Add test of views using invitations

ad7c869c · Andreas Ellewsen · 3c70acb4 · ad7c869c · ad7c869c · ad7c869c
Verified Commit ad7c869c authored 3 years ago by Andreas Ellewsen
--- a/gregui/api/urls.py
+++ b/gregui/api/urls.py
@@ -16,7 +16,7 @@ urlpatterns = router.urls
 urlpatterns += [
    re_path(r"roletypes/$", RoleTypeViewSet.as_view(), name="role-types"),
    re_path(r"units/$", UnitsViewSet.as_view(), name="units"),
-    path("invited/", InvitedGuestView.as_view(), name="invite"),
-    path("invited/<uuid>", CheckInvitationView.as_view()),
+    path("invited/", InvitedGuestView.as_view(), name="invited-info"),
+    path("invited/<uuid>", CheckInvitationView.as_view(), name="invite-verify"),
    path("invite/", CreateInvitationView.as_view(), name="invite-create"),
 ]
--- a/gregui/api/views/invitation.py
+++ b/gregui/api/views/invitation.py
@@ -169,7 +169,7 @@ class InvitedGuestView(APIView):
        clicked by the user. The next part of the flow is for the sponsor to confirm
        the guest.
        """
-        invite_id = kwargs["uuid"]
+        invite_id = request.session.get("invite_id")
        data = request.data

        with transaction.atomic():

--- a/gregui/tests/api/test_invitation.py
+++ b/gregui/tests/api/test_invitation.py
+import pytest
+
+from rest_framework import status
+from rest_framework.reverse import reverse
+from rest_framework.test import APIClient
+
+from greg.models import InvitationLink, Person
+
+
+@pytest.mark.django_db
+def test_get_invite(client):
+    """Forbid access with bad invitation link uuid"""
+    response = client.get(
+        reverse("gregui-v1:invite-verify", kwargs={"uuid": "baduuid"})
+    )
+    assert response.status_code == status.HTTP_403_FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_get_invite_ok(client, invitation_link):
+    """Access okay with valid invitation link"""
+    response = client.get(
+        reverse("gregui-v1:invite-verify", kwargs={"uuid": invitation_link.uuid})
+    )
+    assert response.status_code == status.HTTP_200_OK
+
+
+@pytest.mark.django_db
+def test_get_invite_expired(client, invitation_link_expired):
+    """Forbid access with expired invite link"""
+    response = client.get(
+        reverse(
+            "gregui-v1:invite-verify", kwargs={"uuid": invitation_link_expired.uuid}
+        )
+    )
+    assert response.status_code == status.HTTP_403_FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_get_invited_info_no_session(client, invitation_link):
+    response = client.get(reverse("gregui-v1:invited-info"))
+    assert response.status_code == status.HTTP_403_FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_get_invited_info_session_okay(client, invitation_link):
+    # get a session
+    client.get(
+        reverse("gregui-v1:invite-verify", kwargs={"uuid": invitation_link.uuid})
+    )
+    # Get info
+    response = client.get(reverse("gregui-v1:invited-info"))
+    assert response.status_code == status.HTTP_200_OK
+    data = response.json()
+    assert data.get("person")
+    assert data.get("sponsor")
+    assert data.get("role")
+
+
+@pytest.mark.django_db
+def test_get_invited_info_expired_link(client, invitation_link):
+    # Get a session while link is valid
+    client.get(
+        reverse("gregui-v1:invite-verify", kwargs={"uuid": invitation_link.uuid})
+    )
+    # Set expire link to expire long ago
+    invlink = InvitationLink.objects.get(uuid=invitation_link.uuid)
+    invlink.expire = "1970-01-01"
+    invlink.save()
+    # Make a get request that should fail because invite expired after login, but
+    # before get to userinfo
+    response = client.get(reverse("gregui-v1:invited-info"))
+    assert response.status_code == status.HTTP_403_FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_post_invited_info_ok_mobile_update(client: APIClient, invitation_link):
+    # get a session
+    client.get(
+        reverse("gregui-v1:invite-verify", kwargs={"uuid": invitation_link.uuid})
+    )
+    # post updated info to confirm from guest
+    new_phone = "12345678"
+    post_data = {"mobile_phone": new_phone}
+    response = client.post(
+        reverse("gregui-v1:invited-info"),
+        post_data,
+        format="json",
+    )
+    assert response.status_code == status.HTTP_201_CREATED
+    # Check that the object was updated in the database
+    person = Person.objects.get(id=invitation_link.invitation.role.person.id)
+    assert person.mobile_phone == new_phone
+
+
+@pytest.mark.django_db
+def test_post_invited_info_ok(client, invitation_link):
+    # get a session
+    client.get(
+        reverse("gregui-v1:invite-verify", kwargs={"uuid": invitation_link.uuid})
+    )
+    # post updated info to confirm from guest
+    response = client.post(reverse("gregui-v1:invited-info"))
+    assert response.status_code == status.HTTP_201_CREATED
+
+
+@pytest.mark.django_db
+def test_post_invited_info_expired_session(client, invitation_link):
+    # get a session
+    client.get(
+        reverse("gregui-v1:invite-verify", kwargs={"uuid": invitation_link.uuid})
+    )
+    # Set expire link to expire long ago
+    invlink = InvitationLink.objects.get(uuid=invitation_link.uuid)
+    invlink.expire = "1970-01-01"
+    invlink.save()
+    # post updated info to confirm from guest, should fail because of expired
+    # invitation link
+    response = client.post(reverse("gregui-v1:invited-info"))
+    assert response.status_code == status.HTTP_403_FORBIDDEN
+
+
+@pytest.mark.django_db
+def test_post_invited_info_deleted_inv_link(client, invitation_link):
+    # get a session
+    client.get(
+        reverse("gregui-v1:invite-verify", kwargs={"uuid": invitation_link.uuid})
+    )
+    # Delete link
+    invlink = InvitationLink.objects.get(uuid=invitation_link.uuid)
+    invlink.delete()
+    # post updated info to confirm from guest, should fail because of removed
+    # invitation link
+    response = client.post(reverse("gregui-v1:invited-info"))
+    assert response.status_code == status.HTTP_403_FORBIDDEN
--- a/gregui/tests/conftest.py
+++ b/gregui/tests/conftest.py
@@ -6,7 +6,15 @@ from rest_framework.test import APIClient

