108536490: Fix bug when user does not exist and tries to sign in

2026-02-05 02:42:26 -05:00 · 2015-12-01 10:35:49 +00:00
parent 0a20d0dddf
commit e8d2a81597
2 changed files with 10 additions and 2 deletions
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -20,12 +20,12 @@ def process_sign_in():
    form = LoginForm()
    if form.validate_on_submit():
        user = users_dao.get_user_by_email(form.email_address.data)
+        if user is None:
+            return jsonify(authorization=False), 401
        if user.is_locked():
            return jsonify(locked_out=True), 401
        if not user.is_active():
            return jsonify(active_user=False), 401
-        if user is None:
-            return jsonify(authorization=False), 401
        if checkpw(form.password.data, user.password):
            login_user(user)
        else:
--- a/tests/app/main/views/test_sign_in.py
+++ b/tests/app/main/views/test_sign_in.py
@@ -79,3 +79,11 @@ def test_should_return_active_user_is_false_if_user_is_inactive(notifications_ad

    assert response.status_code == 401
    assert '"active_user": false' in response.get_data(as_text=True)
+
+
+def test_should_return_401_when_user_does_not_exist(notifications_admin, notifications_admin_db):
+    response = notifications_admin.test_client().post('/sign-in',
+                                                      data={'email_address': 'does_not_exist@gov.uk',
+                                                            'password': 'doesNotExist!'})
+
+    assert response.status_code == 401