darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-05 10:53:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

109638656: Implementation of two factor verification

Browse Source 
Validation of the code is done in the form, when the form.validate_on_submit is called the validate code methods are called as well.
This commit is contained in:
Rebecca Law
2015-12-09 11:36:57 +00:00
parent 1af2dd5e98
commit 9ba229820a
5 changed files with 46 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
app/main/forms.py
View File

@@ -46,12 +46,7 @@ class TwoFactorForm(Form):
Regexp(regex=verify_code, message='Code must be 5 digits')]) Regexp(regex=verify_code, message='Code must be 5 digits')])
def validate_sms_code(self, a): def validate_sms_code(self, a):
if self.sms_code.data is not None: validate_code(self.sms_code, session['sms_code'])
if checkpw(str(self.sms_code.data), session['sms_code']) is False:
self.sms_code.errors.append('Code does not match')
return False
else:
return True
class VerifyForm(Form): class VerifyForm(Form):
@@ -63,17 +58,18 @@ class VerifyForm(Form):
Regexp(regex=verify_code, message='Code must be 5 digits')]) Regexp(regex=verify_code, message='Code must be 5 digits')])
def validate_email_code(self, a): def validate_email_code(self, a):
if self.email_code.data is not None: validate_code(self.email_code, session['email_code'])
if checkpw(str(self.email_code.data), session['email_code']) is False:
self.email_code.errors.append('Code does not match')
return False
else:
return True
def validate_sms_code(self, a): def validate_sms_code(self, a):
if self.sms_code.data is not None: validate_code(self.sms_code, session['sms_code'])
if checkpw(str(self.sms_code.data), session['sms_code']) is False:
self.sms_code.errors.append('Code does not match')
return False def validate_code(field, code):
if field.data is not None:
if checkpw(str(field.data), code) is False:
field.errors.append('Code does not match')
return False
else: else:
return True return True
else:
return True

1
app/main/views/two_factor.py
View File

@@ -16,7 +16,6 @@ def process_two_factor():
form = TwoFactorForm() form = TwoFactorForm()
if form.validate_on_submit(): if form.validate_on_submit():
user = users_dao.get_user_by_id(session['user_id']) user = users_dao.get_user_by_id(session['user_id'])
login_user(user) login_user(user)
return redirect('/dashboard') return redirect('/dashboard')

2
requirements_for_test.txt
View File

@@ -1,4 +1,4 @@
-r requirements.txt -r requirements.txt
pep8==1.5.7 pep8==1.5.7
pytest==2.8.1 pytest==2.8.1
pytest-mock==0.8.1 pytest-mock==0.8.1

16
tests/app/main/views/test_two_factor.py
View File

@@ -1,3 +1,5 @@
from flask import json
from app.main.encryption import hashpw from app.main.encryption import hashpw
from tests.app.main.views import create_test_user from tests.app.main.views import create_test_user
@@ -30,8 +32,7 @@ def test_should_return_400_with_sms_code_error_when_sms_code_is_wrong(notificati
response = client.post('/two-factor', response = client.post('/two-factor',
data={'sms_code': '23456'}) data={'sms_code': '23456'})
assert response.status_code == 400 assert response.status_code == 400
assert 'sms_code' in response.get_data(as_text=True) assert {'sms_code': ['Code does not match']} == json.loads(response.get_data(as_text=True))
assert 'Code does not match' in response.get_data(as_text=True)
def test_should_return_400_when_sms_code_is_empty(notifications_admin, notifications_admin_db): def test_should_return_400_when_sms_code_is_empty(notifications_admin, notifications_admin_db):
@@ -42,8 +43,7 @@ def test_should_return_400_when_sms_code_is_empty(notifications_admin, notificat
session['sms_code'] = hashpw('12345') session['sms_code'] = hashpw('12345')
response = client.post('/two-factor') response = client.post('/two-factor')
assert response.status_code == 400 assert response.status_code == 400
assert 'sms_code' in response.get_data(as_text=True) assert {'sms_code': ['Please enter your code']} == json.loads(response.get_data(as_text=True))
assert 'Please enter your code' in response.get_data(as_text=True)
def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db): def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db):
@@ -51,8 +51,10 @@ def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notif
with client.session_transaction() as session: with client.session_transaction() as session:
user = create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('12345') session['sms_code'] = hashpw('23467')
response = client.post('/two-factor', data={'sms_code': '2346'}) response = client.post('/two-factor', data={'sms_code': '2346'})
assert response.status_code == 400 assert response.status_code == 400
assert 'sms_code' in response.get_data(as_text=True) data = json.loads(response.get_data(as_text=True))
assert 'Code must be 5 digits' in response.get_data(as_text=True) assert len(data.keys()) == 1
assert 'sms_code' in data
assert data['sms_code'].sort() == ['Code must be 5 digits', 'Code does not match'].sort()

