def test_proofing_flow_previously_added_wrong_nin(self):
# Send letter to correct nin
self.send_letter(self.test_user_nin)
# Remove correct unverified nin and add wrong nin
user = self.app.central_userdb.get_user_by_eppn(self.test_user_eppn)
user.nins.remove(self.test_user_nin)
not_verified_nin = Nin.from_dict(
dict(number=self.test_user_wrong_nin,
created_by='test',
verified=False,
primary=False))
user.nins.add(not_verified_nin)
self.app.central_userdb.save(user)
# Time passes, user gets code in the mail. Enters code.
proofing_state = self.app.proofing_statedb.get_state_by_eppn(user.eppn)
response = self.verify_code(proofing_state.nin.verification_code, None)
# Now check that the (now verified) NIN on the user is back to the one used to request the letter
user = self.app.private_userdb.get_user_by_eppn(self.test_user_eppn)
self.assertEqual(user.nins.primary.number, self.test_user_nin)
self.assertEqual(user.nins.primary.created_by,
proofing_state.nin.created_by)
self.assertEqual(user.nins.primary.verified_by,
proofing_state.nin.created_by)
self.assertEqual(user.nins.primary.is_verified, True)
self.assertEqual(self.app.proofing_log.db_count(), 1)
def get_user_set_nins(self, eppn, ninlist):
"""
Fetch a user from the FakeUserDb and set it's NINs to those in ninlist.
:param eppn: eduPersonPrincipalName or email address
:param ninlist: List of NINs to configure user with (all verified)
:type eppn: str or unicode
:type ninlist: [str or unicode]
:return: IdPUser instance
:rtype: IdPUser
"""
user = self.idp_userdb.lookup_user(eppn)
[user.nins.remove(x) for x in user.nins.to_list()]
for number in ninlist:
this_nin = Nin.from_dict(
dict(
number=number,
created_by='unittest',
created_ts=True,
verified=True,
primary=user.nins.primary is None,
))
user.nins.add(this_nin)
return user
def test_proofing_flow_previously_added_nin(self):
user = self.app.central_userdb.get_user_by_eppn(self.test_user_eppn)
not_verified_nin = Nin.from_dict(
dict(number=self.test_user_nin,
created_by='test',
verified=False,
primary=False))
user.nins.add(not_verified_nin)
self.app.central_userdb.save(user)
self.send_letter(self.test_user_nin)
proofing_state = self.app.proofing_statedb.get_state_by_eppn(user.eppn)
self.verify_code(proofing_state.nin.verification_code, None)
user = self.app.private_userdb.get_user_by_eppn(self.test_user_eppn)
self.assertEqual(user.nins.primary.number, self.test_user_nin)
self.assertEqual(user.nins.primary.created_by,
not_verified_nin.created_by)
self.assertEqual(user.nins.primary.verified_by,
proofing_state.nin.created_by)
self.assertEqual(user.nins.primary.is_verified, True)
self.assertEqual(self.app.proofing_log.db_count(), 1)
def test_freja_flow_previously_added_wrong_nin(self,
mock_request_user_sync,
mock_get_postal_address,
mock_oidc_call):
mock_oidc_call.return_value = True
mock_get_postal_address.return_value = self.mock_address
mock_request_user_sync.side_effect = self.request_user_sync
user = self.app.central_userdb.get_user_by_eppn(self.test_user_eppn)
not_verified_nin = Nin.from_dict(
dict(number=self.test_user_wrong_nin,
created_by='test',
verified=False,
primary=False))
user.nins.add(not_verified_nin)
self.app.central_userdb.save(user)
with self.session_cookie(self.browser, self.test_user_eppn) as browser:
response = json.loads(browser.get('/proofing').data)
self.assertEqual(response['type'],
'GET_OIDC_PROOFING_PROOFING_SUCCESS')
