From aaad48480a151fdac68885efc1c4179fa6c15fe9 Mon Sep 17 00:00:00 2001
From: Marie PUPO JEAMMET <marie.jeammet@beta.gouv.fr>
Date: Mon, 9 Sep 2024 19:08:05 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9C=85(dimail)=20fix=20tests=20still=20waiti?=
 =?UTF-8?q?ng=20for=20domain.secret?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For unknown reasons, these tests were forgotten and are still
refering to this 'secret' field, removed in last commit.
---
 .../api/mailboxes/test_api_mailboxes_create.py    | 15 +++++++++------
 .../tests/test_models_mailboxes.py                | 12 ++++++++----
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_create.py b/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_create.py
index cdb05bd..2acbb8a 100644
--- a/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_create.py
+++ b/src/backend/mailbox_manager/tests/api/mailboxes/test_api_mailboxes_create.py
@@ -5,6 +5,8 @@ Unit tests for the mailbox API
 import json
 import re
 
+from django.test.utils import override_settings
+
 import pytest
 import responses
 from rest_framework import status
@@ -361,14 +363,14 @@ def test_api_mailboxes__domain_owner_or_admin_successful_creation_and_provisioni
     assert mailbox.secondary_email == mailbox_data["secondary_email"]
 
 
-def test_api_mailboxes__wrong_secret_no_token_error():
+@override_settings(MAIL_PROVISIONING_API_CREDENTIALS="wrongCredentials")
+def test_api_mailboxes__dimail_token_permission_denied():
     """
     API should raise a clear "permission denied" error
     when receiving a 403_forbidden from dimail.
     """
     # creating all needed objects
     access = factories.MailDomainAccessFactory(role=enums.MailDomainRoleChoices.OWNER)
-    access.domain.secret = "nottherealsecret"
 
     client = APIClient()
     client.force_login(access.user)
@@ -394,15 +396,16 @@ def test_api_mailboxes__wrong_secret_no_token_error():
 
         assert response.status_code == status.HTTP_403_FORBIDDEN
         assert response.json() == {
-            "detail": f"Token denied - Wrong secret on mail domain {access.domain.name}"
+            "detail": "Token denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS."
         }
         assert not models.Mailbox.objects.exists()
 
 
-def test_api_mailboxes__secret_unrelated_to_domain():
+def test_api_mailboxes__user_unrelated_to_domain():
     """
-    API should raise a clear "permission denied"
-    when secret allows for a token but is not linked to queried domain on dimail-api.
+    API should raise a clear "permission denied" when dimail returns a permission denied
+    on mailbox creation. This means token was granted for this user
+    but user is not allowed to modify this domain (i.e. not owner)
     """
     # creating all needed objects
     access = factories.MailDomainAccessFactory(role=enums.MailDomainRoleChoices.OWNER)
diff --git a/src/backend/mailbox_manager/tests/test_models_mailboxes.py b/src/backend/mailbox_manager/tests/test_models_mailboxes.py
index 1a702b2..84e1b4a 100644
--- a/src/backend/mailbox_manager/tests/test_models_mailboxes.py
+++ b/src/backend/mailbox_manager/tests/test_models_mailboxes.py
@@ -145,7 +145,7 @@ def test_models_mailboxes__cannot_be_created_for_pending_maildomain():
 
 
 @override_settings(MAIL_PROVISIONING_API_CREDENTIALS=None)
-def test_models_mailboxes__no_secret():
+def test_models_mailboxes__dimail_no_credentials():
     """
     If MAIL_PROVISIONING_API_CREDENTIALS setting is not configured,
     trying to create a mailbox should raise an error.
@@ -159,8 +159,12 @@ def test_models_mailboxes__no_secret():
         factories.MailboxFactory(domain=domain)
 
 
-def test_models_mailboxes__wrong_secret():
-    """If domain secret is inaccurate, the function should raise an error."""
+@override_settings(MAIL_PROVISIONING_API_CREDENTIALS="wrongCredentials")
+def test_models_mailboxes__dimail_token_permissions_denied():
+    """
+    Our API should raise a clear "Permission denied" error
+    if dimail returns a permission denied on /token/ endpoint.
+    """
 
     domain = factories.MailDomainEnabledFactory()
 
@@ -176,7 +180,7 @@ def test_models_mailboxes__wrong_secret():
 
         with pytest.raises(
             exceptions.PermissionDenied,
-            match=f"Token denied - Wrong secret on mail domain {domain.name}",
+            match="Token denied. Please check your MAIL_PROVISIONING_API_CREDENTIALS.",
         ):
             mailbox = factories.MailboxFactory(use_mock=False, domain=domain)
             # Payload sent to mailbox provider