Don’t repeat digits in security codes

People with dyslexia and dyscalculia find it difficult to transpose codes which have consecutive, repeated digits[1]. This commits enhances the algorithm for generating codes to not repeat the previous digit in a code. This reduces the key space for our codes from 100,000 possibilities to 65,610 possibilities. 1. https://twitter.com/annaecook/status/1442567679710150662
2026-02-01 07:35:34 -05:00 · 2021-09-30 10:24:17 +01:00
parent 75901a02a6
commit 19ad11e383
2 changed files with 21 additions and 1 deletions
--- a/tests/app/dao/test_users_dao.py
+++ b/tests/app/dao/test_users_dao.py
@@ -188,6 +188,18 @@ def test_create_secret_code_returns_5_digits():
    assert len(str(code)) == 5


+def test_create_secret_code_never_repeats_consecutive_digits(mocker):
+    mocker.patch('app.dao.users_dao.SystemRandom.randrange', side_effect=[
+        1, 1, 1,
+        2,
+        3,
+        4, 4,
+        1,  # Repeated allowed if not consecutive
+        9, 9,  # Not called because we have 5 digits now
+    ])
+    assert create_secret_code() == '12341'
+
+
@freeze_time('2018-07-07 12:00:00')
 def test_dao_archive_user(sample_user, sample_organisation, fake_uuid):
    sample_user.current_session_id = fake_uuid