Merge pull request #217 from Police-Data-Accessibility-Project/mc_553…

…_change_update_password_route Change Update Password Route to `/user/update-password`
Police-Data-Accessibility-Project · Dec 12, 2024 · 01749ea · 01749ea
2 parents 915b5d3 + 9ff1359
commit 01749ea
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 20 deletions.
diff --git a/middleware/primary_resource_logic/reset_token_queries.py b/middleware/primary_resource_logic/reset_token_queries.py
@@ -95,25 +95,18 @@ def change_password_wrapper(
     db_client: DatabaseClient,
     dto: UserPutDTO,
     access_info: AccessInfoPrimary,
-    user_id: int,
 ):
-
-    if int(user_id) != access_info.user_id:
-        FlaskResponseManager.abort(
-            code=HTTPStatus.UNAUTHORIZED, message="Invalid token for user."
-        )
+    user_id = access_info.user_id
 
     # Check if old password is valid
     # get old password digest
-    db_password_digest = db_client.get_password_digest(user_id=access_info.user_id)
+    db_password_digest = db_client.get_password_digest(user_id=user_id)
     matches = check_password_hash(pwhash=db_password_digest, password=dto.old_password)
     if not matches:
         FlaskResponseManager.abort(
             code=HTTPStatus.UNAUTHORIZED, message="Incorrect existing password."
         )
-    set_user_password(
-        db_client=db_client, user_id=access_info.user_id, password=dto.new_password
-    )
+    set_user_password(db_client=db_client, user_id=user_id, password=dto.new_password)
     return message_response(
         message="Successfully updated password.",
     )

diff --git a/resources/UserProfile.py b/resources/UserProfile.py
@@ -27,7 +27,7 @@
 USER_PROFILE_DATA_REQUEST_ENDPOINT_FULL = f"/api/user/{DATA_REQUESTS_PARTIAL_ENDPOINT}"
 
 
-@namespace_user.route("/<user_id>/update-password")
+@namespace_user.route("/update-password")
 class UserUpdatePassword(PsycopgResource):
 
     @endpoint_info(
@@ -38,7 +38,7 @@ class UserUpdatePassword(PsycopgResource):
             success_message="Password successfully updated.",
         ),
     )
-    def post(self, access_info: AccessInfoPrimary, user_id: int) -> Response:
+    def post(self, access_info: AccessInfoPrimary) -> Response:
         """
         Allows an existing user to update their password.
 
@@ -52,7 +52,6 @@ def post(self, access_info: AccessInfoPrimary, user_id: int) -> Response:
             wrapper_function=change_password_wrapper,
             schema_populate_parameters=SchemaConfigs.USER_PUT.value.get_schema_populate_parameters(),
             access_info=access_info,
-            user_id=user_id,
         )
 
 

diff --git a/tests/helper_scripts/helper_classes/RequestValidator.py b/tests/helper_scripts/helper_classes/RequestValidator.py
@@ -448,13 +448,12 @@ def get_agency(
     def update_password(
         self,
         headers: dict,
-        user_id: int,
         old_password: str,
         new_password: str,
         expected_response_status: HTTPStatus = HTTPStatus.OK,
     ):
         return self.post(
-            endpoint=f"/api/user/{user_id}/update-password",
+            endpoint=f"/api/user/update-password",
             headers=headers,
             json={"old_password": old_password, "new_password": new_password},
             expected_response_status=expected_response_status,

diff --git a/tests/integration/test_user.py b/tests/integration/test_user.py
@@ -10,11 +10,11 @@
 from conftest import test_data_creator_flask, monkeysession
 
 
-def test_user_put(
+def test_update_password(
     test_data_creator_flask: TestDataCreatorFlask,
 ):
     """
-    Test that PUT call to /user endpoint successfully updates the user's password and verifies the new password hash is distinct from both the plain new password and the old password hash in the database
+    Test that PUT call to endpoint successfully updates the user's password and verifies the new password hash is distinct from both the plain new password and the old password hash in the database
     """
     tdc = test_data_creator_flask
 
@@ -24,12 +24,10 @@ def test_user_put(
 
     def update_password(
         old_password: str,
-        user_id: str = tus.user_info.user_id,
         expected_response_status: HTTPStatus = HTTPStatus.OK,
     ):
         return tdc.request_validator.update_password(
             headers=tus.jwt_authorization_header,
-            user_id=user_id,
             old_password=old_password,
             new_password=new_password,
             expected_response_status=expected_response_status,
@@ -39,7 +37,6 @@ def update_password(
     tus_other = tdc.standard_user()
     update_password(
         old_password=tus_other.user_info.password,
-        user_id=tus_other.user_info.user_id,
         expected_response_status=HTTPStatus.UNAUTHORIZED,
     )