diff --git a/app/main/forms.py b/app/main/forms.py
index 92ec1b8c5..75118e611 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -1,7 +1,9 @@
+from flask import session
 from flask_wtf import Form
 from wtforms import StringField, PasswordField, IntegerField
 from wtforms.validators import DataRequired, Email, Length, Regexp
 
+from app.main.encryption import checkpw
 from app.main.validators import Blacklist
 
 
@@ -43,3 +45,19 @@ class VerifyForm(Form):
                             validators=[DataRequired(message='SMS code can not be empty')])
     email_code = IntegerField("Email confirmation code",
                               validators=[DataRequired(message='Email code can not be empty')])
+
+    def validate_email_code(self, a):
+        if self.email_code.data is not None:
+            if checkpw(str(self.email_code.data), session['email_code']) is False:
+                self.email_code.errors.append('Code does not match')
+                return False
+        else:
+            return True
+
+    def validate_sms_code(self, a):
+        if self.sms_code.data is not None:
+            if checkpw(str(self.sms_code.data), session['sms_code']) is False:
+                self.sms_code.errors.append('Code does not match')
+                return False
+        else:
+            return True
diff --git a/app/main/views/verify.py b/app/main/views/verify.py
index 4e627d0a7..3e3c139af 100644
--- a/app/main/views/verify.py
+++ b/app/main/views/verify.py
@@ -3,7 +3,6 @@ from flask_login import login_user
 
 from app.main import main
 from app.main.dao import users_dao
-from app.main.encryption import checkpw
 from app.main.forms import VerifyForm
 
 
@@ -16,17 +15,10 @@ def render_verify():
 def process_verify():
     form = VerifyForm()
     if form.validate_on_submit():
-        valid_sms = checkpw(form.sms_code.data, session['sms_code'])
-        valid_email = checkpw(form.email_code.data, session['email_code'])
-        if valid_sms is False:
-            return jsonify(sms_code='does not match'), 400
-        if valid_email is False:
-            return jsonify(email_code='does not match'), 400
+        user = users_dao.get_user_by_id(session['user_id'])
+        users_dao.activate_user(user.id)
+        login_user(user)
+        return redirect('/add-service')
     else:
+        print(form.errors)
         return jsonify(form.errors), 400
-
-    user = users_dao.get_user_by_id(session['user_id'])
-    users_dao.activate_user(user.id)
-    login_user(user)
-
-    return redirect('/add-service')
diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py
index a595cbd5d..bc1106a0d 100644
--- a/tests/app/main/views/test_verify.py
+++ b/tests/app/main/views/test_verify.py
@@ -51,7 +51,8 @@ def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notificat
                                data={'sms_code': '98765',
                                      'email_code': '23456'})
         assert response.status_code == 400
-        assert '"sms_code": "does not match"' in response.get_data(as_text=True)
+        assert 'sms_code' in response.get_data(as_text=True)
+        assert 'Code does not match' in response.get_data(as_text=True)
 
 
 def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db):
@@ -65,21 +66,35 @@ def test_should_return_400_when_email_code_is_wrong(notifications_admin, notific
                                data={'sms_code': '12345',
                                      'email_code': '23456'})
         assert response.status_code == 400
-        assert '"email_code": "does not match"' in response.get_data(as_text=True)
+        print(response.get_data(as_text=True))
+        assert 'email_code' in response.get_data(as_text=True)
+        assert 'Code does not match' in response.get_data(as_text=True)
 
 
 def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db):
-    response = notifications_admin.test_client().post('/verify',
-                                                      data={'email_code': '23456'})
-    assert response.status_code == 400
-    assert 'SMS code can not be empty' in response.get_data(as_text=True)
+    with notifications_admin.test_client() as client:
+        with client.session_transaction() as session:
+            user = _create_test_user()
+            session['user_id'] = user.id
+            session['sms_code'] = hashpw('12345')
+            session['email_code'] = hashpw('98456')
+        response = client.post('/verify',
+                               data={'email_code': '23456'})
+        assert response.status_code == 400
+        assert 'SMS code can not be empty' in response.get_data(as_text=True)
 
 
 def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db):
-    response = notifications_admin.test_client().post('/verify',
-                                                      data={'sms_code': '23456'})
-    assert response.status_code == 400
-    assert 'Email code can not be empty' in response.get_data(as_text=True)
+    with notifications_admin.test_client() as client:
+        with client.session_transaction() as session:
+            user = _create_test_user()
+            session['user_id'] = user.id
+            session['sms_code'] = hashpw('23456')
+            session['email_code'] = hashpw('23456')
+        response = client.post('/verify',
+                               data={'sms_code': '23456'})
+        assert response.status_code == 400
+        assert 'Email code can not be empty' in response.get_data(as_text=True)
 
 
 def _create_test_user():