make inbound search a POST

that way it doesn't expose PII to our logs
2026-04-28 05:01:06 -04:00 · 2019-03-29 15:16:29 +00:00
parent c5208d712e
commit 53cdbad2cc
3 changed files with 6 additions and 11 deletions
--- a/app/main/views/dashboard.py
+++ b/app/main/views/dashboard.py
@@ -20,7 +20,6 @@ from app import (
    current_service,
    format_date_numeric,
    format_datetime_numeric,
-    inbound_number_client,
    job_api_client,
    service_api_client,
    template_statistics_client,
@@ -244,9 +243,8 @@ def get_inbox_partials(service_id):

    inbound_messages_data = service_api_client.get_most_recent_inbound_sms(service_id, page=page)
    inbound_messages = inbound_messages_data['data']
-
    if not inbound_messages:
-        inbound_number = inbound_number_client.get_inbound_sms_number_for_service(service_id)['data']['number']
+        inbound_number = current_service.inbound_number
    else:
        inbound_number = None

@@ -263,7 +261,6 @@ def get_inbox_partials(service_id):
        inbound_number=inbound_number,
        prev_page=prev_page,
        next_page=next_page
-
    )}


--- a/app/notify_client/notification_api_client.py
+++ b/app/notify_client/notification_api_client.py
@@ -19,7 +19,7 @@ class NotificationApiClient(NotifyAdminAPIClient):
        to=None,
        include_one_off=None,
    ):
-
+        # TODO: if "to" is included, this should be a POST
        params = {
            'page': page,
            'page_size': page_size,
--- a/app/notify_client/service_api_client.py
+++ b/app/notify_client/service_api_client.py
@@ -291,15 +291,13 @@ class ServiceAPIClient(NotifyAdminAPIClient):
    def update_whitelist(self, service_id, data):
        return self.put(url='/service/{}/whitelist'.format(service_id), data=data)

-    def get_inbound_sms(self, service_id, user_number='', page=None):
-        return self.get(
+    def get_inbound_sms(self, service_id, user_number=''):
+        # POST prevents the user phone number leaking into our logs
+        return self.post(
            '/service/{}/inbound-sms'.format(
                service_id,
            ),
-            params={
-                'user_number': user_number,
-                'page': page
-            }
+            data={'user_number': user_number}
        )

    def get_most_recent_inbound_sms(self, service_id, page=None):