def test_deactivate_and_reactivate_a_user(self):
     url = reverse("gov_users:gov_users")
     response = self.client.get(
         url, **{
             "HTTP_GOV_USER_TOKEN":
             user_to_token(self.valid_user.baseuser_ptr)
         })
     self.assertEqual(response.status_code, status.HTTP_200_OK)
     data = {"status": "Deactivated"}
     url = reverse("gov_users:gov_user", kwargs={"pk": self.valid_user.pk})
     self.client.put(url, data, **self.gov_headers)
     response = self.client.get(
         reverse("gov_users:gov_users"), **{
             "HTTP_GOV_USER_TOKEN":
             user_to_token(self.valid_user.baseuser_ptr)
         })
     self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
     data = {"status": "Active"}
     self.client.put(url, data, **self.gov_headers)
     response = self.client.get(
         reverse("gov_users:gov_users"), **{
             "HTTP_GOV_USER_TOKEN":
             user_to_token(self.valid_user.baseuser_ptr)
         })
     self.assertEqual(response.status_code, status.HTTP_200_OK)
Example #2
0
    def setUp(self):
        self.system_user = BaseUser.objects.get(id=SystemUser.id)

        # Gov User Setup
        self.team = Team.objects.get(name="Admin")
        self.base_user = BaseUser(email="*****@*****.**",
                                  first_name="John",
                                  last_name="Smith",
                                  type=UserType.INTERNAL)
        self.base_user.save()
        self.gov_user = GovUser(baseuser_ptr=self.base_user, team=self.team)
        self.gov_user.save()
        self.gov_headers = {
            "HTTP_GOV_USER_TOKEN": user_to_token(self.base_user)
        }

        # Exporter User Setup
        (self.organisation,
         self.exporter_user) = self.create_organisation_with_exporter_user()
        (self.hmrc_organisation, self.hmrc_exporter_user
         ) = self.create_organisation_with_exporter_user(
             "HMRC org 5843", org_type=OrganisationType.HMRC)

        self.exporter_headers = {
            "HTTP_EXPORTER_USER_TOKEN":
            user_to_token(self.exporter_user.baseuser_ptr),
            "HTTP_ORGANISATION_ID":
            str(self.organisation.id),
        }

        self.default_role = Role.objects.get(id=Roles.INTERNAL_DEFAULT_ROLE_ID)
        self.super_user_role = Role.objects.get(
            id=Roles.INTERNAL_SUPER_USER_ROLE_ID)
        self.exporter_default_role = Role.objects.get(
            id=Roles.EXPORTER_DEFAULT_ROLE_ID)
        self.exporter_super_user_role = Role.objects.get(
            id=Roles.EXPORTER_SUPER_USER_ROLE_ID)

        self.hmrc_exporter_headers = {
            "HTTP_EXPORTER_USER_TOKEN":
            user_to_token(self.hmrc_exporter_user.baseuser_ptr),
            "HTTP_ORGANISATION_ID":
            str(self.hmrc_organisation.id),
        }

        self.queue = self.create_queue("Initial Queue", self.team)

        if settings.TIME_TESTS:
            self.tick = timezone.localtime()
Example #3
0
    def post(self, request, *args, **kwargs):
        """
        Takes user details from sso and checks them against our whitelisted users
        Returns a token which is just our ID for the user
        :param request:
        :param email, first_name, last_name:
        :return token:
        """
        data = request.data
        email = data.get("email")
        first_name = data.get("first_name")
        last_name = data.get("last_name")

        try:
            user = GovUser.objects.get(baseuser_ptr__email=email)

