Updated error message is the code is not the right size or data type.

Updated two_factor to error is the user account is locked (locked = over 10 failed_login_count)

app/main/forms.py

@@ -118,14 +118,7 @@ def sms_code():
     return StringField('Text message code',
                        validators=[DataRequired(message='Can’t be empty'),
                                    Regexp(regex=verify_code,
-                                          message='Must be 5 digits')])
-
-
-def email_code():
-    verify_code = '^\d{5}$'
-    return StringField("Email code",
-                       validators=[DataRequired(message='Can’t be empty'),
-                                   Regexp(regex=verify_code, message='Must be 5 digits')])
+                                          message='Code not found')])
 
 
 class LoginForm(Form):

app/main/views/dashboard.py

@@ -1,12 +1,10 @@
-from datetime import datetime, timedelta
+from datetime import datetime
 
-import dateutil
 from flask import (
     render_template,
     url_for,
     session,
     jsonify,
-    current_app,
     request,
     abort
 )
@@ -23,8 +21,6 @@ from app.utils import (
     user_has_permissions,
     get_current_financial_year,
     FAILURE_STATUSES,
-    SENDING_STATUSES,
-    DELIVERED_STATUSES,
     REQUESTED_STATUSES,
 )
 

app/main/views/two_factor.py

@@ -32,6 +32,9 @@ def two_factor():
                 user.set_password(session['user_details']['password'])
                 user.reset_failed_login_count()
                 user_api_client.update_user(user)
+            if user.is_locked():
+                form.sms_code.errors.append('Code not found')
+                return render_template('views/two-factor.html', form=form)
             activated_user = user_api_client.activate_user(user)
             login_user(activated_user, remember=True)
         finally:

tests/app/main/test_two_factor_form.py

@@ -1,5 +1,3 @@
-from datetime import datetime, timedelta
-
 from app.main.forms import TwoFactorForm
 from app import user_api_client
 
@@ -28,7 +26,7 @@ def test_returns_errors_when_code_is_too_short(
         form = TwoFactorForm(_check_code)
         assert form.validate() is False
         assert len(form.errors) == 1
-        assert set(form.errors) == set({'sms_code': ['Code must be 5 digits', 'Code does not match']})
+        assert set(form.errors) == set({'sms_code': ['Code not found', 'Code does not match']})
 
 
 def test_returns_errors_when_code_is_missing(
@@ -56,7 +54,7 @@ def test_returns_errors_when_code_contains_letters(
         form = TwoFactorForm(_check_code)
         assert form.validate() is False
         assert len(form.errors) == 1
-        assert set(form.errors) == set({'sms_code': ['Code must be 5 digits', 'Code does not match']})
+        assert set(form.errors) == set({'sms_code': ['Code not found', 'Code does not match']})
 
 
 def test_should_return_errors_when_code_is_expired(

tests/app/main/views/test_two_factor.py

@@ -209,7 +209,25 @@ def test_two_factor_reset_login_count_called(
     )
     api_user_locked.reset_failed_login_count()
     api_user_locked.password = new_password
-    mock_update_user.assert_called_with(api_user_locked)
+    mock_update_user.assert_called_once_with(api_user_locked)
+
+
+def test_two_factor_returns_error_when_user_is_locked(
+    client,
+    api_user_locked,
+    mock_get_locked_user,
+    mock_check_verify_code,
+    mock_get_services_with_one_service
+):
+    with client.session_transaction() as session:
+        session['user_details'] = {
+            'id': api_user_locked.id,
+            'email': api_user_locked.email_address,
+        }
+    response = client.post(url_for('main.two_factor'),
+                           data={'sms_code': '12345'})
+    assert response.status_code == 200
+    assert 'Code not found' in response.get_data(as_text=True)
 
 
 def test_two_factor_should_redirect_to_sign_in_if_user_not_in_session(