From 9923c14e73c6eb7dc52735649a5819bb9122678c Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 8 Dec 2015 15:30:55 +0000 Subject: [PATCH] 109526520: Changed the code form fields to StringField When the codes were IntegerFields and the code started with zero, the zero was trimmed, resulting in a failed match. --- app/main/forms.py | 10 ++++++---- app/main/views/sign_in.py | 5 +---- tests/app/main/views/test_verify.py | 28 ++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 8 deletions(-) diff --git a/app/main/forms.py b/app/main/forms.py index 75118e611..a228a8f61 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -41,10 +41,12 @@ class RegisterUserForm(Form): class VerifyForm(Form): - sms_code = IntegerField("Text message confirmation code", - validators=[DataRequired(message='SMS code can not be empty')]) - email_code = IntegerField("Email confirmation code", - validators=[DataRequired(message='Email code can not be empty')]) + sms_code = StringField("Text message confirmation code", + validators=[DataRequired(message='SMS code can not be empty'), + Length(min=5, max=5, message='Code must be 5 digits')]) + email_code = StringField("Email confirmation code", + validators=[DataRequired(message='Email code can not be empty'), + Length(min=5, max=5, message='Code must be 5 digits')]) def validate_email_code(self, a): if self.email_code.data is not None: diff --git a/app/main/views/sign_in.py b/app/main/views/sign_in.py index 5fb1abc5b..aaa6d827b 100644 --- a/app/main/views/sign_in.py +++ b/app/main/views/sign_in.py @@ -1,13 +1,10 @@ -from datetime import datetime - from flask import render_template, redirect, jsonify from flask_login import login_user from app.main import main -from app.main.forms import LoginForm from app.main.dao import users_dao -from app.models import User from app.main.encryption import checkpw +from app.main.forms import LoginForm @main.route("/sign-in", methods=(['GET'])) diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py index bc1106a0d..7d9ea4f0e 100644 --- a/tests/app/main/views/test_verify.py +++ b/tests/app/main/views/test_verify.py @@ -97,6 +97,34 @@ def test_should_return_400_when_email_code_is_missing(notifications_admin, notif assert 'Email code can not be empty' in response.get_data(as_text=True) +def test_should_return_400_when_email_code_has_letter(notifications_admin, notifications_admin_db): + with notifications_admin.test_client() as client: + with client.session_transaction() as session: + user = _create_test_user() + session['user_id'] = user.id + session['sms_code'] = hashpw('23456') + session['email_code'] = hashpw('23456') + response = client.post('/verify', + data={'sms_code': '23456', + 'email_code': 'abcde'}) + assert response.status_code == 400 + assert 'Code does not match' in response.get_data(as_text=True) + + +def test_should_return_302_when_email_code_starts_with_zero(notifications_admin, notifications_admin_db): + with notifications_admin.test_client() as client: + with client.session_transaction() as session: + user = _create_test_user() + session['user_id'] = user.id + session['sms_code'] = hashpw('23456') + session['email_code'] = hashpw('09765') + response = client.post('/verify', + data={'sms_code': '23456', + 'email_code': '09765'}) + assert response.status_code == 302 + assert response.location == 'http://localhost/add-service' + + def _create_test_user(): user = User(name='Test User', password='somepassword',