def test_post_user_attribute_with_updated_by( client, mocker, sample_user, user_attribute, user_value, arguments, team_member_email_edit_template, team_member_mobile_edit_template ): updater = create_user(name="Service Manago", email="*****@*****.**") assert getattr(sample_user, user_attribute) != user_value update_dict = { user_attribute: user_value, 'updated_by': str(updater.id) } auth_header = create_authorization_header() headers = [('Content-Type', 'application/json'), auth_header] mock_persist_notification = mocker.patch('app.user.rest.persist_notification') mocker.patch('app.user.rest.send_notification_to_queue') resp = client.post( url_for('user.update_user_attribute', user_id=sample_user.id), data=json.dumps(update_dict), headers=headers) assert resp.status_code == 200, resp.get_data(as_text=True) json_resp = json.loads(resp.get_data(as_text=True)) assert json_resp['data'][user_attribute] == user_value if arguments: mock_persist_notification.assert_called_once_with(**arguments) else: mock_persist_notification.assert_not_called()
def test_find_users_by_email_finds_user_by_full_email(notify_db, client): create_user(email='*****@*****.**') create_user(email='*****@*****.**') data = json.dumps({"email": "*****@*****.**"}) auth_header = create_authorization_header() response = client.post( url_for("user.find_users_by_email"), data=data, headers=[('Content-Type', 'application/json'), auth_header] ) users = json.loads(response.get_data(as_text=True)) assert response.status_code == 200 assert len(users['data']) == 1 assert users['data'][0]['email_address'] == '*****@*****.**'
def test_get_organisation_users_returns_users_for_organisation( admin_request, sample_organisation): first = create_user(email="*****@*****.**") second = create_user(email="*****@*****.**") dao_add_user_to_organisation(organisation_id=sample_organisation.id, user_id=first.id) dao_add_user_to_organisation(organisation_id=sample_organisation.id, user_id=second.id) response = admin_request.get( "organisation.get_organisation_users", organisation_id=sample_organisation.id, _expected_status=200, ) assert len(response["data"]) == 2 assert response["data"][0]["id"] == str(first.id)
def test_add_user_to_organisation_returns_user(sample_organisation): org_user = create_user() assert not org_user.organisations added_user = dao_add_user_to_organisation( organisation_id=sample_organisation.id, user_id=org_user.id) assert len(added_user.organisations) == 1 assert added_user.organisations[0] == sample_organisation
def test_update_user_identity_provider_user_id_for_identity_provider_when_none( notify_db_session, initial_id_provider, expected_id_provider): user = create_user(identity_provider_user_id=initial_id_provider) user_from_db = update_user_identity_provider_user_id( user.email_address, expected_id_provider) assert user_from_db.identity_provider_user_id == expected_id_provider
def test_add_existing_user_to_another_service_doesnot_change_old_permissions( notify_db_session, ): user = create_user() service_one = Service( name="service_one", email_from="service_one", message_limit=1000, restricted=False, created_by=user, ) dao_create_service(service_one, user) assert user.id == service_one.users[0].id test_user_permissions = Permission.query.filter_by(service=service_one, user=user).all() assert len(test_user_permissions) == 8 other_user = User( name="Other Test User", email_address="*****@*****.**", password="******", mobile_number="+447700900987", ) save_model_user(other_user) service_two = Service( name="service_two", email_from="service_two", message_limit=1000, restricted=False, created_by=other_user, ) dao_create_service(service_two, other_user) assert other_user.id == service_two.users[0].id other_user_permissions = Permission.query.filter_by(service=service_two, user=other_user).all() assert len(other_user_permissions) == 8 other_user_service_one_permissions = Permission.query.filter_by( service=service_one, user=other_user).all() assert len(other_user_service_one_permissions) == 0 # adding the other_user to service_one should leave all other_user permissions on service_two intact permissions = [] for p in ["send_emails", "send_texts", "send_letters"]: permissions.append(Permission(permission=p)) dao_add_user_to_service(service_one, other_user, permissions=permissions) other_user_service_one_permissions = Permission.query.filter_by( service=service_one, user=other_user).all() assert len(other_user_service_one_permissions) == 3 other_user_service_two_permissions = Permission.query.filter_by( service=service_two, user=other_user).all() assert len(other_user_service_two_permissions) == 8
