API - disable emails sending when EMAIL_URL is not initialized

2022-04-23 18:04:20 +02:00
parent 8ea94d28a2
commit 848cc492fd
11 changed files with 380 additions and 119 deletions
--- a/fittrackee/tests/application/test_app_config_model.py
+++ b/fittrackee/tests/application/test_app_config_model.py
@ -24,6 +24,7 @@ class TestConfigModel:
            serialized_app_config['gpx_limit_import']
            == app_config.gpx_limit_import
        )
+        assert serialized_app_config['is_email_sending_enabled'] is True
        assert serialized_app_config['is_registration_enabled'] is True
        assert (
            serialized_app_config['max_single_file_size']
@ -49,3 +50,11 @@ class TestConfigModel:

        assert app_config.is_registration_enabled is False
        assert serialized_app_config['is_registration_enabled'] is False
+
+    def test_it_returns_email_sending_disabled_when_no_email_url_provided(
+        self, app_wo_email_activation: Flask, user_1: User, user_2: User
+    ) -> None:
+        app_config = AppConfig.query.first()
+        serialized_app_config = app_config.serialize()
+
+        assert serialized_app_config['is_email_sending_enabled'] is False
--- a/fittrackee/tests/fixtures/fixtures_app.py
+++ b/fittrackee/tests/fixtures/fixtures_app.py
@ -146,6 +146,12 @@ def app_wo_email_auth(monkeypatch: pytest.MonkeyPatch) -> Generator:
    yield from get_app(with_config=True)


+@pytest.fixture
+def app_wo_email_activation(monkeypatch: pytest.MonkeyPatch) -> Generator:
+    monkeypatch.setenv('EMAIL_URL', '')
+    yield from get_app(with_config=True)
+
+
@pytest.fixture
 def app_wo_domain() -> Generator:
    yield from get_app(with_config=True)
--- a/fittrackee/tests/users/test_auth_api.py
+++ b/fittrackee/tests/users/test_auth_api.py
@ -294,6 +294,31 @@ class TestUserRegistration(ApiTestCaseMixin):
            },
        )

+    def test_it_does_not_call_account_confirmation_email_when_email_sending_is_disabled(  # noqa
+        self,
+        app_wo_email_activation: Flask,
+        account_confirmation_email_mock: Mock,
+    ) -> None:
+        client = app_wo_email_activation.test_client()
+        email = self.random_email()
+        username = self.random_string()
+
+        response = client.post(
+            '/api/auth/register',
+            data=json.dumps(
+                dict(
+                    username=username,
+                    email=email,
+                    password='12345678',
+                )
+            ),
+            content_type='application/json',
+            environ_base={'HTTP_USER_AGENT': USER_AGENT},
+        )
+
+        assert response.status_code == 200
+        account_confirmation_email_mock.send.assert_not_called()
+
    @pytest.mark.parametrize(
        'text_transformation',
        ['upper', 'lower'],
@ -773,6 +798,36 @@ class TestUserAccountUpdate(ApiTestCaseMixin):
        assert new_email == user_1.email_to_confirm
        assert user_1.confirmation_token is not None

+    def test_it_updates_email_when_email_sending_is_disabled(
+        self,
+        app_wo_email_activation: Flask,
+        user_1: User,
+        email_updated_to_current_address_mock: MagicMock,
+        email_updated_to_new_address_mock: MagicMock,
+        password_change_email_mock: MagicMock,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_wo_email_activation, user_1.email
+        )
+        new_email = 'new.email@example.com'
+
+        response = client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    email=new_email,
+                    password='12345678',
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        assert user_1.email == new_email
+        assert user_1.email_to_confirm is None
+        assert user_1.confirmation_token is None
+
    def test_it_calls_email_updated_to_current_email_send_when_new_email_provided(  # noqa
        self,
        app: Flask,
@ -1107,6 +1162,37 @@ class TestUserAccountUpdate(ApiTestCaseMixin):
        email_updated_to_new_address_mock.send.assert_called_once()
        password_change_email_mock.send.assert_called_once()

+    def test_it_does_not_calls_all_email_send_when_email_sending_is_disabled(
+        self,
+        app_wo_email_activation: Flask,
+        user_1: User,
+        email_updated_to_current_address_mock: MagicMock,
+        email_updated_to_new_address_mock: MagicMock,
+        password_change_email_mock: MagicMock,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_wo_email_activation, user_1.email
+        )
+
+        client.patch(
+            '/api/auth/profile/edit/account',
+            content_type='application/json',
+            data=json.dumps(
+                dict(
+                    email='new.email@example.com',
+                    password='12345678',
+                    new_password=self.random_string(),
+                )
+            ),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        self.assert_no_emails_sent(
+            email_updated_to_current_address_mock,
+            email_updated_to_new_address_mock,
+            password_change_email_mock,
+        )
+

 class TestUserPreferencesUpdate(ApiTestCaseMixin):
    def test_it_returns_error_if_payload_is_empty(
@ -1648,6 +1734,21 @@ class TestPasswordResetRequest(ApiTestCaseMixin):

        self.assert_400(response)

