def test_delete_contact(session): # pylint:disable=unused-argument """Assert that a contact can be deleted to an Entity.""" entity_model = factory_entity_model() entity = EntityService(entity_model) entity.add_contact(TestContactInfo.contact1) updated_entity = entity.delete_contact() dictionary = updated_entity.as_dict() assert not dictionary['contacts']
def test_add_contact_duplicate(session): # pylint:disable=unused-argument """Assert that a contact cannot be added to an Entity if that Entity already has a contact.""" entity_model = factory_entity_model() entity = EntityService(entity_model) entity.add_contact(TestContactInfo.contact1) with pytest.raises(BusinessException) as exception: entity.add_contact(TestContactInfo.contact2) assert exception.value.code == Error.DATA_ALREADY_EXISTS.name
def test_entity_name_sync(app, session): # pylint:disable=unused-argument """Assert that the name syncing for entity affiliation is working correctly.""" entity_model = factory_entity_model( entity_info=TestEntityInfo.entity_lear_mock) entity = EntityService(entity_model) entity.sync_name() dictionary = entity.as_dict() assert dictionary['name'] == 'Legal Name CP0002103'
def test_get_contact_by_business_identifier(session): # pylint:disable=unused-argument """Assert that a contact can be retrieved by the associated business id.""" entity_model = factory_entity_model() entity = EntityService(entity_model) entity.add_contact(TestContactInfo.contact1) contact = entity.get_contact() assert contact is not None assert contact.email == TestContactInfo.contact1['email']
def test_entity_find_by_entity_id(session, auth_mock): # pylint:disable=unused-argument """Assert that an Entity can be retrieved by entity identifier.""" entity_model = factory_entity_model() entity = EntityService(entity_model) entity = EntityService.find_by_entity_id(entity.identifier) assert entity is not None dictionary = entity.as_dict() assert dictionary['business_identifier'] == TestEntityInfo.entity1['businessIdentifier']
def test_add_contact(session): # pylint:disable=unused-argument """Assert that a contact can be added to an Entity.""" entity_model = factory_entity_model() entity = EntityService(entity_model) entity.add_contact(TestContactInfo.contact1) dictionary = entity.as_dict() assert dictionary['contacts'] assert len(dictionary['contacts']) == 1 assert dictionary['contacts'][0]['email'] == TestContactInfo.contact1['email']
def test_find_user_authorization_by_org_id_and_invalid_corp_type(session): # pylint:disable=unused-argument """Assert that authorization view is not returning result when invalid corp type is passed.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_org_id_and_corp_type(org.id, 'invalid_corp_type') assert authorization is None
def test_reset_pass_code(app, session): # pylint:disable=unused-argument """Assert that the new passcode in not the same as old passcode.""" entity_model = factory_entity_model(entity_info=TestEntityInfo.entity_passcode) entity = EntityService(entity_model) old_passcode = entity.pass_code entity.reset_passcode(entity.business_identifier, '', TestJwtClaims.user_test) new_passcode = entity.pass_code assert old_passcode != new_passcode
def test_get_user_authorizations_for_entity(session): # pylint:disable=unused-argument """Assert that user authorizations for entity is working.""" user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.get_user_authorizations_for_entity( { 'sub': str(user.keycloak_guid), 'realm_access': { 'roles': ['basic'] } }, entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) == membership.membership_type_code # Test with invalid user authorization = Authorization.get_user_authorizations_for_entity( { 'sub': str(uuid.uuid4()), 'realm_access': { 'roles': ['basic'] } }, entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) is None # Test for passcode users with invalid username authorization = Authorization.get_user_authorizations_for_entity( { 'loginSource': 'PASSCODE', 'username': '******', 'realm_access': { 'roles': ['basic'] } }, entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) is None # Test for staff users authorization = Authorization.get_user_authorizations_for_entity( { 'loginSource': '', 'realm_access': { 'roles': ['staff'] } }, entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) is None
def test_find_all_user_authorizations(session): # pylint:disable=unused-argument """Test find all user authoirzations.""" user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorizations = Authorization.find_all_authorizations_for_user(str(user.keycloak_guid)) assert authorizations is not None assert authorizations[0].org_membership == membership.membership_type_code assert authorizations[0].business_identifier == entity.business_identifier
