Failed login count set to zero with password reset.

app/main/views/two_factor.py

@@ -34,6 +34,7 @@ def two_factor():
             # Check if coming from new password page
             if 'password' in session['user_details']:
                 user.set_password(session['user_details']['password'])
+                user.reset_failed_login_count()
                 user_api_client.update_user(user)
             login_user(user, remember=True)
         finally:

app/notify_client/models.py

@@ -108,6 +108,9 @@ class User(UserMixin):
     def failed_login_count(self, num):
         self._failed_login_count += num
 
+    def reset_failed_login_count(self):
+        self._failed_login_count = 0
+
     def is_locked(self):
         return self.failed_login_count >= self.max_failed_login_count
 

tests/app/main/views/test_two_factor.py

@@ -177,3 +177,31 @@ def test_two_factor_should_set_password_when_new_password_exists_in_session(app_
             )
             api_user_active.password = 'changedpassword'
             mock_update_user.assert_called_once_with(api_user_active)
+
+
+def test_two_factor_reset_login_count_called(app_,
+                                             api_user_locked,
+                                             mock_get_locked_user,
+                                             mock_update_user,
+                                             mock_check_verify_code,
+                                             mock_get_services_with_one_service):
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            with client.session_transaction() as session:
+                new_password = "1234567890"
+                session['user_details'] = {
+                    'id': api_user_locked.id,
+                    'email': api_user_locked.email_address,
+                    'password': new_password
+                }
+            response = client.post(url_for('main.two_factor'),
+                                   data={'sms_code': '12345'})
+            assert response.status_code == 302
+            assert response.location == url_for(
+                'main.service_dashboard',
+                service_id=SERVICE_ONE_ID,
+                _external=True
+            )
+            api_user_locked.reset_failed_login_count()
+            api_user_locked.password = new_password
+            mock_update_user.assert_called_with(api_user_locked)

tests/conftest.py

@@ -406,14 +406,22 @@ def mock_register_user(mocker, api_user_pending):
 
 
 @pytest.fixture(scope='function')
-def mock_get_user(mocker, api_user_active):
+def mock_get_user(mocker, user=None):
+    if user is None:
+        user = api_user_active(fake_uuid())
+
     def _get_user(id_):
-        api_user_active.id = id_
-        return api_user_active
+        user.id = id_
+        return user
     return mocker.patch(
         'app.user_api_client.get_user', side_effect=_get_user)
 
 
+@pytest.fixture(scope='function')
+def mock_get_locked_user(mocker, api_user_locked):
+    return mock_get_user(mocker, user=api_user_locked)
+
+
 @pytest.fixture(scope='function')
 def mock_get_user_locked(mocker, api_user_locked):
     return mocker.patch(
@@ -427,14 +435,21 @@ def mock_get_user_pending(mocker, api_user_pending):
 
 
 @pytest.fixture(scope='function')
-def mock_get_user_by_email(mocker, api_user_active):
+def mock_get_user_by_email(mocker, user=None):
+    if user is None:
+        user = api_user_active(fake_uuid())
 
     def _get_user(email_address):
-        api_user_active._email_address = email_address
-        return api_user_active
+        user._email_address = email_address
+        return user
     return mocker.patch('app.user_api_client.get_user_by_email', side_effect=_get_user)
 
 
+@pytest.fixture(scope='function')
+def mock_get_locked_user_by_email(mocker, api_user_locked):
+    return mock_get_user_by_email(mocker, user=api_user_locked)
+
+
 @pytest.fixture(scope='function')
 def mock_get_user_with_permissions(mocker, api_user_active):
     def _get_user(id):