fix: turn off automatic escaping in session request templates (#8007)

* fix: turn off automatic escaping in session request templates * test: ensure no unwanted escaping in session request emails * test: use PersonFactory to create test users * test: minor refactoring
2024-10-10 08:49:05 +13:00 · 2024-10-10 08:49:05 +13:00 · f7e0a67095
parent a6d15c98ba
commit f7e0a67095
3 changed files with 59 additions and 6 deletions
--- a/ietf/secr/sreq/tests.py
+++ b/ietf/secr/sreq/tests.py
@ -13,9 +13,10 @@ from ietf.group.factories import GroupFactory, RoleFactory
 from ietf.meeting.models import Session, ResourceAssociation, SchedulingEvent, Constraint
 from ietf.meeting.factories import MeetingFactory, SessionFactory
 from ietf.name.models import ConstraintName, TimerangeName
+from ietf.person.factories import PersonFactory
 from ietf.person.models import Person
 from ietf.secr.sreq.forms import SessionForm
-from ietf.utils.mail import outbox, empty_outbox, get_payload_text
+from ietf.utils.mail import outbox, empty_outbox, get_payload_text, send_mail
 from ietf.utils.timezone import date_today


@ -78,6 +79,32 @@ class SessionRequestTestCase(TestCase):
        self.assertRedirects(r,reverse('ietf.secr.sreq.views.main'))
        self.assertEqual(SchedulingEvent.objects.filter(session=session).order_by('-id')[0].status_id, 'deleted')

+    def test_cancel_notification_msg(self):
+        to = "<iesg-secretary@ietf.org>"
+        subject = "Dummy subject"
+        template = "sreq/session_cancel_notification.txt"
+        meeting = MeetingFactory(type_id="ietf", date=date_today())
+        requester = PersonFactory(name="James O'Rourke", user__username="jimorourke")
+        context = {"meeting": meeting, "requester": requester}
+        cc = "cc.a@example.com, cc.b@example.com"
+        bcc = "bcc@example.com"
+
+        msg = send_mail(
+            None,
+            to,
+            None,
+            subject,
+            template,
+            context,
+            cc=cc,
+            bcc=bcc,
+        )
+        self.assertEqual(requester.name, "James O'Rourke")  # note ' (single quote) in the name
+        self.assertIn(
+            f"A request to cancel a meeting session has just been submitted by {requester.name}.",
+            get_payload_text(msg),
+        )
+
    def test_edit(self):
        meeting = MeetingFactory(type_id='ietf', date=date_today())
        mars = RoleFactory(name_id='chair', person__user__username='marschairman', group__acronym='mars').group
@ -701,6 +728,33 @@ class SubmitRequestCase(TestCase):
        self.assertNotIn('1 Hour, 1 Hour, 1 Hour', notification_payload)
        self.assertNotIn('The third session requires your approval', notification_payload)

+    def test_request_notification_msg(self):
+        to = "<iesg-secretary@ietf.org>"
+        subject = "Dummy subject"
+        template = "sreq/session_request_notification.txt"
+        header = "A new"
+        meeting = MeetingFactory(type_id="ietf", date=date_today())
+        requester = PersonFactory(name="James O'Rourke", user__username="jimorourke")
+        context = {"header": header, "meeting": meeting, "requester": requester}
+        cc = "cc.a@example.com, cc.b@example.com"
+        bcc = "bcc@example.com"
+
+        msg = send_mail(
+            None,
+            to,
+            None,
+            subject,
+            template,
+            context,
+            cc=cc,
+            bcc=bcc,
+        )
+        self.assertEqual(requester.name, "James O'Rourke")  # note ' (single quote) in the name
+        self.assertIn(
+            f"{header} meeting session request has just been submitted by {requester.name}.",
+            get_payload_text(msg),
+        )
+
    def test_request_notification_third_session(self):
        meeting = MeetingFactory(type_id='ietf', date=date_today())
        ad = Person.objects.get(user__username='ad')
--- a/ietf/secr/templates/sreq/session_cancel_notification.txt
+++ b/ietf/secr/templates/sreq/session_cancel_notification.txt
@ -1,4 +1,3 @@
-{% load ams_filters %}
-
-A request to cancel a meeting session has just been submitted by {{ requester }}.
+{% autoescape off %}{% load ams_filters %}

+A request to cancel a meeting session has just been submitted by {{ requester }}.{% endautoescape %}
--- a/ietf/secr/templates/sreq/session_request_notification.txt
+++ b/ietf/secr/templates/sreq/session_request_notification.txt
@ -1,5 +1,5 @@
-{% load ams_filters %}
+{% autoescape off %}{% load ams_filters %}

 {% filter wordwrap:78 %}{{ header }} meeting session request has just been submitted by {{ requester }}.{% endfilter %}

-{% include "includes/session_info.txt" %}
+{% include "includes/session_info.txt" %}{% endautoescape %}