+    def test_it_returns_error_when_email_sending_is_disabled(
+        self, app_wo_email_activation: Flask
+    ) -> None:
+        client = app_wo_email_activation.test_client()
+
+        response = client.post(
+            '/api/auth/password/reset-request',
+            data=json.dumps(dict(email='test@test.com')),
+            content_type='application/json',
+        )
+
+        self.assert_404_with_message(
+            response, 'the requested URL was not found on the server'
+        )
+
    def test_it_requests_password_reset_when_user_exists(
        self, app: Flask, user_1: User, user_reset_password_email: Mock
    ) -> None:
@ -1873,7 +1974,7 @@ class TestPasswordUpdate(ApiTestCaseMixin):
        assert data['status'] == 'success'
        assert data['message'] == 'password updated'

-    def test_it_send_email_after_successful_update(
+    def test_it_sends_email_after_successful_update(
        self,
        app: Flask,
        user_1: User,
@ -1908,6 +2009,29 @@ class TestPasswordUpdate(ApiTestCaseMixin):
            },
        )

+    def test_it_does_not_send_email_when_email_sending_is_disabled(
+        self,
+        app_wo_email_activation: Flask,
+        user_1: User,
+        password_change_email_mock: MagicMock,
+    ) -> None:
+        token = get_user_token(user_1.id, password_reset=True)
+        client = app_wo_email_activation.test_client()
+
+        client.post(
+            '/api/auth/password/update',
+            data=json.dumps(
+                dict(
+                    token=token,
+                    password=self.random_string(),
+                )
+            ),
+            content_type='application/json',
+            environ_base={'HTTP_USER_AGENT': USER_AGENT},
+        )
+
+        password_change_email_mock.send.assert_not_called()
+

 class TestEmailUpdateWitUnauthenticatedUser(ApiTestCaseMixin):
    def test_it_returns_error_if_token_is_missing(self, app: Flask) -> None:
@ -2138,3 +2262,18 @@ class TestResendAccountConfirmationEmail(ApiTestCaseMixin):
                ),
            },
        )
+
+    def test_it_returns_error_if_email_sending_is_disabled(
+        self, app_wo_email_activation: Flask, inactive_user: User
+    ) -> None:
+        client = app_wo_email_activation.test_client()
+
+        response = client.post(
+            '/api/auth/account/resend-confirmation',
+            data=json.dumps(dict(email=inactive_user.email)),
+            content_type='application/json',
+        )
+
+        self.assert_404_with_message(
+            response, 'the requested URL was not found on the server'
+        )
--- a/fittrackee/tests/users/test_users_api.py
+++ b/fittrackee/tests/users/test_users_api.py
@ -1077,6 +1077,27 @@ class TestUpdateUser(ApiTestCaseMixin):
            },
        )

+    def test_it_does_not_call_password_change_email_when_email_sending_is_disabled(  # noqa
+        self,
+        app_wo_email_activation: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_password_change_email_mock: MagicMock,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_wo_email_activation, user_1_admin.email
+        )
+
+        response = client.patch(
+            f'/api/users/{user_2.username}',
+            content_type='application/json',
+            data=json.dumps(dict(reset_password=True)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        user_password_change_email_mock.send.assert_not_called()
+
    def test_it_calls_reset_password_email_when_password_reset_is_successful(
        self,
        app: Flask,
@ -1118,6 +1139,27 @@ class TestUpdateUser(ApiTestCaseMixin):
            },
        )

+    def test_it_does_not_call_reset_password_email_when_email_sending_is_disabled(  # noqa
+        self,
+        app_wo_email_activation: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_reset_password_email: MagicMock,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_wo_email_activation, user_1_admin.email
+        )
+
+        response = client.patch(
+            f'/api/users/{user_2.username}',
+            content_type='application/json',
+            data=json.dumps(dict(reset_password=True)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        user_reset_password_email.send.assert_not_called()
+
    def test_it_returns_error_when_updating_email_with_invalid_address(
        self, app: Flask, user_1_admin: User, user_2: User
    ) -> None:
@ -1229,6 +1271,28 @@ class TestUpdateUser(ApiTestCaseMixin):
            },
        )

+    def test_it_does_not_call_email_updated_to_new_address_when_email_sending_is_disabled(  # noqa
+        self,
+        app_wo_email_activation: Flask,
+        user_1_admin: User,
+        user_2: User,
+        user_email_updated_to_new_address_mock: MagicMock,
+    ) -> None:
+        client, auth_token = self.get_test_client_and_auth_token(
+            app_wo_email_activation, user_1_admin.email
+        )
+        new_email = 'new.' + user_2.email
+
+        response = client.patch(
+            f'/api/users/{user_2.username}',
+            content_type='application/json',
+            data=json.dumps(dict(new_email=new_email)),
+            headers=dict(Authorization=f'Bearer {auth_token}'),
+        )
+
+        assert response.status_code == 200
+        user_email_updated_to_new_address_mock.send.assert_not_called()
+
    def test_it_activates_user_account(
        self, app: Flask, user_1_admin: User, inactive_user: User
    ) -> None: