def test_update_failed_logins_updates_the_user_when_one_exists(self):
user_id = 'userid1'
failed_logins = 1234
db_access.create_user(user_id, 'hash1')
db_access.update_failed_logins(user_id, 1234)
assert db_access.get_failed_logins(user_id) == failed_logins
def test_get_failed_logins_returns_the_right_number_for_existing_user(self):
user_id = 'userid1'
password_hash = 'hash1'
failed_logins = 123
self._create_user(user_id, password_hash, failed_logins)
assert db_access.get_failed_logins(user_id) == failed_logins
def get_failed_logins(user_id):
failed_logins = db_access.get_failed_logins(user_id)
if failed_logins is not None:
LOGGER.info('Get failed login attempts for user {}'.format(user_id))
resp_json = json.dumps({'failed_login_attempts': failed_logins})
return Response(resp_json, mimetype=JSON_CONTENT_TYPE)
else:
return USER_NOT_FOUND_RESPONSE
def authenticate_user():
request_json = _try_get_request_json(request)
if request_json and _is_auth_request_data_valid(request_json):
credentials = request_json['credentials']
user_id = credentials['user_id']
password = credentials['password']
# Find how many failed logins the users has since last successful login
failed_login_attempts = db_access.get_failed_logins(user_id)
if failed_login_attempts is None:
return _handle_non_existing_user_auth_request(user_id)
elif failed_login_attempts >= MAX_LOGIN_ATTEMPTS:
return _handle_locked_user_auth_request(user_id, failed_login_attempts)
else:
return _handle_allowed_user_auth_request(
user_id, password, failed_login_attempts
)
else:
return INVALID_REQUEST_RESPONSE
def test_get_failed_logins_returns_none_when_user_does_not_exist(self):
assert db_access.get_failed_logins('non-existing-user-id') is None