Added tests to make sure the latest version of utils works as expecte…

…d when users try to send to premium rate numbers. The request should be blocked Premium rate numbers are a known vector of attack. We want to make sure that users with sms_to_uk_landline permissions can't send messages to these numbers
alphagov · Aug 8, 2024 · f52a19b · f52a19b
2 parents 585f3fb + 876cce9
commit f52a19b
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 2 deletions.
diff --git a/requirements.in b/requirements.in
@@ -24,7 +24,7 @@ lxml==4.9.3
 notifications-python-client==8.0.1
 
 # Run `make bump-utils` to update to the latest version
-notifications-utils @ git+https://github.com/alphagov/notifications-utils.git@82.2.1
+notifications-utils @ git+https://github.com/alphagov/notifications-utils.git@82.4.0
 
 # gds-metrics requires prometheseus 0.2.0, override that requirement as 0.7.1 brings significant performance gains
 prometheus-client==0.14.1

diff --git a/requirements.txt b/requirements.txt
@@ -151,7 +151,7 @@ mistune==0.8.4
     # via notifications-utils
 notifications-python-client==8.0.1
     # via -r requirements.in
-notifications-utils @ git+https://github.com/alphagov/notifications-utils.git@82.2.1
+notifications-utils @ git+https://github.com/alphagov/notifications-utils.git@82.4.0
     # via -r requirements.in
 ordered-set==4.1.0
     # via notifications-utils

diff --git a/tests/app/notifications/test_process_notification.py b/tests/app/notifications/test_process_notification.py
@@ -452,6 +452,41 @@ def test_persist_notification_without_send_to_landline_raises_invalidphoneerror(
         )
 
 
+@pytest.mark.parametrize(
+    "recipient",
+    [
+        "0845 46 46",  # short premium
+        "0900 123 4567",  # premium
+    ],
+)
+def test_persist_notification_with_send_to_landline_to_premium_number_raises_invallidphoneerror(
+    sample_job,
+    sample_api_key,
+    mocker,
+    recipient,
+):
+    sample_job.service.permissions = [
+        # and any other permissions we need
+        ServicePermission(service_id=sample_job.service.id, permission=SMS_TYPE),
+        ServicePermission(service_id=sample_job.service.id, permission=SMS_TO_UK_LANDLINES),
+    ]
+    with pytest.raises(InvalidPhoneError) as exc:
+        persist_notification(
+            template_id=sample_job.template.id,
+            template_version=sample_job.template.version,
+            recipient=recipient,
+            service=sample_job.service,
+            personalisation=None,
+            notification_type="sms",
+            api_key_id=sample_api_key.id,
+            key_type=sample_api_key.key_type,
+            job_id=sample_job.id,
+            job_row_number=10,
+            client_reference="ref from client",
+        )
+    assert exc.value.code == InvalidPhoneError.Codes.INVALID_NUMBER
+
+
 def test_persist_notification_with_international_info_does_not_store_for_email(sample_job, sample_api_key, mocker):
 
     persist_notification(