From 97ef7832855ef25d0dc281de4383c087e9688f3c Mon Sep 17 00:00:00 2001
From: Prateek Jain <prateekj1171998@gmail.com>
Date: Sat, 6 Jun 2020 18:56:30 +0530
Subject: [PATCH] Add tests for deleted user cannot login

---
 securedrop/tests/test_journalist.py | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/securedrop/tests/test_journalist.py b/securedrop/tests/test_journalist.py
index fb6fcb1f0f7..88265703456 100644
--- a/securedrop/tests/test_journalist.py
+++ b/securedrop/tests/test_journalist.py
@@ -1092,6 +1092,30 @@ def test_admin_add_user_with_invalid_username(journalist_app, test_admin):
     assert "Invalid username '{}'".format(username) in resp.data.decode('utf-8')
 
 
+def test_deleted_user_cannot_login(journalist_app):
+    username = 'deleted'
+    uuid = 'deleted'
+
+    # Create a user with username and uuid as deleted
+    with journalist_app.app_context():
+        user, password = utils.db_helper.init_journalist(is_admin=False)
+        otp_secret = user.otp_secret
+        user.username = username
+        user.uuid = uuid
+        db.session.add(user)
+        db.session.commit()
+
+    # Verify that deleted user is not able to login
+    with journalist_app.test_client() as app:
+        resp = app.post(url_for('main.login'),
+                        data=dict(username=username,
+                                  password=password,
+                                  token=otp_secret))
+    assert resp.status_code == 200
+    text = resp.data.decode('utf-8')
+    assert "Login failed" in text
+
+
 def test_admin_add_user_without_username(journalist_app, test_admin):
     with journalist_app.test_client() as app:
         _login_user(app, test_admin['username'], test_admin['password'],