If failed login count > 0 and user subsequently logs in sucessfully,

then failed logins set to 0.
2026-02-01 07:35:34 -05:00 · 2016-01-28 11:32:46 +00:00
parent 9bf11b3d40
commit 806b3f6851
4 changed files with 67 additions and 3 deletions
--- a/tests/app/dao/test_users_dao.py
+++ b/tests/app/dao/test_users_dao.py
@@ -2,11 +2,13 @@ from sqlalchemy.exc import DataError
 from sqlalchemy.orm.exc import NoResultFound

 import pytest
+
 from app.dao.users_dao import (
    save_model_user,
    get_model_users,
    delete_model_user,
-    increment_failed_login_count
+    increment_failed_login_count,
+    reset_failed_login_count
 )

 from tests.app.conftest import sample_user as create_sample_user
@@ -74,3 +76,11 @@ def test_increment_failed_login_should_increment_failed_logins(notify_api, notif
    assert sample_user.failed_login_count == 0
    increment_failed_login_count(sample_user)
    assert sample_user.failed_login_count == 1
+
+
+def test_reset_failed_login_should_set_failed_logins_to_0(notify_api, notify_db, notify_db_session, sample_user):
+    assert User.query.count() == 1
+    increment_failed_login_count(sample_user)
+    assert sample_user.failed_login_count == 1
+    reset_failed_login_count(sample_user)
+    assert sample_user.failed_login_count == 0
--- a/tests/app/user/test_rest_verify.py
+++ b/tests/app/user/test_rest_verify.py
@@ -182,6 +182,45 @@ def test_user_verify_password_invalid_password(notify_api,
            assert sample_user.failed_login_count == 1


+def test_user_verify_password_valid_password_resets_failed_logins(notify_api,
+                                                                  notify_db,
+                                                                  notify_db_session,
+                                                                  sample_user):
+
+    with notify_api.test_request_context():
+        with notify_api.test_client() as client:
+            data = json.dumps({'password': 'bad password'})
+            auth_header = create_authorization_header(
+                path=url_for('user.verify_user_password', user_id=sample_user.id),
+                method='POST',
+                request_body=data)
+
+            assert sample_user.failed_login_count == 0
+
+            resp = client.post(
+                url_for('user.verify_user_password', user_id=sample_user.id),
+                data=data,
+                headers=[('Content-Type', 'application/json'), auth_header])
+            assert resp.status_code == 400
+            json_resp = json.loads(resp.get_data(as_text=True))
+            assert 'Incorrect password' in json_resp['message']['password']
+
+            assert sample_user.failed_login_count == 1
+
+            data = json.dumps({'password': 'password'})
+            auth_header = create_authorization_header(
+                path=url_for('user.verify_user_password', user_id=sample_user.id),
+                method='POST',
+                request_body=data)
+            resp = client.post(
+                url_for('user.verify_user_password', user_id=sample_user.id),
+                data=data,
+                headers=[('Content-Type', 'application/json'), auth_header])
+
+            assert resp.status_code == 204
+            assert sample_user.failed_login_count == 0
+
+
 def test_user_verify_password_missing_password(notify_api,
                                               notify_db,
                                               notify_db_session,