def test_post_user_attribute_with_updated_by(
client, mocker, sample_user, user_attribute,
user_value, arguments, team_member_email_edit_template, team_member_mobile_edit_template
):
updater = create_user(name="Service Manago", email="*****@*****.**")
assert getattr(sample_user, user_attribute) != user_value
update_dict = {
user_attribute: user_value,
'updated_by': str(updater.id)
}
auth_header = create_authorization_header()
headers = [('Content-Type', 'application/json'), auth_header]
mock_persist_notification = mocker.patch('app.user.rest.persist_notification')
mocker.patch('app.user.rest.send_notification_to_queue')
resp = client.post(
url_for('user.update_user_attribute', user_id=sample_user.id),
data=json.dumps(update_dict),
headers=headers)
assert resp.status_code == 200, resp.get_data(as_text=True)
json_resp = json.loads(resp.get_data(as_text=True))
assert json_resp['data'][user_attribute] == user_value
if arguments:
mock_persist_notification.assert_called_once_with(**arguments)
else:
mock_persist_notification.assert_not_called()
def test_find_users_by_email_finds_user_by_full_email(notify_db, client):
create_user(email='*****@*****.**')
create_user(email='*****@*****.**')
data = json.dumps({"email": "*****@*****.**"})
auth_header = create_authorization_header()
response = client.post(
url_for("user.find_users_by_email"),
data=data,
headers=[('Content-Type', 'application/json'), auth_header]
)
users = json.loads(response.get_data(as_text=True))
assert response.status_code == 200
assert len(users['data']) == 1
assert users['data'][0]['email_address'] == '*****@*****.**'
def test_get_organisation_users_returns_users_for_organisation(
admin_request, sample_organisation):
first = create_user(email="*****@*****.**")
second = create_user(email="*****@*****.**")
dao_add_user_to_organisation(organisation_id=sample_organisation.id,
user_id=first.id)
dao_add_user_to_organisation(organisation_id=sample_organisation.id,
user_id=second.id)
response = admin_request.get(
"organisation.get_organisation_users",
organisation_id=sample_organisation.id,
_expected_status=200,
)
assert len(response["data"]) == 2
assert response["data"][0]["id"] == str(first.id)
def test_add_user_to_organisation_returns_user(sample_organisation):
org_user = create_user()
assert not org_user.organisations
added_user = dao_add_user_to_organisation(
organisation_id=sample_organisation.id, user_id=org_user.id)
assert len(added_user.organisations) == 1
assert added_user.organisations[0] == sample_organisation
def test_update_user_identity_provider_user_id_for_identity_provider_when_none(
notify_db_session, initial_id_provider, expected_id_provider):
user = create_user(identity_provider_user_id=initial_id_provider)
user_from_db = update_user_identity_provider_user_id(
user.email_address, expected_id_provider)
assert user_from_db.identity_provider_user_id == expected_id_provider
def test_add_existing_user_to_another_service_doesnot_change_old_permissions(
notify_db_session, ):
user = create_user()
service_one = Service(
name="service_one",
email_from="service_one",
message_limit=1000,
restricted=False,
created_by=user,
)
dao_create_service(service_one, user)
assert user.id == service_one.users[0].id
test_user_permissions = Permission.query.filter_by(service=service_one,
user=user).all()
assert len(test_user_permissions) == 8
other_user = User(
name="Other Test User",
email_address="*****@*****.**",
password="******",
mobile_number="+447700900987",
)
save_model_user(other_user)
service_two = Service(
name="service_two",
email_from="service_two",
message_limit=1000,
restricted=False,
created_by=other_user,
)
dao_create_service(service_two, other_user)
assert other_user.id == service_two.users[0].id
other_user_permissions = Permission.query.filter_by(service=service_two,
user=other_user).all()
assert len(other_user_permissions) == 8
other_user_service_one_permissions = Permission.query.filter_by(
service=service_one, user=other_user).all()
assert len(other_user_service_one_permissions) == 0
# adding the other_user to service_one should leave all other_user permissions on service_two intact
permissions = []
for p in ["send_emails", "send_texts", "send_letters"]:
permissions.append(Permission(permission=p))
