109526520: Add custom validators for the VerifyForm

If the email_code or sms_code entered does not pass check password, then add errors to the form.
2026-02-05 10:53:28 -05:00 · 2015-12-08 11:56:49 +00:00
parent 4486a859f8
commit bef2258803
3 changed files with 48 additions and 23 deletions
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -1,7 +1,9 @@
+from flask import session
 from flask_wtf import Form
 from wtforms import StringField, PasswordField, IntegerField
 from wtforms.validators import DataRequired, Email, Length, Regexp

+from app.main.encryption import checkpw
 from app.main.validators import Blacklist


@@ -43,3 +45,19 @@ class VerifyForm(Form):
                            validators=[DataRequired(message='SMS code can not be empty')])
    email_code = IntegerField("Email confirmation code",
                              validators=[DataRequired(message='Email code can not be empty')])
+
+    def validate_email_code(self, a):
+        if self.email_code.data is not None:
+            if checkpw(str(self.email_code.data), session['email_code']) is False:
+                self.email_code.errors.append('Code does not match')
+                return False
+        else:
+            return True
+
+    def validate_sms_code(self, a):
+        if self.sms_code.data is not None:
+            if checkpw(str(self.sms_code.data), session['sms_code']) is False:
+                self.sms_code.errors.append('Code does not match')
+                return False
+        else:
+            return True
--- a/app/main/views/verify.py
+++ b/app/main/views/verify.py
@@ -3,7 +3,6 @@ from flask_login import login_user

 from app.main import main
 from app.main.dao import users_dao
-from app.main.encryption import checkpw
 from app.main.forms import VerifyForm


@@ -16,17 +15,10 @@ def render_verify():
 def process_verify():
    form = VerifyForm()
    if form.validate_on_submit():
-        valid_sms = checkpw(form.sms_code.data, session['sms_code'])
-        valid_email = checkpw(form.email_code.data, session['email_code'])
-        if valid_sms is False:
-            return jsonify(sms_code='does not match'), 400
-        if valid_email is False:
-            return jsonify(email_code='does not match'), 400
+        user = users_dao.get_user_by_id(session['user_id'])
+        users_dao.activate_user(user.id)
+        login_user(user)
+        return redirect('/add-service')
    else:
+        print(form.errors)
        return jsonify(form.errors), 400
-
-    user = users_dao.get_user_by_id(session['user_id'])
-    users_dao.activate_user(user.id)
-    login_user(user)
-
-    return redirect('/add-service')
--- a/tests/app/main/views/test_verify.py
+++ b/tests/app/main/views/test_verify.py
@@ -51,7 +51,8 @@ def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notificat
                               data={'sms_code': '98765',
                                     'email_code': '23456'})
        assert response.status_code == 400
-        assert '"sms_code": "does not match"' in response.get_data(as_text=True)
+        assert 'sms_code' in response.get_data(as_text=True)
+        assert 'Code does not match' in response.get_data(as_text=True)


 def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db):
@@ -65,21 +66,35 @@ def test_should_return_400_when_email_code_is_wrong(notifications_admin, notific
                               data={'sms_code': '12345',
                                     'email_code': '23456'})
        assert response.status_code == 400
-        assert '"email_code": "does not match"' in response.get_data(as_text=True)
+        print(response.get_data(as_text=True))
+        assert 'email_code' in response.get_data(as_text=True)
+        assert 'Code does not match' in response.get_data(as_text=True)


 def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db):
-    response = notifications_admin.test_client().post('/verify',
-                                                      data={'email_code': '23456'})
-    assert response.status_code == 400
-    assert 'SMS code can not be empty' in response.get_data(as_text=True)
+    with notifications_admin.test_client() as client:
+        with client.session_transaction() as session:
+            user = _create_test_user()
+            session['user_id'] = user.id
+            session['sms_code'] = hashpw('12345')
+            session['email_code'] = hashpw('98456')
+        response = client.post('/verify',
+                               data={'email_code': '23456'})
+        assert response.status_code == 400
+        assert 'SMS code can not be empty' in response.get_data(as_text=True)


 def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db):
-    response = notifications_admin.test_client().post('/verify',
-                                                      data={'sms_code': '23456'})
-    assert response.status_code == 400
-    assert 'Email code can not be empty' in response.get_data(as_text=True)
+    with notifications_admin.test_client() as client:
+        with client.session_transaction() as session:
+            user = _create_test_user()
+            session['user_id'] = user.id
+            session['sms_code'] = hashpw('23456')
+            session['email_code'] = hashpw('23456')
+        response = client.post('/verify',
+                               data={'sms_code': '23456'})
+        assert response.status_code == 400
+        assert 'Email code can not be empty' in response.get_data(as_text=True)


 def _create_test_user():