def test_delete_service_and_associated_objects(notify_db_session):
user = create_user()
organisation = create_organisation()
service = create_service(user=user, service_permissions=None, organisation=organisation)
create_user_code(user=user, code='somecode', code_type='email')
create_user_code(user=user, code='somecode', code_type='sms')
template = create_template(service=service)
api_key = create_api_key(service=service)
create_notification(template=template, api_key=api_key)
create_invited_user(service=service)
user.organisations = [organisation]
assert ServicePermission.query.count() == len((
SMS_TYPE, EMAIL_TYPE, LETTER_TYPE, INTERNATIONAL_SMS_TYPE, UPLOAD_LETTERS,
))
delete_service_and_all_associated_db_objects(service)
assert VerifyCode.query.count() == 0
assert ApiKey.query.count() == 0
assert ApiKey.get_history_model().query.count() == 0
assert Template.query.count() == 0
assert TemplateHistory.query.count() == 0
assert Job.query.count() == 0
assert Notification.query.count() == 0
assert Permission.query.count() == 0
assert User.query.count() == 0
assert InvitedUser.query.count() == 0
assert Service.query.count() == 0
assert Service.get_history_model().query.count() == 0
assert ServicePermission.query.count() == 0
# the organisation hasn't been deleted
assert Organisation.query.count() == 1
def create_2fa_code(template_id, user_to_send_to, secret_code, recipient, personalisation):
template = dao_get_template_by_id(template_id)
# save the code in the VerifyCode table
create_user_code(user_to_send_to, secret_code, template.template_type)
reply_to = None
if template.template_type == SMS_TYPE:
reply_to = template.service.get_default_sms_sender()
elif template.template_type == EMAIL_TYPE:
reply_to = template.service.get_default_reply_to_email_address()
saved_notification = persist_notification(
template_id=template.id,
template_version=template.version,
recipient=recipient,
service=template.service,
personalisation=personalisation,
notification_type=template.template_type,
api_key_id=None,
key_type=KEY_TYPE_NORMAL,
reply_to_text=reply_to
)
# Assume that we never want to observe the Notify service's research mode
# setting for this notification - we still need to be able to log into the
# admin even if we're doing user research using this service:
send_notification_to_queue(saved_notification, False, queue=QueueNames.NOTIFY)
def send_user_sms_code(user_id):
user_to_send_to = get_user_by_id(user_id=user_id)
verify_code, errors = request_verify_code_schema.load(request.get_json())
secret_code = create_secret_code()
create_user_code(user_to_send_to, secret_code, SMS_TYPE)
mobile = user_to_send_to.mobile_number if verify_code.get('to', None) is None else verify_code.get('to')
sms_code_template_id = current_app.config['SMS_CODE_TEMPLATE_ID']
sms_code_template = dao_get_template_by_id(sms_code_template_id)
notify_service_id = current_app.config['NOTIFY_SERVICE_ID']
saved_notification = persist_notification(
template_id=sms_code_template_id,
template_version=sms_code_template.version,
recipient=mobile,
service_id=notify_service_id,
personalisation={'verify_code': secret_code},
notification_type=SMS_TYPE,
api_key_id=None,
key_type=KEY_TYPE_NORMAL
)
# Assume that we never want to observe the Notify service's research mode
# setting for this notification - we still need to be able to log into the
# admin even if we're doing user research using this service:
send_notification_to_queue(saved_notification, False, queue='notify')
return jsonify({}), 204
def test_delete_service_and_associated_objects(notify_db_session):
user = create_user()
service = create_service(user=user, service_permissions=None)
create_user_code(user=user, code="somecode", code_type="email")
create_user_code(user=user, code="somecode", code_type="sms")
template = create_template(service=service)
api_key = create_api_key(service=service)
create_notification(template=template, api_key=api_key)
create_invited_user(service=service)
assert ServicePermission.query.count() == len((
SMS_TYPE,
EMAIL_TYPE,
INTERNATIONAL_SMS_TYPE,
))
delete_service_and_all_associated_db_objects(service)
assert VerifyCode.query.count() == 0
assert ApiKey.query.count() == 0
assert ApiKey.get_history_model().query.count() == 0
assert Template.query.count() == 0
assert TemplateHistory.query.count() == 0
assert Job.query.count() == 0
assert Notification.query.count() == 0
assert Permission.query.count() == 0
assert User.query.count() == 0
assert InvitedUser.query.count() == 0
assert Service.query.count() == 0
assert Service.get_history_model().query.count() == 0