dao_add_user_to_service(service_one, other_user, permissions=permissions)
other_user_service_one_permissions = Permission.query.filter_by(
service=service_one, user=other_user).all()
assert len(other_user_service_one_permissions) == 3
other_user_service_two_permissions = Permission.query.filter_by(
service=service_two, user=other_user).all()
assert len(other_user_service_two_permissions) == 8
def sample_login_event(notify_db, notify_db_session):
user = create_user()
event = LoginEvent(data={
"ip": "8.8.8.8",
"user-agent": "GoogleBot"
},
user_id=user.id)
save_login_event(event)
return event
def test_get_all_services_for_user(notify_db_session):
user = create_user()
create_service(service_name="service 1", user=user, email_from="service.1")
create_service(service_name="service 2", user=user, email_from="service.2")
create_service(service_name="service 3", user=user, email_from="service.3")
assert len(dao_fetch_all_services_by_user(user.id)) == 3
assert dao_fetch_all_services_by_user(user.id)[0].name == "service 1"
assert dao_fetch_all_services_by_user(user.id)[1].name == "service 2"
assert dao_fetch_all_services_by_user(user.id)[2].name == "service 3"
def test_get_all_services_for_user(notify_db_session):
user = create_user()
create_service(service_name='service 1', user=user, email_from='service.1')
create_service(service_name='service 2', user=user, email_from='service.2')
create_service(service_name='service 3', user=user, email_from='service.3')
assert len(dao_fetch_all_services_by_user(user.id)) == 3
assert dao_fetch_all_services_by_user(user.id)[0].name == 'service 1'
assert dao_fetch_all_services_by_user(user.id)[1].name == 'service 2'
assert dao_fetch_all_services_by_user(user.id)[2].name == 'service 3'
def sample_template(
notify_db,
notify_db_session,
template_name="Template Name",
template_type="sms",
content="This is a template:\nwith a newline",
archived=False,
hidden=False,
subject_line='Subject',
user=None,
service=None,
created_by=None,
process_type='normal',
permissions=[EMAIL_TYPE, SMS_TYPE]
):
if user is None:
user = create_user()
if service is None:
service = Service.query.filter_by(name='Sample service').first()
if not service:
service = create_service(service_permissions=permissions, check_if_service_exists=True)
if created_by is None:
created_by = create_user()
data = {
'name': template_name,
'template_type': template_type,
'content': content,
'service': service,
'created_by': created_by,
'archived': archived,
'hidden': hidden,
'process_type': process_type
}
if template_type in ['email', 'letter']:
data.update({
'subject': subject_line
})
if template_type == 'letter':
data['postage'] = 'second'
template = Template(**data)
dao_create_template(template)
return template
def sample_template(
notify_db,
notify_db_session,
template_name="Template Name",
template_type="sms",
content="This is a template:\nwith a newline",
archived=False,
hidden=False,
subject_line="Subject",
user=None,
service=None,
created_by=None,
process_type="normal",
permissions=[EMAIL_TYPE, SMS_TYPE],
):
if user is None:
user = create_user()
if service is None:
service = Service.query.filter_by(name="Sample service").first()
if not service:
service = create_service(service_permissions=permissions, check_if_service_exists=True)
if created_by is None:
created_by = create_user()
data = {
"name": template_name,
"template_type": template_type,
"content": content,
"service": service,
"created_by": created_by,
"archived": archived,
"hidden": hidden,
"process_type": process_type,
}
if template_type in ["email", "letter"]:
data.update({"subject": subject_line})
if template_type == "letter":
data["postage"] = "second"
template = Template(**data)
dao_create_template(template)
return template
def test_update_user_attribute_blocked():
user = create_user(email='*****@*****.**',
mobile_number="+4407700900460")
assert user.current_session_id is None
save_user_attribute(user, {
"blocked": True,
"mobile_number": "+2407700900460"
})
print(user.mobile_number, user.current_session_id)
assert str(getattr(
user, "current_session_id")) == "00000000-0000-0000-0000-000000000000"
def test_cannot_create_service_with_no_user(notify_db_session):
user = create_user()
assert Service.query.count() == 0
service = Service(name="service_name",
