chore: rollback checking the login_attempts from the server

matiasperrone-exo · matiasperrone-exo · commit ff36183ad000 · 2026-05-08T21:41:35.000Z
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
@@ -411,13 +411,8 @@ public function postLogin()
             if (isset($data['password']))
                 $data['password'] = trim($data['password']);
 
-            if (isset($data['username'])) {
-                $user = $this->auth_service->getUserByUsername($data['username']);
-                if (!is_null($user)) {
-                    $login_attempts = $user->getLoginFailedAttempt();
-                }
-            }
 
+            $login_attempts = intval(Request::input('login_attempts'));
             // Build the validation constraint set.
             $rules = [
                 'username' => 'required|email',
diff --git a/tests/UserLoginTurnstileTest.php b/tests/UserLoginTurnstileTest.php
@@ -54,13 +54,6 @@ private function getTestUser(): User
             ->findOneBy(['identifier' => 'sebastian.marcet']);
     }
 
-    private function setLoginAttempts(User $user, int $attempts): void
-    {
-        $user->setLoginFailedAttempt($attempts);
-        EntityManager::persist($user);
-        EntityManager::flush();
-    }
-
     private function postLogin(array $overrides = [])
     {
         // GET the login page first so the session (and its CSRF token) is established,
@@ -104,9 +97,10 @@ private function sessionHasValidationError(string $field): bool
     public function testMissingTurnstileResponseFailsValidationWhenAtThreshold(): void
     {
         $user = $this->getTestUser();
-        $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD);
 
-        $this->postLogin(); // no cf-turnstile-response
+        $this->postLogin([
+            "login_attempts" => self::CAPTCHA_THRESHOLD,
+        ]); // no cf-turnstile-response
 
         $this->assertTrue(
             $this->sessionHasValidationError('cf-turnstile-response'),
@@ -121,9 +115,10 @@ public function testMissingTurnstileResponseFailsValidationWhenAtThreshold(): vo
     public function testLoginBelowThresholdDoesNotRequireTurnstile(): void
     {
         $user = $this->getTestUser();
-        $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD - 1);
 
-        $this->postLogin(); // correct credentials, no captcha token
+        $this->postLogin([
+            'login_attempts' => self::CAPTCHA_THRESHOLD - 1
+        ]); // correct credentials, no captcha token
 
         $this->assertFalse(
             $this->sessionHasValidationError('cf-turnstile-response'),
@@ -134,38 +129,20 @@ public function testLoginBelowThresholdDoesNotRequireTurnstile(): void
     public function testLoginAtThresholdWithValidTokenPassesValidation(): void
     {
         $user = $this->getTestUser();
-        $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD);
 
         $this->fakeTurnstilePass();
 
-        $this->postLogin(['cf-turnstile-response' => 'dummy-token-accepted-by-mock']);
+        $this->postLogin([
+            'cf-turnstile-response' => 'dummy-token-accepted-by-mock',
+            'login_attempts' => 1
+        ]);
 
         $this->assertFalse(
             $this->sessionHasValidationError('cf-turnstile-response'),
             'A valid Turnstile token must clear the captcha validation rule'
         );
     }
 
-    // -------------------------------------------------------------------------
-    // 3. Server-side login-attempt lookup: user exists vs. does not exist
-    // -------------------------------------------------------------------------
-
-    public function testLoginAttemptsLoadedFromExistingUserRecord(): void
-    {
-        $user = $this->getTestUser();
-        $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD);
-
-        // Omit cf-turnstile-response. If the controller had NOT read the DB value it
-        // would see login_attempts = 0 and skip the captcha rule. The error proves
-        // the persisted attempt count was used.
-        $this->postLogin();
-
-        $this->assertTrue(
-            $this->sessionHasValidationError('cf-turnstile-response'),
-            'Expected captcha required error, which proves login_failed_attempt was read from DB'
-        );
-    }
-
     public function testLoginAttemptsDefaultToZeroForUnknownUsername(): void
     {
         // No user with this email → auth_service->getUserByUsername() returns null
@@ -188,10 +165,12 @@ public function testLoginAttemptsDefaultToZeroForUnknownUsername(): void
     public function testLoginScreenIncludesTurnstileConfigWhenAboveThreshold(): void
     {
         $user = $this->getTestUser();
-        // Place user one below threshold; the wrong-password attempt crosses it.
-        $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD - 1);
 
-        $this->postLogin(['password' => 'wrong-password']);
+        // Place user one below threshold; the wrong-password attempt crosses it.
+        $this->postLogin([
+            'password' => 'wrong-password',
+            'login_attempts' => self::CAPTCHA_THRESHOLD - 1
+        ]);
 
         // errorLogin() flashes max_login_attempts_2_show_captcha into the session;
         // following the redirect renders login.blade.php which emits those values.
@@ -211,12 +190,14 @@ public function testLoginScreenIncludesTurnstileConfigWhenAboveThreshold(): void
     public function testExpiredTurnstileTokenFailsValidation(): void
     {
         $user = $this->getTestUser();
-        $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD);
 
         // Cloudflare API returns success=false (expired / already-used token)
         $this->fakeTurnstileFail();
 
-        $this->postLogin(['cf-turnstile-response' => 'expired-or-invalid-token']);
+        $this->postLogin([
+            'cf-turnstile-response' => 'expired-or-invalid-token',
+            'login_attempts' => self::CAPTCHA_THRESHOLD
+        ]);
 
         $this->assertTrue(
             $this->sessionHasValidationError('cf-turnstile-response'),
@@ -227,10 +208,12 @@ public function testExpiredTurnstileTokenFailsValidation(): void
     public function testUnsolvedCaptchaEmptyTokenFailsValidation(): void
     {
         $user = $this->getTestUser();
-        $this->setLoginAttempts($user, self::CAPTCHA_THRESHOLD);
 
         // Empty string triggers the 'required' rule before any Cloudflare call
-        $this->postLogin(['cf-turnstile-response' => '']);
+        $this->postLogin([
+            'cf-turnstile-response' => '',
+            'login_attempts' => self::CAPTCHA_THRESHOLD
+        ]);
 
         $this->assertTrue(
             $this->sessionHasValidationError('cf-turnstile-response'),
