🐞 Login allowed with election closed (#311)

Parent issue: sequentech/meta#265
sequentech · Sep 30, 2023 · 6d3edfc · 6d3edfc
1 parent 697a162
commit 6d3edfc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 29 deletions.
diff --git a/iam/api/tests.py b/iam/api/tests.py
@@ -1666,15 +1666,14 @@ def test_register_and_resend_code(self):
         r = parse_json_response(response)
         self.assertEqual(r['error_codename'], 'INVALID_REQUEST')
 
-        # good: self.aeid.census = close but allow_user_resend = True
+        # good: allow_user_resend = True
         self.ae.auth_method_config['config']['allow_user_resend'] = True
         self.ae.save()
         response = c.post('/api/auth-event/%d/resend_auth_code/' % self.aeid, data)
         r = parse_json_response(response)
         self.assertEqual(response.status_code, 200)
 
-        # bad: self.aeid.census = open and status != started
-        self.ae.auth_method_config['config']['allow_user_resend'] = False
+        # bad: status != started
         self.ae.census = 'open'
         self.ae.status = 'stopped'
         self.ae.save()
@@ -2209,9 +2208,7 @@ def test_register_and_resend_code(self):
         r = parse_json_response(response)
         self.assertEqual(response.status_code, 200)
 
-        # bad: self.aeid.census = open and status != started
-        self.ae.auth_method_config['config']['allow_user_resend'] = False
-        self.ae.census = 'open'
+        # bad: status != started
         self.ae.status = 'stopped'
         self.ae.save()
         response = c.post('/api/auth-event/%d/resend_auth_code/' % self.aeid, data)
@@ -2252,13 +2249,6 @@ def test_register_and_resend_code(self):
         r = parse_json_response(response)
         self.assertEqual(response.status_code, 200)
 
-        # good
-        self.ae.auth_method_config['config']['allow_user_resend'] = True
-        response = c.post('/api/auth-event/%d/resend_auth_code/' % self.aeid, data)
-        r = parse_json_response(response)
-        self.assertEqual(response.status_code, 200)
-
-
     def test_add_authevent_sms_fields_incorrect(self):
         c = JClient()
         self.ae.extra_fields = test_data.auth_event2['extra_fields']

diff --git a/iam/api/views.py b/iam/api/views.py
@@ -1078,25 +1078,14 @@ def post(self, request, pk):
                 error_codename=ErrorCodes.INTERNAL_SERVER_ERROR
             )
 
-        # if registration is closed, check that resend auth codes is allowed
-        if (
-            auth_event.census == 'close' and
-            not patched_auth_event.check_allow_user_resend()
-        ):
+        # check that resend auth codes is allowed
+        if not patched_auth_event.check_allow_user_resend():
             return json_response(
                 status=400,
                 error_codename="INVALID_REQUEST")
-
-        # if registration is open, check that resend auth codes is allowed and
-        # the auth event is started
-        if (
-            (
-                auth_event.census == 'open' or
-                patched_auth_event.check_allow_user_resend()
-            ) and
-            auth_event.status != AuthEvent.STARTED and
-            auth_event.status != AuthEvent.RESUMED
-        ):
+
+        # check auth event is started
+        if auth_event.status not in [AuthEvent.STARTED, AuthEvent.RESUMED]:
             return json_response(
                 status=400,
                 error_codename="AUTH_EVENT_NOT_STARTED")