Only set initiator ID when user account is initialized by admin, not …

…when initialized by user itself via e-mail address confirmation
byceps · Oct 6, 2019 · d1c0798 · d1c0798
1 parent ea96205
commit d1c0798
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 12 deletions.
diff --git a/byceps/blueprints/admin/user/views.py b/byceps/blueprints/admin/user/views.py
@@ -234,7 +234,7 @@ def initialize_account(user_id):
 
     initiator_id = g.current_user.id
 
-    user_command_service.initialize_account(user.id, initiator_id)
+    user_command_service.initialize_account(user.id, initiator_id=initiator_id)
 
     flash_success(
         f"Das Benutzerkonto '{user.screen_name}' wurde initialisiert."

diff --git a/byceps/services/user/command_service.py b/byceps/services/user/command_service.py
@@ -20,7 +20,9 @@
 from .models.user import User as DbUser
 
 
-def initialize_account(user_id: UserID, initiator_id: UserID) -> None:
+def initialize_account(
+    user_id: UserID, *, initiator_id: Optional[UserID] = None
+) -> None:
     """Initialize the user account.
 
     This is meant to happen only once at most, and can not be undone.
@@ -32,17 +34,20 @@ def initialize_account(user_id: UserID, initiator_id: UserID) -> None:
 
     user.initialized = True
 
-    event = event_service.build_event('user-initialized', user.id, {
-        'initiator_id': str(initiator_id),
-    })
+    event_data = {}
+    if initiator_id:
+        event_data['initiator_id'] = str(initiator_id)
+    event = event_service.build_event('user-initialized', user.id, event_data)
     db.session.add(event)
 
     db.session.commit()
 
-    _assign_roles(user.id, initiator_id)
+    _assign_roles(user.id, initiator_id=initiator_id)
 
 
-def _assign_roles(user_id: UserID, initiator_id: UserID) -> None:
+def _assign_roles(
+    user_id: UserID, *, initiator_id: Optional[UserID] = None
+) -> None:
     board_user_role = authorization_service.find_role(RoleID('board_user'))
 
     authorization_service.assign_role_to_user(

diff --git a/byceps/services/user/email_address_confirmation_service.py b/byceps/services/user/email_address_confirmation_service.py
@@ -60,6 +60,6 @@ def confirm_email_address(verification_token: Token) -> None:
     user_event_service.create_event('email-address-confirmed', user.id, data)
 
     if not user.initialized:
-        command_service.initialize_account(user.id, user.id)
+        command_service.initialize_account(user.id)
 
     verification_token_service.delete_token(verification_token)
diff --git a/tests/services/user/test_initialize.py b/tests/services/user/test_initialize.py
@@ -29,9 +29,47 @@ def app(admin_app, db):
             yield _app
 
 
-def test_initialize_account(app):
+def test_initialize_account_as_user(app):
+    user_id = create_user('CreatedOnline', initialized=False).id
+
+    user_before = user_command_service._get_user(user_id)
+    assert not user_before.initialized
+
+    events_before = event_service.get_events_for_user(user_before.id)
+    assert len(events_before) == 0
+
+    role_ids_before = authorization_service.find_role_ids_for_user(user_id)
+    assert role_ids_before == set()
+
+    # -------------------------------- #
+
+    user_command_service.initialize_account(user_id)
+
+    # -------------------------------- #
+
+    user_after = user_command_service._get_user(user_id)
+    assert user_after.initialized
+
+    events_after = event_service.get_events_for_user(user_after.id)
+    assert len(events_after) == 2
+
+    user_enabled_event = events_after[0]
+    assert user_enabled_event.event_type == 'user-initialized'
+    assert user_enabled_event.data == {}
+
+    role_assigned_event = events_after[1]
+    assert role_assigned_event.event_type == 'role-assigned'
+    assert role_assigned_event.data == {
+        'role_id': 'board_user',
+    }
+
+    role_ids_after = authorization_service.find_role_ids_for_user(user_id)
+    assert role_ids_after == {'board_user'}
+
+
+def test_initialize_account_as_admin(app):
     admin_id = app.admin_id
-    user_id = create_user('CreatedAtPartyCheckIn', initialized=False).id
+    user_id = create_user('CreatedAtPartyCheckInByAdmin', initialized=False).id
 
     user_before = user_command_service._get_user(user_id)
     assert not user_before.initialized
@@ -44,7 +82,7 @@ def test_initialize_account(app):
 
     # -------------------------------- #
 
-    user_command_service.initialize_account(user_id, admin_id)
+    user_command_service.initialize_account(user_id, initiator_id=admin_id)
 
     # -------------------------------- #
 
@@ -84,7 +122,7 @@ def test_initialize_already_initialized_account(app):
     # -------------------------------- #
 
     with raises(ValueError):
-        user_command_service.initialize_account(user_id, admin_id)
+        user_command_service.initialize_account(user_id, initiator_id=admin_id)
 
     # -------------------------------- #