From 54f871dfba3dcf0122c4410d5e61e9531194ad9c Mon Sep 17 00:00:00 2001
From: Adam Shimali <adam.shimali@gmail.com>
Date: Thu, 10 Mar 2016 14:48:33 +0000
Subject: [PATCH] Only actually call api to verify code if both are present in
 form.

---
 app/main/forms.py                   |  6 ++++--
 app/main/views/verify.py            |  3 ++-
 tests/app/main/views/test_verify.py | 29 ++++++++++++++++++++++++-----
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/app/main/forms.py b/app/main/forms.py
index 1dbf8594f..acf3fdaae 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -168,10 +168,12 @@ class VerifyForm(Form):
             raise ValidationError(reason)
 
     def validate_email_code(self, field):
-        self._validate_code(field.data, 'email')
+        if self.sms_code.data:
+            self._validate_code(field.data, 'email')
 
     def validate_sms_code(self, field):
-        self._validate_code(field.data, 'sms')
+        if self.email_code.data:
+            self._validate_code(field.data, 'sms')
 
 
 class EmailNotReceivedForm(Form):
diff --git a/app/main/views/verify.py b/app/main/views/verify.py
index 63cc1cb18..c4549762b 100644
--- a/app/main/views/verify.py
+++ b/app/main/views/verify.py
@@ -24,6 +24,7 @@ def verify():
 
     def _check_code(code, code_type):
         return users_dao.check_verify_code(user_id, code, code_type)
+
     form = VerifyForm(_check_code)
     if form.validate_on_submit():
         try:
@@ -37,6 +38,6 @@ def verify():
             else:
                 raise e
         finally:
-            del session['user_details']
+            session.pop('user_details', None)
 
     return render_template('views/verify.html', form=form)
diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py
index 4b5d790da..d149ba362 100644
--- a/tests/app/main/views/test_verify.py
+++ b/tests/app/main/views/test_verify.py
@@ -1,8 +1,4 @@
-from flask import json, url_for
-from app.main.dao import users_dao
-from tests import create_test_api_user
-
-import pytest
+from flask import url_for
 
 
 def test_should_return_verify_template(app_,
@@ -67,3 +63,26 @@ def test_should_return_200_when_codes_are_wrong(app_,
             assert response.status_code == 200
             resp_data = response.get_data(as_text=True)
             assert resp_data.count('Code not found') == 2
+
+
+def test_should_only_check_codes_in_validation_if_both_are_present(app_,
+                                                                   api_user_active,
+                                                                   mock_get_user,
+                                                                   mock_update_user,
+                                                                   mock_check_verify_code):
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            with client.session_transaction() as session:
+                session['user_details'] = {'email_address': api_user_active.email_address, 'id': api_user_active.id}
+            response = client.post(url_for('main.verify'), data={'sms_code': '12345'})
+            assert response.status_code == 200
+            assert not mock_check_verify_code.called
+
+            response = client.post(url_for('main.verify'), data={'email_code': '12345'})
+            assert response.status_code == 200
+            assert not mock_check_verify_code.called
+
+            response = client.post(url_for('main.verify'), data={'sms_code': '12345', 'email_code': '12345'})
+            assert response.status_code == 302
+            assert mock_check_verify_code.called
+            assert mock_check_verify_code.call_count == 2