def test_change_password_success(app):
new_password = "******"
user = users_factories.UserFactory()
access_token = create_access_token(identity=user.email)
test_client = TestClient(app.test_client())
test_client.auth_header = {"Authorization": f"Bearer {access_token}"}
response = test_client.post(
"/native/v1/change_password",
json={"currentPassword": users_factories.DEFAULT_PASSWORD, "newPassword": new_password},
)
assert response.status_code == 204
user = find_user_by_id(user.id)
assert user.password == hash_password(new_password)
def test_should_return_error_message_when_admin_user_is_beneficiary(
self, app):
# Given
user = users_factories.UserFactory(
isAdmin=True,
roles=[user_models.UserRole.BENEFICIARY],
)
api_errors = ApiErrors()
# When
api_error = validate(user, api_errors)
# Then
assert api_error.errors["is_beneficiary"] == [
"Admin ne peut pas être bénéficiaire"
]
def test_reset_password_fail_for_password_strength(app):
reset_token = random_token()
user = users_factories.UserFactory(
resetPasswordToken=reset_token,
resetPasswordTokenValidityLimit=(datetime.utcnow() + timedelta(hours=1)),
)
old_password = user.password
new_password = "******"
data = {"reset_password_token": reset_token, "new_password": new_password}
response = TestClient(app.test_client()).post("/native/v1/reset_password", json=data)
user = find_user_by_id(user.id)
assert response.status_code == 400
assert user.password == old_password
def test_does_not_return_soft_deleted_stock(self, app):
# Given
pro = users_factories.UserFactory(isBeneficiary=False)
stock = offers_factories.ThingStockFactory(isSoftDeleted=True)
offers_factories.UserOffererFactory(
user=pro, offerer=stock.offer.venue.managingOfferer)
client = TestClient(app.test_client()).with_auth(email=pro.email)
# When
response = client.get(f"/offers/{humanize(stock.offer.id)}/stocks")
# Then
assert response.status_code == 200
assert response.json == {
"stocks": [],
}
def test_find_all_offerer_reimbursement_details(self, app):
# Given
user = users_factories.UserFactory(email="*****@*****.**")
offerer1 = create_offerer(siren="123456789")
user_offerer1 = create_user_offerer(user,
offerer1,
validation_token=None)
venue1 = create_venue(offerer1)
venue2 = create_venue(offerer1, siret="12345678912346")
bank_information1 = create_bank_information(application_id=1,
venue=venue1)
bank_information2 = create_bank_information(application_id=2,
venue=venue2)
create_offer_with_thing_product(
venue1,
url="https://host/path/{token}?offerId={offerId}&email={email}")
create_offer_with_thing_product(venue2)
stock1 = create_stock_with_thing_offer(offerer=offerer1,
venue=venue1,
price=10)
stock2 = create_stock_with_thing_offer(offerer=offerer1,
venue=venue2,
price=11)
booking1 = create_booking(user=user,
stock=stock1,
is_used=True,
token="ABCDEF",
venue=venue1)
booking2 = create_booking(user=user,
stock=stock1,
token="ABCDEG",
venue=venue1)
booking3 = create_booking(user=user,
stock=stock2,
is_used=True,
token="ABCDEH",
venue=venue2)
repository.save(booking1, booking2, booking3, user_offerer1,
bank_information1, bank_information2)
generate_new_payments()
# When
reimbursement_details = find_all_offerer_reimbursement_details(
offerer1.id)
# Then
assert len(reimbursement_details) == 2
def test_beneficiary_user_creation(self, app):
users_factories.UserFactory(email="*****@*****.**", isAdmin=True)
