Allow non-gov email addresses to be changed to gov email addresses

When a user's email address is updated, we not allowing it to be changed to a non-government email address. We now allow a non-gov email address to be changed to another non-gov email address. Government email addresses still cannot be changed to non-government email addresses. Also fixes the link in the error message on the ChangeEmailAddress form - this was being escaped before.
2026-05-16 23:09:14 -04:00 · 2019-04-18 16:03:13 +01:00
parent 33aa16661e
commit d689b031a2
4 changed files with 84 additions and 3 deletions
--- a/app/main/forms.py
+++ b/app/main/forms.py
@@ -716,6 +716,10 @@ class ChangeEmailForm(StripWhitespaceForm):
            raise ValidationError("The email address is already in use")


+class ChangeNonGovEmailForm(ChangeEmailForm):
+    email_address = email_address(gov_user=False)
+
+
 class ChangeMobileNumberForm(StripWhitespaceForm):
    mobile_number = international_phone_number()

--- a/app/main/views/manage_users.py
+++ b/app/main/views/manage_users.py
@@ -24,12 +24,13 @@ from app.main import main
 from app.main.forms import (
    ChangeEmailForm,
    ChangeMobileNumberForm,
+    ChangeNonGovEmailForm,
    InviteUserForm,
    PermissionsForm,
    SearchUsersForm,
 )
 from app.models.user import permissions
-from app.utils import redact_mobile_number, user_has_permissions
+from app.utils import is_gov_user, redact_mobile_number, user_has_permissions


@main.route("/services/<service_id>/users")
@@ -164,7 +165,10 @@ def edit_user_email(service_id, user_id):
    def _is_email_already_in_use(email):
        return user_api_client.is_email_already_in_use(email)

-    form = ChangeEmailForm(_is_email_already_in_use, email_address=user_email)
+    if is_gov_user(user_email):
+        form = ChangeEmailForm(_is_email_already_in_use, email_address=user_email)
+    else:
+        form = ChangeNonGovEmailForm(_is_email_already_in_use, email_address=user_email)

    if request.form.get('email_address', '').strip() == user_email:
        return redirect(url_for('.manage_users', service_id=current_service.id))
--- a/app/templates/views/manage-users/edit-user-email.html
+++ b/app/templates/views/manage-users/edit-user-email.html
@@ -14,7 +14,7 @@
  <div class="grid-row">
    <div class="column-three-quarters">
      {% call form_wrapper() %}
-        {{ textbox(form.email_address) }}
+        {{ textbox(form.email_address, safe_error_message=True) }}
        {{ page_footer(
          'Save',
          back_link=url_for('.edit_user_permissions', service_id=service_id, user_id=user.id),
--- a/tests/app/main/views/test_manage_users.py
+++ b/tests/app/main/views/test_manage_users.py
@@ -1057,6 +1057,79 @@ def test_edit_user_email_without_changing_goes_back_to_team_members(
    assert mock_update_user_attribute.called is False


+@pytest.mark.parametrize('original_email_address', ['test@gov.uk', 'test@example.com'])
+def test_edit_user_email_can_change_any_email_address_to_a_gov_email_address(
+    client_request,
+    active_user_with_permissions,
+    mock_get_user,
+    mock_get_users_by_service,
+    mock_update_user_attribute,
+    original_email_address
+):
+    active_user_with_permissions.email_address = original_email_address
+
+    client_request.post(
+        'main.edit_user_email',
+        service_id=SERVICE_ONE_ID,
+        user_id=active_user_with_permissions.id,
+        _data={
+            'email_address': 'new-email-address@gov.uk'
+        },
+        _expected_status=302,
+        _expected_redirect=url_for(
+            'main.confirm_edit_user_email',
+            service_id=SERVICE_ONE_ID,
+            user_id=active_user_with_permissions.id,
+            _external=True
+        ),
+    )
+
+
+def test_edit_user_email_can_change_a_non_gov_email_address_to_another_non_gov_email_address(
+    client_request,
+    active_user_with_permissions,
+    mock_get_user,
+    mock_get_users_by_service,
+    mock_update_user_attribute,
+):
+    active_user_with_permissions.email_address = 'old@example.com'
+
+    client_request.post(
+        'main.edit_user_email',
+        service_id=SERVICE_ONE_ID,
+        user_id=active_user_with_permissions.id,
+        _data={
+            'email_address': 'new@example.com'
+        },
+        _expected_status=302,
+        _expected_redirect=url_for(
+            'main.confirm_edit_user_email',
+            service_id=SERVICE_ONE_ID,
+            user_id=active_user_with_permissions.id,
+            _external=True
+        ),
+    )
+
+
+def test_edit_user_email_cannot_change_a_gov_email_address_to_a_non_gov_email_address(
+    client_request,
+    active_user_with_permissions,
+    mock_get_user,
+    mock_get_users_by_service,
+    mock_update_user_attribute,
+):
+    page = client_request.post(
+        'main.edit_user_email',
+        service_id=SERVICE_ONE_ID,
+        user_id=active_user_with_permissions.id,
+        _data={
+            'email_address': 'new_email@example.com'
+        },
+        _expected_status=200,
+    )
+    assert 'Enter a government email address.' in page.find('span', class_='error-message').text
+
+
 def test_confirm_edit_user_email_page(
    client_request,
    active_user_with_permissions,