Updated to include corrected flash message.

app/main/views/sign_in.py

@@ -71,9 +71,9 @@ def sign_in():
                     return redirect(url_for('.two_factor'))
         # Vague error message for login in case of user not known, locked, inactive or password not verified
         flash(Markup((
-            "The username or password you entered is incorrect.<br/>"
-            " If you need to, you can <a href={password_reset}>reset "
-            "your password</a>").format(password_reset=url_for('.forgot_password'))
+            "The email address or password you entered is incorrect."
+            " <a href={password_reset}>Forgot your password</a>?"
+            ).format(password_reset=url_for('.forgot_password'))
         ))
 
     return render_template('views/signin.html', form=form)

tests/app/main/views/test_sign_in.py

@@ -51,7 +51,7 @@ def test_should_return_locked_out_true_when_user_is_locked(app_,
                 'email_address': 'valid@example.gov.uk',
                 'password': 'whatIsMyPassword!'})
         assert resp.status_code == 200
-        assert 'The username or password you entered is incorrect' in resp.get_data(as_text=True)
+        assert 'The email address or password you entered is incorrect' in resp.get_data(as_text=True)
 
 
 def test_should_return_200_when_user_does_not_exist(app_, mock_get_user_by_email_not_found):
@@ -61,7 +61,7 @@ def test_should_return_200_when_user_does_not_exist(app_, mock_get_user_by_email
                 'email_address': 'notfound@gov.uk',
                 'password': 'doesNotExist!'})
     assert response.status_code == 200
-    assert 'The username or password you entered is incorrect' in response.get_data(as_text=True)
+    assert 'The email address or password you entered is incorrect' in response.get_data(as_text=True)
 
 
 def test_should_return_redirect_when_user_is_pending(app_,