RAS-1614: Fix Frontstage request_password_change logic by SteveScorfield · Pull Request #1063 · ONSdigital/ras-frontstage

SteveScorfield · 2025-05-30T12:16:23Z

What and why?

A bug was found where if a user tries to reset their password multiple times and let the token expire. As a result, the token was deleted (null value) in the DB and then a 500 was shown to the user as a result of a conditional. The fix introduced will prevent this from happening. I've added more tests to cover further scenarios around password resetting.

Note: I think I have covered all potential unit test scenarios but let me know if you see other areas.

How to test?

Build out your dev env
Run acceptance tests
Navigate to the 'Forgot password' page
Enter an email of a user you know is in the DB
You should receive the usual reset password message
Using a DB tool of you choice, goto the 'respondent' table of the 'partysvc' schema
Locate the ID of the user, then using the 'UPDATE SET' SQL commands, set the 'password_verifcation_token' value to 'NULL'
Navigate back to 'Forgot password' page and enter the same email. You should receive 'An error has occurred' message
Next deploy this PR to your dev env
Navigate back to the 'Forgot password' page and enter the same email
You should get the correct 'Check your email' message page

Run unit and acceptance tests

Jira

https://jira.ons.gov.uk/browse/RAS-1614

SteveScorfield · 2025-06-02T10:24:05Z

/deploy scorfs

ras-rm-pr-bot · 2025-06-02T10:24:39Z

Deploying to dev cluster with following parameters:

namespace: scorfs
tag: pr-1063
configBranch: main
paramKey: ``
paramValue: ``

tests/integration/test_passwords.py

matthew-robinson-ons

The implementation works to resolve this issue found. Some queries around the testing

…e comment

Merge main into branch

matthew-robinson-ons

Happy this fixes the bug and testing is improved

LJBabbage

Realistically we shouldnt be client testing and it should be at function level, however the code is sub optimal as the view shouldn't be doing all this and should be rationalised properly. We don't have to change this now mind.

tests/integration/test_passwords.py

frontstage/views/passwords/reset_password.py

…m/ONSdigital/ras-frontstage into fix-request-password-change-logic Merge remote to local

frontstage/views/passwords/reset_password.py

SteveScorfield · 2025-06-09T07:38:29Z

/deploy scorfs

ras-rm-pr-bot · 2025-06-09T07:39:03Z

Deploying to dev cluster with following parameters:

namespace: scorfs
tag: pr-1063
configBranch: main
paramKey: ``
paramValue: ``

SteveScorfield · 2025-06-11T07:05:04Z

/deploy scorfs

ras-rm-pr-bot · 2025-06-11T07:05:33Z

Deploying to dev cluster with following parameters:

namespace: scorfs
tag: pr-1063
configBranch: main
paramKey: ``
paramValue: ``

SteveScorfield · 2025-06-11T07:22:41Z

/deploy scorfs

ras-rm-pr-bot · 2025-06-11T07:23:11Z

Deploying to dev cluster with following parameters:

namespace: scorfs
tag: pr-1063
configBranch: main
paramKey: ``
paramValue: ``

LJBabbage

A bit of redundancy in the tests, but it seems to work

tests/integration/test_passwords.py

frontstage/views/passwords/reset_password.py

Initial commit of code fix and test improvements

4b8abba

SteveScorfield requested a review from a team as a code owner May 30, 2025 12:16

SteveScorfield and others added 2 commits June 2, 2025 11:16

Reran lint

0c715dc

auto patch increment

986e957