def test_delete_contact(session): # pylint:disable=unused-argument
"""Assert that a contact can be deleted to an Entity."""
entity_model = factory_entity_model()
entity = EntityService(entity_model)
entity.add_contact(TestContactInfo.contact1)
updated_entity = entity.delete_contact()
dictionary = updated_entity.as_dict()
assert not dictionary['contacts']
def test_add_contact_duplicate(session): # pylint:disable=unused-argument
"""Assert that a contact cannot be added to an Entity if that Entity already has a contact."""
entity_model = factory_entity_model()
entity = EntityService(entity_model)
entity.add_contact(TestContactInfo.contact1)
with pytest.raises(BusinessException) as exception:
entity.add_contact(TestContactInfo.contact2)
assert exception.value.code == Error.DATA_ALREADY_EXISTS.name
def test_entity_name_sync(app, session): # pylint:disable=unused-argument
"""Assert that the name syncing for entity affiliation is working correctly."""
entity_model = factory_entity_model(
entity_info=TestEntityInfo.entity_lear_mock)
entity = EntityService(entity_model)
entity.sync_name()
dictionary = entity.as_dict()
assert dictionary['name'] == 'Legal Name CP0002103'
def test_get_contact_by_business_identifier(session): # pylint:disable=unused-argument
"""Assert that a contact can be retrieved by the associated business id."""
entity_model = factory_entity_model()
entity = EntityService(entity_model)
entity.add_contact(TestContactInfo.contact1)
contact = entity.get_contact()
assert contact is not None
assert contact.email == TestContactInfo.contact1['email']
def test_entity_find_by_entity_id(session, auth_mock): # pylint:disable=unused-argument
"""Assert that an Entity can be retrieved by entity identifier."""
entity_model = factory_entity_model()
entity = EntityService(entity_model)
entity = EntityService.find_by_entity_id(entity.identifier)
assert entity is not None
dictionary = entity.as_dict()
assert dictionary['business_identifier'] == TestEntityInfo.entity1['businessIdentifier']
def test_add_contact(session): # pylint:disable=unused-argument
"""Assert that a contact can be added to an Entity."""
entity_model = factory_entity_model()
entity = EntityService(entity_model)
entity.add_contact(TestContactInfo.contact1)
dictionary = entity.as_dict()
assert dictionary['contacts']
assert len(dictionary['contacts']) == 1
assert dictionary['contacts'][0]['email'] == TestContactInfo.contact1['email']
def test_find_user_authorization_by_org_id_and_invalid_corp_type(session): # pylint:disable=unused-argument
"""Assert that authorization view is not returning result when invalid corp type is passed."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_org_id_and_corp_type(org.id, 'invalid_corp_type')
assert authorization is None
def test_reset_pass_code(app, session): # pylint:disable=unused-argument
"""Assert that the new passcode in not the same as old passcode."""
entity_model = factory_entity_model(entity_info=TestEntityInfo.entity_passcode)
entity = EntityService(entity_model)
old_passcode = entity.pass_code
entity.reset_passcode(entity.business_identifier, '', TestJwtClaims.user_test)
new_passcode = entity.pass_code
assert old_passcode != new_passcode
def test_get_user_authorizations_for_entity(session): # pylint:disable=unused-argument
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.get_user_authorizations_for_entity(
{
'sub': str(user.keycloak_guid),
'realm_access': {
'roles': ['basic']
}
}, entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership',
None) == membership.membership_type_code
# Test with invalid user
authorization = Authorization.get_user_authorizations_for_entity(
{
'sub': str(uuid.uuid4()),
'realm_access': {
'roles': ['basic']
}
}, entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership', None) is None
# Test for passcode users with invalid username
authorization = Authorization.get_user_authorizations_for_entity(
{
'loginSource': 'PASSCODE',
'username': '******',
'realm_access': {
'roles': ['basic']
}
}, entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership', None) is None
# Test for staff users
authorization = Authorization.get_user_authorizations_for_entity(
{
'loginSource': '',
'realm_access': {
'roles': ['staff']
}
}, entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership', None) is None
def test_find_all_user_authorizations(session): # pylint:disable=unused-argument
"""Test find all user authoirzations."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorizations = Authorization.find_all_authorizations_for_user(str(user.keycloak_guid))
assert authorizations is not None
assert authorizations[0].org_membership == membership.membership_type_code
assert authorizations[0].business_identifier == entity.business_identifier
def test_check_auth_for_service_account_valid_with_org_id(session): # pylint:disable=unused-argument
"""Assert that check_auth is working as expected."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.BUSINESS.value)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test for service account with CP corp type
check_auth({'realm_access': {'roles': ['system']}, 'product_code': ProductCode.BUSINESS.value}, org_id=org.id)
def test_find_user_authorization_by_org_id(session): # pylint:disable=unused-argument
"""Assert that authorization view is returning result."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_org_id(str(user.keycloak_guid),
org.id)
assert authorization is not None
assert authorization.org_membership == membership.membership_type_code
def test_delete_contact_no_entity(session, auth_mock): # pylint:disable=unused-argument
"""Assert that a contact can not be deleted without entity."""
