Use the same validation in the endpoint and the task to validate the phone number is ok to send to.

Format the phone number before sending it to the sms provider.
2026-02-04 10:21:14 -05:00 · 2016-03-16 13:33:12 +00:00
parent 977ac4f566
commit 4268f8453b
5 changed files with 112 additions and 36 deletions
--- a/app/notifications/rest.py
+++ b/app/notifications/rest.py
@@ -26,6 +26,7 @@ from app.schemas import (
    notification_status_schema
 )
 from app.celery.tasks import send_sms, send_email
+from app.validation import allowed_send_to_number, allowed_send_to_email

 notifications = Blueprint('notifications', __name__)

@@ -320,7 +321,7 @@ def send_notification(notification_type):
    notification_id = create_uuid()

    if notification_type == 'sms':
-        if service.restricted and notification['to'] not in [user.mobile_number for user in service.users]:
+        if not allowed_send_to_number(service, notification['to']):
            return jsonify(
                result="error", message={'to': ['Invalid phone number for restricted service']}), 400
        send_sms.apply_async((
@@ -330,7 +331,7 @@ def send_notification(notification_type):
            datetime.utcnow().strftime(DATETIME_FORMAT)
        ), queue='sms')
    else:
-        if service.restricted and notification['to'] not in [user.email_address for user in service.users]:
+        if not allowed_send_to_email(service, notification['to']):
            return jsonify(
                result="error", message={'to': ['Email address not permitted for restricted service']}), 400
        send_email.apply_async((