Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MPP-3753: Disable DomainAddress address field updates #4519

Merged
merged 2 commits into from
Mar 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions api/tests/views_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -560,6 +560,49 @@ def test_patch_domainaddress_read_only_mask_type(
assert get_glean_event(caplog) is None


def test_patch_domainaddress_address_fails(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 on tests!

prem_api_client: APIClient, premium_user: User, caplog: pytest.LogCaptureFixture
) -> None:
"""PATCH should not succeed when attempting to update the address field."""
existing = DomainAddress.objects.create(user=premium_user, address="my-new-alias")
url = reverse("domainaddress-detail", args=[existing.id])
get_json = prem_api_client.get(url).json()
assert get_json["address"] == "my-new-alias"
response = prem_api_client.patch(url, data={"address": "my-new-edited-alias"})
ret_data = response.json()

assert response.status_code == 400
assert ret_data["detail"] == "You cannot edit an existing domain address field."
assert ret_data["error_code"] == "address_not_editable"
assert get_glean_event(caplog) is None


def test_patch_domainaddress_addr_with_id_fails(
prem_api_client: APIClient, premium_user: User, caplog: pytest.LogCaptureFixture
) -> None:
"""
PATCH should not succeed when updating the address field and an 'id' field should have no effect on
the request because it is a read-only field
"""

existing_alias = DomainAddress.objects.create(
user=premium_user, address="my-new-alias"
)

url = reverse("domainaddress-detail", args=[existing_alias.id])
get_json = prem_api_client.get(url).json()
assert get_json["address"] == "my-new-alias"
response = prem_api_client.patch(
url, data={"id": 100, "address": "my-new-edited-alias"}
)
ret_data = response.json()

assert response.status_code == 400
assert ret_data["detail"] == "You cannot edit an existing domain address field."
assert ret_data["error_code"] == "address_not_editable"
assert get_glean_event(caplog) is None


def test_delete_domainaddress(
prem_api_client: APIClient, premium_user: User, caplog: pytest.LogCaptureFixture
) -> None:
Expand Down
14 changes: 14 additions & 0 deletions emails/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -686,6 +686,14 @@ class DomainAddrNeedSubdomainException(CannotMakeAddressException):
status_code = 400


class DomainAddrUpdateException(CannotMakeAddressException):
"""Exception raised when attempting to edit an existing domain address field."""

default_code = "address_not_editable"
default_detail = "You cannot edit an existing domain address field."
status_code = 400


class DomainAddrUnavailableException(CannotMakeAddressException):
default_code = "address_unavailable"
default_detail_template = (
Expand Down Expand Up @@ -936,6 +944,12 @@ def save(
incr_if_enabled("domainaddress.create")
if self.first_emailed_at:
incr_if_enabled("domainaddress.create_via_email")
else:
# The model is in an update state, do not allow 'address' field updates
existing_instance = DomainAddress.objects.get(id=self.id)
if existing_instance.address != self.address:
raise DomainAddrUpdateException()

if not user_profile.has_premium and self.block_list_emails:
self.block_list_emails = False
if update_fields:
Expand Down
1 change: 1 addition & 0 deletions privaterelay/pending_locales/en/pending.ftl
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@
# Variables:
# $duplicate_address (string) - User-set email address that already exists
api-error-duplicate-address = “{ $duplicate_address }” already exists. Please try again with a different mask name.
api-error-address-not-editable = You cannot edit an existing domain address field.