The user has 10 tries at the password, after which the account is locked.
The same is true for the verify code, the user will have 10 tries before the user account is locked.
We have a bunch of different styles of handling when function
definitions span multiple lines, which they almost always do with tests.
Here’s why an argument per line, single indent is best:
- cleaner diffs when you change the name of a method (one line change
instead of multiple lines)
- works better on narrow screens, eg Github’s diff view, or with two
terminals side by side on a laptop screen
- works with any editor’s indenting shortcuts, no need for an IDE
Also, trailing comma in the list of arguments is good because adding a
new argument to a method becomes a one line, not two line diff.
We used to do this by redirecting on the choose service page. However when we
lost the dropdown and this page also became the page for adding a new service
(in 3617f2e936) the redirect was removed.
This commit re-adds the redirect on the two factor page, so that it only happens
on first login.
So the flows are:
**Multiple services**
```
`Sign in` → `Enter two factor code` → `Choose service` → `Service dashboard`
```
**One service**
```
`Sign in` → `Enter two factor code` → `Service dashboard`
```
**No services (you’ve deleted all your services)**
`Sign in` → `Enter two factor code` → `Choose service` → `Add new service`
> it is about consistency and updates, if that endpoint changes in the future
> we don't have to update hundreds of tests for a specific string. The actual
> url should be ambiguous we are testing a view endpoint.
Because a user can have multiple services, they need a way to navigate between
them. Normally they can use the ▶ Switcher to do this, except when:
- they first sign in
- they are on a page which isn’t associated with a service (eg user profile) in
which case we can’t use the switcher because it won’t know what the ‘current’
service is
So this commit adds a new page with a (fake) list of services.
Fixed the is_active() method on the Users model, if the user was pending they would come back as active, allowing a user to sign in before being active.
There is still a problem with the validate_sms_code and validate_email_code method.
The codes are hashed and saved to the db.
The code is marked as used once a valid code is submitted.
The code is valid for 1 hour.
The codes are no longer saved to the session.
