Remove resetting the failed_login_count to zero in the api. The admin app will deal with doing that.

app/user/rest.py

@@ -138,7 +138,6 @@ def verify_user_code(user_id):
         save_model_user(user_to_verify)
 
     use_user_code(code.id)
-    reset_failed_login_count(user_to_verify)
     return jsonify({}), 204
 
 
@@ -331,7 +330,7 @@ def update_password(user_id):
     update_dct, errors = user_update_password_schema_load_json.load(req_json)
     if errors:
         raise InvalidRequest(errors, status_code=400)
-
+    print("reset login count")
     reset_failed_login_count(user)
     update_user_password(user, pwd)
     return jsonify(data=user_schema.dump(user).data), 200

tests/app/user/test_rest_verify.py

@@ -313,7 +313,7 @@ def test_send_email_verification_returns_404_for_bad_input_data(client, notify_d
     assert mocked.call_count == 0
 
 
-def test_user_verify_user_code_valid_code_resets_failed_login_count(client, sample_sms_code):
+def test_user_verify_user_code_valid_code_does_not_reset_failed_login_count(client, sample_sms_code):
     sample_sms_code.user.failed_login_count = 1
     data = json.dumps({
         'code_type': sample_sms_code.code_type,
@@ -323,5 +323,5 @@ def test_user_verify_user_code_valid_code_resets_failed_login_count(client, samp
         data=data,
         headers=[('Content-Type', 'application/json'), create_authorization_header()])
     assert resp.status_code == 204
-    assert sample_sms_code.user.failed_login_count == 0
+    assert sample_sms_code.user.failed_login_count == 1
     assert sample_sms_code.code_used