def test_validate_token(client, jwt, session, keycloak_mock): # pylint:disable=unused-argument
"""Assert that a token is valid."""
headers = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.public_user_role)
client.post('/api/v1/users',
headers=headers,
content_type='application/json')
rv = client.post('/api/v1/orgs',
data=json.dumps(TestOrgInfo.org1),
headers=headers,
content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
rv = client.post('/api/v1/invitations',
data=json.dumps(factory_invitation(org_id=org_id)),
headers=headers,
content_type='application/json')
invitation_dictionary = json.loads(rv.data)
invitation_id = invitation_dictionary['id']
invitation_id_token = InvitationService.generate_confirmation_token(
invitation_id)
rv = client.get(
'/api/v1/invitations/tokens/{}'.format(invitation_id_token),
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
def test_accept_invitation(client, jwt, session): # pylint:disable=unused-argument
"""Assert that an invitation can be accepted."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role)
client.post('/api/v1/users',
headers=headers,
content_type='application/json')
rv = client.post('/api/v1/orgs',
data=json.dumps(TestOrgInfo.org1),
headers=headers,
content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
rv = client.post('/api/v1/invitations',
data=json.dumps(factory_invitation(org_id=org_id)),
headers=headers,
content_type='application/json')
invitation_dictionary = json.loads(rv.data)
invitation_id = invitation_dictionary['id']
invitation_id_token = InvitationService.generate_confirmation_token(
invitation_id)
rv = client.put(
'/api/v1/invitations/tokens/{}'.format(invitation_id_token),
headers=headers,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
rv = client.get(
'/api/v1/orgs/{}/members?status=PENDING_APPROVAL'.format(org_id),
headers=headers,
content_type='application/json')
dictionary = json.loads(rv.data)
assert len(dictionary['members']) == 1
def test_accept_gov_account_invitation(client, jwt, session): # pylint:disable=unused-argument
"""Assert that an invitation can be accepted."""
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.gov_account_holder_user)
client.post('/api/v1/users', headers=headers, content_type='application/json')
rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1),
headers=headers, content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
rv = client.post('/api/v1/invitations', data=json.dumps(factory_invitation(org_id=org_id)),
headers=headers, content_type='application/json')
invitation_dictionary = json.loads(rv.data)
invitation_id = invitation_dictionary['id']
invitation_id_token = InvitationService.generate_confirmation_token(invitation_id)
request = KeycloakScenario.create_user_request()
KEYCLOAK_SERVICE.add_user(request, return_if_exists=True)
user = KEYCLOAK_SERVICE.get_user_by_username(request.user_name)
user_id = user.id
headers_invitee = factory_auth_header(jwt=jwt, claims=TestJwtClaims.get_test_user(user_id, source='IDIR'))
client.post('/api/v1/users', headers=headers_invitee, content_type='application/json')
rv = client.put('/api/v1/invitations/tokens/{}'.format(invitation_id_token), headers=headers_invitee,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
rv = client.get('/api/v1/orgs/{}/members?status=PENDING_APPROVAL'.format(org_id),
headers=headers,
content_type='application/json')
dictionary = json.loads(rv.data)
assert len(dictionary['members']) == 1
# Assert that the user got added to the keycloak groups
user_groups = KEYCLOAK_SERVICE.get_user_groups(user_id=user_id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_GOV_ACCOUNT_USERS in groups
def test_accept_public_users_invitation(
client,
jwt,
session,
org_info,
role, # pylint:disable=unused-argument
claims,
source,
exp_status):
"""Assert that an invitation can be accepted."""
headers = factory_auth_header(jwt=jwt, claims=claims)
client.post('/api/v1/users',
headers=headers,
content_type='application/json')
rv = client.post('/api/v1/orgs',
data=json.dumps(org_info),
headers=headers,
content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
rv = client.post('/api/v1/invitations',
data=json.dumps(
factory_invitation(org_id=org_id,
membership_type=role)),
headers=headers,
content_type='application/json')
invitation_dictionary = json.loads(rv.data)
invitation_id = invitation_dictionary['id']
invitation_id_token = InvitationService.generate_confirmation_token(
invitation_id)
request = KeycloakScenario.create_user_request()
KEYCLOAK_SERVICE.add_user(request, return_if_exists=True)
user = KEYCLOAK_SERVICE.get_user_by_username(request.user_name)
user_id = user.id
headers_invitee = factory_auth_header(jwt=jwt,
claims=TestJwtClaims.get_test_user(
user_id, source=source))
client.post('/api/v1/users',
headers=headers_invitee,
content_type='application/json')
rv = client.put(
'/api/v1/invitations/tokens/{}'.format(invitation_id_token),
headers=headers_invitee,
content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
rv = client.get(f'/api/v1/orgs/{org_id}/members?status={exp_status.name}',
headers=headers,
content_type='application/json')
dictionary = json.loads(rv.data)
assert len(dictionary['members']) == 1
# Assert that the user got added to the keycloak groups
user_groups = KEYCLOAK_SERVICE.get_user_groups(user_id=user_id)
groups = []
for group in user_groups:
groups.append(group.get('name'))
assert GROUP_PUBLIC_USERS in groups
def test_validate_token_valid(session, auth_mock, keycloak_mock): # pylint:disable=unused-argument
"""Validate the invitation token."""