            # Update the user's first and last names
            user.baseuser_ptr.first_name = first_name
            user.baseuser_ptr.last_name = last_name
            user.baseuser_ptr.save()
        except GovUser.DoesNotExist:
            return JsonResponse(data={"errors": "User not found"},
                                status=status.HTTP_403_FORBIDDEN)

        if user.status == GovUserStatuses.DEACTIVATED:
            return JsonResponse(data={"errors": "User not found"},
                                status=status.HTTP_403_FORBIDDEN)

        token = user_to_token(user.baseuser_ptr)
        return JsonResponse(
            data={
                "default_queue": str(user.default_queue),
                "token": token,
                "lite_api_user_id": str(user.pk)
            })
    def test_create_exporter_user_when_user_already_exists_doesnt_create_new_user(
            self):
        """
        The endpoint being tested requires another exporter user to send the request
        This means that the new user being added must be attempted to be added by different exporter users
        as the endpoint attempts to add the new user to the request user's organisation
        """

        # Add new exporter user
        self.client.post(self.url, self.data, **self.exporter_headers)
        # Create another request user before attempting to re-add the new exporter user
        other_org, other_exporter_user = self.create_organisation_with_exporter_user(
        )
        other_exporter_user_headers = {
            "HTTP_EXPORTER_USER_TOKEN":
            user_to_token(other_exporter_user.baseuser_ptr),
            "HTTP_ORGANISATION_ID":
            str(other_org.id),
        }
        previous_user_count = ExporterUser.objects.count()

        response = self.client.post(self.url, self.data,
                                    **other_exporter_user_headers)

        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
        self.assertEqual(ExporterUser.objects.count(), previous_user_count)
Example #5
0
    def test_get_notifications_for_user_in_multiple_orgs_success(self):
        """
        Given an exporter user in multiple orgs
        When an API user gets notifications for the exporter user and one of their orgs
        Then only the notifications specific to that user and org combination are returned
        """
        self._create_application_with_notifications()

        org_2, _ = self.create_organisation_with_exporter_user("Org 2")
        self.add_exporter_user_to_org(org_2, self.exporter_user)
        self.exporter_headers = {
            "HTTP_EXPORTER_USER_TOKEN": user_to_token(self.exporter_user.baseuser_ptr),
            "HTTP_ORGANISATION_ID": str(org_2.id),
        }
        application = self.create_standard_application_case(org_2)
        self.create_case_note(application, "This is a test note 3", self.gov_user.baseuser_ptr, True)
        self.create_ecju_query(application, "This is an ecju query")

        response = self.client.get(self.url, **self.exporter_headers)
        response_data = response.json()

        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertEqual(response_data["notifications"]["application"], 2)
        # Check that the 2 notifications we got are only for ones created while org_2 is the currently selected org
        self.assertEqual(
            response_data["notifications"]["application"],
            ExporterNotification.objects.filter(user_id=self.exporter_user.pk, organisation=org_2).count(),
        )
        self.assertNotEqual(
            ExporterNotification.objects.filter(user_id=self.exporter_user.pk).count(),
            ExporterNotification.objects.filter(user_id=self.exporter_user.pk, organisation=org_2).count(),
        )
Example #6
0
    def test_get_cases_on_updated_cases_queue_when_user_is_not_assigned_to_a_case_returns_no_cases(self):
        other_user = GovUserFactory(
            baseuser_ptr__email="*****@*****.**",
            baseuser_ptr__first_name="John",
            baseuser_ptr__last_name="Smith",
            team=self.team,
        )
        gov_headers = {"HTTP_GOV_USER_TOKEN": user_to_token(other_user.baseuser_ptr)}

        response = self.client.get(self.url, **gov_headers)

        self.assertEqual(response.status_code, status.HTTP_200_OK)
        response_data = response.json()["results"]["cases"]
        self.assertEqual(len(response_data), 0)
Example #7
0
    def test_create_commercial_organisation_as_exporter_success(self, address):
        data = {
            "name": "Lemonworld Co",
            "type": OrganisationType.COMMERCIAL,
            "eori_number": "GB123456789000",
            "sic_number": "01110",
            "vat_number": "GB123456789",
            "registration_number": "98765432",
            "site": {"name": "Headquarters", "address": address},
            "user": {"email": "*****@*****.**"},
        }

