From cf3a933b1ea4d650e3b2f975e67619d4b249cf5a Mon Sep 17 00:00:00 2001
From: Rebecca Law <rebecca.law@digital.cabinet-office.gov.uk>
Date: Wed, 15 Feb 2017 14:56:22 +0000
Subject: [PATCH] Updated error message is the code is not the right size or
 data type. Updated two_factor to error is the user account is locked (locked
 = over 10 failed_login_count)

---
 app/main/forms.py                       |  9 +--------
 app/main/views/dashboard.py             |  6 +-----
 app/main/views/two_factor.py            |  3 +++
 tests/app/main/test_two_factor_form.py  |  6 ++----
 tests/app/main/views/test_two_factor.py | 20 +++++++++++++++++++-
 5 files changed, 26 insertions(+), 18 deletions(-)

diff --git a/app/main/forms.py b/app/main/forms.py
index 614dc1e5c..5b736a57b 100644
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -118,14 +118,7 @@ def sms_code():
     return StringField('Text message code',
                        validators=[DataRequired(message='Can’t be empty'),
                                    Regexp(regex=verify_code,
-                                          message='Must be 5 digits')])
-
-
-def email_code():
-    verify_code = '^\d{5}$'
-    return StringField("Email code",
-                       validators=[DataRequired(message='Can’t be empty'),
-                                   Regexp(regex=verify_code, message='Must be 5 digits')])
+                                          message='Code not found')])
 
 
 class LoginForm(Form):
diff --git a/app/main/views/dashboard.py b/app/main/views/dashboard.py
index 8de2ee003..bca543a31 100644
--- a/app/main/views/dashboard.py
+++ b/app/main/views/dashboard.py
@@ -1,12 +1,10 @@
-from datetime import datetime, timedelta
+from datetime import datetime
 
-import dateutil
 from flask import (
     render_template,
     url_for,
     session,
     jsonify,
-    current_app,
     request,
     abort
 )
@@ -23,8 +21,6 @@ from app.utils import (
     user_has_permissions,
     get_current_financial_year,
     FAILURE_STATUSES,
-    SENDING_STATUSES,
-    DELIVERED_STATUSES,
     REQUESTED_STATUSES,
 )
 
diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py
index 770d2cf4b..1d8ccab2f 100644
--- a/app/main/views/two_factor.py
+++ b/app/main/views/two_factor.py
@@ -32,6 +32,9 @@ def two_factor():
                 user.set_password(session['user_details']['password'])
                 user.reset_failed_login_count()
                 user_api_client.update_user(user)
+            if user.is_locked():
+                form.sms_code.errors.append('Code not found')
+                return render_template('views/two-factor.html', form=form)
             activated_user = user_api_client.activate_user(user)
             login_user(activated_user, remember=True)
         finally:
diff --git a/tests/app/main/test_two_factor_form.py b/tests/app/main/test_two_factor_form.py
index f74457f4b..7a3a18d0b 100644
--- a/tests/app/main/test_two_factor_form.py
+++ b/tests/app/main/test_two_factor_form.py
@@ -1,5 +1,3 @@
-from datetime import datetime, timedelta
-
 from app.main.forms import TwoFactorForm
 from app import user_api_client
 
@@ -28,7 +26,7 @@ def test_returns_errors_when_code_is_too_short(
         form = TwoFactorForm(_check_code)
         assert form.validate() is False
         assert len(form.errors) == 1
-        assert set(form.errors) == set({'sms_code': ['Code must be 5 digits', 'Code does not match']})
+        assert set(form.errors) == set({'sms_code': ['Code not found', 'Code does not match']})
 
 
 def test_returns_errors_when_code_is_missing(
@@ -56,7 +54,7 @@ def test_returns_errors_when_code_contains_letters(
         form = TwoFactorForm(_check_code)
         assert form.validate() is False
         assert len(form.errors) == 1
-        assert set(form.errors) == set({'sms_code': ['Code must be 5 digits', 'Code does not match']})
+        assert set(form.errors) == set({'sms_code': ['Code not found', 'Code does not match']})
 
 
 def test_should_return_errors_when_code_is_expired(
diff --git a/tests/app/main/views/test_two_factor.py b/tests/app/main/views/test_two_factor.py
index e63da19a8..4eeb3a1c4 100644
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -209,7 +209,25 @@ def test_two_factor_reset_login_count_called(
     )
     api_user_locked.reset_failed_login_count()
     api_user_locked.password = new_password
-    mock_update_user.assert_called_with(api_user_locked)
+    mock_update_user.assert_called_once_with(api_user_locked)
+
+
+def test_two_factor_returns_error_when_user_is_locked(
+    client,
+    api_user_locked,
+    mock_get_locked_user,
+    mock_check_verify_code,
+    mock_get_services_with_one_service
+):
+    with client.session_transaction() as session:
+        session['user_details'] = {
+            'id': api_user_locked.id,
+            'email': api_user_locked.email_address,
+        }
+    response = client.post(url_for('main.two_factor'),
+                           data={'sms_code': '12345'})
+    assert response.status_code == 200
+    assert 'Code not found' in response.get_data(as_text=True)
 
 
 def test_two_factor_should_redirect_to_sign_in_if_user_not_in_session(