def sample_login_event(notify_db, notify_db_session): user = create_user() event = LoginEvent(data={ "ip": "8.8.8.8", "user-agent": "GoogleBot" }, user_id=user.id) save_login_event(event) return event
def test_get_all_services_for_user(notify_db_session): user = create_user() create_service(service_name="service 1", user=user, email_from="service.1") create_service(service_name="service 2", user=user, email_from="service.2") create_service(service_name="service 3", user=user, email_from="service.3") assert len(dao_fetch_all_services_by_user(user.id)) == 3 assert dao_fetch_all_services_by_user(user.id)[0].name == "service 1" assert dao_fetch_all_services_by_user(user.id)[1].name == "service 2" assert dao_fetch_all_services_by_user(user.id)[2].name == "service 3"
def test_get_all_services_for_user(notify_db_session): user = create_user() create_service(service_name='service 1', user=user, email_from='service.1') create_service(service_name='service 2', user=user, email_from='service.2') create_service(service_name='service 3', user=user, email_from='service.3') assert len(dao_fetch_all_services_by_user(user.id)) == 3 assert dao_fetch_all_services_by_user(user.id)[0].name == 'service 1' assert dao_fetch_all_services_by_user(user.id)[1].name == 'service 2' assert dao_fetch_all_services_by_user(user.id)[2].name == 'service 3'
def sample_template( notify_db, notify_db_session, template_name="Template Name", template_type="sms", content="This is a template:\nwith a newline", archived=False, hidden=False, subject_line='Subject', user=None, service=None, created_by=None, process_type='normal', permissions=[EMAIL_TYPE, SMS_TYPE] ): if user is None: user = create_user() if service is None: service = Service.query.filter_by(name='Sample service').first() if not service: service = create_service(service_permissions=permissions, check_if_service_exists=True) if created_by is None: created_by = create_user() data = { 'name': template_name, 'template_type': template_type, 'content': content, 'service': service, 'created_by': created_by, 'archived': archived, 'hidden': hidden, 'process_type': process_type } if template_type in ['email', 'letter']: data.update({ 'subject': subject_line }) if template_type == 'letter': data['postage'] = 'second' template = Template(**data) dao_create_template(template) return template
def sample_template( notify_db, notify_db_session, template_name="Template Name", template_type="sms", content="This is a template:\nwith a newline", archived=False, hidden=False, subject_line="Subject", user=None, service=None, created_by=None, process_type="normal", permissions=[EMAIL_TYPE, SMS_TYPE], ): if user is None: user = create_user() if service is None: service = Service.query.filter_by(name="Sample service").first() if not service: service = create_service(service_permissions=permissions, check_if_service_exists=True) if created_by is None: created_by = create_user() data = { "name": template_name, "template_type": template_type, "content": content, "service": service, "created_by": created_by, "archived": archived, "hidden": hidden, "process_type": process_type, } if template_type in ["email", "letter"]: data.update({"subject": subject_line}) if template_type == "letter": data["postage"] = "second" template = Template(**data) dao_create_template(template) return template
def test_update_user_attribute_blocked(): user = create_user(email='*****@*****.**', mobile_number="+4407700900460") assert user.current_session_id is None save_user_attribute(user, { "blocked": True, "mobile_number": "+2407700900460" }) print(user.mobile_number, user.current_session_id) assert str(getattr( user, "current_session_id")) == "00000000-0000-0000-0000-000000000000"
