Skip to content

Commit 7801052

Browse files
itsisakitsisak
authored
Do not allow anonymous contact forms (#3842)
1 parent c18b67c commit 7801052

File tree

5 files changed

+30
-113
lines changed

5 files changed

+30
-113
lines changed

lego/apps/contact/send.py

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,29 +3,28 @@
33
from lego.utils.tasks import send_email
44

55

6-
def send_message(title, message, user, anonymous, recipient_group):
6+
def send_message(title, message, user, recipient_group):
77
"""
88
Send a message to HS when users posts to the contact form.
99
Don't catch AbakusGroup.DoesNotExist, this notifies us when the group doesn't exist.
1010
"""
11-
anonymous = anonymous if user.is_authenticated else True
11+
12+
if not user or user.is_anonymous:
13+
raise ValueError("User must be authenticated")
1214

1315
# Handle no recipient group as HS
1416
if not recipient_group:
1517
recipient_group = AbakusGroup.objects.get(name="Hovedstyret")
1618

1719
recipient_emails = get_recipients(recipient_group)
1820

19-
from_name = "Anonymous" if anonymous else user.full_name
20-
from_email = "Unknown" if anonymous else user.email_address
21-
2221
send_email.delay(
2322
to_email=recipient_emails,
2423
context={
2524
"title": title,
2625
"message": message,
27-
"from_name": from_name,
28-
"from_email": from_email,
26+
"from_name": user.full_name,
27+
"from_email": user.email_address,
2928
"recipient_group": recipient_group.__str__(),
3029
},
3130
subject=f"Ny henvendelse fra kontaktskjemaet til {recipient_group.__str__()}",

lego/apps/contact/serializers.py

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@
1010
class ContactFormSerializer(serializers.Serializer):
1111
title = serializers.CharField(max_length=80)
1212
message = serializers.CharField()
13-
anonymous = serializers.BooleanField()
1413
captcha_response = serializers.CharField()
1514
recipient_group = PrimaryKeyRelatedFieldNoPKOpt(
1615
allow_null=True,
@@ -23,8 +22,3 @@ def validate_captcha_response(self, captcha_response):
2322
if not verify_captcha(captcha_response):
2423
raise exceptions.ValidationError("invalid_captcha")
2524
return captcha_response
26-
27-
def validate_anonymous(self, anonymous):
28-
if not self.context["request"].user.is_authenticated and not anonymous:
29-
raise exceptions.ValidationError("anonymous_required_without_auth")
30-
return anonymous

lego/apps/contact/tests/test_send.py

Lines changed: 17 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -31,58 +31,14 @@ def setUp(self):
3131

3232
self.webkom_leader = membership.user
3333

34-
@mock.patch("lego.apps.contact.send.send_email.delay")
35-
def test_send_anonymous(self, mock_send_email):
36-
"""
37-
Send in a contact form as not logged in user, set to be anonymous
38-
"""
39-
anonymus_user = AnonymousUser()
40-
41-
send_message("title", "message", anonymus_user, True, self.webkom_group)
42-
mock_send_email.assert_called_with(
43-
to_email=[self.webkom_leader.email_address],
44-
context={
45-
"title": "title",
46-
"message": "message",
47-
"from_name": "Anonymous",
48-
"from_email": "Unknown",
49-
"recipient_group": self.webkom_group.__str__(),
50-
},
51-
subject=f"Ny henvendelse fra kontaktskjemaet til {self.webkom_group.__str__()}",
52-
**default_values,
53-
)
54-
mock_send_email.assert_called_once()
55-
56-
@mock.patch("lego.apps.contact.send.send_email.delay")
57-
def test_send_anonymous_user(self, mock_send_email):
58-
"""
59-
Send in a contact form as not logged in user
60-
"""
61-
anonymus_user = AnonymousUser()
62-
63-
send_message("title", "message", anonymus_user, False, self.webkom_group)
64-
mock_send_email.assert_called_with(
65-
to_email=[self.webkom_leader.email_address],
66-
context={
67-
"title": "title",
68-
"message": "message",
69-
"from_name": "Anonymous",
70-
"from_email": "Unknown",
71-
"recipient_group": self.webkom_group.__str__(),
72-
},
73-
subject=f"Ny henvendelse fra kontaktskjemaet til {self.webkom_group.__str__()}",
74-
**default_values,
75-
)
76-
mock_send_email.assert_called_once()
77-
7834
@mock.patch("lego.apps.contact.send.send_email.delay")
7935
def test_send_user(self, mock_send_email):
8036
"""
8137
Send in a contact form as logged in user, showing name
8238
"""
8339
logged_in_user = User.objects.first()
8440