assert ServicePermission.query.count() == 0
def send_user_code(user_id):
try:
user = get_model_users(user_id=user_id)
except DataError:
return jsonify(result="error", message="Invalid user id"), 400
except NoResultFound:
return jsonify(result="error", message="User not found"), 404
text_pwd = None
verify_code, errors = verify_code_schema.load(request.get_json())
if errors:
return jsonify(result="error", message=errors), 400
code = create_user_code(
user, create_secret_code(), verify_code.code_type)
# TODO this will need to fixed up when we stop using
# notify_alpha_client
if verify_code.code_type == 'sms':
notify_alpha_client.send_sms(
mobile_number=user.mobile_number,
message=code.code)
elif verify_code.code_type == 'email':
notify_alpha_client.send_email(
user.email_address,
code.code,
'*****@*****.**',
'Verification code')
else:
abort(500)
return jsonify(''), 204
def test_user_verify_email_code(admin_request, sample_user):
magic_code = str(uuid.uuid4())
verify_code = create_user_code(sample_user, magic_code, EMAIL_TYPE)
data = {'code_type': 'email', 'code': magic_code}
admin_request.post('user.verify_user_code',
user_id=sample_user.id,
_data=data,
_expected_status=204)
assert verify_code.code_used
assert sample_user.logged_in_at == datetime.utcnow()
assert sample_user.current_session_id is not None
def send_user_email_verification(user_id):
user_to_send_to = get_user_by_id(user_id=user_id)
secret_code = create_secret_code()
create_user_code(user_to_send_to, secret_code, 'email')
template = dao_get_template_by_id(current_app.config['EMAIL_VERIFY_CODE_TEMPLATE_ID'])
saved_notification = persist_notification(
template_id=template.id,
template_version=template.version,
recipient=user_to_send_to.email_address,
service_id=current_app.config['NOTIFY_SERVICE_ID'],
personalisation={
'name': user_to_send_to.name,
'url': _create_verification_url(user_to_send_to, secret_code)
},
notification_type=EMAIL_TYPE,
api_key_id=None,
key_type=KEY_TYPE_NORMAL
)
send_notification_to_queue(saved_notification, False, queue="notify")
return jsonify({}), 204
def test_user_verify_email_code_fails_if_code_already_used(
admin_request, sample_user, code_type):
magic_code = str(uuid.uuid4())
verify_code = create_user_code(sample_user, magic_code, code_type)
verify_code.code_used = True
data = {'code_type': code_type, 'code': magic_code}
admin_request.post('user.verify_user_code',
user_id=sample_user.id,
_data=data,
_expected_status=400)
assert verify_code.code_used
assert sample_user.logged_in_at is None
assert sample_user.current_session_id is None
def test_user_verify_code_expired_code_and_increments_failed_login_count(
code_type, admin_request, sample_user):
magic_code = str(uuid.uuid4())
verify_code = create_user_code(sample_user, magic_code, code_type)
verify_code.expiry_datetime = datetime(2020, 4, 1, 11, 59)
data = {'code_type': code_type, 'code': magic_code}
admin_request.post('user.verify_user_code',
user_id=sample_user.id,
_data=data,
_expected_status=400)
assert verify_code.code_used is False
assert sample_user.logged_in_at is None
assert sample_user.current_session_id is None
assert sample_user.failed_login_count == 1
def send_user_code(user_id):
try:
user = get_model_users(user_id=user_id)
except DataError:
return jsonify(result="error", message="Invalid user id"), 400
except NoResultFound:
return jsonify(result="error", message="User not found"), 404
text_pwd = None
verify_code, errors = verify_code_schema.load(request.get_json())
if errors:
return jsonify(result="error", message=errors), 400
code = create_user_code(user, create_secret_code(), verify_code.code_type)
# TODO this will need to fixed up when we stop using
# notify_alpha_client
if verify_code.code_type == 'sms':
notify_alpha_client.send_sms(mobile_number=user.mobile_number,
message=code.code)
elif verify_code.code_type == 'email':
notify_alpha_client.send_email(user.email_address, code.code,
'*****@*****.**',
'Verification code')
else:
abort(500)
return jsonify(''), 204
def create_code(notify_db_session, code_type):
code = create_secret_code()
usr = create_user()
return create_user_code(usr, code, code_type), code
def create_code(notify_db, notify_db_session, code_type, usr=None, code=None):
if code is None:
code = create_secret_code()
if usr is None:
usr = create_user()
return create_user_code(usr, code, code_type), code
def create_code(notify_db, notify_db_session, code_type, usr=None, code=None):
if code is None:
code = create_secret_code()
if usr is None:
usr = sample_user(notify_db, notify_db_session)
return create_user_code(usr, code, code_type), code
