def test_allocine_provider(self, synchronize_venue_provider,
validate_csrf_token, client):
# Given
AdminFactory(email="*****@*****.**")
venue = VenueFactory(siret="siret-pivot")
provider = AllocineProviderFactory(enabledForPro=True)
venue_provider = AllocineVenueProviderFactory(provider=provider,
venue=venue,
isDuo=False,
quantity=111)
AllocineVenueProviderPriceRuleFactory(
price=11, allocineVenueProvider=venue_provider)
data = dict(
isDuo=True,
allocine_price=22,
allocine_quantity=222,
provider=provider.id,
venue=venue.id,
venueIdAtOfferProvider=None,
)
client.with_session_auth("*****@*****.**")
client.post(
f"/pc/back-office/venue_providers/edit/?id={venue_provider.id}",
form=data)
synchronize_venue_provider.assert_called_once_with(venue_provider)
# Then
assert venue.venueProviders[0] == venue_provider
assert venue_provider.quantity == 222
def test_update_venue_other_offer_id_at_provider(
self, mocked_validate_csrf_token, app):
AdminFactory(email="*****@*****.**")
venue = VenueFactory(siret="22222222222222")
id_at_providers = "id_at_provider_ne_contenant_pas_le_siret"
stock = StockFactory(offer__venue=venue,
idAtProviders=id_at_providers,
offer__idAtProviders=id_at_providers)
data = dict(
name=venue.name,
siret="88888888888888",
city=venue.city,
postalCode=venue.postalCode,
address=venue.address,
publicName=venue.publicName,
latitude=venue.latitude,
longitude=venue.longitude,
isPermanent=venue.isPermanent,
)
client = TestClient(
app.test_client()).with_session_auth("*****@*****.**")
response = client.post(f"/pc/back-office/venue/edit/?id={venue.id}",
form=data)
assert response.status_code == 302
venue_edited = Venue.query.get(venue.id)
stock = Stock.query.get(stock.id)
offer = Offer.query.get(stock.offer.id)
assert venue_edited.siret == "88888888888888"
assert stock.idAtProviders == "id_at_provider_ne_contenant_pas_le_siret"
assert offer.idAtProviders == "id_at_provider_ne_contenant_pas_le_siret"
def test_only_suspend_beneficiary_users_in_given_emails_providers_list(
self):
# Given
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory()
beneficiary_fraudulent_user = BeneficiaryGrant18Factory(
email="*****@*****.**")
beneficiary_fraudulent_user_with_uppercase_domain = BeneficiaryGrant18Factory(
email="*****@*****.**")
beneficiary_fraudulent_user_with_subdomain = BeneficiaryGrant18Factory(
email="*****@*****.**")
non_beneficiary_fraudulent_user = UserFactory(
email="*****@*****.**")
booking_factories.IndividualBookingFactory(
individualBooking__user=beneficiary_fraudulent_user,
stock__price=1)
# When
suspend_fraudulent_beneficiary_users_by_email_providers(
fraudulent_emails_providers, admin_user, dry_run=False)
# Then
assert not beneficiary_fraudulent_user.isActive
assert not beneficiary_fraudulent_user_with_uppercase_domain.isActive
# Do not handle sub-domains
assert beneficiary_fraudulent_user_with_subdomain.isActive
assert non_beneficiary_fraudulent_user.isActive
def test_only_suspend_pro_users_in_given_emails_providers_list():
# Given
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory(email="*****@*****.**")
pro_fraudulent_user_with_uppercase_domain = ProFactory(
email="*****@*****.**")
pro_fraudulent_user_with_subdomain = ProFactory(
email="*****@*****.**")
beneficiary_fraudulent_user = BeneficiaryGrant18Factory(
email="*****@*****.**")
offerer1 = OffererFactory()
UserOffererFactory(user=pro_fraudulent_user_with_uppercase_domain,
offerer=offerer1)
offerer2 = OffererFactory()
UserOffererFactory(user=pro_fraudulent_user_with_subdomain,
offerer=offerer2)
# When
suspend_fraudulent_pro_by_email_providers(fraudulent_emails_providers,
admin_user,
dry_run=False)
# Then
assert not pro_fraudulent_user_with_uppercase_domain.isActive
# Do not handle sub-domains
assert pro_fraudulent_user_with_subdomain.isActive
assert beneficiary_fraudulent_user.isActive
def test_cancel_bookings_when_offerer_has_one_or_more():
# Given
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory(email="*****@*****.**")
beneficiary1 = BeneficiaryGrant18Factory(email="*****@*****.**")
beneficiary2 = BeneficiaryGrant18Factory(email="*****@*****.**")
fraudulent_user = ProFactory(email="*****@*****.**", )
offerer_with_bookings = OffererFactory()
UserOffererFactory(user=fraudulent_user, offerer=offerer_with_bookings)
offer1 = OfferFactory(venue__managingOfferer=offerer_with_bookings)
offer2 = OfferFactory(venue__managingOfferer=offerer_with_bookings)
stock1 = StockFactory(offer=offer1)
stock2 = StockFactory(offer=offer2)