85-
send_message("title", "message", logged_in_user, False, self.webkom_group)
41+
send_message("title", "message", logged_in_user, self.webkom_group)
8642
mock_send_email.assert_called_with(
8743
to_email=[self.webkom_leader.email_address],
8844
context={
@@ -98,43 +54,32 @@ def test_send_user(self, mock_send_email):
9854
mock_send_email.assert_called_once()
9955

10056
@mock.patch("lego.apps.contact.send.send_email.delay")
101-
def test_send_user_set_anonymous(self, mock_send_email):
57+
def test_send_anonymous(self, mock_send_email):
10258
"""
103-
Send in a contact form as logged in user, set to be anonymous
59+
Ensure anonymous users can not send messages
10460
"""
105-
logged_in_user = User.objects.first()
61+
anonymus_user = AnonymousUser()
10662

107-
send_message("title", "message", logged_in_user, True, self.webkom_group)
108-
mock_send_email.assert_called_with(
109-
to_email=[self.webkom_leader.email_address],
110-
context={
111-
"title": "title",
112-
"message": "message",
113-
"from_name": "Anonymous",
114-
"from_email": "Unknown",
115-
"recipient_group": self.webkom_group.__str__(),
116-
},
117-
subject=f"Ny henvendelse fra kontaktskjemaet til {self.webkom_group.__str__()}",
118-
**default_values,
119-
)
120-
mock_send_email.assert_called_once()
63+
with self.assertRaises(ValueError):
64+
send_message("title", "message", anonymus_user, self.webkom_group)
65+
mock_send_email.assert_not_called()
12166

12267
@mock.patch("lego.apps.contact.send.send_email.delay")
12368
def test_send_to_hs(self, mock_send_email):
12469
"""
12570
Send in a contact form to HS by passing `None` as recipient
12671
"""
127-
anonymus_user = AnonymousUser()
72+
logged_in_user = User.objects.first()
12873
hs_group = AbakusGroup.objects.get(name="Hovedstyret")
12974

130-
send_message("title", "message", anonymus_user, True, None)
75+
send_message("title", "message", logged_in_user, None)
13176
mock_send_email.assert_called_with(
13277
to_email=["[email protected]"],
13378
context={
13479
"title": "title",
13580
"message": "message",
136-
"from_name": "Anonymous",
137-
"from_email": "Unknown",
81+
"from_name": logged_in_user.full_name,
82+
"from_email": logged_in_user.email_address,
13883
"recipient_group": hs_group.__str__(),
13984
},
14085
subject=f"Ny henvendelse fra kontaktskjemaet til {hs_group.__str__()}",
@@ -151,14 +96,14 @@ def test_send_to_group_with_several_leaders(self, mock_send_email):
15196

15297
self.webkom_group.add_user(logged_in_user, role=LEADER)
15398

154-
send_message("title", "message", logged_in_user, True, self.webkom_group)
99+
send_message("title", "message", logged_in_user, self.webkom_group)
155100
mock_send_email.assert_called_with(
156101
to_email=[self.webkom_leader.email_address, logged_in_user.email_address],
157102
context={
158103
"title": "title",
159104
"message": "message",
160-
"from_name": "Anonymous",
161-
"from_email": "Unknown",
105+
"from_name": logged_in_user.full_name,
106+
"from_email": logged_in_user.email_address,
162107
"recipient_group": self.webkom_group.__str__(),
163108
},
164109
subject=f"Ny henvendelse fra kontaktskjemaet til {self.webkom_group.__str__()}",
@@ -175,14 +120,14 @@ def test_is_only_sent_to_leader(self, mock_send_email):
175120

