Sign in view, form and template refactored.

app/main/views/sign_in.py

@@ -8,28 +8,20 @@ from app.main.forms import LoginForm
 from app.main.views import send_sms_code
 
 
-@main.route("/sign-in", methods=(['GET']))
-def render_sign_in():
-    return render_template('views/signin.html', form=LoginForm())
-
-
-@main.route('/sign-in', methods=(['POST']))
-def process_sign_in():
+@main.route('/sign-in', methods=(['GET', 'POST']))
+def sign_in():
     form = LoginForm()
     if form.validate_on_submit():
         user = users_dao.get_user_by_email(form.email_address.data)
-        if user is None:
-            return jsonify(authorization=False), 401
-        if user.is_locked():
-            return jsonify(locked_out=True), 401
-        if not user.is_active():
-            return jsonify(active_user=False), 401
-        if check_hash(form.password.data, user.password):
-            send_sms_code(user.id, user.mobile_number)
-            session['user_id'] = user.id
-        else:
-            users_dao.increment_failed_login_count(user.id)
-            return jsonify(authorization=False), 401
-    else:
-        return jsonify(form.errors), 400
-    return redirect('/two-factor')
+
+        if user:
+            if not user.is_locked() and user.is_active() and check_hash(form.password.data, user.password):
+                send_sms_code(user.id, user.mobile_number)
+                session['user_id'] = user.id
+                return redirect('/two-factor')
+            else:
+                users_dao.increment_failed_login_count(user.id)
+        # Vague error message for login
+        form.password.errors.append('Username or password is incorrect')
+
+    return render_template('views/signin.html', form=form)

app/templates/views/signin.html

@@ -14,18 +14,11 @@ Sign in
 
 		<form autocomplete="off" action="" method="post">
 			{{ form.hidden_tag() }}
-			<p>
-			<label class="form-label">Email address</label>
-			{{ form.email_address(class="form-control-2-3", autocomplete="off") }} <br>
-			</p>
-			<p>
-			<label class="form-label">Password</label>
-				 {{ form.password(class="form-control-1-4", autocomplete="off") }} <br>
-			</p>
+			{{ render_field(form.email_address, class='form-control-2-3') }}
+			{{ render_field(form.password, class='form-control-2-3') }}
 			<p>
 			<span class="font-xsmall"><a href="">Forgotten password?</a></span>
 			</p>
-
 			<p>
 			<button class="button" href="two-factor" role="button">Continue</button>
 			</p>

tests/app/main/views/test_sign_in.py

@@ -50,14 +50,14 @@ def test_should_return_locked_out_true_when_user_is_locked(notifications_admin,
                                                       data={'email_address': 'valid@example.gov.uk',
                                                             'password': 'val1dPassw0rd!'})
 
-    assert response.status_code == 401
-    assert '"locked_out": true' in response.get_data(as_text=True)
+    assert response.status_code == 200
+    assert 'Username or password is incorrect' in response.get_data(as_text=True)
 
     another_bad_attempt = notifications_admin.test_client().post('/sign-in',
                                                                  data={'email_address': 'valid@example.gov.uk',
                                                                        'password': 'whatIsMyPassword!'})
-    assert another_bad_attempt.status_code == 401
-    assert '"locked_out": true' in response.get_data(as_text=True)
+    assert another_bad_attempt.status_code == 200
+    assert 'Username or password is incorrect' in response.get_data(as_text=True)
 
 
 def test_should_return_active_user_is_false_if_user_is_inactive(notifications_admin,
@@ -76,19 +76,19 @@ def test_should_return_active_user_is_false_if_user_is_inactive(notifications_ad
                                                       data={'email_address': 'inactive_user@example.gov.uk',
                                                             'password': 'val1dPassw0rd!'})
 
-    assert response.status_code == 401
-    assert '"active_user": false' in response.get_data(as_text=True)
+    assert response.status_code == 200
+    assert 'Username or password is incorrect' in response.get_data(as_text=True)
 
 
-def test_should_return_401_when_user_does_not_exist(notifications_admin, notifications_admin_db, notify_db_session):
+def test_should_return_200_when_user_does_not_exist(notifications_admin, notifications_admin_db, notify_db_session):
     response = notifications_admin.test_client().post('/sign-in',
                                                       data={'email_address': 'does_not_exist@gov.uk',
                                                             'password': 'doesNotExist!'})
-
-    assert response.status_code == 401
+    assert response.status_code == 200
+    assert 'Username or password is incorrect' in response.get_data(as_text=True)
 
 
-def test_should_return_400_when_user_is_not_active(notifications_admin, notifications_admin_db, notify_db_session):
+def test_should_return_200_when_user_is_not_active(notifications_admin, notifications_admin_db, notify_db_session):
     user = User(email_address='PendingUser@example.gov.uk',
                 password='val1dPassw0rd!',
                 mobile_number='+441234123123',
@@ -100,8 +100,8 @@ def test_should_return_400_when_user_is_not_active(notifications_admin, notifica
     response = notifications_admin.test_client().post('/sign-in',
                                                       data={'email_address': 'PendingUser@example.gov.uk',
                                                             'password': 'val1dPassw0rd!'})
-    assert response.status_code == 401
-    assert '"active_user": false' in response.get_data(as_text=True)
+    assert response.status_code == 200
+    assert 'Username or password is incorrect' in response.get_data(as_text=True)
 
 
 def _set_up_mocker(mocker):