108537814: Implementation of 3 factor authentication.

The post register endpoint will send a random 5 digit code via sms and another via email.
If either code fails to send, the user will not be created and the person can register again.
The codes are saved to the session cookie, and expire in 1 hour.

Another iteration of this story will save the codes to a database.

tests/app/main/views/test_register.py

@@ -7,17 +7,22 @@ def test_render_register_returns_template_with_form(notifications_admin, notific
     assert 'Create an account' in response.get_data(as_text=True)
 
 
-def test_process_register_creates_new_user(notifications_admin, notifications_admin_db):
+def test_process_register_creates_new_user(notifications_admin, notifications_admin_db, mocker):
+    _set_up_mocker(mocker)
+
     response = notifications_admin.test_client().post('/register',
                                                       data={'name': 'Some One Valid',
                                                             'email_address': 'someone@example.gov.uk',
                                                             'mobile_number': '+441231231231',
                                                             'password': 'validPassword!'})
     assert response.status_code == 302
-    assert response.location == 'http://localhost/two-factor'
+    assert response.location == 'http://localhost/verify'
 
 
-def test_process_register_returns_400_when_mobile_number_is_invalid(notifications_admin, notifications_admin_db):
+def test_process_register_returns_400_when_mobile_number_is_invalid(notifications_admin,
+                                                                    notifications_admin_db,
+                                                                    mocker):
+    _set_up_mocker(mocker)
     response = notifications_admin.test_client().post('/register',
                                                       data={'name': 'Bad Mobile',
                                                             'email_address': 'bad_mobile@example.gov.uk',
@@ -28,7 +33,8 @@ def test_process_register_returns_400_when_mobile_number_is_invalid(notification
     assert 'Please enter a +44 mobile number' in response.get_data(as_text=True)
 
 
-def test_should_return_400_when_email_is_not_gov_uk(notifications_admin, notifications_admin_db):
+def test_should_return_400_when_email_is_not_gov_uk(notifications_admin, notifications_admin_db, mocker):
+    _set_up_mocker(mocker)
     response = notifications_admin.test_client().post('/register',
                                                       data={'name': 'Bad Mobile',
                                                             'email_address': 'bad_mobile@example.not.right',
@@ -39,6 +45,23 @@ def test_should_return_400_when_email_is_not_gov_uk(notifications_admin, notific
     assert 'Please enter a gov.uk email address' in response.get_data(as_text=True)
 
 
+def test_should_add_verify_codes_on_session(notifications_admin, notifications_admin_db, mocker):
+    _set_up_mocker(mocker)
+    with notifications_admin.test_client() as client:
+        response = client.post('/register',
+                               data={'name': 'Test Codes',
+                                     'email_address': 'test_codes@example.gov.uk',
+                                     'mobile_number': '+441234567890',
+                                     'password': 'validPassword!'})
+        assert response.status_code == 302
+        assert 'notify_admin_session' in response.headers.get('Set-Cookie')
+
+
+def _set_up_mocker(mocker):
+    mocker.patch("app.admin_api_client.send_sms")
+    mocker.patch("app.admin_api_client.send_email")
+
+
 def test_should_return_400_if_password_is_blacklisted(notifications_admin, notifications_admin_db):
     response = notifications_admin.test_client().post('/register',
                                                       data={'name': 'Bad Mobile',