add POST get user by email endpoint

the existing endpoint is a GET, and so leaves email addresses in log files. we've got an existing POST find_users_by_partial_email, but not one that matches on a whole email address.
2025-12-18 07:41:47 -05:00 · 2021-03-05 12:38:14 +00:00
parent 8e5f956009
commit e0234fecba
2 changed files with 51 additions and 0 deletions
--- a/app/user/rest.py
+++ b/app/user/rest.py
@@ -417,6 +417,19 @@ def set_permissions(user_id, service_id):
    return jsonify({}), 204


+@user_blueprint.route('/email', methods=['POST'])
+def fetch_user_by_email():
+
+    email, errors = email_data_request_schema.load(request.get_json())
+    if errors:
+        raise InvalidRequest(message=errors, status_code=400)
+
+    fetched_user = get_user_by_email(email['email'])
+    result = fetched_user.serialize()
+    return jsonify(data=result)
+
+
+# TODO: Deprecate this GET endpoint
@user_blueprint.route('/email', methods=['GET'])
 def get_by_email():
    email = request.args.get('email')
--- a/tests/app/user/test_rest.py
+++ b/tests/app/user/test_rest.py
@@ -410,6 +410,44 @@ def test_get_user_by_email_bad_url_returns_404(client, sample_user):
    assert json_resp['message'] == 'Invalid request. Email query string param required'


+def test_fetch_user_by_email(admin_request, notify_db_session):
+    user = create_user(email='foo@bar.com')
+
+    create_user(email='foo@bar.com.other_email')
+    create_user(email='other_email.foo@bar.com')
+
+    resp = admin_request.post(
+        'user.fetch_user_by_email',
+        _data={'email': user.email_address},
+        _expected_status=200
+    )
+
+    assert resp['data']['id'] == str(user.id)
+    assert resp['data']['email_address'] == user.email_address
+
+
+def test_fetch_user_by_email_not_found_returns_404(admin_request, notify_db_session):
+    create_user(email='foo@bar.com.other_email')
+
+    resp = admin_request.post(
+        'user.fetch_user_by_email',
+        _data={'email': 'doesnt@exist.com'},
+        _expected_status=404
+    )
+    assert resp['result'] == 'error'
+    assert resp['message'] == 'No result found'
+
+
+def test_fetch_user_by_email_without_email_returns_400(admin_request, notify_db_session):
+    resp = admin_request.post(
+        'user.fetch_user_by_email',
+        _data={},
+        _expected_status=400
+    )
+    assert resp['result'] == 'error'
+    assert resp['message'] == {'email': ['Missing data for required field.']}
+
+
 def test_get_user_with_permissions(client, sample_user_service_permission):
    header = create_authorization_header()
    response = client.get(url_for('user.get_user', user_id=str(sample_user_service_permission.user.id)),