Refactor stuff + stricter validation for updating only ALLOWED user attrs

tests/app/test_schemas.py

@@ -1,5 +1,7 @@
 import pytest
 
+from marshmallow import ValidationError
+
 
 def test_job_schema_doesnt_return_notifications(sample_notification_with_job):
     from app.schemas import job_schema
@@ -32,7 +34,7 @@ def test_notification_schema_adds_api_key_name(sample_notification_with_api_key)
     ('email_address', 'newuser@mail.com'),
     ('mobile_number', '+4407700900460')
 ])
-def test_user_schema_accepts_valid_attributes(user_attribute, user_value):
+def test_user_update_schema_accepts_valid_attribute_pairs(user_attribute, user_value):
     update_dict = {
         user_attribute: user_value
     }
@@ -48,11 +50,28 @@ def test_user_schema_accepts_valid_attributes(user_attribute, user_value):
     ('email_address', 'bademail@...com'),
     ('mobile_number', '+44077009')
 ])
-def test_user_schema_rejects_invalid_attributes(user_attribute, user_value):
+def test_user_update_schema_rejects_invalid_attribute_pairs(user_attribute, user_value):
     from app.schemas import user_update_schema_load_json
     update_dict = {
         user_attribute: user_value
     }
 
-    with pytest.raises(Exception):
+    with pytest.raises(ValidationError):
         data, errors = user_update_schema_load_json.load(update_dict)
+
+
+@pytest.mark.parametrize('user_attribute', [
+    'id', 'updated_at', 'created_at', 'user_to_service',
+    '_password', 'verify_codes', 'logged_in_at', 'password_changed_at',
+    'failed_login_count', 'state', 'platform_admin'
+])
+def test_user_update_schema_rejects_disallowed_attribute_keys(user_attribute):
+    update_dict = {
+        user_attribute: 'not important'
+    }
+    from app.schemas import user_update_schema_load_json
+
+    with pytest.raises(ValidationError) as excinfo:
+        data, errors = user_update_schema_load_json.load(update_dict)
+
+    assert excinfo.value.messages['_schema'][0] == 'Unknown field name {}'.format(user_attribute)