diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py
index 2719e2b97..05061543e 100644
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -5,7 +5,8 @@ from flask import (
session,
flash,
request,
- abort
+ abort,
+ Markup
)
from flask.ext.login import (
@@ -69,7 +70,11 @@ def sign_in():
else:
return redirect(url_for('.two_factor'))
# Vague error message for login in case of user not known, locked, inactive or password not verified
- flash('Username or password is incorrect')
+ flash(Markup((
+ "The username or password you entered is incorrect.
"
+ " If you need to, you can reset "
+ "your password").format(password_reset=url_for('.forgot_password'))
+ ))
return render_template('views/signin.html', form=form)
diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py
index 6d2a150c4..33d77a80f 100644
--- a/tests/app/main/views/test_sign_in.py
+++ b/tests/app/main/views/test_sign_in.py
@@ -51,7 +51,7 @@ def test_should_return_locked_out_true_when_user_is_locked(app_,
'email_address': 'valid@example.gov.uk',
'password': 'whatIsMyPassword!'})
assert resp.status_code == 200
- assert 'Username or password is incorrect' in resp.get_data(as_text=True)
+ assert 'The username or password you entered is incorrect' in resp.get_data(as_text=True)
def test_should_return_200_when_user_does_not_exist(app_, mock_get_user_by_email_not_found):
@@ -61,7 +61,7 @@ def test_should_return_200_when_user_does_not_exist(app_, mock_get_user_by_email
'email_address': 'notfound@gov.uk',
'password': 'doesNotExist!'})
assert response.status_code == 200
- assert 'Username or password is incorrect' in response.get_data(as_text=True)
+ assert 'The username or password you entered is incorrect' in response.get_data(as_text=True)
def test_should_return_redirect_when_user_is_pending(app_,