darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 02:42:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #118 from alphagov/fix-user-urls

Browse Source 
Call to client for password check incorrectly passed user instead
This commit is contained in:
NIcholas Staples
2016-01-28 12:41:37 +00:00
parent 5dccba56c9 ab20eaa491
commit 32de812e6d
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/main/views/service_settings.py
View File

@@ -64,7 +64,7 @@ def service_name_change_confirm(service_id):
# Validate password for form
def _check_password(pwd):
return verify_password(current_user, pwd)
return verify_password(current_user.id, pwd)
form = ConfirmPasswordForm(_check_password)
if form.validate_on_submit():
@@ -134,7 +134,7 @@ def service_status_change_confirm(service_id):
# Validate password for form
def _check_password(pwd):
return verify_password(current_user, pwd)
return verify_password(current_user.id, pwd)
form = ConfirmPasswordForm(_check_password)
if form.validate_on_submit():
@@ -183,7 +183,7 @@ def service_delete_confirm(service_id):
# Validate password for form
def _check_password(pwd):
return verify_password(current_user, pwd)
return verify_password(current_user.id, pwd)
form = ConfirmPasswordForm(_check_password)
if form.validate_on_submit():

2
app/main/views/sign_in.py
View File

@@ -39,7 +39,7 @@ def _get_and_verify_user(email_address, password):
return None
elif not user.is_active():
return None
elif not users_dao.verify_password(user, password):
elif not users_dao.verify_password(user.id, password):
return None
else:
return user

2
tests/app/main/views/test_sign_in.py
View File

@@ -31,6 +31,7 @@ def test_logged_in_user_redirects_to_choose_service(app_,
def test_process_sign_in_return_2fa_template(app_,
api_user_active,
mock_send_verify_code,
mock_get_user,
mock_get_user_by_email,
@@ -43,6 +44,7 @@ def test_process_sign_in_return_2fa_template(app_,
'password': 'val1dPassw0rd!'})
assert response.status_code == 302
assert response.location == 'http://localhost/two-factor'
mock_verify_password.assert_called_with(api_user_active.id, 'val1dPassw0rd!')
def test_should_return_locked_out_true_when_user_is_locked(app_,