booking1 = BookingFactory(user=beneficiary1, stock=stock1)
booking2 = BookingFactory(user=beneficiary2, stock=stock2)
# When
suspend_fraudulent_pro_by_email_providers(fraudulent_emails_providers,
admin_user,
dry_run=False)
# Then
assert Offerer.query.count() == 1
assert Venue.query.count() == 2
assert Offer.query.count() == 2
assert Stock.query.count() == 2
assert Booking.query.count() == 2
assert booking1.isCancelled
assert booking1.status is BookingStatus.CANCELLED
assert booking1.cancellationReason is BookingCancellationReasons.FRAUD
assert booking2.isCancelled
assert booking2.status is BookingStatus.CANCELLED
assert booking2.cancellationReason is BookingCancellationReasons.FRAUD
def test_update_venue_reindex_venue_only(
self, mocked_async_index_venue_ids,
mocked_async_index_offers_of_venue_ids, mocked_validate_csrf_token,
app):
AdminFactory(email="*****@*****.**")
venue = VenueFactory(isPermanent=False)
data = dict(
name=venue.name,
siret=venue.siret,
city=venue.city,
postalCode=venue.postalCode,
address=venue.address,
publicName=venue.publicName,
latitude=venue.latitude,
longitude=venue.longitude,
isPermanent=True,
)
client = TestClient(
app.test_client()).with_session_auth("*****@*****.**")
response = client.post(f"/pc/back-office/venue/edit/?id={venue.id}",
form=data)
assert response.status_code == 302
venue = Venue.query.get(venue.id)
assert venue.isPermanent
mocked_async_index_venue_ids.assert_called_once_with([venue.id])
mocked_async_index_offers_of_venue_ids.assert_not_called()
def test_provider_not_synchronizable(self, mock_siret_can_be_synchronized,
validate_csrf_token, client):
# Given
AdminFactory(email="*****@*****.**")
venue = VenueFactory()
old_provider = ProviderFactory(enabledForPro=True,
localClass=None,
apiUrl="https://example.com")
new_provider = ProviderFactory(enabledForPro=True,
localClass=None,
apiUrl="https://example2.com")
venue_provider = VenueProviderFactory(
provider=old_provider,
venue=venue,
venueIdAtOfferProvider="old-siret")
mock_siret_can_be_synchronized.return_value = False
data = dict(
provider=new_provider.id,
venue=venue.id,
venueIdAtOfferProvider="hsf4uiagèy12386dq",
)
client.with_session_auth("*****@*****.**")
client.post(
f"/pc/back-office/venue_providers/edit/?id={venue_provider.id}",
form=data)
# Then
assert venue_provider.provider == old_provider
assert venue_provider.venueIdAtOfferProvider == "old-siret"
def test_dont_suspend_users_not_in_given_user_ids_list(self):
fraudulent_user_ids = [16]
admin_user = AdminFactory()
beneficiary = BeneficiaryGrant18Factory(id=15)
suspend_fraudulent_beneficiary_users_by_ids(fraudulent_user_ids,
admin_user,
dry_run=False)
assert beneficiary.isActive
def when_user_is_an_admin(self, app):
# Given
AdminFactory(email="*****@*****.**",
postalCode=None,
dateOfBirth=None)
# When
response = TestClient(app.test_client()).with_session_auth(
"*****@*****.**").get("/beneficiaries/current")
# Then
assert response.status_code == 200
def test_dont_suspend_users_not_in_given_emails_providers_list():
# Given
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory(email="*****@*****.**")
non_fraudulent_pro = ProFactory(email="*****@*****.**")
# When
suspend_fraudulent_pro_by_email_providers(fraudulent_emails_providers,
admin_user,
dry_run=False)
# Then
assert non_fraudulent_pro.isActive
def test_edit_venue_provider(self, mock_siret_can_be_synchronized,
mock_synchronize_venue_provider,
validate_csrf_token, client, app):
# Given
AdminFactory(email="*****@*****.**")
venue = VenueFactory()
old_provider = ProviderFactory(name="old provider",
enabledForPro=True,
localClass=None,
apiUrl="https://example.com")
new_provider = ProviderFactory(name="new provider",
enabledForPro=True,
localClass=None,
apiUrl="https://example2.com")
venue_provider = VenueProviderFactory(provider=old_provider,
venue=venue)
existing_stock = StockFactory(quantity=10,
offer__venue=venue,
offer__idAtProviders="1")
BookingFactory(stock=existing_stock)
mock_siret_can_be_synchronized.return_value = True
data = dict(
provider=new_provider.id,
venue=venue.id,
venueIdAtOfferProvider="hsf4uiagèy12386dq",
)
client.with_session_auth("*****@*****.**")
response = client.post(
f"/pc/back-office/venue_providers/edit/?id={venue_provider.id}",
form=data)
assert response.status_code == 302
# Then
venue_provider = VenueProvider.query.one()
# Check that venue_provider model have been updated
assert venue_provider.venue == venue
assert venue_provider.provider == new_provider
assert venue_provider.venueIdAtOfferProvider == "hsf4uiagèy12386dq"