email_from="email_from",
message_limit=1000,
restricted=False,
created_by=user)
with pytest.raises(ValueError) as excinfo:
dao_create_service(service, None)
assert "Can't create a service without a user" in str(excinfo.value)
def test_update_service_permission_creates_a_history_record_with_current_data(
notify_db_session, ):
user = create_user()
assert Service.query.count() == 0
assert Service.get_history_model().query.count() == 0
service = Service(
name="service_name",
email_from="email_from",
message_limit=1000,
restricted=False,
created_by=user,
)
dao_create_service(
service,
user,
service_permissions=[
SMS_TYPE,
EMAIL_TYPE,
INTERNATIONAL_SMS_TYPE,
],
)
service.permissions.append(
ServicePermission(service_id=service.id, permission="letter"))
dao_update_service(service)
assert Service.query.count() == 1
assert Service.get_history_model().query.count() == 2
service_from_db = Service.query.first()
assert service_from_db.version == 2
_assert_service_permissions(
service.permissions,
(SMS_TYPE, EMAIL_TYPE, INTERNATIONAL_SMS_TYPE, LETTER_TYPE))
permission = [p for p in service.permissions if p.permission == "sms"][0]
service.permissions.remove(permission)
dao_update_service(service)
assert Service.query.count() == 1
assert Service.get_history_model().query.count() == 3
service_from_db = Service.query.first()
assert service_from_db.version == 3
_assert_service_permissions(
service.permissions, (EMAIL_TYPE, INTERNATIONAL_SMS_TYPE, LETTER_TYPE))
assert len(Service.get_history_model().query.filter_by(
name="service_name").all()) == 3
assert Service.get_history_model().query.filter_by(
name="service_name").all()[2].version == 3
def sample_template(
notify_db,
notify_db_session,
template_name="Template Name",
template_type="sms",
content="This is a template:\nwith a newline",
archived=False,
hidden=False,
subject_line='Subject',
user=None,
service=None,
created_by=None,
process_type='normal',
permissions=[EMAIL_TYPE, SMS_TYPE]
):
if user is None:
user = create_user()
if service is None:
service = sample_service(notify_db, notify_db_session, permissions=permissions)
if created_by is None:
created_by = create_user()
data = {
'name': template_name,
'template_type': template_type,
'content': content,
'service': service,
'created_by': created_by,
'archived': archived,
'hidden': hidden,
'process_type': process_type
}
if template_type in ['email', 'letter']:
data.update({
'subject': subject_line
})
template = Template(**data)
dao_create_template(template)
return template
def test_user_can_be_archived_if_the_other_service_members_have_the_manage_settings_permission(
sample_service, ):
user_1 = create_user(email="*****@*****.**")
user_2 = create_user(email="*****@*****.**")
user_3 = create_user(email="*****@*****.**")
sample_service.users = [user_1, user_2, user_3]
create_permissions(user_1, sample_service, "manage_settings")
create_permissions(user_2, sample_service, "manage_settings",
"view_activity")
create_permissions(
user_3,
sample_service,
"manage_settings",
"send_emails",
"send_letters",
"send_texts",
)
assert len(sample_service.users) == 3
assert user_can_be_archived(user_1)
def test_send_one_off_notification_fails_if_created_by_other_service(sample_template):
user_not_in_service = create_user(email='*****@*****.**')
post_data = {
'template_id': str(sample_template.id),
'to': '07700 900 001',
'created_by': str(user_not_in_service.id)
}
with pytest.raises(BadRequestError) as e:
send_one_off_notification(sample_template.service_id, post_data)
assert e.value.message == 'Can’t create notification - Test User is not part of the "Sample service" service'
def test_dao_archive_user(sample_user, sample_organisation, fake_uuid):
sample_user.current_session_id = fake_uuid
# create 2 services for sample_user to be a member of (each with another active user)
service_1 = create_service(service_name='Service 1')
service_1_user = create_user(email='*****@*****.**')
service_1.users = [sample_user, service_1_user]
create_permissions(sample_user, service_1, 'manage_settings')
create_permissions(service_1_user, service_1, 'manage_settings',
'view_activity')
service_2 = create_service(service_name='Service 2')
service_2_user = create_user(email='*****@*****.**')
