darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-25 01:41:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2716 from alphagov/fix-reset-password

Browse Source 
Fix reset password flow
This commit is contained in:
Pea M. Tyczynska
2020-02-18 15:09:16 +00:00
committed by GitHub
parent ce253a990b e794300ff3
commit 5cd27aee2c
2 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/user/rest.py
View File

@@ -462,7 +462,7 @@ def update_password(user_id):
user = get_user_by_id(user_id=user_id)
req_json = request.get_json()
password = req_json.get('_password')
validated_email_access = req_json.get('validated_email_access')
validated_email_access = req_json.pop('validated_email_access', False)
update_dct, errors = user_update_password_schema_load_json.load(req_json)
if errors:
raise InvalidRequest(errors, status_code=400)

20
tests/app/user/test_rest.py
View File

@@ -2,6 +2,7 @@ import json
import pytest
import mock
from uuid import UUID
from datetime import datetime
from flask import url_for
from freezegun import freeze_time
@@ -703,12 +704,22 @@ def test_send_user_confirm_new_email_returns_400_when_email_missing(client, samp
mocked.assert_not_called()
def test_update_user_password_saves_correctly(client, sample_service):
@pytest.mark.parametrize('data,email_access_validated_at', [
({'_password': '1234567890'}, datetime(2020, 2, 13, 12, 0)),
({
'_password': '1234567890',
'validated_email_access': True,
}, datetime(2020, 2, 14, 12, 0)),
({
'_password': '1234567890',
'validated_email_access': False,
}, datetime(2020, 2, 13, 12, 0))
])
@freeze_time('2020-02-14T12:00:00')
def test_update_user_password_saves_correctly(client, sample_service, data, email_access_validated_at):
sample_user = sample_service.users[0]
sample_user.email_access_validated_at = datetime(2020, 2, 13, 12, 0)
new_password = '1234567890'
data = {
'_password': new_password
}
auth_header = create_authorization_header()
headers = [('Content-Type', 'application/json'), auth_header]
resp = client.post(
@@ -716,6 +727,7 @@ def test_update_user_password_saves_correctly(client, sample_service):
data=json.dumps(data),
headers=headers)
assert resp.status_code == 200
assert sample_user.email_access_validated_at == email_access_validated_at
json_resp = json.loads(resp.get_data(as_text=True))
assert json_resp['data']['password_changed_at'] is not None