# Check that the quantity of existing stocks have been updated and quantity reset to booked_quantity.
assert existing_stock.quantity == 1
assert existing_stock.offer.lastProviderId == new_provider.id
mock_synchronize_venue_provider.assert_called_once_with(venue_provider)
def test_dont_suspend_users_not_in_given_emails_providers_list(self):
# Given
fraudulent_emails_providers = ["gmoil.com"]
admin_user = AdminFactory()
non_fraudulent_user = BeneficiaryGrant18Factory(
email="*****@*****.**")
booking_factories.IndividualBookingFactory(
individualBooking__user=non_fraudulent_user, stock__price=1)
# When
suspend_fraudulent_beneficiary_users_by_email_providers(
fraudulent_emails_providers, admin_user, dry_run=False)
# Then
assert non_fraudulent_user.isActive
def test_suspend_users_by_ids_does_not_cancel_bookings_when_not_cancellable(
self):
fraudulent_user_ids = [15]
admin_user = AdminFactory()
fraudulent_user = BeneficiaryGrant18Factory(id=15)
uncancellable_booking = booking_factories.UsedIndividualBookingFactory(
individualBooking__user=fraudulent_user, stock__price=1)
suspend_fraudulent_beneficiary_users_by_ids(fraudulent_user_ids,
admin_user,
dry_run=False)
assert not fraudulent_user.isActive
assert not uncancellable_booking.isCancelled
assert uncancellable_booking.status is not BookingStatus.CANCELLED
def test_suspend_pro_user_with_many_offerers_and_delete_all_offerers():
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory(email="*****@*****.**")
fraudulent_user = ProFactory(email="*****@*****.**", )
first_offerer = OffererFactory()
UserOffererFactory(user=fraudulent_user, offerer=first_offerer)
second_offerer = OffererFactory()
UserOffererFactory(user=fraudulent_user, offerer=second_offerer)
suspend_fraudulent_pro_by_email_providers(fraudulent_emails_providers,
admin_user,
dry_run=False)
assert not fraudulent_user.isActive
assert Offerer.query.count() == 0
def test_suspend_pros_in_given_emails_providers_list():
# Given
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory(email="*****@*****.**")
fraudulent_user = ProFactory(email="*****@*****.**", )
offerer = OffererFactory()
UserOffererFactory(user=fraudulent_user, offerer=offerer)
# When
suspend_fraudulent_pro_by_email_providers(fraudulent_emails_providers,
admin_user,
dry_run=False)
# Then
assert not fraudulent_user.isActive
def test_does_not_cancel_booking_when_not_cancellable(self):
# Given
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory()
fraudulent_user = BeneficiaryGrant18Factory(
email="*****@*****.**")
uncancellable_booking = booking_factories.UsedIndividualBookingFactory(
individualBooking__user=fraudulent_user, stock__price=1)
# When
suspend_fraudulent_beneficiary_users_by_email_providers(
fraudulent_emails_providers, admin_user, dry_run=False)
# Then
assert not fraudulent_user.isActive
assert not uncancellable_booking.isCancelled
assert uncancellable_booking.status is not BookingStatus.CANCELLED
def test_delete_offerer_and_venue():
# Given
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory(email="*****@*****.**")
fraudulent_user = ProFactory(email="*****@*****.**", )
offerer = OffererFactory()
UserOffererFactory(user=fraudulent_user, offerer=offerer)
VenueFactory(managingOfferer=offerer)
# When
suspend_fraudulent_pro_by_email_providers(fraudulent_emails_providers,
admin_user,
dry_run=False)
# Then
assert Offerer.query.count() == 0
assert Venue.query.count() == 0
def test_suspend_users_by_ids_in_given_user_ids_list(self):
fraudulent_user_ids = [23]
admin_user = AdminFactory()