service_2.users = [sample_user, service_2_user]
create_permissions(sample_user, service_2, 'view_activity')
create_permissions(service_2_user, service_2, 'manage_settings')
# make sample_user an org member
sample_organisation.users = [sample_user]
# give sample_user folder permissions for a service_1 folder
folder = create_template_folder(service_1)
service_user = dao_get_service_user(sample_user.id, service_1.id)
service_user.folders = [folder]
dao_update_service_user(service_user)
dao_archive_user(sample_user)
assert sample_user.get_permissions() == {}
assert sample_user.services == []
assert sample_user.organisations == []
assert sample_user.auth_type == EMAIL_AUTH_TYPE
assert sample_user.email_address == '*****@*****.**'
assert sample_user.mobile_number is None
assert sample_user.current_session_id == uuid.UUID(
'00000000-0000-0000-0000-000000000000')
assert sample_user.state == 'inactive'
assert not sample_user.check_password('password')
def test_should_remove_provider_from_service(notify_db_session, ses_provider):
user = create_user()
service = Service(name="service_name",
email_from="email_from",
message_limit=1000,
restricted=False,
created_by=user,
email_provider_id=ses_provider.id)
dao_create_service(service, user)
stored_service = dao_fetch_service_by_id(service.id)
stored_service.email_provider_id = None
dao_update_service(service)
updated_service = dao_fetch_service_by_id(service.id)
assert not updated_service.email_provider_id
def sample_email_template(notify_db_session):
user = create_user()
service = create_service(user=user, service_permissions=[EMAIL_TYPE, SMS_TYPE], check_if_service_exists=True)
data = {
'name': 'Email Template Name',
'template_type': EMAIL_TYPE,
'content': 'This is a template',
'service': service,
'created_by': user,
'subject': 'Email Subject'
}
template = Template(**data)
dao_create_template(template)
return template
def sample_user_service_permission(notify_db_session):
user = create_user()
service = create_service(user=user, check_if_service_exists=True)
permission = 'manage_settings'
data = {'user': user, 'service': service, 'permission': permission}
p_model = Permission.query.filter_by(user=user,
service=service,
permission=permission).first()
if not p_model:
p_model = Permission(**data)
db.session.add(p_model)
db.session.commit()
return p_model
def test_send_one_off_notification_fails_if_created_by_other_service(
sample_template):
user_not_in_service = create_user(email="*****@*****.**")
post_data = {
"template_id": str(sample_template.id),
"to": "6502532222",
"created_by": str(user_not_in_service.id),
}
with pytest.raises(BadRequestError) as e:
send_one_off_notification(sample_template.service_id, post_data)
assert e.value.message == 'Can’t create notification - Test User is not part of the "Sample service" service'
def test_accepts_jwt_for_user_in_service(self, client, db_session):
@requires_user_in_service()
def endpoint_that_requires_user_in_service():
pass
user = create_user()
service = create_service(service_name='some-service', user=user)
token = create_access_token(identity=user)
request.view_args['service_id'] = service.id
request.headers = {'Authorization': 'Bearer {}'.format(token)}
endpoint_that_requires_user_in_service()
def test_get_orgs_and_services_only_shows_users_orgs_and_services(admin_request, sample_user):
other_user = create_user(email='*****@*****.**')
org1 = create_organisation(name='org1')
org2 = create_organisation(name='org2')
service1 = create_service(service_name='service1')
service2 = create_service(service_name='service2')
org1.services = [service1]
sample_user.organisations = [org2]
sample_user.services = [service1]
other_user.organisations = [org1, org2]
other_user.services = [service1, service2]
resp = admin_request.get('user.get_organisations_and_services_for_user', user_id=sample_user.id)
assert set(resp.keys()) == {
'organisations',
'services_without_organisations',
'services',
}
assert resp['organisations'] == [
{
'name': org2.name,
'id': str(org2.id),
'services': [],
'count_of_live_services': 0,
}
]
# service1 belongs to org1, but the user doesn't know about org1
assert resp['services_without_organisations'] == [
{
'name': service1.name,
'id': str(service1.id),
'restricted': False,
}
]