        response = self.client.post(
            self.url, data, **{EXPORTER_USER_TOKEN_HEADER: user_to_token(self.exporter_user.baseuser_ptr)}
        )
        organisation = Organisation.objects.get(id=response.json()["id"])
        exporter_user = get_users_from_organisation(organisation)[0]
        site = organisation.primary_site

        self.assertEqual(response.status_code, status.HTTP_201_CREATED)

        self.assertEqual(organisation.name, data["name"])
        self.assertEqual(organisation.eori_number, data["eori_number"])
        self.assertEqual(organisation.sic_number, data["sic_number"])
        self.assertEqual(organisation.vat_number, data["vat_number"])
        self.assertEqual(organisation.registration_number, data["registration_number"])
        self.assertEqual(organisation.status, OrganisationStatus.IN_REVIEW)

        self.assertEqual(exporter_user.email, data["user"]["email"])
        self.assertEqual(
            UserOrganisationRelationship.objects.get(user=exporter_user, organisation=organisation).role_id,
            Roles.EXPORTER_SUPER_USER_ROLE_ID,
        )

        self.assertEqual(site.name, data["site"]["name"])
        self.assertEqual(Audit.objects.count(), 1)

        if "address_line_1" in address:
            self.assertEqual(site.address.address_line_1, data["site"]["address"]["address_line_1"])
            self.assertEqual(site.address.address_line_2, data["site"]["address"]["address_line_2"])
            self.assertEqual(site.address.region, data["site"]["address"]["region"])
            self.assertEqual(site.address.postcode, data["site"]["address"]["postcode"])
            self.assertEqual(site.address.city, data["site"]["address"]["city"])
            self.assertEqualIgnoreType(site.address.country.id, "GB")
        else:
            self.assertEqual(site.address.address, data["site"]["address"]["address"])
            self.assertEqualIgnoreType(site.address.country.id, data["site"]["address"]["country"])

        # assert records located at set to site itself
        self.assertEqual(site.site_records_located_at, site)
    def test_set_application_status_on_application_not_in_users_organisation_failure(self):
        self.submit_application(self.standard_application)
        other_organisation, _ = self.create_organisation_with_exporter_user()
        data = {"status": "Invalid status"}
        permission_denied_user = UserOrganisationRelationship.objects.get(organisation=other_organisation).user
        permission_denied_user_headers = {
            "HTTP_EXPORTER_USER_TOKEN": user_to_token(permission_denied_user.baseuser_ptr),
            "HTTP_ORGANISATION_ID": str(other_organisation.id),
        }

        response = self.client.put(self.url, data=data, **permission_denied_user_headers)

        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
        self.assertEqual(self.standard_application.status, get_case_status_by_status(CaseStatusEnum.SUBMITTED))
Example #9
0
    def test_valid_postcodes(self):
        data = {
            "name": "Lemonworld Co",
            "type": OrganisationType.COMMERCIAL,
            "eori_number": "GB123456789000",
            "sic_number": "01110",
            "vat_number": "GB123456789",
            "registration_number": "98765432",
            "site": {
                "name": "Headquarters",
                "address": {
                    "address_line_1": "42 Industrial Estate",
                    "address_line_2": "Queens Road",
                    "region": "Hertfordshire",
                    "city": "St Albans",
                },
            },
            "user": {
                "email": "*****@*****.**"
            },
        }

        valid_postcodes = [
            "BT32 4PX",
            "GIR 0AA",
            "BT324PX",
            " so11aa ",
            " so1  1aa ",
            "G2 3wt",
            "EC1A 1BB",
            "Ec1a1BB",
        ]

        for postcode in valid_postcodes:
            data["site"]["address"]["postcode"] = postcode
            response = self.client.post(
                self.url, data, **{
                    EXPORTER_USER_TOKEN_HEADER:
                    user_to_token(self.exporter_user.baseuser_ptr)
                })

