Merge pull request #1880 from GSA/notify-admin-1870

Change phone number in Notify.gov w/o entering password
GSA · Aug 21, 2024 · 5243878 · 5243878
2 parents 5a3f3e5 + 3b1bd05
commit 5243878
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 43 deletions.
diff --git a/.ds.baseline b/.ds.baseline
@@ -601,15 +601,15 @@
         "filename": "tests/app/main/views/test_user_profile.py",
         "hashed_secret": "8072d7aad32964ec43fbcb699c75dc38890792f7",
         "is_verified": false,
-        "line_number": 350,
+        "line_number": 336,
         "is_secret": false
       },
       {
         "type": "Secret Keyword",
         "filename": "tests/app/main/views/test_user_profile.py",
         "hashed_secret": "4c9dbb972da179e4f66f023eaa5fb9451d835030",
         "is_verified": false,
-        "line_number": 351,
+        "line_number": 337,
         "is_secret": false
       }
     ],
@@ -692,5 +692,5 @@
       }
     ]
   },
-  "generated_at": "2024-08-15T16:29:15Z"
+  "generated_at": "2024-08-20T14:14:36Z"
 }
diff --git a/app/main/views/user_profile.py b/app/main/views/user_profile.py
@@ -189,32 +189,19 @@ def user_profile_mobile_number_delete():
 @main.route("/user-profile/mobile-number/authenticate", methods=["GET", "POST"])
 @user_is_logged_in
 def user_profile_mobile_number_authenticate():
-    # Validate password for form
-    def _check_password(pwd):
-        return user_api_client.verify_password(current_user.id, pwd)
-
-    form = ConfirmPasswordForm(_check_password)
 
     if NEW_MOBILE not in session:
         return redirect(url_for(".user_profile_mobile_number"))
 
-    if form.validate_on_submit():
-        session[NEW_MOBILE_PASSWORD_CONFIRMED] = True
-        current_user.send_verify_code(to=session[NEW_MOBILE])
-        create_mobile_number_change_event(
-            user_id=current_user.id,
-            updated_by_id=current_user.id,
-            original_mobile_number=current_user.mobile_number,
-            new_mobile_number=session[NEW_MOBILE],
-        )
-        return redirect(url_for(".user_profile_mobile_number_confirm"))
-
-    return render_template(
-        "views/user-profile/authenticate.html",
-        thing="mobile number",
-        form=form,
-        back_link=url_for(".user_profile_mobile_number_confirm"),
+    session[NEW_MOBILE_PASSWORD_CONFIRMED] = True
+    current_user.send_verify_code(to=session[NEW_MOBILE])
+    create_mobile_number_change_event(
+        user_id=current_user.id,
+        updated_by_id=current_user.id,
+        original_mobile_number=current_user.mobile_number,
+        new_mobile_number=session[NEW_MOBILE],
     )
+    return redirect(url_for(".user_profile_mobile_number_confirm"))
 
 
 @main.route("/user-profile/mobile-number/confirm", methods=["GET", "POST"])

diff --git a/app/notify_client/user_api_client.py b/app/notify_client/user_api_client.py
@@ -2,6 +2,7 @@
 from notifications_python_client.errors import HTTPError
 
 from app.notify_client import NotifyAdminAPIClient, cache
+from app.utils import hilite
 from app.utils.user_permissions import translate_permissions_from_ui_to_db
 
 ALLOWED_ATTRIBUTES = {
@@ -109,13 +110,14 @@ def verify_password(self, user_id, password):
             raise
 
     def send_verify_code(self, user_id, code_type, to, next_string=None):
+
         data = {"to": to}
         if next_string:
             data["next"] = next_string
         if code_type == "email":
             data["email_auth_link_host"] = self.admin_url
         endpoint = "/user/{0}/{1}-code".format(user_id, code_type)
-        current_app.logger.warn(f"Sending verify_code {code_type} to {user_id}")
+        current_app.logger.warn(hilite(f"Sending verify_code {code_type} to {user_id}"))
         self.post(endpoint, data=data)
 
     def send_verify_email(self, user_id, to):

diff --git a/poetry.lock b/poetry.lock
diff --git a/tests/app/main/views/test_user_profile.py b/tests/app/main/views/test_user_profile.py
@@ -247,20 +247,6 @@ def test_should_redirect_after_mobile_number_change(
         assert session["new-mob"] == phone_number_to_register_with
 
 
-def test_should_show_authenticate_after_mobile_number_change(
-    client_request,
-):
-    with client_request.session_transaction() as session:
-        session["new-mob"] = "+12021234123"
-
-    page = client_request.get(
-        "main.user_profile_mobile_number_authenticate",
-    )
-
-    assert "Change your mobile number" in page.text
-    assert "Confirm" in page.text
-
-
 def test_should_redirect_after_mobile_number_authenticate(
     client_request,
     mock_verify_password,