From e8d2a81597cc726dca1cd60b86c22351e6385cf5 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 1 Dec 2015 10:35:49 +0000 Subject: [PATCH] 108536490: Fix bug when user does not exist and tries to sign in --- app/main/views/sign_in.py | 4 ++-- tests/app/main/views/test_sign_in.py | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index e2d37a9c9..b48487724 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -20,12 +20,12 @@ def process_sign_in(): form = LoginForm() if form.validate_on_submit(): user = users_dao.get_user_by_email(form.email_address.data) + if user is None: + return jsonify(authorization=False), 401 if user.is_locked(): return jsonify(locked_out=True), 401 if not user.is_active(): return jsonify(active_user=False), 401 - if user is None: - return jsonify(authorization=False), 401 if checkpw(form.password.data, user.password): login_user(user) else: diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py index 2f55ba8cf..da181cd8a 100644 --- a/tests/app/main/views/test_sign_in.py +++ b/tests/app/main/views/test_sign_in.py @@ -79,3 +79,11 @@ def test_should_return_active_user_is_false_if_user_is_inactive(notifications_ad assert response.status_code == 401 assert '"active_user": false' in response.get_data(as_text=True) + + +def test_should_return_401_when_user_does_not_exist(notifications_admin, notifications_admin_db): + response = notifications_admin.test_client().post('/sign-in', + data={'email_address': 'does_not_exist@gov.uk', + 'password': 'doesNotExist!'}) + + assert response.status_code == 401