mirror of
https://github.com/GSA/notifications-api.git
synced 2026-02-02 08:35:15 -05:00
dont set session_id or logged_in_at if user provides email code
This commit is contained in:
Leo Hemsted
@@ -110,21 +110,21 @@ def verify_user_code(user_id):
|
||||
user_to_verify = get_user_by_id(user_id=user_id)
|
||||
|
||||
req_json = request.get_json()
|
||||
txt_code = None
|
||||
txt_type = None
|
||||
verify_code = None
|
||||
code_type = None
|
||||
errors = {}
|
||||
try:
|
||||
txt_code = req_json['code']
|
||||
verify_code = req_json['code']
|
||||
except KeyError:
|
||||
errors.update({'code': ['Required field missing data']})
|
||||
try:
|
||||
txt_type = req_json['code_type']
|
||||
code_type = req_json['code_type']
|
||||
except KeyError:
|
||||
errors.update({'code_type': ['Required field missing data']})
|
||||
if errors:
|
||||
raise InvalidRequest(errors, status_code=400)
|
||||
|
||||
code = get_user_code(user_to_verify, txt_code, txt_type)
|
||||
code = get_user_code(user_to_verify, verify_code, code_type)
|
||||
if not code:
|
||||
increment_failed_login_count(user_to_verify)
|
||||
raise InvalidRequest("Code not found", status_code=404)
|
||||
@@ -132,9 +132,10 @@ def verify_user_code(user_id):
|
||||
increment_failed_login_count(user_to_verify)
|
||||
raise InvalidRequest("Code has expired", status_code=400)
|
||||
|
||||
user_to_verify.current_session_id = str(uuid.uuid4())
|
||||
user_to_verify.logged_in_at = datetime.utcnow()
|
||||
save_model_user(user_to_verify)
|
||||
if code_type == 'sms':
|
||||
user_to_verify.current_session_id = str(uuid.uuid4())
|
||||
user_to_verify.logged_in_at = datetime.utcnow()
|
||||
save_model_user(user_to_verify)
|
||||
|
||||
use_user_code(code.id)
|
||||
reset_failed_login_count(user_to_verify)
|
||||
|
||||
@@ -22,7 +22,7 @@ from tests import create_authorization_header
|
||||
|
||||
|
||||
@freeze_time('2016-01-01T12:00:00')
|
||||
def test_user_verify_code(client, sample_sms_code):
|
||||
def test_user_verify_sms_code(client, sample_sms_code):
|
||||
sample_sms_code.user.logged_in_at = datetime.utcnow() - timedelta(days=1)
|
||||
assert not VerifyCode.query.first().code_used
|
||||
assert sample_sms_code.user.current_session_id is None
|
||||
@@ -40,6 +40,25 @@ def test_user_verify_code(client, sample_sms_code):
|
||||
assert sample_sms_code.user.current_session_id is not None
|
||||
|
||||
|
||||
@freeze_time('2016-01-01T12:00:00')
|
||||
def test_user_verify_email_code(client, sample_email_code):
|
||||
sample_email_code.user.logged_in_at = datetime.utcnow() - timedelta(days=1)
|
||||
assert not VerifyCode.query.first().code_used
|
||||
assert sample_email_code.user.current_session_id is None
|
||||
data = json.dumps({
|
||||
'code_type': sample_email_code.code_type,
|
||||
'code': sample_email_code.txt_code})
|
||||
auth_header = create_authorization_header()
|
||||
resp = client.post(
|
||||
url_for('user.verify_user_code', user_id=sample_email_code.user.id),
|
||||
data=data,
|
||||
headers=[('Content-Type', 'application/json'), auth_header])
|
||||
assert resp.status_code == 204
|
||||
assert VerifyCode.query.first().code_used
|
||||
assert sample_email_code.user.logged_in_at == datetime.utcnow() - timedelta(days=1)
|
||||
assert sample_email_code.user.current_session_id is None
|
||||
|
||||
|
||||
def test_user_verify_code_missing_code(client,
|
||||
sample_sms_code):
|
||||
assert not VerifyCode.query.first().code_used
|
||||
|
||||
Reference in New Issue
Block a user