darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-05-05 00:20:43 -04:00
Code Issues Packages Projects Releases Wiki Activity

109526520: Add custom validators for the VerifyForm

Browse Source 
If the email_code or sms_code entered does not pass check password, then add errors to the form.
This commit is contained in:
Rebecca Law
2015-12-08 11:56:49 +00:00
parent 4486a859f8
commit bef2258803
3 changed files with 48 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/main/forms.py
View File

@@ -1,7 +1,9 @@
from flask import session
from flask_wtf import Form from flask_wtf import Form
from wtforms import StringField, PasswordField, IntegerField from wtforms import StringField, PasswordField, IntegerField
from wtforms.validators import DataRequired, Email, Length, Regexp from wtforms.validators import DataRequired, Email, Length, Regexp
from app.main.encryption import checkpw
from app.main.validators import Blacklist from app.main.validators import Blacklist
@@ -43,3 +45,19 @@ class VerifyForm(Form):
validators=[DataRequired(message='SMS code can not be empty')]) validators=[DataRequired(message='SMS code can not be empty')])
email_code = IntegerField("Email confirmation code", email_code = IntegerField("Email confirmation code",
validators=[DataRequired(message='Email code can not be empty')]) validators=[DataRequired(message='Email code can not be empty')])
def validate_email_code(self, a):
if self.email_code.data is not None:
if checkpw(str(self.email_code.data), session['email_code']) is False:
self.email_code.errors.append('Code does not match')
return False
else:
return True
def validate_sms_code(self, a):
if self.sms_code.data is not None:
if checkpw(str(self.sms_code.data), session['sms_code']) is False:
self.sms_code.errors.append('Code does not match')
return False
else:
return True

18
app/main/views/verify.py
View File

@@ -3,7 +3,6 @@ from flask_login import login_user
from app.main import main from app.main import main
from app.main.dao import users_dao from app.main.dao import users_dao
from app.main.encryption import checkpw
from app.main.forms import VerifyForm from app.main.forms import VerifyForm
@@ -16,17 +15,10 @@ def render_verify():
def process_verify(): def process_verify():
form = VerifyForm() form = VerifyForm()
if form.validate_on_submit(): if form.validate_on_submit():
valid_sms = checkpw(form.sms_code.data, session['sms_code']) user = users_dao.get_user_by_id(session['user_id'])
valid_email = checkpw(form.email_code.data, session['email_code']) users_dao.activate_user(user.id)
if valid_sms is False: login_user(user)
return jsonify(sms_code='does not match'), 400 return redirect('/add-service')
if valid_email is False:
return jsonify(email_code='does not match'), 400
else: else:
print(form.errors)
return jsonify(form.errors), 400 return jsonify(form.errors), 400
user = users_dao.get_user_by_id(session['user_id'])
users_dao.activate_user(user.id)
login_user(user)
return redirect('/add-service')

35
tests/app/main/views/test_verify.py
View File

@@ -51,7 +51,8 @@ def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notificat
data={'sms_code': '98765', data={'sms_code': '98765',
'email_code': '23456'}) 'email_code': '23456'})
assert response.status_code == 400 assert response.status_code == 400
assert '"sms_code": "does not match"' in response.get_data(as_text=True) assert 'sms_code' in response.get_data(as_text=True)
assert 'Code does not match' in response.get_data(as_text=True)
def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db): def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db):
@@ -65,21 +66,35 @@ def test_should_return_400_when_email_code_is_wrong(notifications_admin, notific
data={'sms_code': '12345', data={'sms_code': '12345',
'email_code': '23456'}) 'email_code': '23456'})
assert response.status_code == 400 assert response.status_code == 400
assert '"email_code": "does not match"' in response.get_data(as_text=True) print(response.get_data(as_text=True))
assert 'email_code' in response.get_data(as_text=True)
assert 'Code does not match' in response.get_data(as_text=True)
def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db): def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db):
response = notifications_admin.test_client().post('/verify', with notifications_admin.test_client() as client:
data={'email_code': '23456'}) with client.session_transaction() as session:
assert response.status_code == 400 user = _create_test_user()
assert 'SMS code can not be empty' in response.get_data(as_text=True) session['user_id'] = user.id
session['sms_code'] = hashpw('12345')
session['email_code'] = hashpw('98456')
response = client.post('/verify',
data={'email_code': '23456'})
assert response.status_code == 400
assert 'SMS code can not be empty' in response.get_data(as_text=True)
def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db): def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db):
response = notifications_admin.test_client().post('/verify', with notifications_admin.test_client() as client:
data={'sms_code': '23456'}) with client.session_transaction() as session:
assert response.status_code == 400 user = _create_test_user()
assert 'Email code can not be empty' in response.get_data(as_text=True) session['user_id'] = user.id
session['sms_code'] = hashpw('23456')
session['email_code'] = hashpw('23456')
response = client.post('/verify',
data={'sms_code': '23456'})
assert response.status_code == 400
assert 'Email code can not be empty' in response.get_data(as_text=True)
def _create_test_user(): def _create_test_user():