61
tests/app/main/views/test_verify.py
View File

@@ -1,8 +1,8 @@
from datetime import datetime from flask import json
from app.main.dao import users_dao from app.main.dao import users_dao
from app.main.encryption import hashpw from app.main.encryption import hashpw
from app.models import User from tests.app.main.views import create_test_user
def test_should_return_verify_template(notifications_admin, notifications_admin_db): def test_should_return_verify_template(notifications_admin, notifications_admin_db):
@@ -14,7 +14,7 @@ def test_should_return_verify_template(notifications_admin, notifications_admin_
def test_should_redirect_to_add_service_when_code_are_correct(notifications_admin, notifications_admin_db): def test_should_redirect_to_add_service_when_code_are_correct(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('12345') session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('23456') session['email_code'] = hashpw('23456')
@@ -28,7 +28,7 @@ def test_should_redirect_to_add_service_when_code_are_correct(notifications_admi
def test_should_activate_user_after_verify(notifications_admin, notifications_admin_db): def test_should_activate_user_after_verify(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('12345') session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('23456') session['email_code'] = hashpw('23456')
@@ -43,7 +43,7 @@ def test_should_activate_user_after_verify(notifications_admin, notifications_ad
def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notifications_admin_db): def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('12345') session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('23456') session['email_code'] = hashpw('23456')
@@ -51,14 +51,13 @@ def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notificat
data={'sms_code': '98765', data={'sms_code': '98765',
'email_code': '23456'}) 'email_code': '23456'})
assert response.status_code == 400 assert response.status_code == 400
assert 'sms_code' in response.get_data(as_text=True) assert {'sms_code': ['Code does not match']} == json.loads(response.get_data(as_text=True))
assert 'Code does not match' in response.get_data(as_text=True)
def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db): def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('12345') session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('98456') session['email_code'] = hashpw('98456')
@@ -66,58 +65,57 @@ def test_should_return_400_when_email_code_is_wrong(notifications_admin, notific
data={'sms_code': '12345', data={'sms_code': '12345',
'email_code': '23456'}) 'email_code': '23456'})
assert response.status_code == 400 assert response.status_code == 400
print(response.get_data(as_text=True)) assert {'email_code': ['Code does not match']} == json.loads(response.get_data(as_text=True))
assert 'email_code' in response.get_data(as_text=True)
assert 'Code does not match' in response.get_data(as_text=True)
def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db): def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('12345') session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('98456') session['email_code'] = hashpw('98456')
response = client.post('/verify', response = client.post('/verify',
data={'email_code': '23456'}) data={'email_code': '98456'})
assert response.status_code == 400 assert response.status_code == 400
assert 'SMS code can not be empty' in response.get_data(as_text=True) assert {'sms_code': ['SMS code can not be empty']} == json.loads(response.get_data(as_text=True))
def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db): def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('23456') session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('23456') session['email_code'] = hashpw('23456')
response = client.post('/verify', response = client.post('/verify',
data={'sms_code': '23456'}) data={'sms_code': '23456'})
assert response.status_code == 400 assert response.status_code == 400
assert 'Email code can not be empty' in response.get_data(as_text=True) assert {'email_code': ['Email code can not be empty']} == json.loads(response.get_data(as_text=True))
def test_should_return_400_when_email_code_has_letter(notifications_admin, notifications_admin_db): def test_should_return_400_when_email_code_has_letter(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('23456') session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('23456') session['email_code'] = hashpw('23456')
response = client.post('/verify', response = client.post('/verify',
data={'sms_code': '23456', data={'sms_code': '23456',
'email_code': 'abcde'}) 'email_code': 'abcde'})
data = response.get_data(as_text=True)
assert response.status_code == 400 assert response.status_code == 400
data = json.loads(response.get_data(as_text=True))
expected = {'email_code': ['Code does not match', 'Code must be 5 digits']}
assert len(data.keys()) == 1
assert 'email_code' in data assert 'email_code' in data
assert 'Code does not match' in data assert data['email_code'].sort() == expected['email_code'].sort()
assert 'Code must be 5 digits' in data
def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db): def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('23456') session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('23456') session['email_code'] = hashpw('23456')
@@ -125,16 +123,17 @@ def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notif
data={'sms_code': '2345', data={'sms_code': '2345',
'email_code': '23456'}) 'email_code': '23456'})
assert response.status_code == 400 assert response.status_code == 400
data = response.get_data(as_text=True) data = json.loads(response.get_data(as_text=True))
expected = {'sms_code': ['Code must be 5 digits', 'Code does not match']}
assert len(data.keys()) == 1
assert 'sms_code' in data assert 'sms_code' in data
assert 'Code must be 5 digits' in data assert data['sms_code'].sort() == expected['sms_code'].sort()
assert 'Code does not match' in data
def test_should_return_302_when_email_code_starts_with_zero(notifications_admin, notifications_admin_db): def test_should_return_302_when_email_code_starts_with_zero(notifications_admin, notifications_admin_db):
with notifications_admin.test_client() as client: with notifications_admin.test_client() as client:
with client.session_transaction() as session: with client.session_transaction() as session:
user = _create_test_user() user = create_test_user()
session['user_id'] = user.id session['user_id'] = user.id
session['sms_code'] = hashpw('23456') session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('09765') session['email_code'] = hashpw('09765')
@@ -143,15 +142,3 @@ def test_should_return_302_when_email_code_starts_with_zero(notifications_admin,
'email_code': '09765'}) 'email_code': '09765'})
assert response.status_code == 302 assert response.status_code == 302
assert response.location == 'http://localhost/add-service' assert response.location == 'http://localhost/add-service'
def _create_test_user():
user = User(name='Test User',
password='somepassword',
email_address='test@user.gov.uk',
mobile_number='+441234123412',
created_at=datetime.now(),
role_id=1,
state='pending')
users_dao.insert_user(user)
return user