Changes as per code review comments.

Fix my backward date math :P
2025-12-15 09:42:38 -05:00 · 2017-02-15 17:41:07 +00:00
parent 52342afe3f
commit ed4b9d34a6
4 changed files with 24 additions and 24 deletions
--- a/app/dao/users_dao.py
+++ b/app/dao/users_dao.py
@@ -1,8 +1,6 @@
 import random
 from datetime import (datetime, timedelta)
-
 from sqlalchemy import func
-
 from app import db
 from app.models import (User, VerifyCode)

@@ -48,7 +46,7 @@ def get_user_code(user, code, code_type):
    # time searching for the correct code.
    codes = VerifyCode.query.filter_by(
        user=user, code_type=code_type).order_by(
-            VerifyCode.created_at.desc())
+        VerifyCode.created_at.desc())
    retval = None
    for x in codes:
        if x.check_code(code):
@@ -86,7 +84,8 @@ def count_user_verify_codes(user):
    query = db.session.query(
        func.count().label('count')
    ).filter(VerifyCode.user == user,
-             VerifyCode.expiry_datetime <= datetime.utcnow()).one()
+             VerifyCode.expiry_datetime > datetime.utcnow(),
+             VerifyCode.code_used.is_(False)).one()
    return query.count


--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -140,6 +140,7 @@ def send_user_sms_code(user_id):

    if count_user_verify_codes(user_to_send_to) >= current_app.config.get('MAX_VERIFY_CODE_COUNT'):
        # Prevent more than `MAX_VERIFY_CODE_COUNT` active verify codes at a time
+        current_app.logger.warn('Max verify code has exceeded for user {}'.format(user_to_send_to.id))
        return jsonify({}), 204

    secret_code = create_secret_code()
--- a/tests/app/dao/test_users_dao.py
+++ b/tests/app/dao/test_users_dao.py
@@ -1,5 +1,6 @@
 from datetime import datetime, timedelta

+from freezegun import freeze_time
 from sqlalchemy.exc import DataError
 from sqlalchemy.orm.exc import NoResultFound
 import pytest
@@ -109,13 +110,14 @@ def test_should_not_delete_verification_codes_less_than_one_day_old(sample_user)
    assert VerifyCode.query.one()._code == "12345"


-def make_verify_code(user, age=timedelta(hours=0), code="12335"):
+def make_verify_code(user, age=timedelta(hours=0), expiry_age=timedelta(0), code="12335", code_used=False):
    verify_code = VerifyCode(
        code_type='sms',
        _code=code,
        created_at=datetime.utcnow() - age,
-        expiry_datetime=datetime.utcnow(),
-        user=user
+        expiry_datetime=datetime.utcnow() - expiry_age,
+        user=user,
+        code_used=code_used
    )
    db.session.add(verify_code)
    db.session.commit()
@@ -143,5 +145,9 @@ def test_update_user_password(notify_api, notify_db, notify_db_session, sample_u


 def test_count_user_verify_codes(sample_user):
-    [make_verify_code(sample_user) for i in range(5)]
+    with freeze_time(datetime.utcnow() + timedelta(hours=1)):
+        make_verify_code(sample_user, code_used=True)
+        make_verify_code(sample_user, expiry_age=timedelta(hours=2))
+        [make_verify_code(sample_user) for i in range(5)]
+
    assert count_user_verify_codes(sample_user) == 5
--- a/tests/app/user/test_rest_verify.py
+++ b/tests/app/user/test_rest_verify.py
@@ -1,4 +1,6 @@
 import json
+import uuid
+
 import pytest

 from datetime import (
@@ -149,11 +151,10 @@ def test_user_verify_password_valid_password_resets_failed_logins(client,

 def test_user_verify_password_missing_password(client,
                                               sample_user):
-    data = json.dumps({'bingo': 'bongo'})
    auth_header = create_authorization_header()
    resp = client.post(
        url_for('user.verify_user_password', user_id=sample_user.id),
-        data=data,
+        data=json.dumps({'bingo': 'bongo'}),
        headers=[('Content-Type', 'application/json'), auth_header])
    assert resp.status_code == 400
    json_resp = json.loads(resp.get_data(as_text=True))
@@ -178,14 +179,13 @@ def test_send_user_sms_code(notify_api,
                notify_service.research_mode = True
                dao_update_service(notify_service)