data = dict(
email="*****@*****.**",
firstName="Serge",
lastName="Lama",
dateOfBirth="2002-07-13 10:05:00",
departementCode="93",
postalCode="93000",
isBeneficiary="y",
phoneNumber="0601020304",
depositVersion="1",
)
client = TestClient(app.test_client()).with_auth("*****@*****.**")
response = client.post("/pc/back-office/beneficiary_users/new",
form=data)
assert response.status_code == 302
user_created = User.query.filter_by(email="*****@*****.**").one()
assert user_created.firstName == "Serge"
assert user_created.lastName == "Lama"
assert user_created.publicName == "Serge Lama"
assert user_created.dateOfBirth == datetime(2002, 7, 13, 10, 5)
assert user_created.departementCode == "93"
assert user_created.postalCode == "93000"
assert user_created.isBeneficiary is True
assert user_created.phoneNumber == "0601020304"
assert len(user_created.deposits) == 1
assert user_created.deposit.source == "pass-culture-admin"
assert user_created.deposit.amount == 500
assert len(mails_testing.outbox) == 1
assert mails_testing.outbox[0].sent_data == {
"FromEmail": "*****@*****.**",
"Mj-TemplateID": 994771,
"Mj-TemplateLanguage": True,
"To": "*****@*****.**",
"Vars": {
"prenom_user": "******",
"token": user_created.resetPasswordToken,
"email": "lama%40example.com",
"env": "-development",
},
}
def test_physical_limit(self):
beneficiary = users_factories.UserFactory(deposit__version=1)
offer = offers_factories.OfferFactory(
product__type=str(ThingType.INSTRUMENT))
factories.BookingFactory(user=beneficiary,
stock__price=190,
stock__offer=offer)
validation.check_expenses_limits(beneficiary, 10,
offer) # should not raise
with pytest.raises(
exceptions.PhysicalExpenseLimitHasBeenReached) as error:
validation.check_expenses_limits(beneficiary, 11, offer)
assert error.value.errors["global"] == [
"Le plafond de 200 € pour les biens culturels ne vous permet pas de réserver cette offre."
]
def when_user_is_not_attached_to_offerer(self, app):
# Given
users_factories.UserFactory(email="*****@*****.**")
venue = offers_factories.VirtualVenueFactory()
# When
client = TestClient(app.test_client()).with_auth("*****@*****.**")
data = {
"venueId": humanize(venue.id),
}
response = client.post("/offers", json=data)
# Then
assert response.status_code == 403
assert response.json["global"] == [
"Vous n'avez pas les droits d'accès suffisant pour accéder à cette information."
]
def when_user_is_admin(self, app):
# given
user = users_factories.UserFactory(isAdmin=True)
offer = offers_factories.ThingOfferFactory()
stock = offers_factories.StockFactory(offer=offer,
price=100,
quantity=10)
# when
client = TestClient(app.test_client()).with_auth(user.email)
data = {"price": 20, "quantity": 5}
response = client.patch(f"/stocks/{humanize(stock.id)}", json=data)
# then
assert response.status_code == 200
assert stock.price == 20
assert stock.quantity == 5
def when_user_has_no_rights(self, app, db_session):
# given
user = users_factories.UserFactory(email="*****@*****.**")
stock = offers_factories.StockFactory()
# when
client = TestClient(app.test_client()).with_auth(user.email)
response = client.patch(f"/stocks/{humanize(stock.id)}",
json={"quantity": 5})
# then
assert response.status_code == 403
assert response.json == {
"global": [
"Vous n'avez pas les droits d'accès suffisant pour accéder à cette information."
