From a1e5587ed278a116b8c4ab6ff43695e9d44cf4bb Mon Sep 17 00:00:00 2001
From: Jamie Lentin <jm@lentin.co.uk>
Date: Tue, 30 Apr 2024 14:35:11 +0000
Subject: [PATCH] controllers/default: 303 redirect after sponsor_renew_request
 #841

To avoid potential resent emails on refresh, send a 303 redirect to the
current page after successful e-mail send.

This means we need to store the flash message in the session, which
isn't ideal, but is already on our radar anyway.
---
 controllers/default.py                        |  3 +-
 .../unit/test_controllers_default_sponsor.py  | 48 +++++++++++++++++++
 2 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/controllers/default.py b/controllers/default.py
index 68487138..84a87552 100755
--- a/controllers/default.py
+++ b/controllers/default.py
@@ -631,10 +631,11 @@ def sponsor_renew_request():
         INPUT(_name='user_identifier', _class="uk-input uk-margin-bottom"),
         INPUT(_type='submit', _class="oz-pill pill-leaf"))
     if form.accepts(request.vars, session=None):
-        response.flash = sponsor_renew_request_logic(
+        session.flash = sponsor_renew_request_logic(
             form.vars.user_identifier.strip(),
             mailer=ozmail.get_mailer()
         )
+        redirect(URL())
     return dict(
         form=form,
     )
diff --git a/tests/unit/test_controllers_default_sponsor.py b/tests/unit/test_controllers_default_sponsor.py
index d90fd640..99a9cd4b 100644
--- a/tests/unit/test_controllers_default_sponsor.py
+++ b/tests/unit/test_controllers_default_sponsor.py
@@ -83,6 +83,54 @@ def test_sponsor_renew(self):
         self.assertEqual(str(out['all_row_categories'][2]['title']), 'Expired sponsorships')
         self.assertEqual([r.OTT_ID for r in out['all_row_categories'][2]['rows']], [r.OTT_ID for r in rs])
 
+    def test_sponsor_renew_request(self):
+        email_1, user_1 = '1_betty@unittest.example.com', '1_bettyunittestexamplecom'
+
+        def srr(user_identifier):
+            current.request.scheme = True
+            current.request.extension = 'html'
+            current.request.controller = 'default'
+            current.request.function = 'sponsor_renew_request'
+            current.request.vars.clear()
+            current.session.flash = None
+            current.globalenv['myconf']['smtp'] = dict(autosend_email=0)
+            if user_identifier:
+                current.request.vars['user_identifier'] = user_identifier
+                current.request.vars['_formname'] = 'default'
+            try:
+                out = default.sponsor_renew_request()
+            except HTTP as e:
+                return dict(
+                    status=e.status,
+                    location=e.headers.get('Location'),
+                    flash=current.session.flash,
+                )
+            return dict(
+                status=current.response.status,
+                flash=current.session.flash,
+                form_errors=dict(out['form'].errors),
+                form_latest=dict(out['form'].latest),
+            )
+
+        # Empty form, no message
+        self.assertEqual(srr(None), dict(
+            status=200,
+            flash=None,
+            form_errors={},
+            form_latest={'user_identifier': None},
+        ))
+        # Sumbit something, get told we'll send an e-mail in a redirect (not a 200)
+        self.assertEqual(srr(user_1), dict(
+            status=303,
+            location='/sponsor_renew_request',
+            flash='If the user %s exists in our database, we will send them an email' % user_1,
+        ))
+        self.assertEqual(srr(email_1), dict(
+            status=303,
+            location='/sponsor_renew_request',
+            flash='If the user %s exists in our database, we will send them an email' % email_1,
+        ))
+
 
 if __name__ == '__main__':
     import sys