Only actually call api to verify code if both are present in form.

2026-02-05 02:42:26 -05:00 · 2016-03-10 14:48:33 +00:00
parent 8c250a7853
commit 54f871dfba
3 changed files with 30 additions and 8 deletions
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -168,10 +168,12 @@ class VerifyForm(Form):
            raise ValidationError(reason)

    def validate_email_code(self, field):
-        self._validate_code(field.data, 'email')
+        if self.sms_code.data:
+            self._validate_code(field.data, 'email')

    def validate_sms_code(self, field):
-        self._validate_code(field.data, 'sms')
+        if self.email_code.data:
+            self._validate_code(field.data, 'sms')


 class EmailNotReceivedForm(Form):
--- a/app/main/views/verify.py
+++ b/app/main/views/verify.py
@@ -24,6 +24,7 @@ def verify():

    def _check_code(code, code_type):
        return users_dao.check_verify_code(user_id, code, code_type)
+
    form = VerifyForm(_check_code)
    if form.validate_on_submit():
        try:
@@ -37,6 +38,6 @@ def verify():
            else:
                raise e
        finally:
-            del session['user_details']
+            session.pop('user_details', None)

    return render_template('views/verify.html', form=form)
--- a/tests/app/main/views/test_verify.py
+++ b/tests/app/main/views/test_verify.py
@@ -1,8 +1,4 @@
-from flask import json, url_for
-from app.main.dao import users_dao
-from tests import create_test_api_user
-
-import pytest
+from flask import url_for


 def test_should_return_verify_template(app_,
@@ -67,3 +63,26 @@ def test_should_return_200_when_codes_are_wrong(app_,
            assert response.status_code == 200
            resp_data = response.get_data(as_text=True)
            assert resp_data.count('Code not found') == 2
+
+
+def test_should_only_check_codes_in_validation_if_both_are_present(app_,
+                                                                   api_user_active,
+                                                                   mock_get_user,
+                                                                   mock_update_user,
+                                                                   mock_check_verify_code):
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            with client.session_transaction() as session:
+                session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
+            response = client.post(url_for('main.verify'), data={'sms_code': '12345'})
+            assert response.status_code == 200
+            assert not mock_check_verify_code.called
+
+            response = client.post(url_for('main.verify'), data={'email_code': '12345'})
+            assert response.status_code == 200
+            assert not mock_check_verify_code.called
+
+            response = client.post(url_for('main.verify'), data={'sms_code': '12345', 'email_code': '12345'})
+            assert response.status_code == 302
+            assert mock_check_verify_code.called
+            assert mock_check_verify_code.call_count == 2