add template personalisation redaction

If passing in `redact_personalisation` to the template update endpoint, we should mark that template permanently as redacted - this means that we won't ever return the personalisation for any notifications for it. This is to be used with templates containing one time passwords, 2FA codes or other sensitive information that you may not want service workers to be able to see. This is implemented via a separate table, `template_redacted`, which just contains when the template was redacted.
2025-12-24 01:11:38 -05:00 · 2017-06-28 10:26:25 +01:00
parent 73e0432a69
commit 29fc81090e
5 changed files with 114 additions and 11 deletions
--- a/tests/app/dao/test_templates_dao.py
+++ b/tests/app/dao/test_templates_dao.py
@@ -1,14 +1,21 @@
+from datetime import datetime
+
+from freezegun import freeze_time
 from sqlalchemy.orm.exc import NoResultFound
+import pytest
+
 from app.dao.templates_dao import (
    dao_create_template,
    dao_get_template_by_id_and_service_id,
    dao_get_all_templates_for_service,
    dao_update_template,
    dao_get_template_versions,
-    dao_get_templates_for_cache)
+    dao_get_templates_for_cache,
+    dao_redact_template)
+from app.models import Template, TemplateHistory, TemplateRedacted
+
 from tests.app.conftest import sample_template as create_sample_template
-from app.models import Template, TemplateHistory
-import pytest
+from tests.app.db import create_template


@pytest.mark.parametrize('template_type, subject', [
@@ -35,6 +42,17 @@ def test_create_template(sample_service, sample_user, template_type, subject):
    assert dao_get_all_templates_for_service(sample_service.id)[0].process_type == 'normal'


+def test_create_template_creates_redact_entry(sample_service):
+    assert TemplateRedacted.query.count() == 0
+
+    template = create_template(sample_service)
+
+    redacted = TemplateRedacted.query.one()
+    assert redacted.template_id == template.id
+    assert redacted.redact_personalisation is False
+    assert redacted.updated_by_id == sample_service.created_by_id
+
+
 def test_update_template(sample_service, sample_user):
    data = {
        'name': 'Sample Template',
@@ -53,6 +71,20 @@ def test_update_template(sample_service, sample_user):
    assert dao_get_all_templates_for_service(sample_service.id)[0].name == 'new name'


+def test_redact_template(sample_template):
+    redacted = TemplateRedacted.query.one()
+    assert redacted.template_id == sample_template.id
+    assert redacted.redact_personalisation is False
+
+    time = datetime.now()
+    with freeze_time(time):
+        dao_redact_template(sample_template, sample_template.created_by_id)
+
+    assert redacted.redact_personalisation is True
+    assert redacted.updated_at == time
+    assert redacted.updated_by_id == sample_template.created_by_id
+
+
 def test_get_all_templates_for_service(notify_db, notify_db_session, service_factory):
    service_1 = service_factory.get('service 1', email_from='service.1')
    service_2 = service_factory.get('service 2', email_from='service.2')