expose password policy settings via API part 2

We expose the password_policy hash and default settings when the FF is enabled, and we do not expose the password_policy hash when the FF is disabled (this includes the parent :password_policy key). Setting password configuration settings within the password_policy hash _should_ expose those settings via the API, as it did before. closes FOO-4737 flag = password_complexity test plan - enable password complexity feature flag - set password policy settings via API or rails console - leverage the API: - GET /api/v1/accounts/:account_id/settings - verify the password policy settings are returned - with the feature flag disabled, verify the password policy settings are not returned Change-Id: I495fc1b4875471a9c1b858c8e6cebf6745b4404e Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/356521 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Michael Hulse <michael.hulse@instructure.com> QA-Review: Michael Hulse <michael.hulse@instructure.com> Product-Review: August Thornton <august@instructure.com>
2024-09-03 16:49:56 -07:00 · 2024-09-03 16:49:56 -07:00 · 5285761de4
parent 5c124acab3
commit 5285761de4
2 changed files with 12 additions and 6 deletions
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -493,9 +493,13 @@ class AccountsController < ApplicationController
                      microsoft_sync_remote_attribute
                      enable_as_k5_account
                      use_classic_font_in_k5]
-    public_attrs << :password_policy if @account.password_complexity_enabled? && !@account.site_admin?
+    settings_hash = public_attrs.index_with { |key| @account.settings[key] }.compact

-    render json: public_attrs.index_with { |key| @account.settings[key] }.compact
+    if @account.password_complexity_enabled? && !@account.site_admin?
+      settings_hash[:password_policy] = @account.password_policy
+    end
+
+    render json: settings_hash
  end

  # @API List environment settings
--- a/spec/apis/v1/accounts_api_spec.rb
+++ b/spec/apis/v1/accounts_api_spec.rb
@ -2193,8 +2193,6 @@ describe "Accounts API", type: :request do
          allow_login_suspension: "true",
          require_number_characters: "true",
          require_symbol_characters: "true",
-          minimum_character_length: "10",
-          maximum_login_attempts: "3",
          common_passwords_attachment_id: "1",
          common_passwords_folder_id: "2"
        }
@ -2202,11 +2200,15 @@ describe "Accounts API", type: :request do

      it "exposes password policy settings when feature is enabled" do
        @a1.enable_feature!(:password_complexity)
+        json = api_call(:get, show_settings_path, show_settings_header, {}, { expected_status: 200 })
+        expect(json["password_policy"]).to be_present
+        expect(json["password_policy"]["minimum_character_length"]).to eq "8"
+        expect(json["password_policy"]["maximum_login_attempts"]).to eq "10"
+
        @a1.settings = { password_policy: policy_settings }
        @a1.save!
        json = api_call(:get, show_settings_path, show_settings_header, {}, { expected_status: 200 })
-        expect(json["password_policy"]).to be_present
-        expect(json["password_policy"]).to eq policy_settings.stringify_keys
+        expect(json["password_policy"]).to include policy_settings.stringify_keys
      end

      it "does not return password policy settings when feature is not enabled" do