Update register view form and template.

2026-02-05 02:42:26 -05:00 · 2016-01-05 12:41:20 +00:00
parent 99fe83503c
commit 7693ba8a18
6 changed files with 54 additions and 45 deletions
--- a/app/main/dao/users_dao.py
+++ b/app/main/dao/users_dao.py
@@ -14,6 +14,8 @@ def insert_user(user):
    db.session.commit()


+# TODO Would be better to have a generic get and update for user
+# something that replicates the sql functionality.
 def get_user_by_id(id):
    return User.query.filter_by(id=id).first()

--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -26,6 +26,12 @@ verify_code = '^\d{5}$'


 class RegisterUserForm(Form):
+
+    def __init__(self, existing_email_addresses, existing_mobile_numbers, *args, **kwargs):
+        self.existing_emails = existing_email_addresses
+        self.existing_mobiles = existing_mobile_numbers
+        super(RegisterUserForm, self).__init__(*args, **kwargs)
+
    name = StringField('Full name',
                       validators=[DataRequired(message='Name can not be empty')])
    email_address = StringField('Email address', validators=[
@@ -42,6 +48,16 @@ class RegisterUserForm(Form):
                                         Length(10, 255, message='Password must be at least 10 characters'),
                                         Blacklist(message='That password is blacklisted, too common')])

+    def validate_email_address(self, field):
+        # Validate email address is unique.
+        if field.data in self.existing_emails:
+            raise ValidationError('Email address already exists')
+
+    def validate_mobile_number(self, field):
+        # Validate mobile number is unique
+        if field.data in self.existing_mobiles:
+            raise ValidationError('Mobile number already exists')
+

 class TwoFactorForm(Form):
    sms_code = StringField('sms code', validators=[DataRequired(message='Please enter your code'),
--- a/app/main/views/register.py
+++ b/app/main/views/register.py
@@ -12,14 +12,19 @@ from app.main.views import send_sms_code, send_email_code
 from app.models import User


-@main.route("/register", methods=['GET'])
-def render_register():
-    return render_template('views/register.html', form=RegisterUserForm())
-
-
-@main.route('/register', methods=['POST'])
+# TODO how do we handle duplicate unverifed email addresses?
+# malicious or otherwise.
+@main.route('/register', methods=['GET', 'POST'])
 def process_register():
-    form = RegisterUserForm()
+    try:
+        existing_emails, existing_mobiles = zip(
+            *[(x.email_address, x.mobile_number) for x in
+                users_dao.get_all_users()])
+    except ValueError:
+        # Value error is raised if the db is empty.
+        existing_emails, existing_mobiles = [], []
+
+    form = RegisterUserForm(existing_emails, existing_mobiles)

    if form.validate_on_submit():
        user = User(name=form.name.data,
@@ -28,16 +33,16 @@ def process_register():
                    password=form.password.data,
                    created_at=datetime.now(),
                    role_id=1)
-        try:
-            users_dao.insert_user(user)
-            send_sms_code(user_id=user.id, mobile_number=form.mobile_number.data)
-            send_email_code(user_id=user.id, email=form.email_address.data)
-            session['expiry_date'] = str(datetime.now() + timedelta(hours=1))
-            session['user_id'] = user.id
-        except AdminApiClientException as e:
-            return jsonify(admin_api_client_error=e.value)
-        except SQLAlchemyError:
-            return jsonify(database_error='encountered database error'), 400
-    else:
-        return jsonify(form.errors), 400
-    return redirect('/verify')
+        users_dao.insert_user(user)
+        # TODO possibly there should be some exception handling
+        # for sending sms and email codes.
+        # How do we report to the user there is a problem with
+        # sending codes apart from service unavailable?
+        # at the moment i believe http 500 is fine.
+        send_sms_code(user_id=user.id, mobile_number=form.mobile_number.data)
+        send_email_code(user_id=user.id, email=form.email_address.data)
+        session['expiry_date'] = str(datetime.now() + timedelta(hours=1))
+        session['user_id'] = user.id
+        return redirect('/verify')
+
+    return render_template('views/register.html', form=form)
--- a/app/templates/views/register.html
+++ b/app/templates/views/register.html
@@ -14,24 +14,13 @@ GOV.UK Notify | Create an account

   		<form autocomplete="off" action="" method="post">
 			{{ form.hidden_tag() }}
-			<p>
-			<label class="form-label">Full name </label>
-			{{ form.name(class="form-control-2-3", autocomplete="off") }} <br>
-			</p>
-			<p>
-			<label class="form-label">Email address </label>
-			{{ form.email_address(class="form-control-2-3", autocomplete="off") }} <br>
+
+			{{ render_field(form.name, class='form-control-2-3') }}
+			{{ render_field(form.email_address, class='form-control-2-3') }}
 			<span class="font-xsmall">Your email address must end in .gov.uk</span>
-			</p>
-			<p>
-			<label class="form-label">Mobile phone number</label>
-			{{ form.mobile_number(class="form-control-1-4", autocomplete="off") }} <br>
-			</p>
-			<p>
-			<label class="form-label">Create a password </label>
-				{{ form.password(class="form-control-1-4", autocomplete="off") }} <br>
+			{{ render_field(form.mobile_number, class='form-control-2-3') }}
+			{{ render_field(form.password, class='form-control-2-3') }}
 			<span class="font-xsmall">Your password must have at least 10 characters</span></label>
-			</p>
 			<p>
 			<button class="button" role="button">Continue</button>
 			</p>
--- a/tests/app/main/test_validators.py
+++ b/tests/app/main/test_validators.py
@@ -4,14 +4,11 @@ from app.main.forms import RegisterUserForm


 def test_should_raise_validation_error_for_password(notifications_admin):
-    form = RegisterUserForm()
+    form = RegisterUserForm([], [])
    form.name.data = 'test'
    form.email_address.data = 'teset@example.gov.uk'
    form.mobile_number.data = '+441231231231'
    form.password.data = 'password1234'

-    try:
-        form.validate()
-        fail()
-    except:
-        assert 'That password is blacklisted, too common' in form.errors['password']
+    form.validate()
+    assert 'That password is blacklisted, too common' in form.errors['password']
--- a/tests/app/main/views/test_register.py
+++ b/tests/app/main/views/test_register.py
@@ -30,7 +30,7 @@ def test_process_register_returns_400_when_mobile_number_is_invalid(notification
                                                            'mobile_number': 'not good',
                                                            'password': 'validPassword!'})

-    assert response.status_code == 400
+    assert response.status_code == 200
    assert 'Please enter a +44 mobile number' in response.get_data(as_text=True)


@@ -45,7 +45,7 @@ def test_should_return_400_when_email_is_not_gov_uk(notifications_admin,
                                                            'mobile_number': '+44123412345',
                                                            'password': 'validPassword!'})

-    assert response.status_code == 400
+    assert response.status_code == 200
    assert 'Please enter a gov.uk email address' in response.get_data(as_text=True)


@@ -73,5 +73,5 @@ def test_should_return_400_if_password_is_blacklisted(notifications_admin, notif
                                                            'mobile_number': '+44123412345',
                                                            'password': 'password1234'})

-    response.status_code == 400
+    response.status_code == 200
    assert 'That password is blacklisted, too common' in response.get_data(as_text=True)