fix

cds-snc · Oct 31, 2023 · 48e4ea7 · 48e4ea7
1 parent 7944c05
commit 48e4ea7
Show file tree

Hide file tree

Showing 4 changed files with 985 additions and 1,589 deletions.
diff --git a/app/config.py b/app/config.py
@@ -690,6 +690,7 @@ class Test(Development):
     FF_EMAIL_DAILY_LIMIT = False
     CRM_GITHUB_PERSONAL_ACCESS_TOKEN = "test-token"
     CRM_ORG_LIST_URL = "https://test-url.com"
+    FAILED_LOGIN_LIMIT = 0
 
 
 class Production(Config):

diff --git a/app/user/rest.py b/app/user/rest.py
@@ -237,7 +237,7 @@ def verify_user_password(user_id):
                 user_id=user_id, failed_login_count=user_to_verify.failed_login_count
             )
         else:
-            message = "Incorrect password"
+            message = "Incorrect password for user_id {user_id}".format(user_id=user_id)
         errors = {"password": [message]}
         raise InvalidRequest(errors, status_code=400)
 

diff --git a/tests/app/user/test_rest.py b/tests/app/user/test_rest.py
@@ -1546,9 +1546,8 @@ def test_update_user_blocked(admin_request, sample_user, account_change_template
     assert resp["data"]["blocked"]
 
 
-class TestFailedLoginAttempts:
-
-    def test_update_user_password_saves_correctly(client, sample_service):
+class TestFailedLogin:
+    def test_update_user_password_saves_correctly(self, client, sample_service, mocker):
         sample_user = sample_service.users[0]
         new_password = "tQETOgIO8yzDMyCsDjLZIEVZHAvkFArYfmSI1KTsJnlnPohI2tfIa8kfng7bxCm"
         data = {"_password": new_password}
@@ -1566,9 +1565,13 @@ def test_update_user_password_saves_correctly(client, sample_service):
         data = {"password": new_password}
         auth_header = create_authorization_header()
         headers = [("Content-Type", "application/json"), auth_header]
+        # We force a the password to fail on login
+        mocker.patch("app.models.User.check_password", return_value=False)
+
         resp = client.post(
-            url_for("user.t_user_password", user_id=str(sample_user.id)),
+            url_for("user.verify_user_password", user_id=str(sample_user.id)),
             data=json.dumps(data),
             headers=headers,
         )
-        assert resp.status_code == 204
+        assert resp.status_code == 400
+        assert "Incorrect password for user_id" in resp.json["message"]["password"][0]