Redirect repeated guest login to verification form (#265)

apps/api/src/routers/guest.py

@@ -43,16 +43,14 @@ async def guest_login(
         log.exception("During guest login: %s", err)
         raise HTTPException(status.HTTP_500_INTERNAL_SERVER_ERROR)
 
-    if not confirmation:
-        raise HTTPException(
-            status.HTTP_429_TOO_MANY_REQUESTS,
-            "Please wait for the token to expire in 10 minutes.",
-        )
-
     # Redirect to guest login page on client
     # which displays a message to check email and enter passphrase
     query = urlencode({"email": email})
     response = RedirectResponse(f"/guest-login?{query}", status.HTTP_303_SEE_OTHER)
+
+    if not confirmation:
+        return response
+
     response.set_cookie(
         "guest_confirmation", confirmation, max_age=600, secure=True, httponly=True
     )

apps/api/tests/test_guest.py

@@ -73,15 +73,18 @@ def test_guest_login_initiation(
 
 
 @patch("auth.guest_auth._get_existing_key", autospec=True)
-def test_requesting_login_when_previous_key_exists_causes_429(
+def test_requesting_login_when_previous_key_exists_redirects_to_guest_login(
     mock_get_existing_key: AsyncMock,
 ) -> None:
     """Test that requesting to log in as guest when the user has an existing,
-    unexpired key causes status 429."""
+    unexpired key redirects to guest-login, returns 303, and does not
+    modify cookie"""
 
     mock_get_existing_key.return_value = "some-existing-key"
-    res = client.post("/login", data=SAMPLE_LOGIN_DATA)
-    assert res.status_code == 429
+    res = client.post("/login", data=SAMPLE_LOGIN_DATA, follow_redirects=False)
+
+    assert "Set-Cookie" not in res.headers
+    assert res.status_code == 303
 
 
 @patch("auth.guest_auth._remove_guest_key", autospec=True)