Validate CAP against the spec

This gives us some extra confidence that there aren’t any problems with the data we’re getting from the other service. It doesn’t address any specific problems we’ve seen, rather it seems like a sensible precaution to take.
2025-12-23 17:01:35 -05:00 · 2021-01-18 10:01:47 +00:00
parent 38f07db23e
commit 26871eeacc
6 changed files with 274 additions and 5 deletions
--- a/tests/app/v2/broadcast/test_post_broadcast.py
+++ b/tests/app/v2/broadcast/test_post_broadcast.py
@@ -122,3 +122,25 @@ def test_valid_post_cap_xml_broadcast_returns_201(
    assert response_json['template_name'] is None
    assert response_json['template_version'] is None
    assert response_json['updated_at'] is None
+
+
+def test_invalid_post_cap_xml_broadcast_returns_400(
+    client,
+    sample_broadcast_service,
+):
+    auth_header = create_authorization_header(service_id=sample_broadcast_service.id)
+
+    response = client.post(
+        path='/v2/broadcast',
+        data="<alert>Oh no</alert>",
+        headers=[('Content-Type', 'application/cap+xml'), auth_header],
+    )
+
+    assert response.status_code == 400
+    assert json.loads(response.get_data(as_text=True)) == {
+        'errors': [{
+            'error': 'BadRequestError',
+            'message': 'Request data is not valid CAP XML'
+        }],
+        'status_code': 400,
+    }