def test_cannot_create_service_with_no_user(notify_db_session): user = create_user() assert Service.query.count() == 0 service = Service(name="service_name", email_from="email_from", message_limit=1000, restricted=False, created_by=user) with pytest.raises(ValueError) as excinfo: dao_create_service(service, None) assert "Can't create a service without a user" in str(excinfo.value)
def test_update_service_permission_creates_a_history_record_with_current_data( notify_db_session, ): user = create_user() assert Service.query.count() == 0 assert Service.get_history_model().query.count() == 0 service = Service( name="service_name", email_from="email_from", message_limit=1000, restricted=False, created_by=user, ) dao_create_service( service, user, service_permissions=[ SMS_TYPE, EMAIL_TYPE, INTERNATIONAL_SMS_TYPE, ], ) service.permissions.append( ServicePermission(service_id=service.id, permission="letter")) dao_update_service(service) assert Service.query.count() == 1 assert Service.get_history_model().query.count() == 2 service_from_db = Service.query.first() assert service_from_db.version == 2 _assert_service_permissions( service.permissions, (SMS_TYPE, EMAIL_TYPE, INTERNATIONAL_SMS_TYPE, LETTER_TYPE)) permission = [p for p in service.permissions if p.permission == "sms"][0] service.permissions.remove(permission) dao_update_service(service) assert Service.query.count() == 1 assert Service.get_history_model().query.count() == 3 service_from_db = Service.query.first() assert service_from_db.version == 3 _assert_service_permissions( service.permissions, (EMAIL_TYPE, INTERNATIONAL_SMS_TYPE, LETTER_TYPE)) assert len(Service.get_history_model().query.filter_by( name="service_name").all()) == 3 assert Service.get_history_model().query.filter_by( name="service_name").all()[2].version == 3
def sample_template( notify_db, notify_db_session, template_name="Template Name", template_type="sms", content="This is a template:\nwith a newline", archived=False, hidden=False, subject_line='Subject', user=None, service=None, created_by=None, process_type='normal', permissions=[EMAIL_TYPE, SMS_TYPE] ): if user is None: user = create_user() if service is None: service = sample_service(notify_db, notify_db_session, permissions=permissions) if created_by is None: created_by = create_user() data = { 'name': template_name, 'template_type': template_type, 'content': content, 'service': service, 'created_by': created_by, 'archived': archived, 'hidden': hidden, 'process_type': process_type } if template_type in ['email', 'letter']: data.update({ 'subject': subject_line }) template = Template(**data) dao_create_template(template) return template
def test_user_can_be_archived_if_the_other_service_members_have_the_manage_settings_permission( sample_service, ): user_1 = create_user(email="*****@*****.**") user_2 = create_user(email="*****@*****.**") user_3 = create_user(email="*****@*****.**") sample_service.users = [user_1, user_2, user_3] create_permissions(user_1, sample_service, "manage_settings") create_permissions(user_2, sample_service, "manage_settings", "view_activity") create_permissions( user_3, sample_service, "manage_settings", "send_emails", "send_letters", "send_texts", ) assert len(sample_service.users) == 3 assert user_can_be_archived(user_1)
def test_send_one_off_notification_fails_if_created_by_other_service(sample_template): user_not_in_service = create_user(email='*****@*****.**') post_data = { 'template_id': str(sample_template.id), 'to': '07700 900 001', 'created_by': str(user_not_in_service.id) } with pytest.raises(BadRequestError) as e: send_one_off_notification(sample_template.service_id, post_data) assert e.value.message == 'Can’t create notification - Test User is not part of the "Sample service" service'
