add template personalisation redaction

If passing in `redact_personalisation` to the template update endpoint,
we should mark that template permanently as redacted - this means that
we won't ever return the personalisation for any notifications for it.

This is to be used with templates containing one time passwords, 2FA
codes or other sensitive information that you may not want service
workers to be able to see.

This is implemented via a separate table, `template_redacted`, which
just contains when the template was redacted.

app/template/rest.py

@@ -8,6 +8,7 @@ from flask import (
 from app.dao.templates_dao import (
     dao_update_template,
     dao_create_template,
+    dao_redact_template,
     dao_get_template_by_id_and_service_id,
     dao_get_all_templates_for_service,
     dao_get_template_versions
@@ -55,9 +56,17 @@ def create_template(service_id):
 def update_template(service_id, template_id):
     fetched_template = dao_get_template_by_id_and_service_id(template_id=template_id, service_id=service_id)
 
+    data = request.get_json()
+
+    # if redacting, don't update anything else
+    if data.get('redact_personalisation') is True and 'updated_by_id' in data:
+        # we also don't need to check what was passed in redact_personalisation - its presence in the dict is enough.
+        dao_redact_template(fetched_template, data['updated_by_id'])
+        return '', 200
+
     current_data = dict(template_schema.dump(fetched_template).data.items())
     updated_template = dict(template_schema.dump(fetched_template).data.items())
-    updated_template.update(request.get_json())
+    updated_template.update(data)
     # Check if there is a change to make.
     if _template_has_not_changed(current_data, updated_template):
         return jsonify(data=updated_template), 200