From d18b555204e50472984a09330c75b1e3952aa0d8 Mon Sep 17 00:00:00 2001
From: sebastien <sebastien@yaal.coop>
Date: Tue, 19 Nov 2024 09:11:02 +0100
Subject: [PATCH] adds new log when HIBP API call fails

---
 canaille/app/mails_sending_conditions.py |  8 ++++----
 tests/core/test_profile_settings.py      | 21 ++++++++++++++++++---
 tests/core/test_registration.py          | 22 +++++++++++++++++++---
 3 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/canaille/app/mails_sending_conditions.py b/canaille/app/mails_sending_conditions.py
index 7bbf0de0..5aa78e58 100644
--- a/canaille/app/mails_sending_conditions.py
+++ b/canaille/app/mails_sending_conditions.py
@@ -9,6 +9,10 @@ from .flask import request_is_htmx
 
 def check_if_send_mail_to_admins(form, api_url, hashed_password_suffix):
     if current_app.features.has_smtp and not request_is_htmx():
+        current_app.logger.exception(
+            "Password compromise investigation failed on HIBP API."
+        )
+
         flash(
             _(
                 "Password compromise investigation failed. "
@@ -46,7 +50,3 @@ def check_if_send_mail_to_admins(form, api_url, hashed_password_suffix):
                 ),
                 "error",
             )
-            return None
-
-        return
-    return None
diff --git a/tests/core/test_profile_settings.py b/tests/core/test_profile_settings.py
index 388f1d90..f1551aad 100644
--- a/tests/core/test_profile_settings.py
+++ b/tests/core/test_profile_settings.py
@@ -189,7 +189,7 @@ def test_profile_settings_compromised_password(testclient, logged_user):
 
 @mock.patch("requests.api.get")
 def test_profile_settings_compromised_password_request_api_failed_but_password_updated(
-    api_get, testclient, logged_user, backend
+    api_get, testclient, logged_user, backend, caplog
 ):
     current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
@@ -203,6 +203,11 @@ def test_profile_settings_compromised_password_request_api_failed_but_password_u
 
     res = res.form.submit(name="action", value="edit-settings")
 
+    assert (
+        "canaille",
+        logging.ERROR,
+        "Password compromise investigation failed on HIBP API.",
+    ) in caplog.record_tuples
     assert (
         "error",
         "Password compromise investigation failed. Please contact the administrators.",
@@ -217,7 +222,7 @@ def test_profile_settings_compromised_password_request_api_failed_but_password_u
 
 @mock.patch("requests.api.get")
 def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admin_from_settings_form(
-    api_get, testclient, backend, admins_group, user, logged_user
+    api_get, testclient, backend, admins_group, user, logged_user, caplog
 ):
     current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
@@ -230,6 +235,11 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
 
     res = res.form.submit(name="action", value="edit-settings")
 
+    assert (
+        "canaille",
+        logging.ERROR,
+        "Password compromise investigation failed on HIBP API.",
+    ) in caplog.record_tuples
     assert (
         "error",
         "Password compromise investigation failed. Please contact the administrators.",
@@ -243,7 +253,7 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
 
 @mock.patch("requests.api.get")
 def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admin_from_settings_form(
-    api_get, testclient, backend, admins_group, user, logged_user
+    api_get, testclient, backend, admins_group, user, logged_user, caplog
 ):
     current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
@@ -258,6 +268,11 @@ def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_
 
     res = res.form.submit(name="action", value="edit-settings")
 
+    assert (
+        "canaille",
+        logging.ERROR,
+        "Password compromise investigation failed on HIBP API.",
+    ) in caplog.record_tuples
     assert (
         "error",
         "Password compromise investigation failed. Please contact the administrators.",
diff --git a/tests/core/test_registration.py b/tests/core/test_registration.py
index a07b2a60..93688aa5 100644
--- a/tests/core/test_registration.py
+++ b/tests/core/test_registration.py
@@ -1,3 +1,4 @@
+import logging
 from unittest import mock
 
 import time_machine
@@ -177,7 +178,7 @@ def test_registration_with_compromised_password(testclient, backend):
 
 @mock.patch("requests.api.get")
 def test_registration_with_compromised_password_request_api_failed_but_account_created(
-    api_get, testclient, backend
+    api_get, testclient, backend, caplog
 ):
     current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
@@ -195,6 +196,11 @@ def test_registration_with_compromised_password_request_api_failed_but_account_c
 
     res = res.form.submit()
 
+    assert (
+        "canaille",
+        logging.ERROR,
+        "Password compromise investigation failed on HIBP API.",
+    ) in caplog.record_tuples
     assert (
         "error",
         "Password compromise investigation failed. Please contact the administrators.",
@@ -208,7 +214,7 @@ def test_registration_with_compromised_password_request_api_failed_but_account_c
 
 @mock.patch("requests.api.get")
 def test_compromised_password_validator_with_failure_of_api_request_and_success_mail_to_admin_from_register_form(
-    api_get, testclient, backend, admins_group
+    api_get, testclient, backend, admins_group, caplog
 ):
     current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
@@ -226,6 +232,11 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
 
     res = res.form.submit()
 
+    assert (
+        "canaille",
+        logging.ERROR,
+        "Password compromise investigation failed on HIBP API.",
+    ) in caplog.record_tuples
     assert (
         "error",
         "Password compromise investigation failed. Please contact the administrators.",
@@ -243,7 +254,7 @@ def test_compromised_password_validator_with_failure_of_api_request_and_success_
 
 @mock.patch("requests.api.get")
 def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_send_mail_to_admin_from_register_form(
-    api_get, testclient, backend, admins_group
+    api_get, testclient, backend, admins_group, caplog
 ):
     current_app.config["CANAILLE"]["ENABLE_PASSWORD_COMPROMISSION_CHECK"] = True
     api_get.side_effect = mock.Mock(side_effect=Exception())
@@ -262,6 +273,11 @@ def test_compromised_password_validator_with_failure_of_api_request_and_fail_to_
 
     res = res.form.submit()
 
+    assert (
+        "canaille",
+        logging.ERROR,
+        "Password compromise investigation failed on HIBP API.",
+    ) in caplog.record_tuples
     assert (
         "error",
         "Password compromise investigation failed. Please contact the administrators.",