diff --git a/.travis.yml b/.travis.yml index 3df136908..24b59df39 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,8 +6,6 @@ addons: postgresql: '9.3' env: secure: jT9BIioqBMkOdLZhU+WJNdnRJ+06G7qUx4QqEVldp96dJwmWpPEvA0XbitdnQt/WXYkpMlDbgSApvvGj2ZNvdpowRRe5HFX8D2Udhi2g9+cXgKrQxH6zv0evJyQLOjCINW6KtgMCJ5wkYR3qQ4BQawlDt6ecpmeboKTmvs2W8jZ09aV4IKKvdd7BwFon10QVPF5ny10G83unLtKnKgRMjSSLnaEiA78pE/LSUkekK4mhmtl+yfQf60cIuQGcN9NCYIt5PrdYYyMkbUaht9ykwL2C11sp5JYPClI9k6lrlpGJCdL9wbJwejGhR/pEqwJ4tKK8Zv+mngmkbzE6fd5ehuRMnIUAifG4t3p6WbhKwY5pJsdVyPgWcRSPXOJA7yEcAeTAvWcC++6mCIFBeMxt/yQNw02jkFHeNKRh2twTRvr4xWZHq9FsVxTEVz89OOuue3IkkyDNmVusGJ9+AVRIn9Oa+U/r3bDnrs7jz+meSwb82GZUBzFpUe2pe8qeBE572Ay7yHB73VHUgp/2A1qkZ4SnTjTpMbnS5RdXTgwtMkOs5MLZgteCVxFL3sHcr9e/B3UIUnzKUSPXXOjHyDxBwrABWo81V9Vp2IPV7P9Ofv8zroudjQxK5MOcbmiPQF+eEB9L4DvkUBNsGxtJ/nmPp6tmN0Xjo0xXVdZCEVj29Og= -before_install: -- rvm install 2.0.0 install: - bundle install - pip install -r requirements_for_test.txt @@ -30,27 +28,3 @@ deploy: repo: alphagov/notifications-admin run: - python app.py db upgrade -- provider: s3 - access_key_id: AKIAI37IS2VAC5PJHHDA - secret_access_key: &1 - secure: FZ0OcAyYPY8kyMB+JwdV1XBz9gT0uThGmdti4oR72cdnpoIMbPfwTmkIiRu2tlW8OplS+RnuivFDxBXOdaQUkcOSTZZAywdROVdNSf98XfiWmWopH+FZtp3cCu+tWgePseVUBBEIfQ0gPdZaflh/c4Yw2888MaUKOOMuqYb9CuEvDtzbFJ3fs6lstK2dveE9pHgVFkQgppLohDGaWFEEXG+fngYqPukK4pvoA8LD7TWW9kTbK8HEG56kvVLxrU7HWisCxHjwB761Zenbq3AiWcVtNaD8DfMzEM/1jKliWjjyAdyAH3EkSti0HJnM4b5L9ewIukt/yr3xtH4Hz0xHgQ+nzk0g81+OB1lQSRl63aNk6sExknsUbKPDCoUOYbmp6FXEohN42EJTywMUfsaDgvdcH71MCcIV+z/YIUoI1RfMEGK4jYDYH6j1477BvhxuywD7CSvHRsjLyT4xmFGxlbg7E02TrMUe7Fon2uPa3Olf/vmbkyhur4tTYEwYwQhIk/txVXazh3QFQx3jrtPaisvuf6cjyCCH92LoKYj/JQ9EZaBZjjbfNF4N8b+WNDPGkLPWWtFTkkDkXgFs72pX8NSJiCbq2kdLo0zV0J8cQlgiRuMGHQQE6t5MnoT/UaUPhSMajcIgh6RZDT9wcU4svs8wfVdOnMeN2ClnARa26Kw= - local_dir: dpl_cd_upload - skip_cleanup: true - on: &2 - repo: alphagov/notifications-admin - bucket: notifications-admin-codedeploy - region: eu-west-1 -- provider: codedeploy - access_key_id: AKIAI37IS2VAC5PJHHDA - secret_access_key: *1 - bucket: notifications-admin-codedeploy - key: notifications-admin.zip - bundle_type: zip - application: notifications-admin - deployment_group: notifications_admin_deployment_group - region: eu-west-1 - on: *2 -before_deploy: -- zip -r notifications-admin * -- mkdir -p dpl_cd_upload -- mv notifications-admin.zip dpl_cd_upload/notifications-admin.zip \ No newline at end of file diff --git a/Gemfile b/Gemfile index 73901a698..e46ea120f 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,2 @@ source 'https://rubygems.org' -ruby '2.0.0' gem 'sass' diff --git a/Gemfile.lock b/Gemfile.lock index 3c5e06876..bb229915d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,4 +10,4 @@ DEPENDENCIES sass BUNDLED WITH - 1.10.6 \ No newline at end of file + 1.10.6 diff --git a/app/main/forms.py b/app/main/forms.py index