]
}
def test_send_a_reset_password_email_to_native_app_user_via_sendinblue(
self):
# given
user = users_factories.UserFactory(email="*****@*****.**")
# when
user_emails.send_reset_password_email_to_native_app_user(user)
# then
assert len(mails_testing.outbox) == 1 # test number of emails sent
native_app_link = mails_testing.outbox[0].sent_data["params"][
"NATIVE_APP_LINK"]
assert user.tokens[0].value in native_app_link
assert mails_testing.outbox[0].sent_data["template"] == asdict(
TransactionalEmail.NEW_PASSWORD_REQUEST.value)
assert mails_testing.outbox[0].sent_data["To"] == "*****@*****.**"
def test_change_user_email_new_email_already_existing(self):
# Given
users_factories.UserFactory(email="*****@*****.**",
firstName="UniqueNameForEmailChangeTest")
expiration_date = datetime.now() + timedelta(hours=1)
token_payload = dict(current_email="*****@*****.**",
new_email="*****@*****.**")
token = encode_jwt_payload(token_payload, expiration_date)
# When
users_api.change_user_email(token)
# Then
old_user = User.query.filter_by(email="*****@*****.**").first()
assert old_user is None
new_user = User.query.filter_by(email="*****@*****.**").first()
assert new_user is not None
def test_cannot_save_beneficiary_if_department_is_not_eligible(get_application_content, app):
# Given
postal_code = "984"
get_application_content.return_value = JOUVE_CONTENT | {"postalCode": postal_code}
applicant = users_factories.UserFactory(
firstName=JOUVE_CONTENT["firstName"], lastName=JOUVE_CONTENT["lastName"], email=JOUVE_CONTENT["email"]
)
# When
create_beneficiary_from_application.execute(APPLICATION_ID)
# Then
beneficiary_import = BeneficiaryImport.query.one()
assert beneficiary_import.currentStatus == ImportStatus.REJECTED
assert beneficiary_import.applicationId == APPLICATION_ID
assert beneficiary_import.beneficiary == applicant
assert beneficiary_import.detail == f"Postal code {postal_code} is not eligible."
def test_fail_if_token_has_expired(app):
user = users_factories.UserFactory(password="******")
token = users_factories.TokenFactory(
userId=user.id,
type=TokenType.RESET_PASSWORD,
expirationDate=datetime.utcnow() - timedelta(hours=24),
)
data = {"token": token.value, "newPassword": "******"}
client = TestClient(app.test_client())
response = client.post("/users/new-password", json=data)
assert response.status_code == 400
assert response.json["token"] == [
"Votre lien de changement de mot de passe est invalide."
]
assert user.checkPassword("Old_P4ssword")
def test_request_reset_password_for_existing_email(mock_send_reset_password_email_to_native_app_user, app):
email = "*****@*****.**"
data = {"email": email}
user = users_factories.UserFactory(email=email)
saved_token = Token.query.filter_by(user=user).first()
assert saved_token is None
mock_send_reset_password_email_to_native_app_user.return_value = True
response = TestClient(app.test_client()).post("/native/v1/request_password_reset", json=data)
mock_send_reset_password_email_to_native_app_user.assert_called_once()
assert response.status_code == 204
saved_token = Token.query.filter_by(user=user).first()
assert saved_token.type.value == "reset-password"
def test_refresh_token_route_updates_user_last_connection_date(client):
data = {
"identifier": "*****@*****.**",
"password": users_factories.DEFAULT_PASSWORD
}
user = users_factories.UserFactory(email=data["identifier"],
password=data["password"],
lastConnectionDate=datetime(1990, 1, 1))
refresh_token = create_refresh_token(identity=user.email)
client.auth_header = {"Authorization": f"Bearer {refresh_token}"}
refresh_response = client.post("/native/v1/refresh_access_token")
assert refresh_response.status_code == 200
assert user.lastConnectionDate == datetime(2020, 3, 15)
assert len(sendinblue_testing.sendinblue_requests) == 1
def test_does_not_raise_error_when_api_key_is_provided_and_is_related_to_offerer_id(
