From 60c55ca9e254ff11089decd5ee3f94730b412632 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 26 Apr 2016 12:03:35 +0100 Subject: [PATCH 1/3] Fix anchor tag in flash message. https://www.pivotaltracker.com/story/show/117513779 --- app/main/views/invites.py | 4 ++-- tests/app/main/views/test_accept_invite.py | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/main/views/invites.py b/app/main/views/invites.py index 3d9544b8e..3f5004523 100644 --- a/app/main/views/invites.py +++ b/app/main/views/invites.py @@ -27,10 +27,10 @@ def accept_invite(token): flash(""" You’re signed in as {}. This invite is for another email address. - Sign out and click the link again to accept this invite. + {} and click the link again to accept this invite. """.format( current_user.email_address, - url_for("main.sign_out") + url_for("main.sign_out", _external=True) )) abort(403) diff --git a/tests/app/main/views/test_accept_invite.py b/tests/app/main/views/test_accept_invite.py index d81fd6d28..6784bee50 100644 --- a/tests/app/main/views/test_accept_invite.py +++ b/tests/app/main/views/test_accept_invite.py @@ -287,7 +287,8 @@ def test_signed_in_existing_user_cannot_use_anothers_invite(app_, banner_contents = flash_banners[0].text.strip() assert "You’re signed in as test@user.gov.uk." in banner_contents assert "This invite is for another email address." in banner_contents - assert "Sign out and click the link again to accept this invite." in banner_contents + assert "{} and click the link again to accept this invite.".format( + url_for("main.sign_out", _external=True)) in banner_contents assert mock_accept_invite.call_count == 0 From 8141ea87d048a68426a917436e7e582eab9d4893 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 26 Apr 2016 12:12:47 +0100 Subject: [PATCH 2/3] Wrap message in Markup --- app/main/views/invites.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/app/main/views/invites.py b/app/main/views/invites.py index 3f5004523..fd93a0cdf 100644 --- a/app/main/views/invites.py +++ b/app/main/views/invites.py @@ -6,6 +6,7 @@ from flask import ( render_template, abort ) +from markupsafe import Markup from app.main import main @@ -24,14 +25,16 @@ def accept_invite(token): invited_user = invite_api_client.check_token(token) if not current_user.is_anonymous() and current_user.email_address != invited_user.email_address: - flash(""" + message = Markup(""" You’re signed in as {}. This invite is for another email address. {} and click the link again to accept this invite. - """.format( + """.format( current_user.email_address, - url_for("main.sign_out", _external=True) - )) + url_for("main.sign_out", _external=True))) + + flash(message=message) + abort(403) if invited_user.status == 'cancelled': From a183d8d366b0ce9e4624f6f6af253ac0b1440760 Mon Sep 17 00:00:00 2001 From: Rebecca Law Date: Tue, 26 Apr 2016 12:15:25 +0100 Subject: [PATCH 3/3] Missed the anchor tag in the mark up - oops. --- app/main/views/invites.py | 2 +- tests/app/main/views/test_accept_invite.py | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/app/main/views/invites.py b/app/main/views/invites.py index fd93a0cdf..2da6db406 100644 --- a/app/main/views/invites.py +++ b/app/main/views/invites.py @@ -28,7 +28,7 @@ def accept_invite(token): message = Markup(""" You’re signed in as {}. This invite is for another email address. - {} and click the link again to accept this invite. + Sign out and click the link again to accept this invite. """.format( current_user.email_address, url_for("main.sign_out", _external=True))) diff --git a/tests/app/main/views/test_accept_invite.py b/tests/app/main/views/test_accept_invite.py index 6784bee50..936c8d3c4 100644 --- a/tests/app/main/views/test_accept_invite.py +++ b/tests/app/main/views/test_accept_invite.py @@ -287,8 +287,7 @@ def test_signed_in_existing_user_cannot_use_anothers_invite(app_, banner_contents = flash_banners[0].text.strip() assert "You’re signed in as test@user.gov.uk." in banner_contents assert "This invite is for another email address." in banner_contents - assert "{} and click the link again to accept this invite.".format( - url_for("main.sign_out", _external=True)) in banner_contents + assert "Sign out and click the link again to accept this invite." in banner_contents assert mock_accept_invite.call_count == 0