Only record event if account unlocking was successful

The implementation of `Users::UnlockingsController#update` was carried over from `UsersController#unlock` and I thought the order of the method calls was a bit odd. I've now added a controller test to highlight the problem and fixed it by reordering the method calls in the action.
alphagov · Nov 30, 2023 · a15ae9c · a15ae9c
1 parent 3b82f06
commit a15ae9c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/app/controllers/users/unlockings_controller.rb b/app/controllers/users/unlockings_controller.rb
@@ -9,8 +9,8 @@ class Users::UnlockingsController < ApplicationController
   def edit; end
 
   def update
-    EventLog.record_event(@user, EventLog::MANUAL_ACCOUNT_UNLOCK, initiator: current_user, ip_address: user_ip_address)
     @user.unlock_access!
+    EventLog.record_event(@user, EventLog::MANUAL_ACCOUNT_UNLOCK, initiator: current_user, ip_address: user_ip_address)
     flash[:notice] = "Unlocked #{@user.email}"
     redirect_to edit_user_path(@user)
   end

diff --git a/test/controllers/users/unlockings_controller_test.rb b/test/controllers/users/unlockings_controller_test.rb
@@ -107,6 +107,16 @@ class Users::UnlockingsControllerTest < ActionController::TestCase
         put :update, params: { user_id: user }
       end
 
+      should "not record manual account unlock event if User#unlock! raises an exception" do
+        user = build(:locked_user, id: 123)
+        User.stubs(:find).returns(user)
+        user.stubs(:unlock_access!).raises("boom!")
+
+        EventLog.expects(:record_event).never
+
+        assert_raises { put :update, params: { user_id: user } }
+      end
+
       should "redirect to edit user page and display success notice" do
         user = create(:locked_user, email: "[email protected]")