def two_factor_email_sent():
if current_user.is_authenticated:
return redirect_when_logged_in(
user=current_user, platform_admin=current_user.platform_admin)
user_id = session['user_details']['id']
# Check if a FIDO2 key exists, if yes, return template
user = User.from_id(user_id)
if len(user.security_keys):
return render_template('views/two-factor-fido.html')
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, "email")
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
return log_in_user(user_id)
title = _('Email re-sent') if request.args.get('email_resent') else _(
'Check your email')
return render_template('views/two-factor-email.html',
title=title,
form=form)
def user_profile_mobile_number_confirm():
# Validate verify code for form
def _check_code(cde):
return user_api_client.check_verify_code(current_user.id, cde, 'sms')
if NEW_MOBILE_PASSWORD_CONFIRMED not in session:
return redirect(url_for('.user_profile_mobile_number'))
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
user = user_api_client.get_user(current_user.id)
# the user will have a new current_session_id set by the API - store it in the cookie for future requests
session['current_session_id'] = user.current_session_id
mobile_number = session[NEW_MOBILE]
del session[NEW_MOBILE]
del session[NEW_MOBILE_PASSWORD_CONFIRMED]
user_api_client.update_user_attribute(current_user.id, mobile_number=mobile_number)
return redirect(url_for('.user_profile'))
return render_template(
'views/user-profile/confirm.html',
form_field=form.sms_code,
thing='mobile number'
)
def test_check_verify_code_returns_error_when_code_was_not_found(
app_,
mock_check_verify_code_code_not_found,
):
with app_.test_request_context(method='POST', data={'sms_code': '99999'}):
form = TwoFactorForm(_check_code)
assert form.validate() is False
assert form.errors == {'sms_code': ['Code not found']}
def test_form_is_valid_returns_no_errors(
app_,
mock_check_verify_code,
post_data,
):
with app_.test_request_context(method="POST", data=post_data):
form = TwoFactorForm(_check_code)
assert form.validate() is True
assert form.errors == {}
def test_check_verify_code_returns_errors(
app_,
post_data,
expected_error,
mock_check_verify_code,
):
with app_.test_request_context(method='POST', data=post_data):
form = TwoFactorForm(_check_code)
assert form.validate() is False
assert form.errors == {'sms_code': [expected_error]}
def test_form_is_valid_returns_no_errors(
app_,
mock_check_verify_code,
post_data,
):
with app_.test_request_context(method='POST', data=post_data):
form = TwoFactorForm(_check_code)
assert form.validate() is True
assert form.errors == {}
mock_check_verify_code.assert_called_once_with('1', '12345', 'sms')
def test_form_is_valid_returns_no_errors(app_, mock_check_verify_code):
with app_.test_request_context(method='POST', data={'sms_code':
'12345'}) as req:
def _check_code(code):
return user_api_client.check_verify_code('1', code, "sms")
form = TwoFactorForm(_check_code)
assert form.validate() is True
assert len(form.errors) == 0
def test_returns_errors_when_code_is_missing(app_, mock_check_verify_code):
with app_.test_request_context(method='POST', data={}) as req:
def _check_code(code):
return user_api_client.check_verify_code('1', code, "sms")
form = TwoFactorForm(_check_code)
assert form.validate() is False
assert len(form.errors) == 1
assert set(form.errors) == set(
{'sms_code': ['Code must not be empty']})
def two_factor():
user_id = session['user_details']['id']
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, "sms")
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
return log_in_user(user_id)
return render_template('views/two-factor.html', form=form)
def test_returns_errors_when_code_is_too_short(app_, mock_check_verify_code):
with app_.test_request_context(method='POST', data={'sms_code':
'145'}) as req:
def _check_code(code):
return user_api_client.check_verify_code('1', code, "sms")
form = TwoFactorForm(_check_code)
assert form.validate() is False
assert len(form.errors) == 1
assert set(form.errors) == set(
{'sms_code': ['Code must be 5 digits', 'Code does not match']})
def test_returns_errors_when_code_is_too_short(
app_,
mocker,
mock,
post_data,
expected_error,
):
mock(mocker)
with app_.test_request_context(method="POST", data=post_data):
form = TwoFactorForm(_check_code)
assert form.validate() is False
assert form.errors == {"two_factor_code": [expected_error]}
def test_should_return_errors_when_code_is_expired(
app_, mock_check_verify_code_code_expired):
with app_.test_request_context(method='POST', data={'sms_code':
