Prevent service from adding duplicate reply-to addresses

Check for duplicate reply-to email address has been added on: -verification endpoint, so we do not send the verifying notification needlessly - add reply-to email address and update reply-to email address endpoints, as those can be hit multiple times after the email address has been verified (so the same email address could end up being added multiple times). EDIT: this has now been prevented on admin app, but it's better to retain double-check for safety.
2026-02-01 15:46:07 -05:00 · 2019-05-15 15:23:27 +01:00
parent 615ea6a98a
commit 3c3dde635b
2 changed files with 59 additions and 6 deletions
--- a/tests/app/service/test_rest.py
+++ b/tests/app/service/test_rest.py
@@ -2495,12 +2495,13 @@ def test_get_email_reply_to_addresses_with_multiple_email_addresses(client, noti
 def test_verify_new_service_reply_to_email_address_should_send_verification_email(
    client, sample_user, mocker, verify_reply_to_address_email_template
 ):
+    service = create_service()
    mocked = mocker.patch('app.celery.provider_tasks.deliver_email.apply_async')
    data = json.dumps({'email': 'reply-here@example.gov.uk'})
    auth_header = create_authorization_header()
    notify_service = verify_reply_to_address_email_template.service
    response = client.post(
-        url_for('service.verify_new_service_reply_to_email_address'),
+        url_for('service.verify_new_service_reply_to_email_address', service_id=service.id),
        data=data,
        headers=[('Content-Type', 'application/json'), auth_header])

@@ -2512,6 +2513,21 @@ def test_verify_new_service_reply_to_email_address_should_send_verification_emai
    assert notification.reply_to_text == notify_service.get_default_reply_to_email_address()


+def test_verify_new_service_reply_to_email_address_doesnt_allow_duplicates(client, sample_user, mocker):
+    data = json.dumps({'email': 'reply-here@example.gov.uk'})
+    service = create_service()
+    create_reply_to_email(service, 'reply-here@example.gov.uk')
+    auth_header = create_authorization_header()
+    response = client.post(
+        url_for('service.verify_new_service_reply_to_email_address', service_id=service.id),
+        data=data,
+        headers=[('Content-Type', 'application/json'), auth_header])
+    assert response.status_code == 400
+    assert response.json[
+        "message"
+    ] == "Your service already uses 'reply-here@example.gov.uk' as an email reply-to address."
+
+
 def test_add_service_reply_to_email_address(client, sample_service):
    data = json.dumps({"email_address": "new@reply.com", "is_default": True})
    response = client.post('/service/{}/email-reply-to'.format(sample_service.id),
@@ -2525,6 +2541,20 @@ def test_add_service_reply_to_email_address(client, sample_service):
    assert json_resp['data'] == results[0].serialize()


+def test_add_service_reply_to_email_address_doesnt_allow_duplicates(client, sample_user, mocker):
+    data = json.dumps({"email_address": "reply-here@example.gov.uk", "is_default": True})
+    service = create_service()
+    create_reply_to_email(service, 'reply-here@example.gov.uk')
+    auth_header = create_authorization_header()
+    response = client.post('/service/{}/email-reply-to'.format(service.id),
+                           data=data,
+                           headers=[('Content-Type', 'application/json'), auth_header])
+    assert response.status_code == 400
+    assert response.json[
+        "message"
+    ] == "Your service already uses 'reply-here@example.gov.uk' as an email reply-to address."
+
+
 def test_add_service_reply_to_email_address_can_add_multiple_addresses(client, sample_service):
    data = json.dumps({"email_address": "first@reply.com", "is_default": True})
    client.post('/service/{}/email-reply-to'.format(sample_service.id),
@@ -2580,6 +2610,18 @@ def test_update_service_reply_to_email_address(client, sample_service):
    assert json_resp['data'] == results[0].serialize()


+def test_update_service_reply_to_email_address_doesnt_allow_duplicates(client, sample_user, mocker):
+    service = create_service()
+    original_reply_to = create_reply_to_email(service=service, email_address="some@email.com")
+    data = json.dumps({"email_address": "changed@reply.com", "is_default": True})
+    create_reply_to_email(service, 'changed@reply.com')
+    response = client.post('/service/{}/email-reply-to/{}'.format(service.id, original_reply_to.id),
+                           data=data,
+                           headers=[('Content-Type', 'application/json'), create_authorization_header()])
+    assert response.status_code == 400
+    assert response.json["message"] == "Your service already uses 'changed@reply.com' as an email reply-to address."
+
+
 def test_update_service_reply_to_email_address_returns_400_when_no_default(client, sample_service):
    original_reply_to = create_reply_to_email(service=sample_service, email_address="some@email.com")
    data = json.dumps({"email_address": "changed@reply.com", "is_default": False})