176121
self.webkom_group.add_user(logged_in_user, role=MEMBER)
177122

178-
send_message("title", "message", logged_in_user, True, self.webkom_group)
123+
send_message("title", "message", logged_in_user, self.webkom_group)
179124
mock_send_email.assert_called_with(
180125
to_email=[self.webkom_leader.email_address],
181126
context={
182127
"title": "title",
183128
"message": "message",
184-
"from_name": "Anonymous",
185-
"from_email": "Unknown",
129+
"from_name": logged_in_user.full_name,
130+
"from_email": logged_in_user.email_address,
186131
"recipient_group": self.webkom_group.__str__(),
187132
},
188133
subject=f"Ny henvendelse fra kontaktskjemaet til {self.webkom_group.__str__()}",

lego/apps/contact/tests/test_views.py

Lines changed: 2 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -26,23 +26,6 @@ def test_without_auth(self, mock_verify_captcha, mock_send_message):
2626
{
2727
"title": "title",
2828
"message": "message",
29-
"anonymous": True,
30-
"captcha_response": "test",
31-
"recipient_group": None,
32-
},
33-
)
34-
self.assertEqual(status.HTTP_202_ACCEPTED, response.status_code)
35-
mock_verify_captcha.assert_called_once()
36-
37-
@mock.patch("lego.apps.contact.views.send_message")
38-
@mock.patch("lego.apps.contact.serializers.verify_captcha", return_value=True)
39-
def test_without_auth_not_anonymous(self, mock_verify_captcha, mock_send_message):
40-
response = self.client.post(
41-
self.url,
42-
{
43-
"title": "title",
44-
"message": "message",
45-
"anonymous": False,
4629
"captcha_response": "test",
4730
"recipient_group": None,
4831
},
@@ -58,16 +41,13 @@ def test_with_auth(self, mock_verify_captcha, mock_send_message):
5841
{
5942
"title": "title",
6043
"message": "message",
61-
"anonymous": True,
6244
"captcha_response": "test",
6345
"recipient_group": None,
6446
},
6547
)
6648
self.assertEqual(status.HTTP_202_ACCEPTED, response.status_code)
6749
mock_verify_captcha.assert_called_once()
68-
mock_send_message.assert_called_once_with(
69-
"title", "message", self.user, True, None
70-
)
50+
mock_send_message.assert_called_once_with("title", "message", self.user, None)
7151

7252
@mock.patch("lego.apps.contact.views.send_message")
7353
@mock.patch("lego.apps.contact.serializers.verify_captcha", return_value=False)
@@ -78,7 +58,6 @@ def test_with_auth_invalid_captcha(self, mock_verify_captcha, mock_send_message)
7858
{
7959
"title": "title",
8060
"message": "message",
81-
"anonymous": True,
8261
"captcha_response": "test",
8362
"recipient_group": None,
8463
},
@@ -99,13 +78,10 @@ def test_committee_as_recipient(self, mock_verify_captcha, mock_send_message):
9978
{
10079
"title": "title",
10180
"message": "message",
102-
"anonymous": True,
10381
"captcha_response": "test",
10482
"recipient_group": webkom_id,
10583
},
10684
)
10785
self.assertEqual(status.HTTP_202_ACCEPTED, response.status_code)
10886
mock_verify_captcha.assert_called_once()
109-
mock_send_message.assert_called_once_with(
110-
"title", "message", self.user, True, webkom
111-
)
87+
mock_send_message.assert_called_once_with("title", "message", self.user, webkom)

lego/apps/contact/views.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,18 @@ class ContactFormViewSet(viewsets.GenericViewSet):
1010
serializer_class = ContactFormSerializer
1111

1212
def create(self, request):
13+
14+
if not request.user or request.user.is_anonymous:
15+
return Response(status=status.HTTP_400_BAD_REQUEST)
16+
1317
serializer = self.get_serializer(data=request.data)
1418
serializer.is_valid(raise_exception=True)
1519

1620
title = serializer.validated_data["title"]
1721
message = serializer.validated_data["message"]
18-
anonymous = serializer.validated_data["anonymous"]
1922
recipient_group = serializer.validated_data["recipient_group"]
2023

21-
send_message(title, message, request.user, anonymous, recipient_group)
24+
send_message(title, message, request.user, recipient_group)
2225

2326
if recipient_group:
2427
serializer.validated_data["recipient_group"] = recipient_group.id

0 commit comments

Comments
 (0)