Merge pull request #818 from alphagov/feat-add-update-user-password-endpoint

Add separate endpoint to update a user's password
2026-02-03 18:01:08 -05:00 · 2017-02-08 09:44:29 +00:00
parent 08e39d4b93 a764ba8451
commit cdc693fae5
5 changed files with 75 additions and 3 deletions
--- a/tests/app/dao/test_users_dao.py
+++ b/tests/app/dao/test_users_dao.py
@@ -14,6 +14,7 @@ from app.dao.users_dao import (
    reset_failed_login_count,
    get_user_by_email,
    delete_codes_older_created_more_than_a_day_ago,
+    update_user_password
 )

 from app.models import User, VerifyCode
@@ -132,3 +133,10 @@ def test_update_user_attribute(client, sample_user, user_attribute, user_value):
    }
    save_user_attribute(sample_user, update_dict)
    assert getattr(sample_user, user_attribute) == user_value
+
+
+def test_update_user_password(notify_api, notify_db, notify_db_session, sample_user):
+    password = 'newpassword'
+    assert not sample_user.check_password(password)
+    update_user_password(sample_user, password)
+    assert sample_user.check_password(password)
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -117,7 +117,7 @@ def test_post_user_missing_attribute_email(notify_api, notify_db, notify_db_sess
            assert {'email_address': ['Missing data for required field.']} == json_resp['message']


-def test_post_user_missing_attribute_password(notify_api, notify_db, notify_db_session):
+def test_create_user_missing_attribute_password(notify_api, notify_db, notify_db_session):
    """
    Tests POST endpoint '/' missing attribute password.
    """
@@ -532,3 +532,30 @@ def test_send_user_confirm_new_email_returns_400_when_email_missing(client, samp
    assert resp.status_code == 400
    assert json.loads(resp.get_data(as_text=True))['message'] == {'email': ['Missing data for required field.']}
    mocked.assert_not_called()
+
+
+def test_update_user_password_saves_correctly(client, sample_service):
+    assert User.query.count() == 1
+    sample_user = sample_service.users[0]
+    new_password = '1234567890'
+    data = {
+        '_password': new_password
+    }
+    auth_header = create_authorization_header()
+    headers = [('Content-Type', 'application/json'), auth_header]
+    resp = client.post(
+        url_for('user.update_password', user_id=sample_user.id),
+        data=json.dumps(data),
+        headers=headers)
+    assert resp.status_code == 200
+    assert User.query.count() == 1
+    json_resp = json.loads(resp.get_data(as_text=True))
+    assert json_resp['data']['password_changed_at'] is not None
+    data = {'password': new_password}
+    auth_header = create_authorization_header()
+    headers = [('Content-Type', 'application/json'), auth_header]
+    resp = client.post(
+        url_for('user.verify_user_password', user_id=str(sample_user.id)),
+        data=json.dumps(data),
+        headers=headers)
+    assert resp.status_code == 204