Merge pull request #28 from alphagov/verify_user_password

Added user verify password endpoint.
2026-01-31 06:52:06 -05:00 · 2016-01-20 17:07:23 +00:00
parent 1fd3c9139f 0ec69b89ee
commit eeffd4c6e2
2 changed files with 95 additions and 4 deletions
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -358,3 +358,76 @@ def test_delete_user_not_exists(notify_api, notify_db, notify_db_session, sample
                headers=[('Content-Type', 'application/json'), auth_header])
            assert resp.status_code == 404
            assert User.query.count() == 2
+
+
+def test_user_verify_password(notify_api,
+                              notify_db,
+                              notify_db_session,
+                              sample_user,
+                              sample_admin_service_id):
+    """
+    Tests POST endpoint '/<user_id>/verify/password'
+    """
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            data = json.dumps({'password': 'password'})
+            auth_header = create_authorization_header(
+                service_id=sample_admin_service_id,
+                path=url_for('user.verify_user_password', user_id=sample_user.id),
+                method='POST',
+                request_body=data)
+            resp = client.post(
+                url_for('user.verify_user_password', user_id=sample_user.id),
+                data=data,
+                headers=[('Content-Type', 'application/json'), auth_header])
+            assert resp.status_code == 204
+
+
+def test_user_verify_password_invalid_password(notify_api,
+                                               notify_db,
+                                               notify_db_session,
+                                               sample_user,
+                                               sample_admin_service_id):
+    """
+    Tests POST endpoint '/<user_id>/verify/password' invalid endpoint.
+    """
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            data = json.dumps({'password': 'bad password'})
+            auth_header = create_authorization_header(
+                service_id=sample_admin_service_id,
+                path=url_for('user.verify_user_password', user_id=sample_user.id),
+                method='POST',
+                request_body=data)
+            resp = client.post(
+                url_for('user.verify_user_password', user_id=sample_user.id),
+                data=data,
+                headers=[('Content-Type', 'application/json'), auth_header])
+            assert resp.status_code == 400
+            json_resp = json.loads(resp.get_data(as_text=True))
+            assert 'Incorrect password' in json_resp['message']['password']
+
+
+def test_user_verify_password_missing_password(notify_api,
+                                               notify_db,
+                                               notify_db_session,
+                                               sample_user,
+                                               sample_admin_service_id):
+    """
+    Tests POST endpoint '/<user_id>/verify/password' missing password.
+    """
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            data = json.dumps({'bingo': 'bongo'})
+            auth_header = create_authorization_header(
+                service_id=sample_admin_service_id,
+                path=url_for('user.verify_user_password', user_id=sample_user.id),
+                method='POST',
+                request_body=data)
+            resp = client.post(
+                url_for('user.verify_user_password', user_id=sample_user.id),
+                data=data,
+                headers=[('Content-Type', 'application/json'), auth_header])
+            assert resp.status_code == 400
+            json_resp = json.loads(resp.get_data(as_text=True))
+            assert 'Required field missing data' in json_resp['message']['password']