def test_check_auth_for_service_account_valid_with_org_id(session): # pylint:disable=unused-argument """Assert that check_auth is working as expected.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) factory_product_model(org.id, product_code=ProductCode.BUSINESS.value) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) # Test for service account with CP corp type check_auth({'realm_access': {'roles': ['system']}, 'product_code': ProductCode.BUSINESS.value}, org_id=org.id)
def test_find_user_authorization_by_org_id(session): # pylint:disable=unused-argument """Assert that authorization view is returning result.""" user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_org_id(str(user.keycloak_guid), org.id) assert authorization is not None assert authorization.org_membership == membership.membership_type_code
def test_delete_contact_no_entity(session, auth_mock): # pylint:disable=unused-argument """Assert that a contact can not be deleted without entity.""" entity_model = factory_entity_model() entity = EntityService(entity_model) entity.add_contact(TestContactInfo.contact1) updated_entity = entity.delete_contact() with pytest.raises(BusinessException) as exception: updated_entity.delete_contact() assert exception.value.code == Error.DATA_NOT_FOUND.name
def test_find_user_authorization_by_business_number_product(session): # pylint:disable=unused-argument """Assert that authorization view is returning result.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) factory_product_model(org.id, product_code=ProductCode.DIR_SEARCH.value) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_business_number_and_product( entity.business_identifier, ProductCode.DIR_SEARCH.value) assert authorization is not None assert authorization.product_code == ProductCode.DIR_SEARCH.value
def test_find_invalid_user_authorization_by_business_number(session): # pylint:disable=unused-argument """Test with invalid user id and assert that auth is None.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_business_number(str(uuid.uuid4()), entity.business_identifier) assert authorization is None # Test with invalid business identifier authorization = Authorization.find_user_authorization_by_business_number(str(uuid.uuid4()), '') assert authorization is None
def test_reset_pass_code_confirm_activity_log(app, session): # pylint:disable=unused-argument """Assert that the new passcode in not the same as old passcode.""" entity_model = factory_entity_model(entity_info=TestEntityInfo.entity_passcode) entity = EntityService(entity_model) old_passcode = entity.pass_code with patch.object(activity_log_publisher, 'publish_activity', return_value=None) as mock_send: entity.reset_passcode(entity.business_identifier, '', TestJwtClaims.user_test) new_passcode = entity.pass_code assert old_passcode != new_passcode mock_send.assert_called
def test_find_user_authorization_by_org_id_and_corp_type(session): # pylint:disable=unused-argument """Assert that authorization view returns result when fetched using Corp type instead of jwt. Service accounts passes corp type instead of jwt. """ user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_org_id_and_corp_type(org.id, 'CP') assert authorization is not None assert authorization.org_membership == membership.membership_type_code
def test_get_user_authorizations_for_entity_service_account( session, monkeypatch): """Assert that user authorizations for entity is working.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) factory_product_model(org.id, product_code=ProductCode.BUSINESS.value) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) # Test for service accounts with correct product code patch_token_info( { 'loginSource': '', 'realm_access': { 'roles': ['system'] }, 'product_code': ProductCode.BUSINESS.value }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert bool(authorization) is True assert authorization.get('orgMembership', None) == 'ADMIN' # Test for service accounts with wrong product code patch_token_info( { 'loginSource': '', 'realm_access': { 'roles': ['system'] }, 'product_code': 'INVALIDCP' }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert bool(authorization) is False assert authorization.get('orgMembership', None) is None # Test for service accounts with no product code patch_token_info({ 'loginSource': '', 'realm_access': { 'roles': ['system'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert bool(authorization) is False assert authorization.get('orgMembership', None) is None
def test_update_contact(session): # pylint:disable=unused-argument """Assert that a contact for an existing Entity can be updated.""" entity_model = factory_entity_model() entity = EntityService(entity_model) entity.add_contact(TestContactInfo.contact1) dictionary = entity.as_dict() assert len(dictionary['contacts']) == 1 assert dictionary['contacts'][0]['email'] == TestContactInfo.contact1['email'] entity.update_contact(TestContactInfo.contact2) dictionary = None dictionary = entity.as_dict() assert len(dictionary['contacts']) == 1 assert dictionary['contacts'][0]['email'] == TestContactInfo.contact2['email']
