mirror of
https://github.com/GSA/notifications-admin.git
synced 2026-05-28 09:59:59 -04:00
126f9cf6be
We hide the radio field in the HTML for platform admins, as we don't want anyone to be able to change their auth type. However, when the form is validated, the form has a field called login_authentication that it expects a value for. It silently fails as it complains that when the user POSTed they didn't select a value for that radio field, but the error message is on the radio fields that don't get displayed to the user so they'd never know. Fixing this is actually pretty hard. We use this form in two places, one where we have a user to edit, one where we are creating an invite from scratch. So sometimes we don't know about a user's auth type. In addition, radio buttons are mandatory by design, but now sometimes we don't just want to make it optional but explicitly ignore the value being passed in? To solve this, remove the field entirely from the form if the user is a platform admin. This means that if the code in manage_users.py tries to access the login_authentication value from the form, it'll error, but I think that's okay to leave for now given we concede that this isn't a perfect final solution. The tests didn't flag this previously as they tried to set from sms_auth (the default for `platform_admin_user`) TO email_auth or sms_auth. Also, the diagnosis of this bug was confounded further by the fact that `mock_get_users_by_service` sets what is returned by the API - the service model then takes the IDs out of that response and calls `User.get_user_by_id` for the matching ID (as in, the code only uses get_users_by_service to ensure the user belongs to that service). This means that we accidentally set the form editing the current user, as when we log in we set `get_user_by_id` to return the user of our choice
82 KiB
82 KiB