fraudulent_user = BeneficiaryGrant18Factory(id=23)
fraudulent_user_booking_1 = booking_factories.IndividualBookingFactory(
individualBooking__user=fraudulent_user, stock__price=1)
fraudulent_user_booking_2 = booking_factories.IndividualBookingFactory(
individualBooking__user=fraudulent_user, stock__price=2)
suspend_fraudulent_beneficiary_users_by_ids(fraudulent_user_ids,
admin_user,
dry_run=False)
assert not fraudulent_user.isActive
assert fraudulent_user_booking_1.isCancelled
assert fraudulent_user_booking_1.status is BookingStatus.CANCELLED
assert fraudulent_user_booking_2.isCancelled
assert fraudulent_user_booking_2.status is BookingStatus.CANCELLED
def test_cancel_bookings_of_suspended_users(self):
# Given
fraudulent_emails_providers = ["example.com"]
admin_user = AdminFactory()
fraudulent_user = BeneficiaryGrant18Factory(
email="*****@*****.**")
booking_1 = booking_factories.IndividualBookingFactory(
individualBooking__user=fraudulent_user, stock__price=1)
booking_2 = booking_factories.IndividualBookingFactory(
individualBooking__user=fraudulent_user, stock__price=2)
# When
suspend_fraudulent_beneficiary_users_by_email_providers(
fraudulent_emails_providers, admin_user, dry_run=False)
# Then
assert not fraudulent_user.isActive
assert booking_1.isCancelled
assert booking_1.status is BookingStatus.CANCELLED
assert booking_2.isCancelled
assert booking_2.status is BookingStatus.CANCELLED
def test_update_venue_without_siret(self, mocked_validate_csrf_token, app):
AdminFactory(email="*****@*****.**")
venue = VenueFactory(siret=None, comment="comment to allow null siret")
data = dict(
name=venue.name,
siret="88888888888888",
city=venue.city,
postalCode=venue.postalCode,
address=venue.address,
publicName=venue.publicName,
latitude=venue.latitude,
longitude=venue.longitude,
isPermanent=venue.isPermanent,
)
client = TestClient(
app.test_client()).with_session_auth("*****@*****.**")
response = client.post(f"/pc/back-office/venue/edit/?id={venue.id}",
form=data)
assert response.status_code == 302
def test_suspend_users_by_ids(self, client):
admin_user = AdminFactory()
fraudulent_user_1 = BeneficiaryGrant18Factory(id=5)
fraudulent_user_2 = BeneficiaryGrant18Factory(id=16)
booking_factories.IndividualBookingFactory(
individualBooking__user=fraudulent_user_1)
booking_factories.UsedIndividualBookingFactory(
individualBooking__user=fraudulent_user_2)
user_ids_csv = (io.BytesIO(b"user_id\n5\n16"), "user_ids.csv")
files = {"user_ids_csv": user_ids_csv}
headers = {"content-type": "multipart/form-data"}
client = client.with_session_auth(admin_user.email)
response = client.post(
"/pc/back-office/suspend_fraud_users_by_user_ids",
files=files,
headers=headers)
assert response.status_code == 200
content = response.data.decode(response.charset)
assert not fraudulent_user_2.isActive
assert not fraudulent_user_1.isActive
assert "Nombre d'utilisateurs suspendus : 2" in content
assert "Nombre de réservations annulées : 1" in content
def when_current_user_is_admin(self, mock_api_entreprise, app):
# Given
mock_api_entreprise.return_value = MagicMock(
status_code=200,
text="",
json=MagicMock(
return_value=copy.deepcopy(api_entreprise_json_mock)))
admin = AdminFactory()
VirtualVenueTypeFactory()
body = {
"name": "Test Offerer",
"siren": "418166096",
"address": "123 rue de Paris",
"postalCode": "93100",
"city": "Montreuil",
}
# When
response = TestClient(app.test_client()).with_session_auth(
admin.email).post("/offerers", json=body)
# then
assert response.status_code == 201