Unit tests for needs_identity_verification

2025-05-15 17:17:02 +02:00 · 2023-12-06 22:59:56 -05:00 · 2023-12-06 22:59:56 -05:00 · bb19da9008
commit bb19da9008
parent ef9a542dda
2 changed files with 38 additions and 11 deletions
--- a/src/registrar/models/user.py
+++ b/src/registrar/models/user.py
@ -68,8 +68,11 @@ class User(AbstractUser):

    @classmethod
    def needs_identity_verification(cls, email, uuid):
+        """A method used by our oidc classes to test whether a user needs email/uuid verification
+        or the full identity PII verification"""
                
-         # An existing user who is a domain manager of a domain (that is, they have an entry in UserDomainRole for their User)
+         # An existing user who is a domain manager of a domain (that is,
+         # they have an entry in UserDomainRole for their User)
        try:    
            existing_user = cls.objects.get(username=uuid)
            if existing_user and UserDomainRole.objects.filter(user=existing_user).exists():
@ -77,11 +80,14 @@ class User(AbstractUser):
        except:
            pass
                
-        # A new incoming user who is a domain manager for one of the domains that we inputted from Verisign (that is, their email address appears in the username field of a TransitionDomain) 
+        # A new incoming user who is a domain manager for one of the domains
+        # that we inputted from Verisign (that is, their email address appears
+        # in the username field of a TransitionDomain) 
        if TransitionDomain.objects.filter(username=email).exists():
            return False
            
-        # A new incoming user who is being invited to be a domain manager (that is, their email address is in DomainInvitation for an invitation that is not yet "retrieved").
+        # A new incoming user who is being invited to be a domain manager (that is,
+        # their email address is in DomainInvitation for an invitation that is not yet "retrieved").
        if DomainInvitation.objects.filter(email=email, status=DomainInvitation.INVITED):
            return False
                
--- a/src/registrar/tests/test_models.py
+++ b/src/registrar/tests/test_models.py
@ -606,19 +606,15 @@ class TestInvitations(TestCase):


 class TestUser(TestCase):
-    """For now, just test actions that
-    occur on user login."""
+    """Test actions that occur on user login,
+    test class method that controls how users get validated."""

    def setUp(self):
        self.email = "mayor@igorville.gov"
        self.domain_name = "igorvilleInTransition.gov"
+        self.domain, _ = Domain.objects.get_or_create(name="igorville.gov")
        self.user, _ = User.objects.get_or_create(email=self.email)        

-        # clean out the roles each time
-        UserDomainRole.objects.all().delete()
-
-        TransitionDomain.objects.get_or_create(username="mayor@igorville.gov", domain_name=self.domain_name)
-
    def tearDown(self):
        super().tearDown()
        Domain.objects.all().delete()
@ -626,6 +622,8 @@ class TestUser(TestCase):
        DomainInformation.objects.all().delete()
        TransitionDomain.objects.all().delete()
        User.objects.all().delete()
+        UserDomainRole.objects.all().delete()
+        TransitionDomain.objects.get_or_create(username="mayor@igorville.gov", domain_name=self.domain_name)

    def test_check_transition_domains_without_domains_on_login(self):
        """A user's on_each_login callback does not check transition domains.
@ -634,3 +632,26 @@ class TestUser(TestCase):
        are created."""
        self.user.on_each_login()
        self.assertFalse(Domain.objects.filter(name=self.domain_name).exists())
+        
+    def test_identity_verification_with_domain_manager(self):
+        """A domain manager should return False when tested with class
+        method needs_identity_verification"""
+        UserDomainRole.objects.get_or_create(user=self.user, domain=self.domain, role=UserDomainRole.Roles.MANAGER)
+        self.assertFalse(User.needs_identity_verification(self.user.email, self.user.username))
+        
+    def test_identity_verification_with_transition_user(self):
+        """A user from the Verisign transition should return False
+        when tested with class method needs_identity_verification"""
+        TransitionDomain.objects.get_or_create(username=self.user.email, domain_name=self.domain_name)
+        self.assertFalse(User.needs_identity_verification(self.user.email, self.user.username))
+        
+    def test_identity_verification_with_invited_user(self):
+        """An invited user should return False when tested with class
+        method needs_identity_verification"""
+        DomainInvitation.objects.get_or_create(email=self.user.email, domain=self.domain)
+        self.assertFalse(User.needs_identity_verification(self.user.email, self.user.username))
+        
+    def test_identity_verification_with_new_user(self):
+        """A new user who's neither transitioned nor invited should
+        return True when tested with class method needs_identity_verification"""
+        self.assertTrue(User.needs_identity_verification(self.user.email, self.user.username))