self, app):
# Given
user = users_factories.UserFactory()
offerer = create_offerer()
user_offerer = create_user_offerer(user, offerer, None)
repository.save(offerer, user_offerer)
validApiKey = ApiKey()
validApiKey.prefix = random_token(64)
validApiKey.offererId = offerer.id
repository.save(validApiKey)
# The the following should not raise
check_api_key_allows_to_validate_booking(validApiKey, offerer.id)
def when_not_authenticated_used_api_key_or_login(self, app):
# Given
user = users_factories.UserFactory()
offerer = create_offerer()
user_offerer = create_user_offerer(user, offerer)
venue = create_venue(offerer)
offer = create_offer_with_event_product(venue)
stock = create_stock(offer=offer)
booking = create_booking(user=user, stock=stock, venue=venue)
repository.save(user_offerer, booking)
# When
url = "/v2/bookings/cancel/token/{}".format(booking.token)
response = TestClient(app.test_client()).patch(url)
# Then
assert response.status_code == 401
def test_get_user_profile_empty_first_name(self, app):
users_factories.UserFactory(email=self.identifier,
firstName="",
isBeneficiary=False,
publicName=VOID_PUBLIC_NAME)
access_token = create_access_token(identity=self.identifier)
test_client = TestClient(app.test_client())
test_client.auth_header = {"Authorization": f"Bearer {access_token}"}
response = test_client.get("/native/v1/me")
assert response.status_code == 200
assert response.json["email"] == self.identifier
assert response.json["firstName"] is None
assert response.json["pseudo"] is None
assert not response.json["isBeneficiary"]
def test_delete_user_when_she_has_no_deposit():
admin = users_factories.AdminFactory()
user_without_deposit = users_factories.UserFactory(
email="*****@*****.**")
users_factories.FavoriteFactory(user=user_without_deposit)
fraud_factories.BeneficiaryFraudCheckFactory(user=user_without_deposit)
fraud_factories.BeneficiaryFraudResultFactory(user=user_without_deposit)
fraud_factories.BeneficiaryFraudReviewFactory(user=user_without_deposit,
author=admin)
deposit = Deposit.query.all()
repository.delete(*deposit)
suspend_or_delete_from_file(
"tests/scripts/beneficiary/users_to_delete_fixture.txt",
admin.email,
)
assert User.query.all() == [admin]
def when_one_password_is_missing_in_the_request_body(
self, validate_change_password_request, app):
# given
api_errors = ApiErrors()
api_errors.add_error("password", "missing password")
api_errors.status_code = 400
user = users_factories.UserFactory(email="*****@*****.**")
validate_change_password_request.side_effect = api_errors
data = {}
# when
response = (TestClient(app.test_client()).with_session_auth(
user.email).post("/users/current/change-password", json=data))
# then
assert response.status_code == 400
assert response.json["password"] == ["missing password"]
def test_reimburses_offerer_with_degressive_rate_for_venues_with_bookings_exceeding_20000_euros(
self, app):
# Given
offerer1 = create_offerer(siren="123456789")
repository.save(offerer1)
bank_information = create_bank_information(
bic="BDFEFR2LCCB",
iban="FR7630006000011234567890189",
offerer=offerer1)
venue1 = create_venue(offerer1, siret="12345678912345")
venue2 = create_venue(offerer1, siret="98765432154321")
venue3 = create_venue(offerer1, siret="98123432154321")
offer1 = create_offer_with_thing_product(venue1)
offer2 = create_offer_with_thing_product(venue2)
offer3 = create_offer_with_thing_product(venue3)
paying_stock1 = create_stock_from_offer(offer1, price=10000)
paying_stock2 = create_stock_from_offer(offer2, price=10000)
paying_stock3 = create_stock_from_offer(offer3, price=30000)
user = users_factories.UserFactory()
user.deposit.amount = 50000
repository.save(user.deposit)
booking1 = create_booking(user=user,
stock=paying_stock1,
venue=venue1,
is_used=True,
quantity=1)
booking2 = create_booking(user=user,
stock=paying_stock2,
venue=venue2,
is_used=True,
