109638656: Use Regex validator for sms code to ensure it is 5 digits.

2026-02-05 10:53:28 -05:00 · 2015-12-08 15:44:40 +00:00
parent 7570a80a00
commit 1af2dd5e98
2 changed files with 15 additions and 2 deletions
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -1,6 +1,6 @@
 from flask import session
 from flask_wtf import Form
-from wtforms import StringField, PasswordField, IntegerField
+from wtforms import StringField, PasswordField
 from wtforms.validators import DataRequired, Email, Length, Regexp

 from app.main.encryption import checkpw
@@ -42,7 +42,8 @@ class RegisterUserForm(Form):


 class TwoFactorForm(Form):
-    sms_code = IntegerField('sms code', validators=[DataRequired(message='Please enter your code')])
+    sms_code = StringField('sms code', validators=[DataRequired(message='Please enter your code'),
+                                                   Regexp(regex=verify_code, message='Code must be 5 digits')])

    def validate_sms_code(self, a):
        if self.sms_code.data is not None:
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -44,3 +44,15 @@ def test_should_return_400_when_sms_code_is_empty(notifications_admin, notificat
        assert response.status_code == 400
        assert 'sms_code' in response.get_data(as_text=True)
        assert 'Please enter your code' in response.get_data(as_text=True)
+
+
+def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db):
+    with notifications_admin.test_client() as client:
+        with client.session_transaction() as session:
+            user = create_test_user()
+            session['user_id'] = user.id
+            session['sms_code'] = hashpw('12345')
+        response = client.post('/two-factor', data={'sms_code': '2346'})
+        assert response.status_code == 400
+        assert 'sms_code' in response.get_data(as_text=True)
+        assert 'Code must be 5 digits' in response.get_data(as_text=True)