added email validation to purchase_email view

2021-03-10 10:10:16 +00:00
parent f0a076057c
commit c6f051ac65
2 changed files with 27 additions and 2 deletions
--- a/products/tests.py
+++ b/products/tests.py
@@ -1253,3 +1253,24 @@ class PurchaseEmailTest(APITestCase):
        self.assertEquals(response.status_code, 200)
        self.assertEquals(2, len(mail.outbox))

+    def test_anon_user_bad_email(self):
+        company = CompanyFactory()
+        self.user.role = 'COOP_MANAGER'
+        self.user.company = company
+        self.user.save()
+        product = ProductFactory(company=company)
+
+        data = {
+            'email': '324r@qwer',
+            'telephone': '123123123',
+            'company': company.id,
+            'product': product.id,
+            'comment': '',
+        }
+
+        response = self.client.post(self.endpoint, data=data, format='json')
+        # assertions
+        self.assertEquals(response.status_code, 406)
+        payload = response.json()
+        self.assertTrue( 'email' in payload['error'])
+
--- a/products/views.py
+++ b/products/views.py
@@ -5,6 +5,7 @@ import json

 from django.db.models import Q
 from django.core import serializers
+from django.core.validators import EmailValidator, validate_email
 from django.contrib.auth import get_user_model
 from django.template.loader import render_to_string
 from django.core.mail import EmailMessage
@@ -259,7 +260,6 @@ def purchase_email(request):
    # check data
    if request.user.is_anonymous and 'email' not in data:
        return Response({"error": "Anonymous users must include an email parameter value"}, status=status.HTTP_406_NOT_ACCEPTABLE)
-
    try:
        for param in ('telephone', 'company', 'product', 'comment'):
            assert(param in data.keys())
@@ -271,7 +271,11 @@ def purchase_email(request):
    else:
        email = request.user.email
    telephone = data.get('telephone')
-
+    # validate email
+    try:
+        validate_email(email)
+    except:
+        return Response({"error": "Value for email is not valid"}, status=status.HTTP_406_NOT_ACCEPTABLE)
    # get company
    company = Company.objects.filter(id=data['company']).first()
    if not company: