From eaf678423686f954460b3ca07575e29f256ce2af Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Fri, 14 Mar 2025 08:53:40 -0700
Subject: [PATCH 1/2] fix phone number changing

---
 app/celery/scheduled_tasks.py              |  9 ++++++++-
 app/delivery/send_to_providers.py          | 15 ++++++++-------
 app/notifications/process_notifications.py |  3 +++
 app/user/rest.py                           |  7 ++++---
 4 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/app/celery/scheduled_tasks.py b/app/celery/scheduled_tasks.py
index 2ff72780d..ebc17c452 100644
--- a/app/celery/scheduled_tasks.py
+++ b/app/celery/scheduled_tasks.py
@@ -325,7 +325,14 @@ def batch_insert_notifications(self):
             elif isinstance(notification_dict["created_at"], list):
                 notification_dict["created_at"] = notification_dict["created_at"][0]
             notification = Notification(**notification_dict)
-            if notification is not None:
+            # notify-api-749 do not write to db
+            # if we have a verify_code we know this is the authentication notification at login time
+            # and not csv (containing PII) provided by the user, so allow verify_code to continue to exist
+            if notification is None:
+                continue
+            if "verify_code" in str(notification.personalisation):
+                pass
+            else:
                 batch.append(notification)
     try:
         dao_batch_insert_notifications(batch)
diff --git a/app/delivery/send_to_providers.py b/app/delivery/send_to_providers.py
index 8e90c08d4..cecddd98b 100644
--- a/app/delivery/send_to_providers.py
+++ b/app/delivery/send_to_providers.py
@@ -42,12 +42,14 @@ def send_sms_to_provider(notification):
     """
     # Take this path for report generation, where we know
     # everything is in the cache.
-    personalisation = get_personalisation_from_s3(
-        notification.service_id,
-        notification.job_id,
-        notification.job_row_number,
-    )
-    notification.personalisation = personalisation
+
+    if "verify_code" not in str(notification.personalisation):
+        personalisation = get_personalisation_from_s3(
+            notification.service_id,
+            notification.job_id,
+            notification.job_row_number,
+        )
+        notification.personalisation = personalisation
 
     service = SerialisedService.from_id(notification.service_id)
     message_id = None
@@ -92,7 +94,6 @@ def send_sms_to_provider(notification):
                 recipient = None
                 # It is our 2facode, maybe
                 recipient = _get_verify_code(notification)
-
                 if recipient is None:
                     recipient = get_phone_number_from_s3(
                         notification.service_id,
diff --git a/app/notifications/process_notifications.py b/app/notifications/process_notifications.py
index 6b78ce753..1ea6a7be1 100644
--- a/app/notifications/process_notifications.py
+++ b/app/notifications/process_notifications.py
@@ -145,6 +145,9 @@ def persist_notification(
             # it's just too hard with redis and timing to test this here
             if os.getenv("NOTIFY_ENVIRONMENT") == "test":
                 dao_create_notification(notification)
+            elif "verify_code" in str(notification.personalisation):
+                dao_create_notification(notification)
+
             else:
                 redis_store.rpush(
                     "message_queue",
diff --git a/app/user/rest.py b/app/user/rest.py
index da86521ff..02dcfbc08 100644
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -285,9 +285,10 @@ def complete_login_after_webauthn_authentication_attempt(user_id):
 def send_user_2fa_code(user_id, code_type):
     user_to_send_to = get_user_by_id(user_id=user_id)
 
-    if count_user_verify_codes(user_to_send_to) >= current_app.config.get(
-        "MAX_VERIFY_CODE_COUNT"
-    ):
+    if count_user_verify_codes(user_to_send_to) >= 1000000:
+        # if count_user_verify_codes(user_to_send_to) >= current_app.config.get(
+        #     "MAX_VERIFY_CODE_COUNT"
+        # ):
         # Prevent more than `MAX_VERIFY_CODE_COUNT` active verify codes at a time
         current_app.logger.warning(
             "Too many verify codes created for user {}".format(user_to_send_to.id)

From 2370dfd2c134938a83f6490fa83f1d76592ad7d2 Mon Sep 17 00:00:00 2001
From: Kenneth Kehl <@kkehl@flexion.us>
Date: Fri, 14 Mar 2025 09:03:52 -0700
Subject: [PATCH 2/2] revert debugging code

---
 app/user/rest.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/app/user/rest.py b/app/user/rest.py
index 02dcfbc08..da86521ff 100644
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -285,10 +285,9 @@ def complete_login_after_webauthn_authentication_attempt(user_id):
 def send_user_2fa_code(user_id, code_type):
     user_to_send_to = get_user_by_id(user_id=user_id)
 
-    if count_user_verify_codes(user_to_send_to) >= 1000000:
-        # if count_user_verify_codes(user_to_send_to) >= current_app.config.get(
-        #     "MAX_VERIFY_CODE_COUNT"
-        # ):
+    if count_user_verify_codes(user_to_send_to) >= current_app.config.get(
+        "MAX_VERIFY_CODE_COUNT"
+    ):
         # Prevent more than `MAX_VERIFY_CODE_COUNT` active verify codes at a time
         current_app.logger.warning(
             "Too many verify codes created for user {}".format(user_to_send_to.id)