entity_model = factory_entity_model()
entity = EntityService(entity_model)
entity.add_contact(TestContactInfo.contact1)
updated_entity = entity.delete_contact()
with pytest.raises(BusinessException) as exception:
updated_entity.delete_contact()
assert exception.value.code == Error.DATA_NOT_FOUND.name
def test_find_user_authorization_by_business_number_product(session): # pylint:disable=unused-argument
"""Assert that authorization view is returning result."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_business_number_and_product(
entity.business_identifier, ProductCode.DIR_SEARCH.value)
assert authorization is not None
assert authorization.product_code == ProductCode.DIR_SEARCH.value
def test_find_invalid_user_authorization_by_business_number(session): # pylint:disable=unused-argument
"""Test with invalid user id and assert that auth is None."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_business_number(str(uuid.uuid4()),
entity.business_identifier)
assert authorization is None
# Test with invalid business identifier
authorization = Authorization.find_user_authorization_by_business_number(str(uuid.uuid4()), '')
assert authorization is None
def test_reset_pass_code_confirm_activity_log(app, session): # pylint:disable=unused-argument
"""Assert that the new passcode in not the same as old passcode."""
entity_model = factory_entity_model(entity_info=TestEntityInfo.entity_passcode)
entity = EntityService(entity_model)
old_passcode = entity.pass_code
with patch.object(activity_log_publisher, 'publish_activity', return_value=None) as mock_send:
entity.reset_passcode(entity.business_identifier, '', TestJwtClaims.user_test)
new_passcode = entity.pass_code
assert old_passcode != new_passcode
mock_send.assert_called
def test_find_user_authorization_by_org_id_and_corp_type(session): # pylint:disable=unused-argument
"""Assert that authorization view returns result when fetched using Corp type instead of jwt.
Service accounts passes corp type instead of jwt.
"""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_org_id_and_corp_type(org.id, 'CP')
assert authorization is not None
assert authorization.org_membership == membership.membership_type_code
def test_get_user_authorizations_for_entity_service_account(
session, monkeypatch):
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
factory_product_model(org.id, product_code=ProductCode.BUSINESS.value)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test for service accounts with correct product code
patch_token_info(
{
'loginSource': '',
'realm_access': {
'roles': ['system']
},
'product_code': ProductCode.BUSINESS.value
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert bool(authorization) is True
assert authorization.get('orgMembership', None) == 'ADMIN'
# Test for service accounts with wrong product code
patch_token_info(
{
'loginSource': '',
'realm_access': {
'roles': ['system']
},
'product_code': 'INVALIDCP'
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
# Test for service accounts with no product code
patch_token_info({
'loginSource': '',
'realm_access': {
'roles': ['system']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
def test_update_contact(session): # pylint:disable=unused-argument
"""Assert that a contact for an existing Entity can be updated."""
