This is to prevent the possibility of spamming a user by generating lots of alert confirmation emails for product alerts. Also allow unconfirmed alerts to be cancelled - we send a cancellation link in the confirmation email, so we should let users cancel an alert if they don't want to confirm it. Fixes #2401.

8 years ago · 17193a4d08
--- a/src/oscar/apps/customer/abstract_models.py
+++ b/src/oscar/apps/customer/abstract_models.py
@@ -340,7 +340,7 @@ class AbstractProductAlert(models.Model):
 
				
				     key = models.CharField(_("Key"), max_length=128, blank=True, db_index=True)
			
 
				
				 
			
 
				
				     # An alert can have two different statuses for authenticated
			
 
				
				-    # users ``ACTIVE`` and ``INACTIVE`` and anonymous users have an
			
 
				
				+    # users ``ACTIVE`` and ``CANCELLED`` and anonymous users have an
			
 
				
				     # additional status ``UNCONFIRMED``. For anonymous users a confirmation
			
 
				
				     # and unsubscription key are generated when an instance is saved for
			
 
				
				     # the first time and can be used to confirm and unsubscribe the
			
@@ -379,7 +379,7 @@ class AbstractProductAlert(models.Model):
 
				
				 
			
 
				
				     @property
			
 
				
				     def can_be_cancelled(self):
			
 
				
				-        return self.status == self.ACTIVE
			
 
				
				+        return self.status in (self.ACTIVE, self.UNCONFIRMED)
			
 
				
				 
			
 
				
				     @property
			
 
				
				     def is_cancelled(self):
			
--- a/src/oscar/apps/customer/forms.py
+++ b/src/oscar/apps/customer/forms.py
@@ -406,6 +406,16 @@ class ProductAlertForm(forms.ModelForm):
 
				
				             else:
			
 
				
				                 raise forms.ValidationError(_(
			
 
				
				                     "There is already an active stock alert for %s") % email)
			
 
				
				+
			
 
				
				+            # Check that the email address hasn't got other unconfirmed alerts.
			
 
				
				+            # If they do then we don't want to spam them with more until they
			
 
				
				+            # have confirmed or cancelled the existing alert.
			
 
				
				+            if ProductAlert.objects.filter(email__iexact=email,
			
 
				
				+                                    status=ProductAlert.UNCONFIRMED).count():
			
 
				
				+                raise forms.ValidationError(_(
			
 
				
				+                    "%s has been sent a confirmation email for another product "
			
 
				
				+                    "alert on this site. Please confirm or cancel that request "
			
 
				
				+                    "before signing up for more alerts.") % email)
			
 
				
				         elif user_is_authenticated(self.user):
			
 
				
				             try:
			
 
				
				                 ProductAlert.objects.get(product=self.product,
			
--- a/tests/functional/customer/test_alert.py
+++ b/tests/functional/customer/test_alert.py
@@ -3,6 +3,8 @@ import os
 
				
				 import warnings
			
 
				
				 
			
 
				
				 from django_webtest import WebTest
			
 
				
				+
			
 
				
				+from django.contrib.auth.models import AnonymousUser
			
 
				
				 from django.core.urlresolvers import reverse
			
 
				
				 from django.core import mail
			
 
				
				 from django.test import TestCase
			
@@ -10,9 +12,10 @@ from oscar.utils.deprecation import RemovedInOscar20Warning
 
				
				 
			
 
				
				 from oscar.apps.customer.alerts.utils import (send_alert_confirmation,
			
 
				
				     send_product_alerts)
			
 
				
				+from oscar.apps.customer.forms import ProductAlertForm
			
 
				
				 from oscar.apps.customer.models import ProductAlert
			
 
				
				-from oscar.test.factories import create_product, create_stockrecord
			
 
				
				-from oscar.test.factories import UserFactory
			
 
				
				+from oscar.test.factories import (
			
 
				
				+    create_product, create_stockrecord, ProductAlertFactory, UserFactory)
			
 
				
				 
			
 
				
				 
			
 
				
				 class TestAUser(WebTest):
			
@@ -87,6 +90,31 @@ class TestAnAnonymousUser(WebTest):
 
				
				         self.assertEqual(ProductAlert.UNCONFIRMED, alert.status)
			
 
				
				         self.assertEqual(alert.product, product)
			
 
				
				 
			
 
				
				+    def test_can_cancel_unconfirmed_stock_alert(self):
			
 
				
				+        alert = ProductAlertFactory(
			
 
				
				+            user=None, email='john@smith.com', status=ProductAlert.UNCONFIRMED)
			
 
				
				+        self.app.get(
			
 
				
				+            reverse('customer:alerts-cancel-by-key', kwargs={'key': alert.key}))
			
 
				
				+        alert.refresh_from_db()
			
 
				
				+        self.assertTrue(alert.is_cancelled)
			
 
				
				+
			
 
				
				+    def test_cannot_create_multiple_unconfirmed_alerts(self):
			
 
				
				+        # Create an unconfirmed alert
			
 
				
				+        alert = ProductAlertFactory(
			
 
				
				+            user=None, email='john@smith.com', status=ProductAlert.UNCONFIRMED)
			
 
				
				+
			
 
				
				+        # Alert form should not allow creation of additional alerts.
			
 
				
				+        form = ProductAlertForm(
			
 
				
				+            user=AnonymousUser(),
			
 
				
				+            product=create_product(num_in_stock=0),
			
 
				
				+            data={'email': 'john@smith.com'},
			
 
				
				+        )
			
 
				
				+
			
 
				
				+        self.assertFalse(form.is_valid())
			
 
				
				+        self.assertIn(
			
 
				
				+            "john@smith.com has been sent a confirmation email for another "
			
 
				
				+            "product alert on this site.", form.errors['__all__'][0])
			
 
				
				+
			
 
				
				 
			
 
				
				 class TestHurryMode(TestCase):