/service/{}'.format(token)
+    auth_header = create_authorization_header()
+    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
+
+    assert response.status_code == 400
+    json_resp = json.loads(response.get_data(as_text=True))
+    assert json_resp['result'] == 'error'
+    assert json_resp['message'] == {
+        'invitation': 'Your invitation to GOV.UK Notify has expired. '
+                      'Please ask the person that invited you to send you another one'}
+
+
+def test_validate_invitation_token_returns_400_when_invited_user_does_not_exist(client):
+    token = generate_token(str(uuid.uuid4()), current_app.config['SECRET_KEY'],
+                           current_app.config['DANGEROUS_SALT'])
+    url = '/invite/service/{}'.format(token)
+    auth_header = create_authorization_header()
+    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
+
+    assert response.status_code == 404
+    json_resp = json.loads(response.get_data(as_text=True))
+    assert json_resp['result'] == 'error'
+    assert json_resp['message'] == 'No result found'
+
+
+def test_validate_invitation_token_returns_400_when_token_is_malformed(client):
+    token = generate_token(
+        str(uuid.uuid4()),
+        current_app.config['SECRET_KEY'],
+        current_app.config['DANGEROUS_SALT']
+    )[:-2]
+
+    url = '/invite/service/{}'.format(token)
+    auth_header = create_authorization_header()
+    response = client.get(url, headers=[('Content-Type', 'application/json'), auth_header])
+
+    assert response.status_code == 400
+    json_resp = json.loads(response.get_data(as_text=True))
+    assert json_resp['result'] == 'error'
+    assert json_resp['message'] == {
+        'invitation': 'Something’s wrong with this link. Make sure you’ve copied the whole thing.'
+    }
+
+
+def test_get_invited_user(admin_request, sample_invited_user):
+    json_resp = admin_request.get(
+        'service_invite.get_invited_user',
+        invited_user_id=sample_invited_user.id
+    )
+    assert json_resp['data']['id'] == str(sample_invited_user.id)
+    assert json_resp['data']['email_address'] == sample_invited_user.email_address
+    assert json_resp['data']['service'] == str(sample_invited_user.service_id)
+    assert json_resp['data']['permissions'] == sample_invited_user.permissions
+
+
+def test_get_invited_user_404s_if_invite_doesnt_exist(admin_request, sample_invited_user, fake_uuid):
+    json_resp = admin_request.get(
+        'service_invite.get_invited_user',
+        invited_user_id=fake_uuid,
+        _expected_status=404
+    )
+    assert json_resp['result'] == 'error'