entity_model = factory_entity_model()
entity = EntityService(entity_model)
entity.add_contact(TestContactInfo.contact1)
dictionary = entity.as_dict()
assert len(dictionary['contacts']) == 1
assert dictionary['contacts'][0]['email'] == TestContactInfo.contact1['email']
entity.update_contact(TestContactInfo.contact2)
dictionary = None
dictionary = entity.as_dict()
assert len(dictionary['contacts']) == 1
assert dictionary['contacts'][0]['email'] == TestContactInfo.contact2['email']
def test_check_auth_for_service_account_valid_with_business_id(session): # pylint:disable=unused-argument
"""Assert that check_auth is working as expected."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test for service account with CP corp type
check_auth({
'realm_access': {
'roles': ['system']
},
'corp_type': 'CP'
},
business_identifier=entity.business_identifier)
def test_get_user_authorizations(session): # pylint:disable=unused-argument
"""Assert that listing all user authorizations is working."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.get_user_authorizations(str(user.keycloak_guid))
assert authorization is not None
assert authorization['authorizations'][0].get('orgMembership', None) == membership.membership_type_code
# Test with invalid user
authorization = Authorization.get_user_authorizations(str(uuid.uuid4()))
assert authorization is not None
assert len(authorization['authorizations']) == 0
def test_find_user_authorization_by_org_id_and_corp_type_multiple_membership(session): # pylint:disable=unused-argument
"""Assert that authorization view returns result when fetched using Corp type instead of jwt.
When multiple membership is present , return the one with Owner access.
"""
user1 = factory_user_model()
user2 = factory_user_model(user_info=TestUserInfo.user2)
org = factory_org_model()
factory_membership_model(user1.id, org.id, member_type='ADMIN')
membership_owner = factory_membership_model(user2.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
authorization = Authorization.find_user_authorization_by_org_id_and_corp_type(org.id, 'CP')
assert authorization is not None
assert authorization.org_membership == membership_owner.membership_type_code
def test_delete_user_where_org_has_another_owner(session, auth_mock,
keycloak_mock, monkeypatch): # pylint:disable=unused-argument
"""Assert that a user can be deleted."""
# Create a user and org
user_model = factory_user_model(user_info=TestUserInfo.user_test)
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.user = user_model
contact_link.commit()
patch_token_info(TestJwtClaims.get_test_user(user_model.keycloak_guid),
monkeypatch)
org = OrgService.create_org(TestOrgInfo.org1, user_id=user_model.id)
org_dictionary = org.as_dict()
org_id = org_dictionary['id']
entity = factory_entity_model(entity_info=TestEntityInfo.entity_lear_mock)
affiliation = AffiliationModel(org_id=org_id, entity_id=entity.id)
affiliation.save()
# Create another user and add membership to the above org
user_model2 = factory_user_model(user_info=TestUserInfo.user2)
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.user = user_model2
contact_link.commit()
membership = MembershipModel(org_id=org_id,
user_id=user_model2.id,
membership_type_code='ADMIN',
membership_type_status=Status.ACTIVE.value)
membership.save()
membership.commit()
# with pytest.raises(BusinessException) as exception:
patch_token_info(TestJwtClaims.get_test_user(user_model2.keycloak_guid),
monkeypatch)
UserService.delete_user()
updated_user = UserModel.find_by_jwt_token()
assert len(updated_user.contacts) == 0
user_orgs = MembershipModel.find_orgs_for_user(updated_user.id)
for org in user_orgs:
assert org.status_code == 'INACTIVE'
def test_authorizations_for_affiliated_users_returns_200(client, jwt, session): # pylint:disable=unused-argument
"""Assert authorizations for affiliated users returns 200."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
claims = copy.deepcopy(TestJwtClaims.passcode.value)
claims['sub'] = str(user.keycloak_guid)
headers = factory_auth_header(jwt=jwt, claims=claims)
rv = client.get(f'/api/v1/entities/{entity.business_identifier}/authorizations',
headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('orgMembership') == 'OWNER'
def test_delete_user_is_member_returns_204(client, jwt, session,
keycloak_mock): # pylint:disable=unused-argument
"""Test if the user is the member of a team assert status is 204."""
