From 338df098a8244ccd76b61efddf9c99083e9bc5de Mon Sep 17 00:00:00 2001
From: Ken Tsang <ken.tsang@digital.cabinet-office.gov.uk>
Date: Wed, 14 Jun 2017 15:31:38 +0100
Subject: [PATCH] Add check for ascii only in recipients file

---
 app/main/views/send.py            | 15 +++++++++++++--
 tests/app/main/views/test_send.py | 30 ++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/app/main/views/send.py b/app/main/views/send.py
index de6be4ff1..1ae378123 100644
--- a/app/main/views/send.py
+++ b/app/main/views/send.py
@@ -112,9 +112,17 @@ def send_messages(service_id, template_id):
     form = CsvUploadForm()
     if form.validate_on_submit():
         try:
+            file_data = Spreadsheet.from_file(form.file.data, filename=form.file.data.filename).as_dict
+            if template.template_type == 'letter':
+                def is_ascii(s):
+                    return all(ord(c) < 128 for c in s)
+
+                if is_ascii(str(file_data)) is False:
+                    raise ValueError("Invalid characters in {}".format(form.file.data.filename))
+
             upload_id = s3upload(
                 service_id,
-                Spreadsheet.from_file(form.file.data, filename=form.file.data.filename).as_dict,
+                file_data,
                 current_app.config['AWS_REGION']
             )
             session['upload_data'] = {
@@ -129,6 +137,10 @@ def send_messages(service_id, template_id):
             flash('Couldn’t read {}. Try using a different file format.'.format(
                 form.file.data.filename
             ))
+        except ValueError:
+            flash('Invalid characters in the address fields within {}.'.format(
+                form.file.data.filename
+            ))
 
     column_headings = first_column_headings[template.template_type] + list(template.placeholders)
 
@@ -333,7 +345,6 @@ def send_test_preview(service_id, template_id, filetype):
 
 
 def _check_messages(service_id, template_type, upload_id, letters_as_pdf=False):
-
     if not session.get('upload_data'):
         # if we just return a `redirect` (302) object here, we'll get errors when we try and unpack in the
         # check_messages route - so raise a werkzeug.routing redirect to ensure that doesn't happen.
diff --git a/tests/app/main/views/test_send.py b/tests/app/main/views/test_send.py
index 69ebddf74..d3408678b 100644
--- a/tests/app/main/views/test_send.py
+++ b/tests/app/main/views/test_send.py
@@ -1529,6 +1529,36 @@ def test_check_messages_shows_over_max_row_error(
     )
 
 
+def test_special_characters_in_dvla_recipients_file_shows_error(
+    logged_in_client,
+    mock_get_users_by_service,
+    mock_get_service,
+    mock_get_service_letter_template,
+    mock_get_detailed_service_for_today,
+    fake_uuid,
+    mocker
+):
+    mocker.patch('app.main.views.send.get_page_count_for_letter', return_value=1)
+
+    mock_recipients = mocker.patch('app.utils.Spreadsheet.from_file').return_value
+    mock_recipients.as_dict = {
+            'file_name': 'invalid_characters.csv', 'data':
+            'address line 1,address line 2,address line 3,address line 4,address line 5,address line 6,postcode\r\n'\
+            'B. √Name,345 Example Street,,,,,ZM4 6HQ©'
+        }
+
+    response = logged_in_client.post(
+        url_for('main.send_messages', service_id=SERVICE_ONE_ID, template_id=fake_uuid),
+        data={'file': (None, 'invalid_characters.csv')},
+    )
+
+    assert response.status_code == 200
+    page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
+    assert ' '.join(
+        page.find('div', class_='banner-dangerous').text.split()
+    ) == 'Invalid characters in the address fields within invalid_characters.csv.'
+
+
 def test_check_messages_redirects_if_no_upload_data(logged_in_client, service_one, mocker):
     checker = mocker.patch('app.main.views.send.get_check_messages_back_url', return_value='foo')
     response = logged_in_client.get(url_for(