def test_dao_archive_user(sample_user, sample_organisation, fake_uuid): sample_user.current_session_id = fake_uuid # create 2 services for sample_user to be a member of (each with another active user) service_1 = create_service(service_name='Service 1') service_1_user = create_user(email='*****@*****.**') service_1.users = [sample_user, service_1_user] create_permissions(sample_user, service_1, 'manage_settings') create_permissions(service_1_user, service_1, 'manage_settings', 'view_activity') service_2 = create_service(service_name='Service 2') service_2_user = create_user(email='*****@*****.**') service_2.users = [sample_user, service_2_user] create_permissions(sample_user, service_2, 'view_activity') create_permissions(service_2_user, service_2, 'manage_settings') # make sample_user an org member sample_organisation.users = [sample_user] # give sample_user folder permissions for a service_1 folder folder = create_template_folder(service_1) service_user = dao_get_service_user(sample_user.id, service_1.id) service_user.folders = [folder] dao_update_service_user(service_user) dao_archive_user(sample_user) assert sample_user.get_permissions() == {} assert sample_user.services == [] assert sample_user.organisations == [] assert sample_user.auth_type == EMAIL_AUTH_TYPE assert sample_user.email_address == '*****@*****.**' assert sample_user.mobile_number is None assert sample_user.current_session_id == uuid.UUID( '00000000-0000-0000-0000-000000000000') assert sample_user.state == 'inactive' assert not sample_user.check_password('password')
def test_should_remove_provider_from_service(notify_db_session, ses_provider): user = create_user() service = Service(name="service_name", email_from="email_from", message_limit=1000, restricted=False, created_by=user, email_provider_id=ses_provider.id) dao_create_service(service, user) stored_service = dao_fetch_service_by_id(service.id) stored_service.email_provider_id = None dao_update_service(service) updated_service = dao_fetch_service_by_id(service.id) assert not updated_service.email_provider_id
def sample_email_template(notify_db_session): user = create_user() service = create_service(user=user, service_permissions=[EMAIL_TYPE, SMS_TYPE], check_if_service_exists=True) data = { 'name': 'Email Template Name', 'template_type': EMAIL_TYPE, 'content': 'This is a template', 'service': service, 'created_by': user, 'subject': 'Email Subject' } template = Template(**data) dao_create_template(template) return template
def sample_user_service_permission(notify_db_session): user = create_user() service = create_service(user=user, check_if_service_exists=True) permission = 'manage_settings' data = {'user': user, 'service': service, 'permission': permission} p_model = Permission.query.filter_by(user=user, service=service, permission=permission).first() if not p_model: p_model = Permission(**data) db.session.add(p_model) db.session.commit() return p_model
def test_send_one_off_notification_fails_if_created_by_other_service( sample_template): user_not_in_service = create_user(email="*****@*****.**") post_data = { "template_id": str(sample_template.id), "to": "6502532222", "created_by": str(user_not_in_service.id), } with pytest.raises(BadRequestError) as e: send_one_off_notification(sample_template.service_id, post_data) assert e.value.message == 'Can’t create notification - Test User is not part of the "Sample service" service'
def test_accepts_jwt_for_user_in_service(self, client, db_session): @requires_user_in_service() def endpoint_that_requires_user_in_service(): pass user = create_user() service = create_service(service_name='some-service', user=user) token = create_access_token(identity=user) request.view_args['service_id'] = service.id request.headers = {'Authorization': 'Bearer {}'.format(token)} endpoint_that_requires_user_in_service()
def test_get_orgs_and_services_only_shows_users_orgs_and_services(admin_request, sample_user): other_user = create_user(email='*****@*****.**') org1 = create_organisation(name='org1') org2 = create_organisation(name='org2') service1 = create_service(service_name='service1') service2 = create_service(service_name='service2') org1.services = [service1] sample_user.organisations = [org2] sample_user.services = [service1] other_user.organisations = [org1, org2] other_user.services = [service1, service2] resp = admin_request.get('user.get_organisations_and_services_for_user', user_id=sample_user.id) assert set(resp.keys()) == { 'organisations', 'services_without_organisations', 'services', } assert resp['organisations'] == [ { 'name': org2.name, 'id': str(org2.id), 'services': [], 'count_of_live_services': 0, } ] # service1 belongs to org1, but the user doesn't know about org1 assert resp['services_without_organisations'] == [ { 'name': service1.name, 'id': str(service1.id), 'restricted': False, } ] # 'services' always returns the org_id no matter whether the user # belongs to that org or not assert resp['services'] == [ { 'name': service1.name, 'id': str(service1.id), 'restricted': False, 'organisation': str(org1.id), } ]