 import pytest

-from greg.models import Sponsor, OrganizationalUnit, RoleType
+from greg.models import (
+    Invitation,
+    InvitationLink,
+    OrganizationalUnit,
+    Person,
+    Role,
+    RoleType,
+    Sponsor,
+)
 from gregui.models import GregUserProfile

 # faker spams the logs with localisation warnings
@@ -56,3 +64,39 @@ def user_sponsor(sponsor_guy: Sponsor) -> User:

    # This user is a sponsor for unit_foo
    return user
+
+
+@pytest.fixture
+def person() -> Person:
+    pe = Person.objects.create()
+    return Person.objects.get(id=pe.id)
+
+
+@pytest.fixture
+def role(person, sponsor_guy, unit_foo, role_type_foo) -> Role:
+    role = Role.objects.create(
+        person=person,
+        sponsor_id=sponsor_guy,
+        orgunit_id=unit_foo,
+        end_date="2050-10-15",
+        type_id=role_type_foo.id,
+    )
+    return Role.objects.get(id=role.id)
+
+
+@pytest.fixture
+def invitation(role) -> Invitation:
+    inv = Invitation.objects.create(role=role)
+    return Invitation.objects.get(id=inv.id)
+
+
+@pytest.fixture
+def invitation_link(invitation) -> InvitationLink:
+    il = InvitationLink.objects.create(invitation=invitation, expire="2060-10-15")
+    return InvitationLink.objects.get(id=il.id)
+
+
+@pytest.fixture
+def invitation_link_expired(invitation) -> InvitationLink:
+    il = InvitationLink.objects.create(invitation=invitation, expire="1970-01-01")
+    return InvitationLink.objects.get(id=il.id)