def test_check_auth_for_service_account_valid_with_business_id(session): # pylint:disable=unused-argument """Assert that check_auth is working as expected.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) # Test for service account with CP corp type check_auth({ 'realm_access': { 'roles': ['system'] }, 'corp_type': 'CP' }, business_identifier=entity.business_identifier)
def test_get_user_authorizations(session): # pylint:disable=unused-argument """Assert that listing all user authorizations is working.""" user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.get_user_authorizations(str(user.keycloak_guid)) assert authorization is not None assert authorization['authorizations'][0].get('orgMembership', None) == membership.membership_type_code # Test with invalid user authorization = Authorization.get_user_authorizations(str(uuid.uuid4())) assert authorization is not None assert len(authorization['authorizations']) == 0
def test_find_user_authorization_by_org_id_and_corp_type_multiple_membership(session): # pylint:disable=unused-argument """Assert that authorization view returns result when fetched using Corp type instead of jwt. When multiple membership is present , return the one with Owner access. """ user1 = factory_user_model() user2 = factory_user_model(user_info=TestUserInfo.user2) org = factory_org_model() factory_membership_model(user1.id, org.id, member_type='ADMIN') membership_owner = factory_membership_model(user2.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) authorization = Authorization.find_user_authorization_by_org_id_and_corp_type(org.id, 'CP') assert authorization is not None assert authorization.org_membership == membership_owner.membership_type_code
def test_delete_user_where_org_has_another_owner(session, auth_mock, keycloak_mock, monkeypatch): # pylint:disable=unused-argument """Assert that a user can be deleted.""" # Create a user and org user_model = factory_user_model(user_info=TestUserInfo.user_test) contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.user = user_model contact_link.commit() patch_token_info(TestJwtClaims.get_test_user(user_model.keycloak_guid), monkeypatch) org = OrgService.create_org(TestOrgInfo.org1, user_id=user_model.id) org_dictionary = org.as_dict() org_id = org_dictionary['id'] entity = factory_entity_model(entity_info=TestEntityInfo.entity_lear_mock) affiliation = AffiliationModel(org_id=org_id, entity_id=entity.id) affiliation.save() # Create another user and add membership to the above org user_model2 = factory_user_model(user_info=TestUserInfo.user2) contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.user = user_model2 contact_link.commit() membership = MembershipModel(org_id=org_id, user_id=user_model2.id, membership_type_code='ADMIN', membership_type_status=Status.ACTIVE.value) membership.save() membership.commit() # with pytest.raises(BusinessException) as exception: patch_token_info(TestJwtClaims.get_test_user(user_model2.keycloak_guid), monkeypatch) UserService.delete_user() updated_user = UserModel.find_by_jwt_token() assert len(updated_user.contacts) == 0 user_orgs = MembershipModel.find_orgs_for_user(updated_user.id) for org in user_orgs: assert org.status_code == 'INACTIVE'
def test_authorizations_for_affiliated_users_returns_200(client, jwt, session): # pylint:disable=unused-argument """Assert authorizations for affiliated users returns 200.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) claims = copy.deepcopy(TestJwtClaims.passcode.value) claims['sub'] = str(user.keycloak_guid) headers = factory_auth_header(jwt=jwt, claims=claims) rv = client.get(f'/api/v1/entities/{entity.business_identifier}/authorizations', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK assert rv.json.get('orgMembership') == 'OWNER'
def test_delete_user_is_member_returns_204(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument """Test if the user is the member of a team assert status is 204.""" user_model = factory_user_model(user_info=TestUserInfo.user_test) contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.user = user_model contact_link.commit() user_model2 = factory_user_model(user_info=TestUserInfo.user2) contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.user = user_model2 contact_link.commit() claims = copy.deepcopy(TestJwtClaims.public_user_role.value) claims['sub'] = str(user_model2.keycloak_guid) org = OrgService.create_org(TestOrgInfo.org1, user_id=user_model.id, token_info=claims) org_dictionary = org.as_dict() org_id = org_dictionary['id'] entity = factory_entity_model(entity_info=TestEntityInfo.entity_lear_mock) affiliation = AffiliationModel(org_id=org_id, entity_id=entity.id) affiliation.save() membership = MembershipModel(org_id=org_id, user_id=user_model2.id, membership_type_code='USER', membership_type_status=Status.ACTIVE.value) membership.save() headers = factory_auth_header(jwt=jwt, claims=claims) rv = client.delete('/api/v1/users/@me', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_204_NO_CONTENT