'23456'}) as req:
def _check_code(code):
return user_api_client.check_verify_code('1', code, "sms")
form = TwoFactorForm(_check_code)
assert form.validate() is False
errors = form.errors
assert len(errors) == 1
assert errors == {'sms_code': ['Code has expired']}
def test_returns_errors_when_code_contains_letters(
app_,
mock_check_verify_code,
):
with app_.test_request_context(method='POST', data={'sms_code': 'asdfg'}):
def _check_code(code):
return user_api_client.check_verify_code('1', code, "sms")
form = TwoFactorForm(_check_code)
assert form.validate() is False
assert len(form.errors) == 1
assert set(form.errors) == set(
{'sms_code': ['Code not found', 'Code does not match']})
def verify():
user_id = session['user_details']['id']
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, 'sms')
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
try:
return activate_user(user_id)
finally:
session.pop('user_details', None)
return render_template('views/two-factor.html', form=form)
def verify():
user_id = session["user_details"]["id"]
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, "sms")
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
try:
return activate_user(user_id)
finally:
session.pop("user_details", None)
return render_template("views/two-factor-sms.html", form=form)
def two_factor():
user_id = session['user_details']['id']
user = User.from_id(user_id)
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, "sms")
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
if is_less_than_90_days_ago(user.email_access_validated_at):
return log_in_user(user_id)
else:
user_api_client.send_verify_code(user.id, 'email', None, request.args.get('next'))
return redirect(url_for('.revalidate_email_sent'))
return render_template('views/two-factor.html', form=form)
def verify():
user_id = session['user_details']['id']
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, 'sms')
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
try:
user = user_api_client.get_user(user_id)
activated_user = user_api_client.activate_user(user)
login_user(activated_user)
return redirect(url_for('main.add_service', first='first'))
finally:
session.pop('user_details', None)
return render_template('views/two-factor.html', form=form)
def two_factor_sms_sent():
if current_user.is_authenticated:
return redirect_when_logged_in(user=current_user, platform_admin=current_user.platform_admin)
user_id = session["user_details"]["id"]
# Check if a FIDO2 key exists, if yes, return template
user = User.from_id(user_id)
if len(user.security_keys):
return render_template("views/two-factor-fido.html")
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, "sms")
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
return log_in_user(user_id)
return render_template("views/two-factor-sms.html", form=form)
def user_profile_mobile_number_confirm():
# Validate verify code for form
def _check_code(cde):
return user_api_client.check_verify_code(current_user.id, cde, 'sms')
if NEW_MOBILE_PASSWORD_CONFIRMED not in session:
return redirect(url_for('.user_profile_mobile_number'))
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
current_user.refresh_session_id()
mobile_number = session[NEW_MOBILE]
del session[NEW_MOBILE]
del session[NEW_MOBILE_PASSWORD_CONFIRMED]
current_user.update(mobile_number=mobile_number)
return redirect(url_for('.user_profile'))
return render_template('views/user-profile/confirm.html',
form_field=form.sms_code,
thing='mobile number')
def two_factor():
user_id = session['user_details']['id']
def _check_code(code):
return user_api_client.check_verify_code(user_id, code, "sms")
form = TwoFactorForm(_check_code)
if form.validate_on_submit():
try:
user = user_api_client.get_user(user_id)
services = service_api_client.get_services({
'user_id': str(user_id)
}).get('data', [])
# Check if coming from new password page
if 'password' in session['user_details']:
user.set_password(session['user_details']['password'])
user.reset_failed_login_count()
user_api_client.update_user(user)
activated_user = user_api_client.activate_user(user)
login_user(activated_user, remember=True)
finally:
del session['user_details']
next_url = request.args.get('next')
if next_url and _is_safe_redirect_url(next_url):
return redirect(next_url)
if current_user.platform_admin:
return redirect(url_for('main.show_all_services'))
if len(services) == 1:
return redirect(
url_for('main.service_dashboard',
service_id=services[0]['id']))
else:
return redirect(url_for('main.choose_service'))
return render_template('views/two-factor.html', form=form)