with patch.object(InvitationService, 'send_invitation', return_value=None):
user = factory_user_model(TestUserInfo.user_test)
org = OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
org_dictionary = org.as_dict()
invitation_info = factory_invitation(org_dictionary['id'])
new_invitation = InvitationService.create_invitation(invitation_info, User(user), {}, '').as_dict()
confirmation_token = InvitationService.generate_confirmation_token(new_invitation['id'])
invitation_id = InvitationService.validate_token(confirmation_token).as_dict().get('id')
assert invitation_id == new_invitation['id']
def test_delete_org_failure_members(client, jwt, session, auth_mock, keycloak_mock): # pylint:disable=unused-argument
"""Assert that a member of an org can have their role updated."""
# Set up: create/login user, create org
headers_invitee = factory_auth_header(jwt=jwt, claims=TestJwtClaims.public_user_role)
rv = client.post('/api/v1/users', headers=headers_invitee, content_type='application/json')
rv = client.post('/api/v1/orgs', data=json.dumps(TestOrgInfo.org1),
headers=headers_invitee, content_type='application/json')
dictionary = json.loads(rv.data)
org_id = dictionary['id']
# Invite a user to the org
rv = client.post('/api/v1/invitations', data=json.dumps(factory_invitation(org_id, '*****@*****.**')),
headers=headers_invitee, content_type='application/json')
dictionary = json.loads(rv.data)
invitation_id = dictionary['id']
invitation_id_token = InvitationService.generate_confirmation_token(invitation_id)
# Create/login as invited user
headers_invited = factory_auth_header(jwt=jwt, claims=TestJwtClaims.edit_role_2)
rv = client.post('/api/v1/users', headers=headers_invited, content_type='application/json')
# Accept invite as invited user
rv = client.put('/api/v1/invitations/tokens/{}'.format(invitation_id_token),
headers=headers_invited, content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
dictionary = json.loads(rv.data)
assert dictionary['status'] == 'ACCEPTED'
# Get pending members for the org as invitee and assert length of 1
rv = client.get('/api/v1/orgs/{}/members?status=PENDING_APPROVAL'.format(org_id), headers=headers_invitee)
assert rv.status_code == http_status.HTTP_200_OK
dictionary = json.loads(rv.data)
assert dictionary['members']
assert len(dictionary['members']) == 1
# Find the pending member
new_member = dictionary['members'][0]
assert new_member['membershipTypeCode'] == 'MEMBER'
member_id = new_member['id']
# Update the new member
rv = client.patch('/api/v1/orgs/{}/members/{}'.format(org_id, member_id), headers=headers_invitee,
data=json.dumps({'role': 'ADMIN'}), content_type='application/json')
assert rv.status_code == http_status.HTTP_200_OK
dictionary = json.loads(rv.data)
assert dictionary['membershipTypeCode'] == 'ADMIN'
headers = factory_auth_header(jwt=jwt, claims=TestJwtClaims.passcode)
rv = client.delete('/api/v1/orgs/{}'.format(org_id), headers=headers, content_type='application/json')
assert rv.status_code == http_status.HTTP_406_NOT_ACCEPTABLE
def test_validate_token_accepted(session, auth_mock, keycloak_mock): # pylint:disable=unused-argument
"""Validate invalid invitation token."""
with patch.object(InvitationService, 'send_invitation', return_value=None):
user = factory_user_model(TestUserInfo.user_test)
org = OrgService.create_org(TestOrgInfo.org1, user_id=user.id)
org_dictionary = org.as_dict()
user_invitee = factory_user_model(TestUserInfo.user1)
invitation_info = factory_invitation(org_dictionary['id'])
new_invitation = InvitationService.create_invitation(invitation_info, User(user_invitee), {}, '').as_dict()
confirmation_token = InvitationService.generate_confirmation_token(new_invitation['id'])
InvitationService.accept_invitation(new_invitation['id'], User(user_invitee), '')
with pytest.raises(BusinessException) as exception:
InvitationService.validate_token(confirmation_token)
assert exception.value.code == Error.ACTIONED_INVITATION.name
def test_generate_confirmation_token(session): # pylint:disable=unused-argument
"""Generate the invitation token."""
confirmation_token = InvitationService.generate_confirmation_token(1)
assert confirmation_token is not None