First slice full sign in flow

app/main/dao/users_dao.py

@@ -27,11 +27,15 @@ def get_user_by_id(id):
 
 
 def get_all_users():
-    return User.query.all()
+    return user_api_client.get_users()
 
 
 def get_user_by_email(email_address):
-    return User.query.filter_by(email_address=email_address).first()
+    return user_api_client.get_user_by_email(email_address)
+
+
+def verify_password(user, password):
+    return user_api_client.verify_password(user, password)
 
 
 def increment_failed_login_count(id):

app/main/views/sign_in.py

@@ -1,10 +1,14 @@
 from flask import (
-    render_template, redirect, url_for)
-from flask import session
+    render_template,
+    redirect,
+    url_for,
+    session,
+    abort
+)
+
 
 from app.main import main
 from app.main.dao import users_dao
-from app.main.encryption import check_hash
 from app.main.forms import LoginForm
 from app.notify_client.sender import send_sms_code
 
@@ -16,13 +20,12 @@ def sign_in():
         if form.validate_on_submit():
             user = users_dao.get_user_by_email(form.email_address.data)
             if user:
-                # TODO move to user API in next pr to actually do password check as this
-                # is totally broken now
-                if not user.is_locked() and user.is_active() and check_hash(form.password.data, user.password):
+                if not user.is_locked() and user.is_active() and users_dao.verify_password(user, form.password.data):
                     send_sms_code(user.id, user.mobile_number)
                     session['user_email'] = user.email_address
                     return redirect(url_for('.two_factor'))
                 else:
+                    # TODO re wire this increment to api
                     users_dao.increment_failed_login_count(user.id)
             # Vague error message for login
             form.password.errors.append('Username or password is incorrect')
@@ -31,3 +34,4 @@ def sign_in():
     except:
         import traceback
         traceback.print_exc()
+        abort(500)

app/notify_client/user_api_client.py

@@ -1,4 +1,8 @@
 from client.notifications import BaseAPIClient
+from client.errors import (
+    HTTPError,
+    InvalidResponse
+)
 
 
 class UserApiClient(BaseAPIClient):
@@ -29,12 +33,45 @@ class UserApiClient(BaseAPIClient):
         user_data = self.get(url)
         return User(user_data['data'], max_failed_login_count=self.user_max_failed_login_count)
 
+    def get_users(self):
+        url = "{}/user".format(self.base_url)
+        users_data = self.get(url)['data']
+        users = []
+        for user in users_data:
+            users.append(User(user, max_failed_login_count=self.user_max_failed_login_count))
+        return users
+
     def update_user(self, user):
         data = user.serialize()
         url = "{}/user/{}".format(self.base_url, user.id)
         user_data = self.put(url, data=data)
         return User(user_data['data'], max_failed_login_count=self.user_max_failed_login_count)
 
+    def verify_password(self, user, password):
+        try:
+            data = user.serialize()
+            url = "{}/user/{}/verify/password".format(self.base_url, user.id)
+            data["password"] = password
+            resp = self.post(url, data=data)
+            if resp.status_code == 204:
+                return True
+        except HTTPError as e:
+            if e.status_code == 400 or e.status_code == 404:
+                return False
+        # TODO temp work around until client fixed
+        except InvalidResponse as e:
+            if e.status_code == 204:
+                return True
+            else:
+                raise e
+
+    def get_user_by_email(self, email_address):
+        users = self.get_users()
+        user = [u for u in users if u.email_address == email_address]
+        if len(user) == 1:
+            return user[0]
+        return None
+
 
 class User(object):