diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 2719e2b97..05061543e 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -5,7 +5,8 @@ from flask import ( session, flash, request, - abort + abort, + Markup ) from flask.ext.login import ( @@ -69,7 +70,11 @@ def sign_in(): else: return redirect(url_for('.two_factor')) # Vague error message for login in case of user not known, locked, inactive or password not verified - flash('Username or password is incorrect') + flash(Markup(( + "The username or password you entered is incorrect.
" + " If you need to, you can reset " + "your password").format(password_reset=url_for('.forgot_password')) + )) return render_template('views/signin.html', form=form) diff --git a/tests/app/main/views/test_sign_in.py b/tests/app/main/views/test_sign_in.py index 6d2a150c4..33d77a80f 100644 --- a/tests/app/main/views/test_sign_in.py +++ b/tests/app/main/views/test_sign_in.py @@ -51,7 +51,7 @@ def test_should_return_locked_out_true_when_user_is_locked(app_, 'email_address': 'valid@example.gov.uk', 'password': 'whatIsMyPassword!'}) assert resp.status_code == 200 - assert 'Username or password is incorrect' in resp.get_data(as_text=True) + assert 'The username or password you entered is incorrect' in resp.get_data(as_text=True) def test_should_return_200_when_user_does_not_exist(app_, mock_get_user_by_email_not_found): @@ -61,7 +61,7 @@ def test_should_return_200_when_user_does_not_exist(app_, mock_get_user_by_email 'email_address': 'notfound@gov.uk', 'password': 'doesNotExist!'}) assert response.status_code == 200 - assert 'Username or password is incorrect' in response.get_data(as_text=True) + assert 'The username or password you entered is incorrect' in response.get_data(as_text=True) def test_should_return_redirect_when_user_is_pending(app_,