Revert "don't expire email sign in codes on use"

app/user/rest.py

@@ -190,8 +190,7 @@ def verify_user_code(user_id):
         # only relevant from sms
         increment_failed_login_count(user_to_verify)
         raise InvalidRequest("Code not found", status_code=404)
-    # TODO: Fix email flow so that clicking link doesn't expire emails
+    if datetime.utcnow() > code.expiry_datetime or code.code_used:
-    if datetime.utcnow() > code.expiry_datetime or (code.code_used and data['code_type'] != 'email'):
         # sms and email
         increment_failed_login_count(user_to_verify)
         raise InvalidRequest("Code has expired", status_code=400)

pytest.ini

@@ -6,4 +6,3 @@ env =
     FIRETEXT_API_KEY=Firetext
     NOTIFICATION_QUEUE_PREFIX=testing
 addopts = -v -p no:warnings
-xfail_strict = true

tests/app/user/test_rest_verify.py

@@ -74,29 +74,25 @@ def test_user_verify_code_bad_code_and_increments_failed_login_count(client,
     assert User.query.get(sample_sms_code.user.id).failed_login_count == 1
 
 
-@freeze_time('2020-04-01 12:00')
+def test_user_verify_code_expired_code_and_increments_failed_login_count(
-@pytest.mark.parametrize('code_type', [EMAIL_TYPE, SMS_TYPE])
+        client,
-def test_user_verify_code_expired_code_and_increments_failed_login_count(code_type, admin_request, sample_user):
+        sample_sms_code):
-    magic_code = str(uuid.uuid4())
+    assert not VerifyCode.query.first().code_used
-    verify_code = create_user_code(sample_user, magic_code, code_type)
+    sample_sms_code.expiry_datetime = (
-    verify_code.expiry_datetime = datetime(2020, 4, 1, 11, 59)
+        datetime.utcnow() - timedelta(hours=1))
-
+    db.session.add(sample_sms_code)
-    data = {
+    db.session.commit()
-        'code_type': code_type,
+    data = json.dumps({
-        'code': magic_code
+        'code_type': sample_sms_code.code_type,
-    }
+        'code': sample_sms_code.txt_code})
-
+    auth_header = create_authorization_header()
-    admin_request.post(
+    resp = client.post(
-        'user.verify_user_code',
+        url_for('user.verify_user_code', user_id=sample_sms_code.user.id),
-        user_id=sample_user.id,
+        data=data,
-        _data=data,
+        headers=[('Content-Type', 'application/json'), auth_header])
-        _expected_status=400
+    assert resp.status_code == 400
-    )
+    assert not VerifyCode.query.first().code_used
-
+    assert User.query.get(sample_sms_code.user.id).failed_login_count == 1
-    assert verify_code.code_used is False
-    assert sample_user.logged_in_at is None
-    assert sample_user.current_session_id is None
-    assert sample_user.failed_login_count == 1
 
 
 @freeze_time("2016-01-01 10:00:00.000000")
@@ -452,13 +448,7 @@ def test_user_verify_email_code(admin_request, sample_user, auth_type):
     assert sample_user.current_session_id is not None
 
 
-@pytest.mark.parametrize('code_type', [
+@pytest.mark.parametrize('code_type', [EMAIL_TYPE, SMS_TYPE])
-    pytest.param(
-        EMAIL_TYPE,
-        marks=pytest.mark.xfail(raises=AssertionError, reason='Email code expiry disabled'),
-    ),
-    SMS_TYPE
-])
 @freeze_time('2016-01-01T12:00:00')
 def test_user_verify_email_code_fails_if_code_already_used(admin_request, sample_user, code_type):
     magic_code = str(uuid.uuid4())