def test_get_folders_returns_users_with_permission(admin_request, sample_service): user_1 = create_user(email='*****@*****.**') user_2 = create_user(email='*****@*****.**') user_3 = create_user(email='*****@*****.**') template_folder = create_template_folder(sample_service) sample_service.users = [user_1, user_2, user_3] service_user_1 = dao_get_service_user(user_1.id, sample_service.id) service_user_2 = dao_get_service_user(user_2.id, sample_service.id) service_user_1.folders = [template_folder] service_user_2.folders = [template_folder] resp = admin_request.get( 'template_folder.get_template_folders_for_service', service_id=sample_service.id) users_with_permission = resp['template_folders'][0][ 'users_with_permission'] assert len(users_with_permission) == 2 assert str(user_1.id) in users_with_permission assert str(user_2.id) in users_with_permission
def test_cannot_create_service_with_non_existent_sms_provider( notify_db_session): user = create_user() dummy_sms_provider_details_id = uuid.uuid4() service = Service(name="service_name", email_from="email_from1", message_limit=1000, restricted=False, created_by=user, sms_provider_id=dummy_sms_provider_details_id) with pytest.raises(IntegrityError) as excinfo: dao_create_service(service, user) assert 'services_sms_provider_id_fkey' in str(excinfo.value)
def test_update_template_folder_users(admin_request, sample_service): existing_folder = create_template_folder(sample_service) user_1 = create_user(email="*****@*****.**") user_2 = create_user(email="*****@*****.**") user_3 = create_user(email="*****@*****.**") sample_service.users += [user_1, user_2, user_3] assert len(existing_folder.users) == 0 response_1 = admin_request.post( "template_folder.update_template_folder", service_id=sample_service.id, template_folder_id=existing_folder.id, _data={ "name": "foo", "users_with_permission": [str(user_1.id)] }, ) assert response_1["data"]["users_with_permission"] == [str(user_1.id)] assert len(existing_folder.users) == 1 response_2 = admin_request.post( "template_folder.update_template_folder", service_id=sample_service.id, template_folder_id=existing_folder.id, _data={ "name": "foo", "users_with_permission": [str(user_2.id), str(user_3.id)], }, ) assert response_2["data"]["users_with_permission"] == [ str(user_2.id), str(user_3.id), ] assert len(existing_folder.users) == 2
def test_create_service_and_history_is_transactional(notify_db_session): user = create_user() assert Service.query.count() == 0 assert Service.get_history_model().query.count() == 0 service = Service(name=None, email_from="email_from", message_limit=1000, restricted=False, created_by=user) with pytest.raises(IntegrityError) as excinfo: dao_create_service(service, user) assert 'column "name" violates not-null constraint' in str(excinfo.value) assert Service.query.count() == 0 assert Service.get_history_model().query.count() == 0
def test_dao_add_user_to_service_raises_error_if_adding_folder_permissions_for_a_different_service( sample_service, ): user = create_user() other_service = create_service(service_name='other service') other_service_folder = create_template_folder(other_service) folder_permissions = [str(other_service_folder.id)] assert ServiceUser.query.count() == 2 with pytest.raises(IntegrityError) as e: dao_add_user_to_service(sample_service, user, folder_permissions=folder_permissions) db.session.rollback() assert 'insert or update on table "user_folder_permissions" violates foreign key constraint' in str(e.value) assert ServiceUser.query.count() == 2
def test_should_add_user_to_service(notify_db_session): user = create_user() service = Service(name="service_name", email_from="email_from", message_limit=1000, restricted=False, created_by=user) dao_create_service(service, user) assert user in Service.query.first().users new_user = User(name='Test User', email_address='*****@*****.**', password='******', mobile_number='+16502532222') save_model_user(new_user) dao_add_user_to_service(service, new_user) assert new_user in Service.query.first().users