diff --git a/app/main/forms.py b/app/main/forms.py index 202134a7b..c4ee1c995 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -62,7 +62,6 @@ class VerifyForm(Form): Regexp(regex=verify_code, message='Code must be 5 digits')]) def validate_email_code(self, a): - print('validating the email_code') code = verify_codes_dao.get_code(session['user_id'], 'email') validate_code(self.email_code, code) @@ -72,7 +71,7 @@ class VerifyForm(Form): def validate_code(field, code): - if code.expiry_datetime < datetime.now(): + if code.expiry_datetime > datetime.now(): field.errors.append('Code has expired') return False if field.data is not None: diff --git a/app/main/views/verify.py b/app/main/views/verify.py index 1cbfa63ce..d54e46d43 100644 --- a/app/main/views/verify.py +++ b/app/main/views/verify.py @@ -20,5 +20,4 @@ def process_verify(): login_user(user) return redirect('/add-service') else: - print(form.errors) return jsonify(form.errors), 400 diff --git a/tests/app/main/test_two_factor_form.py b/tests/app/main/test_two_factor_form.py new file mode 100644 index 000000000..7b6bec243 --- /dev/null +++ b/tests/app/main/test_two_factor_form.py @@ -0,0 +1,71 @@ +from datetime import datetime, timedelta + +from app.main.dao import verify_codes_dao +from app.main.forms import TwoFactorForm +from tests.app.main import create_test_user + + +def test_form_is_valid_returns_no_errors(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '12345'}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + form = TwoFactorForm(req.request.form) + assert form.validate() is True + assert len(form.errors) == 0 + + +def test_returns_errors_when_code_is_too_short(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '145'}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + form = TwoFactorForm(req.request.form) + assert form.validate() is False + assert len(form.errors) == 1 + assert set(form.errors) == set({'sms_code': ['Code must be 5 digits', 'Code does not match']}) + + +def test_returns_errors_when_code_is_missing(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + form = TwoFactorForm(req.request.form) + assert form.validate() is False + assert len(form.errors) == 1 + assert set(form.errors) == set({'sms_code': ['Code must not be empty']}) + + +def test_returns_errors_when_code_contains_letters(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code': 'asdfg'}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + form = TwoFactorForm(req.request.form) + assert form.validate() is False + assert len(form.errors) == 1 + assert set(form.errors) == set({'sms_code': ['Code must be 5 digits', 'Code does not match']}) + + +def test_should_return_errors_when_code_is_expired(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '12345'}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + verify_codes_dao.add_code_with_expiry(user_id=user.id, + code='12345', + code_type='sms', + expiry=datetime.now() + timedelta(hours=-2)) + req.session['user_id'] = user.id + form = TwoFactorForm(req.request.form) + assert form.validate() is False + errors = form.errors + assert len(errors) == 1 + assert errors == {'sms_code': ['Code has expired']} + + +def set_up_test_data(): + user = create_test_user() + verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms') + return user diff --git a/tests/app/main/test_verify_form.py b/tests/app/main/test_verify_form.py index bafd04465..7cd33c676 100644 --- a/tests/app/main/test_verify_form.py +++ b/tests/app/main/test_verify_form.py @@ -1,93 +1,89 @@ from datetime import datetime, timedelta - from app.main.dao import verify_codes_dao from app.main.forms import VerifyForm from tests.app.main import create_test_user def test_form_should_have_error_when_code_is_not_valid(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_request_context(method='POST', - data={'sms_code': '12345aa', 'email_code': 'abcde'}) as req: - user = set_up_test_data() - req.session['user_id']= user.id - form = VerifyForm(req.request.form) - assert form.validate() is False - errors = form.errors - assert len(errors) == 2 - expected = set({'email_code': ['Code must be 5 digits', 'Code does not match'], - 'sms_code': ['Code does not match', 'Code must be 5 digits']}) - assert 'sms_code' in errors - assert set(errors) == expected + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '12345aa', 'email_code': 'abcde'}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + assert len(errors) == 2 + expected = {'email_code': ['Code must be 5 digits', 'Code does not match'], + 'sms_code': ['Code does not match', 'Code must be 5 digits']} + assert 'sms_code' in errors + assert set(errors) == set(expected) def test_should_return_errors_when_code_missing(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_request_context(method='POST', - data={}) as req: - user = set_up_test_data() - req.session['user_id']= user.id - form = VerifyForm(req.request.form) - assert form.validate() is False - errors = form.errors - expected = set({'sms_code': ['SMS code can not be empty'], - 'email_code': ['Email code can not be empty']}) - assert len(errors) == 2 - assert set(errors) == expected + with notifications_admin.test_request_context(method='POST', + data={}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + expected = {'sms_code': ['SMS