            self.assertEqual(response.status_code, status.HTTP_201_CREATED)
Example #10
0
    def post(self, request, *args, **kwargs):
        """
        Takes user details from sso and checks them against our whitelisted users
        Returns a token which is just our ID for the user
        """
        data = request.data

        user_profile = data.get("user_profile")
        if not user_profile:
            return JsonResponse(
                data={"errors": [strings.Login.Error.USER_PROFILE]},
                status=status.HTTP_400_BAD_REQUEST,
            )

        first_name = data.get("user_profile").get("first_name")
        last_name = data.get("user_profile").get("last_name")
        if not first_name or not last_name:
            return JsonResponse(
                data={"errors": [strings.Login.Error.USER_PROFILE]},
                status=status.HTTP_400_BAD_REQUEST,
            )

        try:
            user = ExporterUser.objects.get(
                baseuser_ptr__email=data.get("email"))
            # Update the user's first and last names
            user.baseuser_ptr.first_name = first_name
            user.baseuser_ptr.last_name = last_name
            user.baseuser_ptr.save()
        except ExporterUser.DoesNotExist:
            return JsonResponse(
                data={"errors": [strings.Login.Error.USER_NOT_FOUND]},
                status=status.HTTP_401_UNAUTHORIZED)

        token = user_to_token(user.baseuser_ptr)
        return JsonResponse(
            data={
                "token": token,
                "first_name": user.first_name,
                "last_name": user.last_name,
                "lite_api_user_id": str(user.pk),
            })
Example #11
0
    def test_fail_view_other_organisations_goods_details(self):
        organisation_2, _ = self.create_organisation_with_exporter_user()
        organisation_2_admin = get_users_from_organisation(organisation_2)[0]

        good = Good(description="thing",
                    is_good_controlled=False,
                    organisation=self.organisation)
        good.save()

        url = reverse("goods:good", kwargs={"pk": good.id})
        response = self.client.get(
            url,
            **{
                "HTTP_EXPORTER_USER_TOKEN":
                user_to_token(organisation_2_admin.baseuser_ptr),
                "HTTP_ORGANISATION_ID":
                str(organisation_2.id),
            },
        )
        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #12
0
    def test_remove_goods_from_application_not_in_users_organisation_failure(
            self):
        self.create_draft_standard_application(self.organisation)
        url = reverse(
            "applications:good_on_application",
            kwargs={"obj_pk": self.good_on_application.id},
        )

        other_organisation, _ = self.create_organisation_with_exporter_user()
        permission_denied_user = UserOrganisationRelationship.objects.get(
            organisation=other_organisation).user
        permission_denied_user_headers = {
            "HTTP_EXPORTER_USER_TOKEN":
            user_to_token(permission_denied_user.baseuser_ptr),
            "HTTP_ORGANISATION_ID":
            str(other_organisation.id),
        }

        response = self.client.delete(url, **permission_denied_user_headers)

        self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
Example #13
0
    def test_invalid_postcodes(self):
        data = {
            "name": "Lemonworld Co",
            "type": OrganisationType.COMMERCIAL,
            "eori_number": "GB123456789000",
            "sic_number": "01110",
            "vat_number": "GB123456789",
            "registration_number": "98765432",
            "site": {
                "name": "Headquarters",
                "address": {
                    "address_line_1": "42 Industrial Estate",
                    "address_line_2": "Queens Road",
                    "region": "Hertfordshire",
                    "city": "St Albans",
                },
            },
            "user": {
                "email": "*****@*****.**"
            },
        }

        invalid_postcodes = ["1NV 4L1D", "1NV4L1D", " b0gUS"]

        for postcode in invalid_postcodes:
            data["site"]["address"]["postcode"] = postcode
            response = self.client.post(
                self.url, data, **{
                    EXPORTER_USER_TOKEN_HEADER:
                    user_to_token(self.exporter_user.baseuser_ptr)
                })

            self.assertEqual(
                response.json()["errors"]["site"]["address"]["postcode"][0],
                Addresses.POSTCODE)
            self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)