From 010be66d31ae027e819efad41957655024066e63 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Thu, 17 Dec 2015 14:25:03 +0000 Subject: [PATCH] 109898688: Complete the implementation of the did not receive code. --- app/main/dao/verify_codes_dao.py | 6 +++- app/main/forms.py | 51 ++++++++++++++--------------- tests/app/main/test_verify_form.py | 16 +++++++++ tests/app/main/views/test_verify.py | 21 ++++++++++++ 4 files changed, 67 insertions(+), 27 deletions(-) diff --git a/app/main/dao/verify_codes_dao.py b/app/main/dao/verify_codes_dao.py index c7e325741..6f3e21d9d 100644 --- a/app/main/dao/verify_codes_dao.py +++ b/app/main/dao/verify_codes_dao.py @@ -39,9 +39,13 @@ def use_code_for_user_and_type(user_id, code_type): db.session.commit() +def get_code_by_id(id): + return VerifyCodes.query.get(id) + + def add_code_with_expiry(user_id, code, code_type, expiry): code = VerifyCodes(user_id=user_id, - code=code, + code=hashpw(code), code_type=code_type, expiry_datetime=expiry) diff --git a/app/main/forms.py b/app/main/forms.py index 626247525..eddc61bf6 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -49,10 +49,7 @@ class TwoFactorForm(Form): Regexp(regex=verify_code, message='Code must be 5 digits')]) def validate_sms_code(self, a): - codes = verify_codes_dao.get_codes(session['user_id'], 'sms') - for code in codes: - if validate_code(self.sms_code, code): - return True + return validate_codes(self.sms_code, 'sms') class VerifyForm(Form): @@ -64,30 +61,10 @@ class VerifyForm(Form): Regexp(regex=verify_code, message='Code must be 5 digits')]) def validate_email_code(self, a): - codes = verify_codes_dao.get_codes(session['user_id'], 'email') - for code in codes: - if validate_code(self.email_code, code): - return True + return validate_codes(self.email_code, 'email') def validate_sms_code(self, a): - codes = verify_codes_dao.get_codes(session['user_id'], 'sms') - for code in codes: - if validate_code(self.sms_code, code): - return True - - -def validate_code(field, code): - if code.expiry_datetime <= datetime.now(): - field.errors.append('Code has expired') - return False - if field.data is not None: - if check_hash(field.data, code.code) is False: - field.errors.append('Code does not match') - return False - else: - return True - else: - return False + return validate_codes(self.sms_code, 'sms') class EmailNotReceivedForm(Form): @@ -114,3 +91,25 @@ class AddServiceForm(Form): return False else: return True + + +def validate_codes(field, code_type): + codes = verify_codes_dao.get_codes(user_id=session['user_id'], code_type=code_type) + for code in codes: + if validate_code(field, code): + if code.expiry_datetime <= datetime.now(): + field.errors.append('Code has expired') + return False + return True + field.errors.append('Code does not match') + return False + + +def validate_code(field, code): + if field.data is not None: + if check_hash(field.data, code.code) is False: + return False + else: + return True + else: + return False diff --git a/tests/app/main/test_verify_form.py b/tests/app/main/test_verify_form.py index 35425cb23..a72d18fd4 100644 --- a/tests/app/main/test_verify_form.py +++ b/tests/app/main/test_verify_form.py @@ -86,6 +86,22 @@ def test_should_return_errors_when_code_is_expired(notifications_admin, notifica assert set(errors) == set(expected) +def test_should_return_valid_form_when_many_codes_exist(notifications_admin, + notifications_admin_db, + notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '23456', + 'email_code': '23456'}) as req: + user = set_up_test_data() + verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email') + verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='sms') + verify_codes_dao.add_code(user_id=user.id, code='60456', code_type='email') + verify_codes_dao.add_code(user_id=user.id, code='27856', code_type='sms') + req.session['user_id'] = user.id + form = VerifyForm(req.request.form) + assert form.validate() is True + + def set_up_test_data(): user = create_test_user('pending') verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='email') diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py index a905420f1..9398dff47 100644 --- a/tests/app/main/views/test_verify.py +++ b/tests/app/main/views/test_verify.py @@ -56,3 +56,24 @@ def test_should_return_400_when_codes_are_wrong(notifications_admin, notificatio errors = json.loads(response.get_data(as_text=True)) assert len(errors) == 2 assert set(errors) == set(expected) + + +def test_should_mark_all_codes_as_used_when_many_codes_exist(notifications_admin, + notifications_admin_db, + notify_db_session): + with notifications_admin.test_client() as client: + with client.session_transaction() as session: + user = create_test_user('pending') + session['user_id'] = user.id + code1 = verify_codes_dao.add_code(user_id=user.id, code='23345', code_type='sms') + code2 = verify_codes_dao.add_code(user_id=user.id, code='98456', code_type='email') + code3 = verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms') + code4 = verify_codes_dao.add_code(user_id=user.id, code='23412', code_type='email') + response = client.post('/verify', + data={'sms_code': '23345', + 'email_code': '23412'}) + assert response.status_code == 302 + assert verify_codes_dao.get_code_by_id(code1).code_used is True + assert verify_codes_dao.get_code_by_id(code2).code_used is True + assert verify_codes_dao.get_code_by_id(code3).code_used is True + assert verify_codes_dao.get_code_by_id(code4).code_used is True