user_model = factory_user_model(user_info=TestUserInfo.user_test)
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.user = user_model
contact_link.commit()
user_model2 = factory_user_model(user_info=TestUserInfo.user2)
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.user = user_model2
contact_link.commit()
claims = copy.deepcopy(TestJwtClaims.public_user_role.value)
claims['sub'] = str(user_model2.keycloak_guid)
org = OrgService.create_org(TestOrgInfo.org1,
user_id=user_model.id,
token_info=claims)
org_dictionary = org.as_dict()
org_id = org_dictionary['id']
entity = factory_entity_model(entity_info=TestEntityInfo.entity_lear_mock)
affiliation = AffiliationModel(org_id=org_id, entity_id=entity.id)
affiliation.save()
membership = MembershipModel(org_id=org_id,
user_id=user_model2.id,
membership_type_code='USER',
membership_type_status=Status.ACTIVE.value)
membership.save()
headers = factory_auth_header(jwt=jwt, claims=claims)
rv = client.delete('/api/v1/users/@me',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_204_NO_CONTENT
def test_get_user_authorizations_for_entity_service_account(session):
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
# Test for service accounts with correct corp type
authorization = Authorization.get_user_authorizations_for_entity(
{
'loginSource': '',
'realm_access': {
'roles': ['system']
},
'corp_type': 'CP'
}, entity.business_identifier)
assert bool(authorization) is True
assert authorization.get('orgMembership', None) == 'OWNER'
# Test for service accounts with wrong corp type
authorization = Authorization.get_user_authorizations_for_entity(
{
'loginSource': '',
'realm_access': {
'roles': ['system']
},
'corp_type': 'INVALIDCP'
}, entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
# Test for service accounts with no corp type
authorization = Authorization.get_user_authorizations_for_entity(
{
'loginSource': '',
'realm_access': {
'roles': ['system']
}
}, entity.business_identifier)
assert bool(authorization) is False
assert authorization.get('orgMembership', None) is None
def test_delete_entity(app, session): # pylint:disable=unused-argument
"""Assert that an entity can be deleted."""
entity_model = factory_entity_model()
entity = EntityService(entity_model)
org = factory_org_service()
contact = factory_contact_model()
contact_link = ContactLinkModel()
contact_link.contact = contact
contact_link.entity = entity._model # pylint:disable=protected-access
contact_link.org = org._model # pylint:disable=protected-access
contact_link.commit()
entity.delete()
entity = EntityService.find_by_entity_id(entity.identifier)
assert entity is None
def test_authorizations_expanded_for_staff(client, jwt, session): # pylint:disable=unused-argument
"""Assert expanded authorizations for staff user returns result."""
user = factory_user_model()
org = factory_org_model()
factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
claims = copy.deepcopy(TestJwtClaims.edit_user_role.value)
claims['sub'] = str(user.keycloak_guid)
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role)
rv = client.get(
f'/api/v1/entities/{entity.business_identifier}/authorizations?expanded=true',
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
assert rv.json.get('account') is not None
assert rv.json.get('account').get('name') == org.name
assert rv.json.get('business').get('name') == entity.name
assert rv.json.get('business').get('folioNumber') == entity.folio_number
def test_get_user_authorizations_for_entity_with_multiple_affiliations(
session, # pylint:disable=unused-argument
monkeypatch):
"""Assert that user authorizations for entity is working."""
user = factory_user_model()
org = factory_org_model()
membership = factory_membership_model(user.id, org.id)
entity = factory_entity_model()
factory_affiliation_model(entity.id, org.id)
patch_token_info(
{
'sub': str(user.keycloak_guid),
'realm_access': {
'roles': ['basic']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership',
None) == membership.membership_type_code
# Affiliate same entity to another org and user, and assert both authorizations works
user_2 = factory_user_model(user_info=TestUserInfo.user2)
org_2 = factory_org_model(org_info=TestOrgInfo.org2)
membership = factory_membership_model(user_2.id, org_2.id)
factory_affiliation_model(entity.id, org_2.id)
patch_token_info(
{
'sub': str(user_2.keycloak_guid),
'realm_access': {
'roles': ['basic']
}
}, monkeypatch)
authorization = Authorization.get_user_authorizations_for_entity(
entity.business_identifier)
assert authorization is not None
assert authorization.get('orgMembership',
None) == membership.membership_type_code
def test_reset(session, auth_mock): # pylint: disable=unused-argument
"""Assert that can be reset data by the provided token."""
user_with_token = TestUserInfo.user_tester
user_with_token['keycloak_guid'] = TestJwtClaims.tester_role['sub']
user = factory_user_model(user_info=user_with_token)
org = factory_org_model(user_id=user.id)
factory_membership_model(user.id, org.id)
entity = factory_entity_model(user_id=user.id)
ResetDataService.reset(TestJwtClaims.tester_role)
with pytest.raises(BusinessException) as exception:
UserService.find_by_jwt_token(user_with_token)
assert exception.value.code == Error.DATA_NOT_FOUND.name
found_org = OrgService.find_by_org_id(org.id)
assert found_org is None
found_entity = EntityService.find_by_entity_id(entity.id)
assert found_entity is None
found_memeber = MembershipService.get_members_for_org(org.id)
assert found_memeber is None