b1c4158ad..d058995f0 100644 --- a/app/main/forms.py +++ b/app/main/forms.py @@ -112,18 +112,14 @@ class AddServiceForm(Form): def validate_codes(field, code_type): codes = verify_codes_dao.get_codes(user_id=session['user_id'], code_type=code_type) - is_valid = len([code for code in codes if validate_code(field, code)]) == 1 - if is_valid: - field.errors.clear() - return is_valid + print('validate_codes for user_id: {} are {}'.format(session['user_id'], codes)) + if not [code for code in codes if validate_code(field, code)]: + raise ValidationError('Code does not match') def validate_code(field, code): if field.data and check_hash(field.data, code.code): if code.expiry_datetime <= datetime.now(): - field.errors.append('Code has expired') - return False - return True - else: - field.errors.append('Code does not match') - return False + raise ValidationError('Code has expired') + else: + return code.code diff --git a/app/main/views/two_factor.py b/app/main/views/two_factor.py index 3d7f9a480..3edcdfc0a 100644 --- a/app/main/views/two_factor.py +++ b/app/main/views/two_factor.py @@ -1,5 +1,7 @@ + from flask import ( render_template, redirect, jsonify, session, url_for) + from flask_login import login_user from app.main import main diff --git a/app/main/views/verify.py b/app/main/views/verify.py index f738d5b0a..c982d6e79 100644 --- a/app/main/views/verify.py +++ b/app/main/views/verify.py @@ -1,5 +1,6 @@ from flask import ( render_template, redirect, jsonify, session, url_for) + from flask_login import login_user from app.main import main @@ -10,16 +11,13 @@ from app.main.forms import VerifyForm @main.route('/verify', methods=['GET', 'POST']) def verify(): # TODO there needs to be a way to regenerate a session id - try: - user = users_dao.get_user_by_id(session['user_id']) - form = VerifyForm() - if form.validate_on_submit(): - verify_codes_dao.use_code_for_user_and_type(user_id=user.id, code_type='email') - verify_codes_dao.use_code_for_user_and_type(user_id=user.id, code_type='sms') - users_dao.activate_user(user.id) - login_user(user) - return redirect(url_for('.add_service')) - return render_template('views/verify.html', form=form) - except: - import traceback - traceback.print_exc() + # or handle gracefully. + user = users_dao.get_user_by_id(session['user_id']) + form = VerifyForm() + if form.validate_on_submit(): + verify_codes_dao.use_code_for_user_and_type(user_id=user.id, code_type='email') + verify_codes_dao.use_code_for_user_and_type(user_id=user.id, code_type='sms') + users_dao.activate_user(user.id) + login_user(user) + return redirect(url_for('.add_service')) + return render_template('views/verify.html', form=form) diff --git a/config.py b/config.py index 268746726..8a9e5745a 100644 --- a/config.py +++ b/config.py @@ -38,7 +38,7 @@ class Test(Config): class Live(Config): - DEBUG = False + DEBUG = True HTTP_PROTOCOL = 'https' configs = {