def test_get_user_authorizations_for_entity_service_account(session): """Assert that user authorizations for entity is working.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) # Test for service accounts with correct corp type authorization = Authorization.get_user_authorizations_for_entity( { 'loginSource': '', 'realm_access': { 'roles': ['system'] }, 'corp_type': 'CP' }, entity.business_identifier) assert bool(authorization) is True assert authorization.get('orgMembership', None) == 'OWNER' # Test for service accounts with wrong corp type authorization = Authorization.get_user_authorizations_for_entity( { 'loginSource': '', 'realm_access': { 'roles': ['system'] }, 'corp_type': 'INVALIDCP' }, entity.business_identifier) assert bool(authorization) is False assert authorization.get('orgMembership', None) is None # Test for service accounts with no corp type authorization = Authorization.get_user_authorizations_for_entity( { 'loginSource': '', 'realm_access': { 'roles': ['system'] } }, entity.business_identifier) assert bool(authorization) is False assert authorization.get('orgMembership', None) is None
def test_delete_entity(app, session): # pylint:disable=unused-argument """Assert that an entity can be deleted.""" entity_model = factory_entity_model() entity = EntityService(entity_model) org = factory_org_service() contact = factory_contact_model() contact_link = ContactLinkModel() contact_link.contact = contact contact_link.entity = entity._model # pylint:disable=protected-access contact_link.org = org._model # pylint:disable=protected-access contact_link.commit() entity.delete() entity = EntityService.find_by_entity_id(entity.identifier) assert entity is None
def test_authorizations_expanded_for_staff(client, jwt, session): # pylint:disable=unused-argument """Assert expanded authorizations for staff user returns result.""" user = factory_user_model() org = factory_org_model() factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) claims = copy.deepcopy(TestJwtClaims.edit_user_role.value) claims['sub'] = str(user.keycloak_guid) headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.staff_role) rv = client.get( f'/api/v1/entities/{entity.business_identifier}/authorizations?expanded=true', headers=headers, content_type='application/json') assert rv.status_code == http_status.HTTP_200_OK assert rv.json.get('account') is not None assert rv.json.get('account').get('name') == org.name assert rv.json.get('business').get('name') == entity.name assert rv.json.get('business').get('folioNumber') == entity.folio_number
def test_get_user_authorizations_for_entity_with_multiple_affiliations( session, # pylint:disable=unused-argument monkeypatch): """Assert that user authorizations for entity is working.""" user = factory_user_model() org = factory_org_model() membership = factory_membership_model(user.id, org.id) entity = factory_entity_model() factory_affiliation_model(entity.id, org.id) patch_token_info( { 'sub': str(user.keycloak_guid), 'realm_access': { 'roles': ['basic'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) == membership.membership_type_code # Affiliate same entity to another org and user, and assert both authorizations works user_2 = factory_user_model(user_info=TestUserInfo.user2) org_2 = factory_org_model(org_info=TestOrgInfo.org2) membership = factory_membership_model(user_2.id, org_2.id) factory_affiliation_model(entity.id, org_2.id) patch_token_info( { 'sub': str(user_2.keycloak_guid), 'realm_access': { 'roles': ['basic'] } }, monkeypatch) authorization = Authorization.get_user_authorizations_for_entity( entity.business_identifier) assert authorization is not None assert authorization.get('orgMembership', None) == membership.membership_type_code
def test_reset(session, auth_mock): # pylint: disable=unused-argument """Assert that can be reset data by the provided token.""" user_with_token = TestUserInfo.user_tester user_with_token['keycloak_guid'] = TestJwtClaims.tester_role['sub'] user = factory_user_model(user_info=user_with_token) org = factory_org_model(user_id=user.id) factory_membership_model(user.id, org.id) entity = factory_entity_model(user_id=user.id) ResetDataService.reset(TestJwtClaims.tester_role) with pytest.raises(BusinessException) as exception: UserService.find_by_jwt_token(user_with_token) assert exception.value.code == Error.DATA_NOT_FOUND.name found_org = OrgService.find_by_org_id(org.id) assert found_org is None found_entity = EntityService.find_by_entity_id(entity.id) assert found_entity is None found_memeber = MembershipService.get_members_for_org(org.id) assert found_memeber is None