diff --git a/app/notifications/rest.py b/app/notifications/rest.py index d47f9f27c..b5dad7427 100644 --- a/app/notifications/rest.py +++ b/app/notifications/rest.py @@ -252,11 +252,13 @@ def send_notification(notification_type): service.restricted or api_user.key_type == KEY_TYPE_TEAM, not allowed_to_send_to( notification['to'], - itertools.chain.from_iterable( - [user.mobile_number, user.email_address] for user in service.users + itertools.chain( + itertools.chain.from_iterable([user.mobile_number, user.email_address] for user in service.users), + ([member.recipient for member in service.whitelist]) if api_user.key_type == KEY_TYPE_NORMAL else iter([]) ) ) )): + if (api_user.key_type == KEY_TYPE_TEAM): message = 'Can’t send to this recipient using a team-only API key' else: diff --git a/tests/app/notifications/rest/test_send_notification.py b/tests/app/notifications/rest/test_send_notification.py index 0b5e5eaf0..f6a0145de 100644 --- a/tests/app/notifications/rest/test_send_notification.py +++ b/tests/app/notifications/rest/test_send_notification.py @@ -21,7 +21,9 @@ from tests.app.conftest import ( sample_notification as create_sample_notification, sample_service as create_sample_service, sample_email_template as create_sample_email_template, - sample_template as create_sample_template + sample_template as create_sample_template, + sample_service_whitelist as create_sample_service_whitelist, + sample_api_key as create_sample_api_key ) @@ -999,3 +1001,238 @@ def test_should_not_persist_notification_or_send_sms_if_simulated_number( assert response.status_code == 201 apply_async.assert_not_called() assert Notification.query.count() == 0 + + +@pytest.mark.parametrize('to_sms', ['07827992635']) +def test_should_not_send_sms_to_non_whitelist_recipient_in_trial_mode_with_live_key( + client, + notify_db, + notify_db_session, + to_sms, + mocker): + apply_async = mocker.patch('app.celery.provider_tasks.send_sms_to_provider.apply_async') + service = create_sample_service(notify_db, notify_db_session, limit=2, restricted=True) + service_whitelist = create_sample_service_whitelist(notify_db, notify_db_session, service=service) + sms_template = create_sample_template(notify_db, notify_db_session, service=service) + + assert service_whitelist.service_id == service.id + assert to_sms not in [member.recipient for member in service.whitelist] + + create_sample_notification(notify_db, notify_db_session, template=sms_template, service=service) + + data = { + 'to': to_sms, + 'template': str(sms_template.id) + } + + live_key = create_sample_api_key(notify_db, notify_db_session, service) + auth_header = create_jwt_token(secret=live_key.unsigned_secret, client_id=str(live_key.service_id)) + + response = client.post( + path='/notifications/sms', + data=json.dumps(data), + headers=[('Content-Type', 'application/json'), ('Authorization', 'Bearer {}'.format(auth_header))]) + + expected_response_message = ( + 'Can’t send to this recipient when service is in trial mode ' + '– see https://www.notifications.service.gov.uk/trial-mode' + ) + + json_resp = json.loads(response.get_data(as_text=True)) + assert response.status_code == 400 + assert json_resp['result'] == 'error' + assert expected_response_message in json_resp['message']['to'] + apply_async.assert_not_called() + +@pytest.mark.parametrize('to_email', ['non_whitelist_recipient@mail.com']) +def test_should_not_send_email_to_non_whitelist_recipient_in_trial_mode_with_live_key( + client, + notify_db, + notify_db_session, + to_email, + mocker): + apply_async = mocker.patch('app.celery.provider_tasks.send_email_to_provider.apply_async') + service = create_sample_service(notify_db, notify_db_session, limit=2, restricted=True) + service_whitelist = create_sample_service_whitelist(notify_db, notify_db_session, service=service) + email_template = create_sample_email_template(notify_db, notify_db_session, service=service) + + assert service_whitelist.service_id == service.id + assert to_email not in [member.recipient for member in service.whitelist] + + create_sample_notification(notify_db, notify_db_session, template=email_template, service=service) + + data = { + 'to': to_email, + 'template': str(email_template.id) + } + + live_key = create_sample_api_key(notify_db, notify_db_session, service) + auth_header = create_jwt_token(secret=live_key.unsigned_secret, client_id=str(live_key.service_id)) + + response = client.post( + path='/notifications/email', + data=json.dumps(data), + headers=[('Content-Type', 'application/json'), ('Authorization', 'Bearer {}'.format(auth_header))]) + + expected_response_message = ( + 'Can’t send to this recipient when service is in trial mode ' + '– see https://www.notifications.service.gov.uk/trial-mode' + ) + + json_resp = json.loads(response.get_data(as_text=True)) + assert response.status_code == 400 + assert json_resp['result'] == 'error' + assert expected_response_message in json_resp['message']['to'] + apply_async.assert_not_called() + + +@pytest.mark.parametrize('to_sms', ['07827992635']) +def test_should_not_send_sms_to_whitelist_recipient_in_trial_mode_with_team_key( + client, + notify_db, + notify_db_session, + to_sms, + mocker): + apply_async = mocker.patch('app.celery.provider_tasks.send_sms_to_provider.apply_async') + service = create_sample_service(notify_db, notify_db_session, limit=2, restricted=True) + service_whitelist = create_sample_service_whitelist(notify_db, notify_db_session, service=service, mobile_number=to_sms) + sms_template = create_sample_template(notify_db, notify_db_session, service=service) + + assert service_whitelist.service_id == service.id + assert to_sms