109526520: Add custom validators for the VerifyForm

If the email_code or sms_code entered does not pass check password, then add errors to the form.
2026-02-05 10:53:28 -05:00 · 2015-12-08 11:56:49 +00:00
parent 4486a859f8
commit bef2258803
3 changed files with 48 additions and 23 deletions
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -1,7 +1,9 @@
+from flask import session
 from flask_wtf import Form
 from wtforms import StringField, PasswordField, IntegerField
 from wtforms.validators import DataRequired, Email, Length, Regexp

+from app.main.encryption import checkpw
 from app.main.validators import Blacklist


@@ -43,3 +45,19 @@ class VerifyForm(Form):
                            validators=[DataRequired(message='SMS code can not be empty')])
    email_code = IntegerField("Email confirmation code",
                              validators=[DataRequired(message='Email code can not be empty')])
+
+    def validate_email_code(self, a):
+        if self.email_code.data is not None:
+            if checkpw(str(self.email_code.data), session['email_code']) is False:
+                self.email_code.errors.append('Code does not match')
+                return False
+        else:
+            return True
+
+    def validate_sms_code(self, a):
+        if self.sms_code.data is not None:
+            if checkpw(str(self.sms_code.data), session['sms_code']) is False:
+                self.sms_code.errors.append('Code does not match')
+                return False
+        else:
+            return True
--- a/app/main/views/verify.py
+++ b/app/main/views/verify.py
@@ -3,7 +3,6 @@ from flask_login import login_user

 from app.main import main
 from app.main.dao import users_dao
-from app.main.encryption import checkpw
 from app.main.forms import VerifyForm


@@ -16,17 +15,10 @@ def render_verify():
 def process_verify():
    form = VerifyForm()
    if form.validate_on_submit():
-        valid_sms = checkpw(form.sms_code.data, session['sms_code'])
-        valid_email = checkpw(form.email_code.data, session['email_code'])
-        if valid_sms is False:
-            return jsonify(sms_code='does not match'), 400
-        if valid_email is False:
-            return jsonify(email_code='does not match'), 400
+        user = users_dao.get_user_by_id(session['user_id'])
+        users_dao.activate_user(user.id)
+        login_user(user)
+        return redirect('/add-service')
    else:
+        print(form.errors)
        return jsonify(form.errors), 400
-
-    user = users_dao.get_user_by_id(session['user_id'])
-    users_dao.activate_user(user.id)
-    login_user(user)
-
-    return redirect('/add-service')