18F · aduth · Mar 14, 2023 · Mar 8, 2023 · Mar 10, 2023 · aduth
diff --git a/config/routes.rb b/config/routes.rb
@@ -251,7 +251,6 @@
     get '/second_mfa_setup' => 'users/mfa_selection#index'
     patch '/second_mfa_setup' => 'users/mfa_selection#update'
     get '/phone_setup' => 'users/phone_setup#index'
-    patch '/phone_setup' => 'users/phone_setup#create' # TODO: Remove after next deploy
     post '/phone_setup' => 'users/phone_setup#create'
     get '/users/two_factor_authentication' => 'users/two_factor_authentication#show',
         as: :user_two_factor_authentication # route name is used by two_factor_authentication gem

diff --git a/spec/requests/rack_attack_spec.rb b/spec/requests/rack_attack_spec.rb
@@ -394,7 +394,7 @@
     context 'when the number of requests is under the limit' do
       it 'does not throttle the request' do
         (phone_setups_per_ip_limit - 1).times do
-          patch '/phone_setup', headers: { REMOTE_ADDR: '1.2.3.4' }
+          post '/phone_setup', headers: { REMOTE_ADDR: '1.2.3.4' }
 req.remote_ip if req.path.match?(%r{/add/phone|/phone_setup}) && !req.get? 
 req.remote_ip if req.path.match?(%r{/add/phone|/phone_setup}) && !req.get? 
         end
 
         expect(response.status).to eq(302)
@@ -404,7 +404,7 @@
     context 'when the number of requests is over the limit' do
       it 'throttles the request' do
         (phone_setups_per_ip_limit + 1).times do
-          patch '/phone_setup', headers: { REMOTE_ADDR: '1.2.3.4' }
+          post '/phone_setup', headers: { REMOTE_ADDR: '1.2.3.4' }
         end
 
         expect(response.status).to eq(429)