in [member.recipient for member in service.whitelist] + + create_sample_notification(notify_db, notify_db_session, template=sms_template, service=service) + + data = { + 'to': to_sms, + 'template': str(sms_template.id) + } + + team_key = create_sample_api_key(notify_db, notify_db_session, service, key_type=KEY_TYPE_TEAM) + auth_header = create_jwt_token(secret=team_key.unsigned_secret, client_id=str(team_key.service_id)) + + response = client.post( + path='/notifications/sms', + data=json.dumps(data), + headers=[('Content-Type', 'application/json'), ('Authorization', 'Bearer {}'.format(auth_header))]) + + json_resp = json.loads(response.get_data(as_text=True)) + assert response.status_code == 400 + assert json_resp['result'] == 'error' + assert 'Can’t send to this recipient using a team-only API key' in json_resp['message']['to'] + apply_async.assert_not_called() + + +@pytest.mark.parametrize('to_email', ['non_whitelist_recipient@mail.com']) +def test_should_not_send_email_to_whitelist_recipient_in_trial_mode_with_team_key( + client, + notify_db, + notify_db_session, + to_email, + mocker): + apply_async = mocker.patch('app.celery.provider_tasks.send_sms_to_provider.apply_async') + service = create_sample_service(notify_db, notify_db_session, limit=2, restricted=True) + service_whitelist = create_sample_service_whitelist(notify_db, notify_db_session, service=service, email_address=to_email) + email_template = create_sample_email_template(notify_db, notify_db_session, service=service) + + assert service_whitelist.service_id == service.id + assert to_email in [member.recipient for member in service.whitelist] + + create_sample_notification(notify_db, notify_db_session, template=email_template, service=service) + + data = { + 'to': to_email, + 'template': str(email_template.id) + } + + team_key = create_sample_api_key(notify_db, notify_db_session, service, key_type=KEY_TYPE_TEAM) + auth_header = create_jwt_token(secret=team_key.unsigned_secret, client_id=str(team_key.service_id)) + + response = client.post( + path='/notifications/email', + data=json.dumps(data), + headers=[('Content-Type', 'application/json'), ('Authorization', 'Bearer {}'.format(auth_header))]) + + json_resp = json.loads(response.get_data(as_text=True)) + assert response.status_code == 400 + assert json_resp['result'] == 'error' + assert 'Can’t send to this recipient using a team-only API key' in json_resp['message']['to'] + apply_async.assert_not_called() + + +@pytest.mark.parametrize('to_sms', ['07123123123']) +def test_should_send_sms_to_whitelist_recipient_in_trial_mode_with_live_key( + client, + notify_db, + notify_db_session, + to_sms, + mocker): + apply_async = mocker.patch('app.celery.provider_tasks.send_sms_to_provider.apply_async') + + service = create_sample_service(notify_db, notify_db_session, limit=2, restricted=True) + service_whitelist = create_sample_service_whitelist(notify_db, notify_db_session, service=service, mobile_number=to_sms) + sms_template = create_sample_template(notify_db, notify_db_session, service=service) + + assert service_whitelist.service_id == service.id + assert to_sms in [member.recipient for member in service.whitelist] + + create_sample_notification(notify_db, notify_db_session, template=sms_template, service=service) + + data = { + 'to': to_sms, + 'template': str(sms_template.id) + } + + sample_live_key = create_sample_api_key(notify_db, notify_db_session, service) + auth_header = create_jwt_token(secret=sample_live_key.unsigned_secret, client_id=str(sample_live_key.service_id)) + + response = client.post( + path='/notifications/sms', + data=json.dumps(data), + headers=[('Content-Type', 'application/json'), ('Authorization', 'Bearer {}'.format(auth_header))]) + + json_resp = json.loads(response.get_data(as_text=True)) + assert response.status_code == 201 + assert json_resp['data']['notification']['id'] + assert json_resp['data']['body'] == sms_template.content + assert json_resp['data']['template_version'] == sms_template.version + apply_async.called + + +@pytest.mark.parametrize('to_email', ['whitelist_recipient@mail.com']) +def test_should_send_email_to_whitelist_recipient_in_trial_mode_with_live_key( + client, + notify_db, + notify_db_session, + to_email, + mocker): + apply_async = mocker.patch('app.celery.provider_tasks.send_email_to_provider.apply_async') + + service = create_sample_service(notify_db, notify_db_session, limit=2, restricted=True) + service_whitelist = create_sample_service_whitelist(notify_db, notify_db_session, service=service, email_address=to_email) + email_template = create_sample_email_template(notify_db, notify_db_session, service=service) + + assert service_whitelist.service_id == service.id + assert to_email in [member.recipient for member in service.whitelist] + + create_sample_notification(notify_db, notify_db_session, template=email_template, service=service) + + data = { + 'to': to_email, + 'template': str(email_template.id) + } + + sample_live_key = create_sample_api_key(notify_db, notify_db_session, service) + auth_header = create_jwt_token(secret=sample_live_key.unsigned_secret, client_id=str(sample_live_key.service_id)) + + response = client.post( + path='/notifications/email', + data=json.dumps(data), + headers=[('Content-Type', 'application/json'), ('Authorization', 'Bearer {}'.format(auth_header))]) + + json_resp = json.loads(response.get_data(as_text=True)) + assert response.status_code == 201 + assert json_resp['data']['notification']['id'] + assert json_resp['data']['body'] == email_template.content + assert json_resp['data']['template_version'] == email_template.version + apply_async.called