code can not be empty'], + 'email_code': ['Email code can not be empty']} + assert len(errors) == 2 + assert set(errors) == set(expected) def test_should_return_errors_when_code_is_too_short(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_request_context(method='POST', - data={'sms_code':'123', 'email_code':'123'}) as req: - user = set_up_test_data() - req.session['user_id']= user.id - form = VerifyForm(req.request.form) - assert form.validate() is False - errors = form.errors - expected = set({'sms_code': ['Code must be 5 digits', 'Code does not match'], - 'email_code': ['Code must be 5 digits', 'Code does not match']}) - assert len(errors) == 2 - assert set(errors) == expected + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '123', 'email_code': '123'}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + expected = {'sms_code': ['Code must be 5 digits', 'Code does not match'], + 'email_code': ['Code must be 5 digits', 'Code does not match']} + assert len(errors) == 2 + assert set(errors) == set(expected) def test_should_return_errors_when_code_does_not_match(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_request_context(method='POST', - data={'sms_code': '23456', 'email_code': '23456'}) as req: - user = set_up_test_data() - req.session['user_id']= user.id - form = VerifyForm(req.request.form) - assert form.validate() is False - errors = form.errors - expected = set({'sms_code': ['Code does not match'], - 'email_code': ['Code does not match']}) - assert len(errors) == 2 - assert set(errors) == expected + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '23456', 'email_code': '23456'}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + expected = {'sms_code': ['Code does not match'], + 'email_code': ['Code does not match']} + assert len(errors) == 2 + assert set(errors) == set(expected) def test_should_return_errors_when_code_is_expired(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_request_context(method='POST', - data={'sms_code': '23456', 'email_code': '23456'}) as req: - user = create_test_user() - verify_codes_dao.add_code_with_expiry(user_id=user.id, - code='23456', - code_type='email', - expiry=datetime.now() + timedelta(hours=-1)) - verify_codes_dao.add_code_with_expiry(user_id=user.id, - code='23456', - code_type='sms', - expiry=datetime.now() + timedelta(hours=-2)) - req.session['user_id']= user.id - form = VerifyForm(req.request.form) - assert form.validate() is False - errors = form.errors - expected = {'sms_code': ['Code has expired'], - 'email_code': ['Code has expired']} - assert len(errors) == 2 - assert 'sms_code' in errors - assert errors['sms_code'] == expected['sms_code'] - assert 'email_code' in errors - assert errors['email_code'] == expected['email_code'] - - + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '23456', + 'email_code': '23456'}) as req: + user = set_up_test_data() + req.session['user_id'] = user.id + verify_codes_dao.add_code_with_expiry(user_id=user.id, + code='23456', + code_type='sms', + expiry=datetime.now() + timedelta(hours=-2)) + verify_codes_dao.add_code_with_expiry(user_id=user.id, + code='23456', + code_type='email', + expiry=datetime.now() + timedelta(hours=-2)) + req.session['user_id'] = user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + expected = set({'sms_code': ['Code has expired'], + 'email_code': ['Code has exprired']}) + assert len(errors) == 2 + assert set(errors) == expected def set_up_test_data(): @@ -95,5 +91,3 @@ def set_up_test_data(): verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='email') verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms') return user - - diff --git a/tests/app/main/views/test_two_factor.py b/tests/app/main/views/test_two_factor.py index 1d8d7ea69..893408a3b 100644 --- a/tests/app/main/views/test_two_factor.py +++ b/tests/app/main/views/test_two_factor.py @@ -58,5 +58,4 @@ def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notif assert response.status_code == 400 data = json.loads(response.get_data(as_text=True)) assert len(data.keys()) == 1 - assert 'sms_code' in data - assert set(data['sms_code']) == ['Code must be 5 digits', 'Code does not match'].sort() + assert set(data) == set({'sms_code': ['Code must be 5 digits', 'Code does not match']}) diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py index cb3dad2b3..13bb17382 100644 --- a/tests/app/main/views/test_verify.py +++ b/tests/app/main/views/test_verify.py @@ -1,7 +1,4 @@ -from datetime import datetime, timedelta - from flask import json - from app.main.dao import users_dao, verify_codes_dao from tests.app.main import create_test_user @@ -55,11 +52,7 @@ def test_should_return_400_when_codes_are_wrong(notifications_admin, notificatio 'email_code': '23456'}) assert response.status_code == 400 expected = {'sms_code': ['Code must be 5 digits', 'Code does not match'], - 'email_code': ['Code must be 5 digits', 'Code does not match']} + 'email_code': ['Code must be 5 digits', 'Code does not match']} errors = json.loads(response.get_data(as_text=True)) assert len(errors) == 2 - assert 'sms_code' in errors - assert errors['sms_code'] == expected['sms_code'] - assert 'email_code' in errors - assert set(errors['email_code']) in set(expected['email_code']) - + assert set(errors) == set(expected)