darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

109638656: Implementation of two factor verification

Browse Source 
Validation of the code is done in the form, when the form.validate_on_submit is called the validate code methods are called as well.
This commit is contained in:
Rebecca Law
2015-12-09 11:36:57 +00:00
parent 1af2dd5e98
commit 9ba229820a
5 changed files with 46 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/app/main/views/test_two_factor.py
View File

@@ -1,3 +1,5 @@
from flask import json
from app.main.encryption import hashpw
from tests.app.main.views import create_test_user
@@ -30,8 +32,7 @@ def test_should_return_400_with_sms_code_error_when_sms_code_is_wrong(notificati
response = client.post('/two-factor',
data={'sms_code': '23456'})
assert response.status_code == 400
assert 'sms_code' in response.get_data(as_text=True)
assert 'Code does not match' in response.get_data(as_text=True)
assert {'sms_code': ['Code does not match']} == json.loads(response.get_data(as_text=True))
def test_should_return_400_when_sms_code_is_empty(notifications_admin, notifications_admin_db):
@@ -42,8 +43,7 @@ def test_should_return_400_when_sms_code_is_empty(notifications_admin, notificat
session['sms_code'] = hashpw('12345')
response = client.post('/two-factor')
assert response.status_code == 400
assert 'sms_code' in response.get_data(as_text=True)
assert 'Please enter your code' in response.get_data(as_text=True)
assert {'sms_code': ['Please enter your code']} == json.loads(response.get_data(as_text=True))
def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db):
@@ -51,8 +51,10 @@ def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notif
with client.session_transaction() as session:
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('12345')
session['sms_code'] = hashpw('23467')
response = client.post('/two-factor', data={'sms_code': '2346'})
assert response.status_code == 400
assert 'sms_code' in response.get_data(as_text=True)
assert 'Code must be 5 digits' in response.get_data(as_text=True)
data = json.loads(response.get_data(as_text=True))
assert len(data.keys()) == 1
assert 'sms_code' in data
assert data['sms_code'].sort() == ['Code must be 5 digits', 'Code does not match'].sort()

61
tests/app/main/views/test_verify.py
View File

@@ -1,8 +1,8 @@
from datetime import datetime
from flask import json
from app.main.dao import users_dao
from app.main.encryption import hashpw
from app.models import User
from tests.app.main.views import create_test_user
def test_should_return_verify_template(notifications_admin, notifications_admin_db):
@@ -14,7 +14,7 @@ def test_should_return_verify_template(notifications_admin, notifications_admin_
def test_should_redirect_to_add_service_when_code_are_correct(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('23456')
@@ -28,7 +28,7 @@ def test_should_redirect_to_add_service_when_code_are_correct(notifications_admi
def test_should_activate_user_after_verify(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('23456')
@@ -43,7 +43,7 @@ def test_should_activate_user_after_verify(notifications_admin, notifications_ad
def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('23456')
@@ -51,14 +51,13 @@ def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notificat
data={'sms_code': '98765',
'email_code': '23456'})
assert response.status_code == 400
assert 'sms_code' in response.get_data(as_text=True)
assert 'Code does not match' in response.get_data(as_text=True)
assert {'sms_code': ['Code does not match']} == json.loads(response.get_data(as_text=True))
def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('98456')
@@ -66,58 +65,57 @@ def test_should_return_400_when_email_code_is_wrong(notifications_admin, notific
data={'sms_code': '12345',
'email_code': '23456'})
assert response.status_code == 400
print(response.get_data(as_text=True))
assert 'email_code' in response.get_data(as_text=True)
assert 'Code does not match' in response.get_data(as_text=True)
assert {'email_code': ['Code does not match']} == json.loads(response.get_data(as_text=True))
def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('98456')
response = client.post('/verify',
data={'email_code': '23456'})
data={'email_code': '98456'})
assert response.status_code == 400
assert 'SMS code can not be empty' in response.get_data(as_text=True)
assert {'sms_code': ['SMS code can not be empty']} == json.loads(response.get_data(as_text=True))
def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('23456')
response = client.post('/verify',
data={'sms_code': '23456'})
assert response.status_code == 400
assert 'Email code can not be empty' in response.get_data(as_text=True)
assert {'email_code': ['Email code can not be empty']} == json.loads(response.get_data(as_text=True))
def test_should_return_400_when_email_code_has_letter(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('23456')
response = client.post('/verify',
data={'sms_code': '23456',
'email_code': 'abcde'})
data = response.get_data(as_text=True)
assert response.status_code == 400
data = json.loads(response.get_data(as_text=True))
expected = {'email_code': ['Code does not match', 'Code must be 5 digits']}
assert len(data.keys()) == 1
assert 'email_code' in data
assert 'Code does not match' in data
assert 'Code must be 5 digits' in data
assert data['email_code'].sort() == expected['email_code'].sort()
def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('23456')
@@ -125,16 +123,17 @@ def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notif
data={'sms_code': '2345',
'email_code': '23456'})
assert response.status_code == 400
data = response.get_data(as_text=True)
data = json.loads(response.get_data(as_text=True))
expected = {'sms_code': ['Code must be 5 digits', 'Code does not match']}
assert len(data.keys()) == 1
assert 'sms_code' in data
assert 'Code must be 5 digits' in data
assert 'Code does not match' in data
assert data['sms_code'].sort() == expected['sms_code'].sort()
def test_should_return_302_when_email_code_starts_with_zero(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client:
with client.session_transaction() as session:
user = _create_test_user()
user = create_test_user()
session['user_id'] = user.id
session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('09765')
@@ -143,15 +142,3 @@ def test_should_return_302_when_email_code_starts_with_zero(notifications_admin,
'email_code': '09765'})
assert response.status_code == 302
assert response.location == 'http://localhost/add-service'
def _create_test_user():
user = User(name='Test User',
password='somepassword',
email_address='test@user.gov.uk',
mobile_number='+441234123412',
created_at=datetime.now(),
role_id=1,
state='pending')
users_dao.insert_user(user)
return user