109898688: Complete the implementation of the did not receive code.

app/main/dao/verify_codes_dao.py

@@ -39,9 +39,13 @@ def use_code_for_user_and_type(user_id, code_type):
     db.session.commit()
 
 
+def get_code_by_id(id):
+    return VerifyCodes.query.get(id)
+
+
 def add_code_with_expiry(user_id, code, code_type, expiry):
     code = VerifyCodes(user_id=user_id,
-                       code=code,
+                       code=hashpw(code),
                        code_type=code_type,
                        expiry_datetime=expiry)
 

app/main/forms.py

@@ -49,10 +49,7 @@ class TwoFactorForm(Form):
                                                    Regexp(regex=verify_code, message='Code must be 5 digits')])
 
     def validate_sms_code(self, a):
-        codes = verify_codes_dao.get_codes(session['user_id'], 'sms')
-        for code in codes:
-            if validate_code(self.sms_code, code):
-                return True
+        return validate_codes(self.sms_code, 'sms')
 
 
 class VerifyForm(Form):
@@ -64,30 +61,10 @@ class VerifyForm(Form):
                                          Regexp(regex=verify_code, message='Code must be 5 digits')])
 
     def validate_email_code(self, a):
-        codes = verify_codes_dao.get_codes(session['user_id'], 'email')
-        for code in codes:
-            if validate_code(self.email_code, code):
-                return True
+        return validate_codes(self.email_code, 'email')
 
     def validate_sms_code(self, a):
-        codes = verify_codes_dao.get_codes(session['user_id'], 'sms')
-        for code in codes:
-            if validate_code(self.sms_code, code):
-                return True
-
-
-def validate_code(field, code):
-    if code.expiry_datetime <= datetime.now():
-        field.errors.append('Code has expired')
-        return False
-    if field.data is not None:
-        if check_hash(field.data, code.code) is False:
-            field.errors.append('Code does not match')
-            return False
-        else:
-            return True
-    else:
-        return False
+        return validate_codes(self.sms_code, 'sms')
 
 
 class EmailNotReceivedForm(Form):
@@ -114,3 +91,25 @@ class AddServiceForm(Form):
             return False
         else:
             return True
+
+
+def validate_codes(field, code_type):
+    codes = verify_codes_dao.get_codes(user_id=session['user_id'], code_type=code_type)
+    for code in codes:
+        if validate_code(field, code):
+            if code.expiry_datetime <= datetime.now():
+                field.errors.append('Code has expired')
+                return False
+            return True
+    field.errors.append('Code does not match')
+    return False
+
+
+def validate_code(field, code):
+    if field.data is not None:
+        if check_hash(field.data, code.code) is False:
+            return False
+        else:
+            return True
+    else:
+        return False

tests/app/main/test_verify_form.py

@@ -86,6 +86,22 @@ def test_should_return_errors_when_code_is_expired(notifications_admin, notifica
         assert set(errors) == set(expected)
 
 
+def test_should_return_valid_form_when_many_codes_exist(notifications_admin,
+                                                        notifications_admin_db,
+                                                        notify_db_session):
+    with notifications_admin.test_request_context(method='POST',
+                                                  data={'sms_code': '23456',
+                                                        'email_code': '23456'}) as req:
+        user = set_up_test_data()
+        verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email')
+        verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='sms')
+        verify_codes_dao.add_code(user_id=user.id, code='60456', code_type='email')
+        verify_codes_dao.add_code(user_id=user.id, code='27856', code_type='sms')
+        req.session['user_id'] = user.id
+        form = VerifyForm(req.request.form)
+        assert form.validate() is True
+
+
 def set_up_test_data():
     user = create_test_user('pending')
     verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='email')

tests/app/main/views/test_verify.py

@@ -56,3 +56,24 @@ def test_should_return_400_when_codes_are_wrong(notifications_admin, notificatio
         errors = json.loads(response.get_data(as_text=True))
         assert len(errors) == 2
         assert set(errors) == set(expected)
+
+
+def test_should_mark_all_codes_as_used_when_many_codes_exist(notifications_admin,
+                                                             notifications_admin_db,
+                                                             notify_db_session):
+    with notifications_admin.test_client() as client:
+        with client.session_transaction() as session:
+            user = create_test_user('pending')
+            session['user_id'] = user.id
+        code1 = verify_codes_dao.add_code(user_id=user.id, code='23345', code_type='sms')
+        code2 = verify_codes_dao.add_code(user_id=user.id, code='98456', code_type='email')
+        code3 = verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms')
+        code4 = verify_codes_dao.add_code(user_id=user.id, code='23412', code_type='email')
+        response = client.post('/verify',
+                               data={'sms_code': '23345',
+                                     'email_code': '23412'})
+        assert response.status_code == 302
+        assert verify_codes_dao.get_code_by_id(code1).code_used is True
+        assert verify_codes_dao.get_code_by_id(code2).code_used is True
+        assert verify_codes_dao.get_code_by_id(code3).code_used is True
+        assert verify_codes_dao.get_code_by_id(code4).code_used is True