diff --git a/app/main/forms.py b/app/main/forms.py index 76634c5ae..202134a7b 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -23,7 +23,7 @@ class LoginForm(Form): gov_uk_email = "(^[^@^\\s]+@[^@^\\.^\\s]+(\\.[^@^\\.^\\s]*)*.gov.uk)" mobile_number = "^\\+44[\\d]{10}$" -verify_code = "[\\d]{5}$" +verify_code = '^\d{5}$' class RegisterUserForm(Form): @@ -62,6 +62,7 @@ class VerifyForm(Form): Regexp(regex=verify_code, message='Code must be 5 digits')]) def validate_email_code(self, a): + print('validating the email_code') code = verify_codes_dao.get_code(session['user_id'], 'email') validate_code(self.email_code, code) diff --git a/tests/app/main/test_verify_form.py b/tests/app/main/test_verify_form.py new file mode 100644 index 000000000..bafd04465 --- /dev/null +++ b/tests/app/main/test_verify_form.py @@ -0,0 +1,99 @@ +from datetime import datetime, timedelta + +from app.main.dao import verify_codes_dao +from app.main.forms import VerifyForm +from tests.app.main import create_test_user + + +def test_form_should_have_error_when_code_is_not_valid(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '12345aa', 'email_code': 'abcde'}) as req: + user = set_up_test_data() + req.session['user_id']= user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + assert len(errors) == 2 + expected = set({'email_code': ['Code must be 5 digits', 'Code does not match'], + 'sms_code': ['Code does not match', 'Code must be 5 digits']}) + assert 'sms_code' in errors + assert set(errors) == expected + + +def test_should_return_errors_when_code_missing(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={}) as req: + user = set_up_test_data() + req.session['user_id']= user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + expected = set({'sms_code': ['SMS code can not be empty'], + 'email_code': ['Email code can not be empty']}) + assert len(errors) == 2 + assert set(errors) == expected + + +def test_should_return_errors_when_code_is_too_short(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code':'123', 'email_code':'123'}) as req: + user = set_up_test_data() + req.session['user_id']= user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + expected = set({'sms_code': ['Code must be 5 digits', 'Code does not match'], + 'email_code': ['Code must be 5 digits', 'Code does not match']}) + assert len(errors) == 2 + assert set(errors) == expected + + +def test_should_return_errors_when_code_does_not_match(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '23456', 'email_code': '23456'}) as req: + user = set_up_test_data() + req.session['user_id']= user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + expected = set({'sms_code': ['Code does not match'], + 'email_code': ['Code does not match']}) + assert len(errors) == 2 + assert set(errors) == expected + + +def test_should_return_errors_when_code_is_expired(notifications_admin, notifications_admin_db, notify_db_session): + with notifications_admin.test_request_context(method='POST', + data={'sms_code': '23456', 'email_code': '23456'}) as req: + user = create_test_user() + verify_codes_dao.add_code_with_expiry(user_id=user.id, + code='23456', + code_type='email', + expiry=datetime.now() + timedelta(hours=-1)) + verify_codes_dao.add_code_with_expiry(user_id=user.id, + code='23456', + code_type='sms', + expiry=datetime.now() + timedelta(hours=-2)) + req.session['user_id']= user.id + form = VerifyForm(req.request.form) + assert form.validate() is False + errors = form.errors + expected = {'sms_code': ['Code has expired'], + 'email_code': ['Code has expired']} + assert len(errors) == 2 + assert 'sms_code' in errors + assert errors['sms_code'] == expected['sms_code'] + assert 'email_code' in errors + assert errors['email_code'] == expected['email_code'] + + + + + +def set_up_test_data(): + user = create_test_user() + verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='email') + verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms') + return user + + diff --git a/tests/app/main/views/test_two_factor.py b/tests/app/main/views/test_two_factor.py index 8865219df..1d8d7ea69 100644 --- a/tests/app/main/views/test_two_factor.py +++ b/tests/app/main/views/test_two_factor.py @@ -59,4 +59,4 @@ def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notif data = json.loads(response.get_data(as_text=True)) assert len(data.keys()) == 1 assert 'sms_code' in data - assert data['sms_code'].sort() == ['Code must be 5 digits', 'Code does not match'].sort() + assert set(data['sms_code']) == ['Code must be 5 digits', 'Code does not match'].sort() diff --git a/tests/app/main/views/test_verify.py b/tests/app/main/views/test_verify.py index 04636c733..cb3dad2b3 100644 --- a/tests/app/main/views/test_verify.py +++ b/tests/app/main/views/test_verify.py @@ -43,136 +43,23 @@ def test_should_activate_user_after_verify(notifications_admin, notifications_ad assert after_verify.state == 'active' -def test_should_return_400_when_sms_code_is_wrong(notifications_admin, notifications_admin_db, notify_db_session): +def test_should_return_400_when_codes_are_wrong(notifications_admin, notifications_admin_db, notify_db_session): with notifications_admin.test_client() as client: with client.session_transaction() as session: user = create_test_user() session['user_id'] = user.id - verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms') - verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email') - response = client.post('/verify', - data={'sms_code': '98765', - 'email_code': '23456'}) - assert response.status_code == 400 - assert {'sms_code': ['Code