109638656: Implement two factor verify flow

When user enters valid sms code they are redirected to the dashboard. Otherwise, form errors are present.
2026-02-05 10:53:28 -05:00 · 2015-12-08 12:36:54 +00:00
parent c946f85f9d
commit 2e59870490
6 changed files with 63 additions and 17 deletions
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -1,3 +1,8 @@
+from datetime import datetime
+
+from app.main.dao import users_dao
+from app.main.encryption import hashpw
+from app.models import User


 def test_should_render_two_factor_page(notifications_admin, notifications_admin_db):
@@ -7,8 +12,38 @@ def test_should_render_two_factor_page(notifications_admin, notifications_admin_


 def test_should_login_user_and_redirect_to_dashboard(notifications_admin, notifications_admin_db):
-    response = notifications_admin.test_client().post('/two-factor',
-                                                      data={'sms_code': '12345'})
+    with notifications_admin.test_client() as client:
+        with client.session_transaction() as session:
+            user = _create_test_user()
+            session['user_id'] = user.id
+            session['sms_code'] = hashpw('12345')
+        response = client.post('/two-factor',
+                               data={'sms_code': '12345'})

-    assert response.status_code == 302
-    assert response.location == 'http://localhost/dashboard'
+        assert response.status_code == 302
+        assert response.location == 'http://localhost/dashboard'
+
+
+def test_should_return_400_with_sms_code_error_when_sms_code_is_wrong(notifications_admin, notifications_admin_db):
+    with notifications_admin.test_client() as client:
+        with client.session_transaction() as session:
+            user = _create_test_user()
+            session['user_id'] = user.id
+            session['sms_code'] = hashpw('12345')
+        response = client.post('/two-factor',
+                               data={'sms_code': '23456'})
+        assert response.status_code == 400
+        assert 'sms_code' in response.get_data(as_text=True)
+        assert 'Code does not match' in response.get_data(as_text=True)
+
+
+def _create_test_user():
+    user = User(name='Test User',
+                password='somepassword',
+                email_address='test@user.gov.uk',
+                mobile_number='+441234123412',
+                created_at=datetime.now(),
+                role_id=1,
+                state='pending')
+    users_dao.insert_user(user)
+    return user