Two factors authentication

Closes #80 (closed) uses nexmo service for sms tokens

run ./manage.py two_factor_disable ${USERNAME} to disable two steps authentication for a specific user

smash/web/tests/test_view_login.py

 # coding=utf-8
+from django.conf import settings
 from django.contrib import auth as django_auth
 from django.test import Client
 from django.test import TestCase
@@ -14,29 +15,31 @@ class TestLoginView(TestCase):
         user = create_user()
         password = 'top_secret'
         username = user.username
-        login_url = reverse('web.views.login')
+        login_url = reverse(settings.LOGIN_URL)
         self.assertFalse(django_auth.get_user(self.client).is_authenticated())
-        response = self.client.post(login_url, data={'username': username, 'password': password}, follow=True)
+        form_data = {'auth-username': username, 'auth-password': password, 'login_view-current_step': 'auth'}
+        response = self.client.post(login_url, data=form_data, follow=True)
         self.assertEqual(200, response.status_code)
         self.assertTrue(django_auth.get_user(self.client).is_authenticated())
         worker = Worker.get_by_user(user)
         self.assertIsNotNone(worker)
         worker.last_name = 'Grouès'
         worker.save()
-        response = self.client.post(login_url, data={'username': username, 'password': password}, follow=True)
+        response = self.client.post(login_url, data=form_data, follow=True)
         self.assertEqual(200, response.status_code)
 
     def test_login_failed(self):
         self.client = Client()
         user = create_user()
         username = user.username
-        login_url = reverse('web.views.login')
-        response = self.client.post(login_url, data={'username': username, 'password': 'wrong_password'}, follow=False)
-        self.assertEqual(302, response.status_code)
-        self.assertEqual('/login?error=login_failed', response.url)
+        login_url = reverse(settings.LOGIN_URL)
+        response = self.client.post(login_url, data={'auth-username': username, 'auth-password': 'wrong-password',
+                                                     'login_view-current_step': 'auth'}, follow=False)
+        self.assertContains(response, 'Please enter a correct')
+        self.assertContains(response, 'and password.')
         self.assertFalse(django_auth.get_user(self.client).is_authenticated())
 
     def test_logout(self):
         self.test_login()
-        self.client.get(reverse('web.views.logout'))
+        self.client.get(reverse('logout'))
         self.assertFalse(django_auth.get_user(self.client).is_authenticated())