109526520: Implement verify flow

When a person registers with a valid mobile number and email address,
a code will be sent to each. That person can enter the verify codes and continue to the add-service page.

app/main/dao/users_dao.py

@@ -30,3 +30,10 @@ def increment_failed_login_count(id):
     user = User.query.filter_by(id=id).first()
     user.failed_login_count += 1
     db.session.commit()
+
+
+def activate_user(id):
+    user = get_user_by_id(id)
+    user.state = 'active'
+    db.session.add(user)
+    db.session.commit()

app/main/forms.py

@@ -39,5 +39,7 @@ class RegisterUserForm(Form):
 
 
 class VerifyForm(Form):
-    sms_code = IntegerField(DataRequired(message='SMS code can not be empty'))
-    email_code = IntegerField(DataRequired(message='Email code can not be empty'))
+    sms_code = IntegerField("Text message confirmation code",
+                            validators=[DataRequired(message='SMS code can not be empty')])
+    email_code = IntegerField("Email confirmation code",
+                              validators=[DataRequired(message='Email code can not be empty')])

app/main/views/register.py

@@ -36,6 +36,7 @@ def process_register():
             session['email_code'] = hashpw(email_code)
             session['expiry_date'] = str(datetime.now() + timedelta(hours=1))
             users_dao.insert_user(user)
+            session['user_id'] = user.id
         except AdminApiClientException as e:
             return jsonify(admin_api_client_error=e.value)
         except SQLAlchemyError:

app/main/views/verify.py

@@ -1,6 +1,8 @@
-from app.main import main
 from flask import render_template, redirect, jsonify, session
+from flask_login import login_user
 
+from app.main import main
+from app.main.dao import users_dao
 from app.main.encryption import checkpw
 from app.main.forms import VerifyForm
 
@@ -13,15 +15,18 @@ def render_verify():
 @main.route('/verify', methods=['POST'])
 def process_verify():
     form = VerifyForm()
-
     if form.validate_on_submit():
         valid_sms = checkpw(form.sms_code.data, session['sms_code'])
         valid_email = checkpw(form.email_code.data, session['email_code'])
         if valid_sms is False:
-            return jsonify(sms_code='invalid'), 400
+            return jsonify(sms_code='does not match'), 400
         if valid_email is False:
-            return jsonify(email_code='invalid'), 400
+            return jsonify(email_code='does not match'), 400
     else:
         return jsonify(form.errors), 400
 
+    user = users_dao.get_user_by_id(session['user_id'])
+    users_dao.activate_user(user.id)
+    login_user(user)
+
     return redirect('/add-service')