csrf_token = response['payload']['csrf_token']
with self.session_cookie(self.browser, self.test_user_eppn) as browser:
data = {'nin': self.test_user_wrong_nin, 'csrf_token': csrf_token}
response = browser.post('/freja/proofing',
data=json.dumps(data),
content_type=self.content_type_json)
response = json.loads(response.data)
self.assertEqual(response['type'],
'POST_OIDC_PROOFING_FREJA_PROOFING_SUCCESS')
# No actual oidc flow tested here
proofing_state = self.app.proofing_statedb.get_state_by_eppn(
self.test_user_eppn)
userinfo = {
'results': {
'freja_eid': {
'vetting_time':
time.time(),
'ref':
'1234.5678.9012.3456',
'opaque':
'1' + json.dumps({
'nonce': proofing_state.nonce,
'token': proofing_state.token
}),
'country':
'SE',
'ssn':
self.test_user_nin,
}
}
}
with self.app.app_context():
handle_freja_eid_userinfo(user, proofing_state, userinfo)
user = self.app.private_userdb.get_user_by_eppn(self.test_user_eppn)
self.assertEqual(user.nins.primary.number, self.test_user_nin)
self.assertEqual(user.nins.primary.created_by,
proofing_state.nin.created_by)
self.assertEqual(user.nins.primary.verified_by,
proofing_state.nin.created_by)
self.assertEqual(user.nins.primary.is_verified, True)
self.assertEqual(self.app.proofing_log.db_count(), 1)
def test_seleg_flow_previously_added_wrong_nin(self,
mock_request_user_sync,
mock_get_postal_address,
mock_oidc_call):
mock_oidc_call.return_value = True
mock_get_postal_address.return_value = self.mock_address
mock_request_user_sync.side_effect = self.request_user_sync
user = self.app.central_userdb.get_user_by_eppn(self.test_user_eppn)
not_verified_nin = Nin.from_dict(
dict(number=self.test_user_wrong_nin,
created_by='test',
verified=False,
primary=False))
user.nins.add(not_verified_nin)
self.app.central_userdb.save(user)
with self.session_cookie(self.browser, self.test_user_eppn) as browser:
response = json.loads(browser.get('/proofing').data)
self.assertEqual(response['type'],
'GET_OIDC_PROOFING_PROOFING_SUCCESS')
csrf_token = response['payload']['csrf_token']
with self.session_cookie(self.browser, self.test_user_eppn) as browser:
data = {'nin': self.test_user_wrong_nin, 'csrf_token': csrf_token}
response = browser.post('/proofing',
data=json.dumps(data),
content_type=self.content_type_json)
response = json.loads(response.data)
self.assertEqual(response['type'],
'POST_OIDC_PROOFING_PROOFING_SUCCESS')
with self.session_cookie(self.browser, self.test_user_eppn) as browser:
response = json.loads(browser.get('/proofing').data)
self.assertEqual(response['type'],
'GET_OIDC_PROOFING_PROOFING_SUCCESS')
# Fake callback from OP
qrdata = json.loads(response['payload']['qr_code'][1:])
proofing_state = self.app.proofing_statedb.get_state_by_eppn(
self.test_user_eppn)
userinfo = {
'identity': self.test_user_nin,
'metadata': {
'score':
100,
'opaque':
'1' + json.dumps({
'nonce': proofing_state.nonce,
'token': proofing_state.token
}),
'ra_app':
'App id for vetting app',
},
}
self.mock_authorization_response(qrdata, proofing_state, userinfo)
user = self.app.private_userdb.get_user_by_eppn(self.test_user_eppn)
self.assertEqual(user.nins.primary.number, self.test_user_nin)
self.assertEqual(user.nins.primary.created_by,
proofing_state.nin.created_by)
self.assertEqual(user.nins.primary.verified_by,
proofing_state.nin.created_by)
self.assertEqual(user.nins.primary.is_verified, True)
self.assertEqual(self.app.proofing_log.db_count(), 1)