does not match']} == json.loads(response.get_data(as_text=True)) - - -def test_should_return_400_when_email_code_is_wrong(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_client() as client: - with client.session_transaction() as session: - user = create_test_user() - session['user_id'] = user.id - verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms') + verify_codes_dao.add_code(user_id=user.id, code='23345', code_type='sms') verify_codes_dao.add_code(user_id=user.id, code='98456', code_type='email') response = client.post('/verify', data={'sms_code': '12345', 'email_code': '23456'}) assert response.status_code == 400 - assert {'email_code': ['Code does not match']} == json.loads(response.get_data(as_text=True)) + expected = {'sms_code': ['Code must be 5 digits', 'Code does not match'], + 'email_code': ['Code must be 5 digits', 'Code does not match']} + errors = json.loads(response.get_data(as_text=True)) + assert len(errors) == 2 + assert 'sms_code' in errors + assert errors['sms_code'] == expected['sms_code'] + assert 'email_code' in errors + assert set(errors['email_code']) in set(expected['email_code']) - -def test_should_return_400_when_sms_code_is_missing(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_client() as client: - with client.session_transaction() as session: - user = create_test_user() - session['user_id'] = user.id - verify_codes_dao.add_code(user_id=user.id, code='12345', code_type='sms') - verify_codes_dao.add_code(user_id=user.id, code='98456', code_type='email') - response = client.post('/verify', - data={'email_code': '98456'}) - assert response.status_code == 400 - assert {'sms_code': ['SMS code can not be empty']} == json.loads(response.get_data(as_text=True)) - - -def test_should_return_400_when_email_code_is_missing(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_client() as client: - with client.session_transaction() as session: - user = create_test_user() - session['user_id'] = user.id - verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email') - verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='sms') - response = client.post('/verify', - data={'sms_code': '23456'}) - assert response.status_code == 400 - assert {'email_code': ['Email code can not be empty']} == json.loads(response.get_data(as_text=True)) - - -def test_should_return_400_when_email_code_has_letter(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_client() as client: - with client.session_transaction() as session: - user = create_test_user() - session['user_id'] = user.id - verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email') - verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='sms') - response = client.post('/verify', - data={'sms_code': '23456', - 'email_code': 'abcde'}) - assert response.status_code == 400 - data = json.loads(response.get_data(as_text=True)) - expected = {'email_code': ['Code does not match', 'Code must be 5 digits']} - assert len(data.keys()) == 1 - assert 'email_code' in data - assert data['email_code'].sort() == expected['email_code'].sort() - - -def test_should_return_400_when_sms_code_is_too_short(notifications_admin, notifications_admin_db, notify_db_session): - with notifications_admin.test_client() as client: - with client.session_transaction() as session: - user = create_test_user() - session['user_id'] = user.id - verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='email') - verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='sms') - response = client.post('/verify', - data={'sms_code': '2345', - 'email_code': '23456'}) - assert response.status_code == 400 - data = json.loads(response.get_data(as_text=True)) - expected = {'sms_code': ['Code must be 5 digits', 'Code does not match']} - assert len(data.keys()) == 1 - assert 'sms_code' in data - assert data['sms_code'].sort() == expected['sms_code'].sort() - - -def test_should_return_302_when_email_code_starts_with_zero(notifications_admin, - notifications_admin_db, - notify_db_session): - with notifications_admin.test_client() as client: - with client.session_transaction() as session: - user = create_test_user() - session['user_id'] = user.id - verify_codes_dao.add_code(user_id=user.id, code='23456', code_type='sms') - verify_codes_dao.add_code(user_id=user.id, code='09765', code_type='email') - response = client.post('/verify', - data={'sms_code': '23456', - 'email_code': '09765'}) - assert response.status_code == 302 - assert response.location == 'http://localhost/add-service' - - -def test_should_return_400_when_verify_code_has_expired(notifications_admin, - notifications_admin_db, - notify_db_session): - with notifications_admin.test_client() as client: - with client.session_transaction() as session: - user = create_test_user() - session['user_id'] = user.id - verify_codes_dao.add_code_with_expiry(user_id=user.id, - code='23456', - code_type='email', - expiry=datetime.now() + timedelta(hours=-2)) - verify_codes_dao.add_code_with_expiry(user_id=user.id, - code='23456', - code_type='sms', - expiry=datetime.now() + timedelta(hours=-2)) - response = client.post('/verify', - data={'sms_code': '23456', - 'email_code': '23456'}) - assert response.status_code == 400 - data = json.loads(response.get_data(as_text=True)) - expected = {'sms_code': ['Code has expired'], - 'email_code': ['Code has expired']} - assert len(data.keys()) == 2 - assert 'sms_code' in data - assert data['sms_code'].sort() == expected['sms_code'].sort() - assert 'email_code' in data - assert data['email_code'].sort() == expected['email_code'].sort()