chore: rollback checking the login_attempts from the server

Author: matiasperrone-exo

app/Http/Controllers/UserController.php

@@ -411,13 +411,8 @@ public function postLogin()
             if (isset($data['password']))
                 $data['password'] = trim($data['password']);
 
-            if (isset($data['username'])) {
-                $user = $this->auth_service->getUserByUsername($data['username']);
-                if (!is_null($user)) {
-                    $login_attempts = $user->getLoginFailedAttempt();
-                }
-            }
 
+            $login_attempts = intval(Request::input('login_attempts'));
             // Build the validation constraint set.
             $rules = [
                 'username' => 'required|email',

tests/UserLoginTurnstileTest.php

@@ -106,7 +106,9 @@ public function testMissingTurnstileResponseFailsValidationWhenAtThreshold(): vo
         $user = $this->getTestUser();
         $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD);
 
-        $this->postLogin(); // no cf-turnstile-response
+        $this->postLogin([
+            "login_attempts" => self::CAPTCHA_THRESHOLD,
+        ]); // no cf-turnstile-response
 
         $this->assertTrue(
             $this->sessionHasValidationError('cf-turnstile-response'),
@@ -138,34 +140,17 @@ public function testLoginAtThresholdWithValidTokenPassesValidation(): void
 
         $this->fakeTurnstilePass();
 
-        $this->postLogin(['cf-turnstile-response' => 'dummy-token-accepted-by-mock']);
+        $this->postLogin([
+            'cf-turnstile-response' => 'dummy-token-accepted-by-mock',
+            'login_attempts' => 1
+        ]);
 
         $this->assertFalse(
             $this->sessionHasValidationError('cf-turnstile-response'),
             'A valid Turnstile token must clear the captcha validation rule'
         );
     }
 
-    // -------------------------------------------------------------------------
-    // 3. Server-side login-attempt lookup: user exists vs. does not exist
-    // -------------------------------------------------------------------------
-
-    public function testLoginAttemptsLoadedFromExistingUserRecord(): void
-    {
-        $user = $this->getTestUser();
-        $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD);
-
-        // Omit cf-turnstile-response. If the controller had NOT read the DB value it
-        // would see login_attempts = 0 and skip the captcha rule. The error proves
-        // the persisted attempt count was used.
-        $this->postLogin();
-
-        $this->assertTrue(
-            $this->sessionHasValidationError('cf-turnstile-response'),
-            'Expected captcha required error, which proves login_failed_attempt was read from DB'
-        );
-    }
-
     public function testLoginAttemptsDefaultToZeroForUnknownUsername(): void
     {
         // No user with this email → auth_service->getUserByUsername() returns null
@@ -216,7 +201,10 @@ public function testExpiredTurnstileTokenFailsValidation(): void
         // Cloudflare API returns success=false (expired / already-used token)
         $this->fakeTurnstileFail();
 
-        $this->postLogin(['cf-turnstile-response' => 'expired-or-invalid-token']);
+        $this->postLogin([
+            'cf-turnstile-response' => 'expired-or-invalid-token',
+            'login_attempts' => self::CAPTCHA_THRESHOLD
+        ]);
 
         $this->assertTrue(
             $this->sessionHasValidationError('cf-turnstile-response'),
@@ -230,7 +218,10 @@ public function testUnsolvedCaptchaEmptyTokenFailsValidation(): void
         $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD);
 
         // Empty string triggers the 'required' rule before any Cloudflare call
-        $this->postLogin(['cf-turnstile-response' => '']);
+        $this->postLogin([
+            'cf-turnstile-response' => '',
+            'login_attempts' => self::CAPTCHA_THRESHOLD
+        ]);
 
         $this->assertTrue(
             $this->sessionHasValidationError('cf-turnstile-response'),