109638656: Send sms code from sign-in post.

2026-02-05 10:53:28 -05:00 · 2015-12-08 09:21:51 +00:00
parent eae2756a5e
commit c946f85f9d
5 changed files with 41 additions and 30 deletions
--- a/app/main/views/init.py
+++ b/app/main/views/init.py
@@ -0,0 +1,30 @@
+from random import randint
+from app import admin_api_client
+from app.main.exceptions import AdminApiClientException
+
+
+def create_verify_code():
+    return ''.join(["%s" % randint(0, 9) for _ in range(0, 5)])
+
+
+def send_sms_code(mobile_number):
+    sms_code = create_verify_code()
+    try:
+        admin_api_client.send_sms(mobile_number, message=sms_code, token=admin_api_client.auth_token)
+    except:
+        raise AdminApiClientException('Exception when sending sms.')
+    return sms_code
+
+
+def send_email_code(email):
+    email_code = create_verify_code()
+    try:
+        admin_api_client.send_email(email_address=email,
+                                    from_str='notify@digital.cabinet-office.gov.uk',
+                                    message=email_code,
+                                    subject='Verification code',
+                                    token=admin_api_client.auth_token)
+    except:
+        raise AdminApiClientException('Exception when sending email.')
+
+    return email_code
--- a/app/main/views/register.py
+++ b/app/main/views/register.py
@@ -1,15 +1,14 @@
 from datetime import datetime, timedelta
-from random import randint

 from flask import render_template, redirect, jsonify, session
 from sqlalchemy.exc import SQLAlchemyError

-from app import admin_api_client
 from app.main import main
 from app.main.dao import users_dao
 from app.main.encryption import hashpw
 from app.main.exceptions import AdminApiClientException
 from app.main.forms import RegisterUserForm
+from app.main.views import send_sms_code, send_email_code
 from app.models import User


@@ -46,28 +45,4 @@ def process_register():
    return redirect('/verify')


-def send_sms_code(mobile_number):
-    sms_code = _create_code()
-    try:
-        admin_api_client.send_sms(mobile_number, message=sms_code, token=admin_api_client.auth_token)
-    except:
-        raise AdminApiClientException('Exception when sending sms.')
-    return sms_code

-
-def send_email_code(email):
-    email_code = _create_code()
-    try:
-        admin_api_client.send_email(email_address=email,
-                                    from_str='notify@digital.cabinet-office.gov.uk',
-                                    message=email_code,
-                                    subject='Verification code',
-                                    token=admin_api_client.auth_token)
-    except:
-        raise AdminApiClientException('Exception when sending email.')
-
-    return email_code
-
-
-def _create_code():
-    return ''.join(["%s" % randint(0, 9) for _ in range(0, 5)])
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -1,10 +1,12 @@
 from flask import render_template, redirect, jsonify
-from flask_login import login_user
+from flask import session

 from app.main import main
 from app.main.dao import users_dao
 from app.main.encryption import checkpw
+from app.main.encryption import hashpw
 from app.main.forms import LoginForm
+from app.main.views import send_sms_code


@main.route("/sign-in", methods=(['GET']))
@@ -24,7 +26,9 @@ def process_sign_in():
        if not user.is_active():
            return jsonify(active_user=False), 401
        if checkpw(form.password.data, user.password):
-            login_user(user)
+            sms_code = send_sms_code(user.mobile_number)
+            session['user_id'] = user.id
+            session['sms_code'] = hashpw(sms_code)
        else:
            users_dao.increment_failed_login_count(user.id)
            return jsonify(authorization=False), 401
--- a/app/main/views/two_factor.py
+++ b/app/main/views/two_factor.py
@@ -1,4 +1,5 @@
 from flask import render_template, redirect, jsonify
+from flask_login import login_user

 from app.main import main
 from app.main.forms import TwoFactorForm
@@ -14,6 +15,7 @@ def process_two_factor():
    form = TwoFactorForm()

    if form.validate_on_submit():
+        login_user(user)
        return redirect('/dashboard')
    else:
        return jsonify(form.errors), 400
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -8,7 +8,7 @@ def test_should_render_two_factor_page(notifications_admin, notifications_admin_

 def test_should_login_user_and_redirect_to_dashboard(notifications_admin, notifications_admin_db):
    response = notifications_admin.test_client().post('/two-factor',
-                                                       data={'sms_code': '12345'})
+                                                      data={'sms_code': '12345'})

    assert response.status_code == 302
-    assert response.location == 'http://localhost/dashboard'
+    assert response.location == 'http://localhost/dashboard'