-            data = json.dumps({})
            auth_header = create_authorization_header()
            mocked = mocker.patch('app.user.rest.create_secret_code', return_value='11111')
            mocker.patch('app.celery.provider_tasks.deliver_sms.apply_async')

            resp = client.post(
                url_for('user.send_user_sms_code', user_id=sample_user.id),
-                data=data,
+                data=json.dumps({}),
                headers=[('Content-Type', 'application/json'), auth_header])
            assert resp.status_code == 204

@@ -218,12 +218,11 @@ def test_send_user_code_for_sms_with_optional_to_field(notify_api,
            to_number = '+441119876757'
            mocked = mocker.patch('app.user.rest.create_secret_code', return_value='11111')
            mocker.patch('app.celery.provider_tasks.deliver_sms.apply_async')
-            data = json.dumps({'to': to_number})
            auth_header = create_authorization_header()

            resp = client.post(
                url_for('user.send_user_sms_code', user_id=sample_user.id),
-                data=data,
+                data=json.dumps({'to': to_number}),
                headers=[('Content-Type', 'application/json'), auth_header])

            assert resp.status_code == 204
@@ -237,13 +236,11 @@ def test_send_user_code_for_sms_with_optional_to_field(notify_api,


 def test_send_sms_code_returns_404_for_bad_input_data(client):
-    data = json.dumps({})
-    import uuid
    uuid_ = uuid.uuid4()
    auth_header = create_authorization_header()
    resp = client.post(
        url_for('user.send_user_sms_code', user_id=uuid_),
-        data=data,
+        data=json.dumps({}),
        headers=[('Content-Type', 'application/json'), auth_header])
    assert resp.status_code == 404
    assert json.loads(resp.get_data(as_text=True))['message'] == 'No result found'
@@ -255,17 +252,16 @@ def test_send_sms_code_returns_204_when_too_many_codes_already_created(client, s
            code_type='sms',
            _code=12345,
            created_at=datetime.utcnow() - timedelta(minutes=10),
-            expiry_datetime=datetime.utcnow(),
+            expiry_datetime=datetime.utcnow() + timedelta(minutes=40),
            user=sample_user
        )
        db.session.add(verify_code)
        db.session.commit()
    assert VerifyCode.query.count() == 10
-    data = json.dumps({})
    auth_header = create_authorization_header()
    resp = client.post(
        url_for('user.send_user_sms_code', user_id=sample_user.id),
-        data=data,
+        data=json.dumps({}),
        headers=[('Content-Type', 'application/json'), auth_header])
    assert resp.status_code == 204
    assert VerifyCode.query.count() == 10
@@ -275,12 +271,11 @@ def test_send_user_email_verification(client,
                                      sample_user,
                                      mocker,
                                      email_verification_template):
-    data = json.dumps({})
    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
    auth_header = create_authorization_header()
    resp = client.post(
        url_for('user.send_user_email_verification', user_id=str(sample_user.id)),
-        data=data,
+        data=json.dumps({}),
        headers=[('Content-Type', 'application/json'), auth_header])
    assert resp.status_code == 204
    notification = Notification.query.first()
@@ -292,13 +287,12 @@ def test_send_email_verification_returns_404_for_bad_input_data(client, notify_d
    Tests POST endpoint /user/<user_id>/sms-code return 404 for bad input data
    """
    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
-    data = json.dumps({})
    import uuid
    uuid_ = uuid.uuid4()
    auth_header = create_authorization_header()
    resp = client.post(
        url_for('user.send_user_email_verification', user_id=uuid_),
-        data=data,
+        data=json.dumps({}),
        headers=[('Content-Type', 'application/json'), auth_header])
    assert resp.status_code == 404
    assert json.loads(resp.get_data(as_text=True))['message'] == 'No result found'