quantity=1)
booking3 = create_booking(user=user,
stock=paying_stock3,
venue=venue3,
is_used=True,
quantity=1)
repository.save(booking1, booking2, booking3, bank_information)
# When
pending, not_processable = generate_new_payments()
# Then
assert len(pending) == 3
assert len(not_processable) == 0
assert sum(p.amount for p in pending) == 48500
def test_returns_payments_matching_message(self, app):
# given
user = users_factories.UserFactory()
booking = create_booking(user=user)
offerer = booking.stock.offer.venue.managingOfferer
transaction1 = create_payment_message(name="XML1")
transaction2 = create_payment_message(name="XML2")
transaction3 = create_payment_message(name="XML3")
uuid1, uuid2, uuid3 = uuid.uuid4(), uuid.uuid4(), uuid.uuid4()
payments = [
create_payment(booking,
offerer,
5,
transaction_end_to_end_id=uuid1,
payment_message=transaction1),
create_payment(booking,
offerer,
5,
transaction_end_to_end_id=uuid2,
payment_message=transaction2),
create_payment(booking,
offerer,
5,
transaction_end_to_end_id=uuid1,
payment_message=transaction3),
create_payment(booking,
offerer,
5,
transaction_end_to_end_id=uuid3,
payment_message=transaction1),
create_payment(booking,
offerer,
5,
transaction_end_to_end_id=uuid1,
payment_message=transaction1),
]
repository.save(*payments)
# when
matching_payments = payment_queries.find_payments_by_message("XML1")
# then
assert len(matching_payments) == 3
for payment in matching_payments:
assert payment.paymentMessageName == "XML1"
def when_user_has_an_offerer_attached(self, app):
# Given
user = users_factories.UserFactory(email="*****@*****.**")
offerer1 = create_offerer()
offerer2 = create_offerer(siren="123456788")
user_offerer1 = create_user_offerer(user, offerer1, validation_token=None)
user_offerer2 = create_user_offerer(user, offerer2, validation_token=None)
venue1 = create_venue(offerer1)
venue2 = create_venue(offerer1, siret="12345678912346")
venue3 = create_venue(offerer2, siret="12345678912347")
bank_information1 = create_bank_information(application_id=1, venue=venue1)
bank_information2 = create_bank_information(application_id=7, venue=venue2)
stock1 = create_stock_with_thing_offer(offerer=offerer1, venue=venue1, price=10)
stock2 = create_stock_with_thing_offer(offerer=offerer1, venue=venue2, price=11)
stock3 = create_stock_with_thing_offer(offerer=offerer2, venue=venue3, price=12)
stock4 = create_stock_with_thing_offer(offerer=offerer2, venue=venue3, price=13)
booking1 = create_booking(user=user, stock=stock1, is_used=True, token="ABCDEF", venue=venue1)
booking2 = create_booking(user=user, stock=stock1, token="ABCDEG", venue=venue1)
booking3 = create_booking(user=user, stock=stock2, is_used=True, token="ABCDEH", venue=venue2)
booking4 = create_booking(user=user, stock=stock3, is_used=True, token="ABCDEI", venue=venue3)
booking5 = create_booking(user=user, stock=stock4, is_used=True, token="ABCDEJ", venue=venue3)
booking6 = create_booking(user=user, stock=stock4, is_used=True, token="ABCDEK", venue=venue3)
repository.save(
booking1,
booking2,
booking3,
booking4,
booking5,
booking6,
user_offerer1,
user_offerer2,
bank_information1,
bank_information2,
)
generate_new_payments()
# When
response = TestClient(app.test_client()).with_auth(user.email).get("/reimbursements/csv")
response_lines = response.data.decode("utf-8").split("\n")
# Then
assert response.status_code == 200
assert response.headers["Content-type"] == "text/csv; charset=utf-8;"
assert response.headers["Content-Disposition"] == "attachment; filename=remboursements_pass_culture.csv"
assert len(response_lines) == 7
def when_account_is_known(self, mocked_feature_flipping,
mocked_mailing_utils, app):
# given
mocked_mailing_utils.send_raw_email.return_value = True
user = users_factories.UserFactory(email="*****@*****.**")
data = {"new_email": "*****@*****.**", "password": "******"}