# 'services' always returns the org_id no matter whether the user
# belongs to that org or not
assert resp['services'] == [
{
'name': service1.name,
'id': str(service1.id),
'restricted': False,
'organisation': str(org1.id),
}
]
def test_get_folders_returns_users_with_permission(admin_request,
sample_service):
user_1 = create_user(email='*****@*****.**')
user_2 = create_user(email='*****@*****.**')
user_3 = create_user(email='*****@*****.**')
template_folder = create_template_folder(sample_service)
sample_service.users = [user_1, user_2, user_3]
service_user_1 = dao_get_service_user(user_1.id, sample_service.id)
service_user_2 = dao_get_service_user(user_2.id, sample_service.id)
service_user_1.folders = [template_folder]
service_user_2.folders = [template_folder]
resp = admin_request.get(
'template_folder.get_template_folders_for_service',
service_id=sample_service.id)
users_with_permission = resp['template_folders'][0][
'users_with_permission']
assert len(users_with_permission) == 2
assert str(user_1.id) in users_with_permission
assert str(user_2.id) in users_with_permission
def test_cannot_create_service_with_non_existent_sms_provider(
notify_db_session):
user = create_user()
dummy_sms_provider_details_id = uuid.uuid4()
service = Service(name="service_name",
email_from="email_from1",
message_limit=1000,
restricted=False,
created_by=user,
sms_provider_id=dummy_sms_provider_details_id)
with pytest.raises(IntegrityError) as excinfo:
dao_create_service(service, user)
assert 'services_sms_provider_id_fkey' in str(excinfo.value)
def test_update_template_folder_users(admin_request, sample_service):
existing_folder = create_template_folder(sample_service)
user_1 = create_user(email="*****@*****.**")
user_2 = create_user(email="*****@*****.**")
user_3 = create_user(email="*****@*****.**")
sample_service.users += [user_1, user_2, user_3]
assert len(existing_folder.users) == 0
response_1 = admin_request.post(
"template_folder.update_template_folder",
service_id=sample_service.id,
template_folder_id=existing_folder.id,
_data={
"name": "foo",
"users_with_permission": [str(user_1.id)]
},
)
assert response_1["data"]["users_with_permission"] == [str(user_1.id)]
assert len(existing_folder.users) == 1
response_2 = admin_request.post(
"template_folder.update_template_folder",
service_id=sample_service.id,
template_folder_id=existing_folder.id,
_data={
"name": "foo",
"users_with_permission": [str(user_2.id),
str(user_3.id)],
},
)
assert response_2["data"]["users_with_permission"] == [
str(user_2.id),
str(user_3.id),
]
assert len(existing_folder.users) == 2
def test_create_service_and_history_is_transactional(notify_db_session):
user = create_user()
assert Service.query.count() == 0
assert Service.get_history_model().query.count() == 0
service = Service(name=None,
email_from="email_from",
message_limit=1000,
restricted=False,
created_by=user)
with pytest.raises(IntegrityError) as excinfo:
dao_create_service(service, user)
assert 'column "name" violates not-null constraint' in str(excinfo.value)
assert Service.query.count() == 0
assert Service.get_history_model().query.count() == 0
def test_dao_add_user_to_service_raises_error_if_adding_folder_permissions_for_a_different_service(
sample_service,
):
user = create_user()
other_service = create_service(service_name='other service')
other_service_folder = create_template_folder(other_service)
folder_permissions = [str(other_service_folder.id)]
assert ServiceUser.query.count() == 2
with pytest.raises(IntegrityError) as e:
dao_add_user_to_service(sample_service, user, folder_permissions=folder_permissions)
db.session.rollback()
assert 'insert or update on table "user_folder_permissions" violates foreign key constraint' in str(e.value)
assert ServiceUser.query.count() == 2
def test_should_add_user_to_service(notify_db_session):
user = create_user()
service = Service(name="service_name",
email_from="email_from",
message_limit=1000,
restricted=False,
created_by=user)
dao_create_service(service, user)
assert user in Service.query.first().users
new_user = User(name='Test User',
email_address='*****@*****.**',
password='******',
mobile_number='+16502532222')
save_model_user(new_user)
dao_add_user_to_service(service, new_user)
assert new_user in Service.query.first().users
