Rename the endpoints.

Increase test coverage to include the encrypted message sent to the task.

app/user/rest.py

@@ -34,6 +34,7 @@ from app.errors import (
     register_errors,
     InvalidRequest
 )
+from app.utils import url_with_token
 
 user = Blueprint('user', __name__)
 register_errors(user)
@@ -146,7 +147,7 @@ def send_user_sms_code(user_id):
     return jsonify({}), 204
 
 
-@user.route('/<uuid:user_id>/confirm-new-email', methods=['POST'])
+@user.route('/<uuid:user_id>/change-email-verification', methods=['POST'])
 def send_user_confirm_new_email(user_id):
     user_to_send_to = get_model_users(user_id=user_id)
     email, errors = email_data_request_schema.load(request.get_json())
@@ -157,10 +158,10 @@ def send_user_confirm_new_email(user_id):
     message = {
         'template': str(template.id),
         'template_version': template.version,
-        'to': user_to_send_to.email_address,
+        'to': email['email'],
         'personalisation': {
             'name': user_to_send_to.name,
-            'url': _create_confirmation_url(user=user_to_send_to, email_address=email),
+            'url': _create_confirmation_url(user=user_to_send_to, email_address=email['email']),
             'feedback_url': current_app.config['ADMIN_BASE_URL'] + '/feedback'
         }
     }
@@ -285,25 +286,19 @@ def send_user_reset_password():
     return jsonify({}), 204
 
 
-def _create_url(data, base_url):
-    from notifications_utils.url_safe_token import generate_token
-    token = generate_token(data, current_app.config['SECRET_KEY'], current_app.config['DANGEROUS_SALT'])
-    return base_url + token
-
-
 def _create_reset_password_url(email):
     data = json.dumps({'email': email, 'created_at': str(datetime.utcnow())})
-    base_url = current_app.config['ADMIN_BASE_URL'] + '/new-password/'
+    url = '/new-password/'
-    return _create_url(data=data, base_url=base_url)
+    return url_with_token(data, url, current_app.config)
 
 
 def _create_verification_url(user, secret_code):
     data = json.dumps({'user_id': str(user.id), 'email': user.email_address, 'secret_code': secret_code})
-    base_url = current_app.config['ADMIN_BASE_URL'] + '/verify-email/'
+    url = '/verify-email/'
-    return _create_url(data=data, base_url=base_url)
+    return url_with_token(data, url, current_app.config)
 
 
 def _create_confirmation_url(user, email_address):
-    data = json.dumps({'user_id': str(user.id), 'email': user.email_address})
+    data = json.dumps({'user_id': str(user.id), 'email': email_address})
-    base_url = current_app.config['ADMIN_BASE_URL'] + '/confirm-new-email/'
+    url = '/user-profile/email/confirm/'
-    return _create_url(data=data, base_url=base_url)
+    return url_with_token(data, url, current_app.config)

app/utils.py

@@ -11,3 +11,10 @@ def pagination_links(pagination, endpoint, **kwargs):
         links['next'] = url_for(endpoint, page=pagination.next_num, **kwargs)
         links['last'] = url_for(endpoint, page=pagination.pages, **kwargs)
     return links
+
+
+def url_with_token(data, url, config):
+    from notifications_utils.url_safe_token import generate_token
+    token = generate_token(data, config['SECRET_KEY'], config['DANGEROUS_SALT'])
+    base_url = config['ADMIN_BASE_URL'] + url
+    return base_url + token

tests/app/user/test_rest.py

@@ -6,6 +6,7 @@ from freezegun import freeze_time
 import app
 from app.models import (User, Permission, MANAGE_SETTINGS, MANAGE_TEMPLATES)
 from app.dao.permissions_dao import default_service_permissions
+from app.utils import url_with_token
 from tests import create_authorization_header
 
 
@@ -519,10 +520,9 @@ def test_send_already_registered_email_returns_400_when_data_is_missing(notify_a
 
 
 @freeze_time("2016-01-01T11:09:00.061258")
-def test_send_user_confirm_new_email_returns_204(notify_api, sample_user, mocker, change_email_confirmation_template):
+def test_send_user_confirm_new_email_returns_204(notify_api, sample_user, change_email_confirmation_template, mocker):
     with notify_api.test_request_context():
         with notify_api.test_client() as client:
-            mocker.patch("app.encryption.encrypt", return_value='encrypted_message')
             mocked = mocker.patch('app.celery.tasks.send_email.apply_async')
             mocker.patch('uuid.uuid4', return_value='some_uuid')  # for the notification id
             new_email = 'new_address@dig.gov.uk'
@@ -533,10 +533,22 @@ def test_send_user_confirm_new_email_returns_204(notify_api, sample_user, mocker
                                data=data,
                                headers=[('Content-Type', 'application/json'), auth_header])
             assert resp.status_code == 204
+            token_data = json.dumps({'user_id': str(sample_user.id), 'email': new_email})
+            url = url_with_token(data=token_data, url='/user-profile/email/confirm/', config=current_app.config)
+            message = {
+                'template': current_app.config['CHANGE_EMAIL_CONFIRMATION_TEMPLATE_ID'],
+                'template_version': 1,
+                'to': 'new_address@dig.gov.uk',
+                'personalisation': {
+                    'name': sample_user.name,
+                    'url': url,
+                    'feedback_url': current_app.config['ADMIN_BASE_URL'] + '/feedback'
+                }
+            }
             mocked.assert_called_once_with((
                 str(current_app.config['NOTIFY_SERVICE_ID']),
                 "some_uuid",
-                'encrypted_message',
+                app.encryption.encrypt(message),
                 "2016-01-01T11:09:00.061258"), queue="notify")