# when
client = TestClient(app.test_client()).with_auth(user.email)
response = client.put("/beneficiaries/change_email_request", json=data)
# then
assert response.status_code == 204
information_data = {
"FromEmail": "*****@*****.**",
"MJ-TemplateID": 2066067,
"MJ-TemplateLanguage": True,
"To": user.email,
"Vars": {
"beneficiary_name": user.firstName
},
}
confirmation_data_token = (
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJjdXJyZW50X2VtYWlsIjo"
"idGVzdEBtYWlsLmNvbSIsIm5ld19lbWFpbCI6Im5ld0BlbWFpbC5jb20iLCJ"
"leHAiOjE2MDI4Mzg4MDB9.Q2-583JqPSfDjuMD6ZMhMnb07Rr47iBZFRwlFC"
"ymSf0")
confirmation_link = (
f"{settings.WEBAPP_URL}/email-change?token={confirmation_data_token}&expiration_timestamp=1602838800"
)
confirmation_data = {
"FromEmail": "*****@*****.**",
"MJ-TemplateID": 2066065,
"MJ-TemplateLanguage": True,
"To": "*****@*****.**",
"Vars": {
"beneficiary_name": "Jeanne",
"confirmation_link": confirmation_link,
},
}
assert mocked_mailing_utils.send_raw_email.call_count == 2
calls = [call(information_data), call(confirmation_data)]
mocked_mailing_utils.send_raw_email.assert_has_calls(calls)
def when_email_is_known(self, check_recaptcha_token_is_valid_mock, app,
db_session):
# given
user = users_factories.UserFactory()
data = {"token": "dumbToken", "email": user.email}
# when
response = TestClient(app.test_client()).post("/users/reset-password",
json=data)
# then
assert response.status_code == 204
user = User.query.get(user.id)
assert len(user.resetPasswordToken) == RESET_PASSWORD_TOKEN_LENGTH
now = datetime.utcnow()
assert (now +
timedelta(hours=23)) < user.resetPasswordTokenValidityLimit < (
now + timedelta(hours=25))
def test_get_user_with_valid_token(self):
user = users_factories.UserFactory()
token_type = TokenType.RESET_PASSWORD
expiration_date = datetime.now() + timedelta(hours=24)
saved_token = Token(
from_dict={
"userId": user.id,
"value": self.token_value,
"type": token_type,
"expirationDate": expiration_date,
}
)
repository.save(saved_token)
associated_user = get_user_with_valid_token(self.token_value, [token_type, "other-allowed-type"])
assert associated_user.id == user.id
def test_cant_cancel_cancelled_booking(self, app):
users_factories.UserFactory(email="*****@*****.**", isAdmin=True)
booking = bookings_factories.CancelledIndividualBookingFactory()
client = TestClient(
app.test_client()).with_session_auth("*****@*****.**")
route = f"/pc/back-office/bookings/cancel/{booking.id}"
response = client.post(route, form={})
assert response.status_code == 302
assert response.location == f"http://localhost/pc/back-office/bookings/?id={booking.id}"
response = client.get(response.location)
content = response.data.decode(response.charset)
assert "L'opération a échoué : la réservation a déjà été annulée" in content
booking = Booking.query.get(booking.id)
assert booking.isCancelled
def test_get_all_validated_offerers_names(self, app):
# given
pro_user = users_factories.UserFactory(isBeneficiary=False)
offerers = self._setup_offerers_for_pro_user(pro_user)
# when
response = TestClient(app.test_client()).with_auth(
pro_user.email).get("/offerers/names?validated=true")
# then
assert response.status_code == 200
assert "offerersNames" in response.json
assert len(response.json["offerersNames"]) == 1
offerer_ids = [
offererName["id"] for offererName in response.json["offerersNames"]
]
assert humanize(offerers["owned_offerer_validated"].id) in offerer_ids
def test_response_serializer(self, app):
# given
pro_user = users_factories.UserFactory(isBeneficiary=False)
offerer = offers_factories.OffererFactory()
offers_factories.UserOffererFactory(user=pro_user, offerer=offerer)
# when
response = TestClient(app.test_client()).with_auth(
pro_user.email).get("/offerers/names")
# then
assert response.status_code == 200
assert response.json == {
"offerersNames": [{
"id": humanize(offerer.id),
"name": offerer.name
}]
}
