Cover the case when uses is less than 1

2025-02-02 14:16:38 +00:00 · 2022-02-16 17:10:29 +03:00 · 2022-02-16 17:10:29 +03:00 · 50a82a065e
parent c22fe9e8bd
commit 50a82a065e
2 changed files with 24 additions and 0 deletions
--- a/selfprivacy_api/resources/api_auth/recovery_token.py
+++ b/selfprivacy_api/resources/api_auth/recovery_token.py
@ -131,6 +131,8 @@ class RecoveryToken(Resource):
                }, 400
        else:
            expiration = None
+        if args["uses"] != None and args["uses"] < 1:
+            return {"message": "Uses must be greater than 0"}, 400
        # Generate recovery token
        token = generate_recovery_token(expiration, args["uses"])
        return {"token": token}
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@ -504,3 +504,25 @@ def test_generate_recovery_token_with_limited_uses(
    assert recovery_response.status_code == 404

    assert read_json(tokens_file)["recovery_token"]["uses_left"] == 0
+
+def test_generate_recovery_token_with_negative_uses(
+    authorized_client, client, tokens_file
+):
+    # Generate token with limited uses
+    response = authorized_client.post(
+        "/auth/recovery_token",
+        json={"uses": -2},
+    )
+    assert response.status_code == 400
+    assert "recovery_token" not in read_json(tokens_file)
+
+def test_generate_recovery_token_with_zero_uses(
+    authorized_client, client, tokens_file
+):
+    # Generate token with limited uses
+    response = authorized_client.post(
+        "/auth/recovery_token",
+        json={"uses": 0},
+    )
+    assert response.status_code == 400
+    assert "recovery_token" not in read_json(tokens_file)