From cf010aca983a8ebdd156e9a35450b8997b05b9e1 Mon Sep 17 00:00:00 2001 From: Ben Lovell Date: Fri, 6 Dec 2024 15:21:33 +0000 Subject: [PATCH] Ensure the URN is validated correctly --- .../appointment_summaries_controller.rb | 3 ++ app/models/appointment_summary.rb | 2 +- spec/models/appointment_summary_spec.rb | 3 ++ ...ing_a_pension_wise_digital_summary_spec.rb | 50 +++++++++++++++++++ 4 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 spec/requests/downloading_a_pension_wise_digital_summary_spec.rb diff --git a/app/controllers/appointment_summaries_controller.rb b/app/controllers/appointment_summaries_controller.rb index e7484d829..29cbba376 100644 --- a/app/controllers/appointment_summaries_controller.rb +++ b/app/controllers/appointment_summaries_controller.rb @@ -20,6 +20,9 @@ def create def download @appointment_summary = AppointmentSummary.new(appointment_summary_params) + + return head :unprocessable_entity unless @appointment_summary.valid? + output_document = OutputDocument.new(@appointment_summary, 'generic') send_data output_document.pdf, diff --git a/app/models/appointment_summary.rb b/app/models/appointment_summary.rb index fc811ba5f..8dce5c17c 100644 --- a/app/models/appointment_summary.rb +++ b/app/models/appointment_summary.rb @@ -18,7 +18,7 @@ def initialize(params = {}) end validates :appointment_type, inclusion: { in: %w[standard 50_54] } - validates :urn, format: { with: /P[A-Z]{2}\d-\d[A-Z]{3}/ }, allow_blank: true + validates :urn, format: { with: /\AP[A-Z]{2}\d-\d[A-Z]{3}\z/ }, allow_blank: true def appointment_type @appointment_type diff --git a/spec/models/appointment_summary_spec.rb b/spec/models/appointment_summary_spec.rb index 0c88c7782..b56df5145 100644 --- a/spec/models/appointment_summary_spec.rb +++ b/spec/models/appointment_summary_spec.rb @@ -18,6 +18,9 @@ it 'requires a valid form' do subject.urn = 'This would really suck if it were to get through!' expect(subject).to be_invalid + + subject.urn = 'PMY9-0GCUwhoopsie' + expect(subject).to be_invalid end end end diff --git a/spec/requests/downloading_a_pension_wise_digital_summary_spec.rb b/spec/requests/downloading_a_pension_wise_digital_summary_spec.rb new file mode 100644 index 000000000..276395509 --- /dev/null +++ b/spec/requests/downloading_a_pension_wise_digital_summary_spec.rb @@ -0,0 +1,50 @@ +RSpec.describe 'Generating a Pension Wise Digital summary download', type: :request do + specify 'Successfully generating the download without a URN' do + post '/en/summary-document/download', params: { + appointment_summary: { + appointment_type: 'standard', + supplementary_benefits: true, + supplementary_debt: true, + supplementary_ill_health: true, + supplementary_defined_benefit_pensions: true, + supplementary_pension_transfers: true + } + } + + expect(response.status).to eq(200) + expect(response.content_type).to eq('application/pdf') + end + + specify 'Successfully generating the download with a valid URN' do + post '/en/summary-document/download', params: { + appointment_summary: { + urn: 'PMY9-0GCU', + appointment_type: 'standard', + supplementary_benefits: true, + supplementary_debt: true, + supplementary_ill_health: true, + supplementary_defined_benefit_pensions: true, + supplementary_pension_transfers: true + } + } + + expect(response.status).to eq(200) + expect(response.content_type).to eq('application/pdf') + end + + specify 'Attempting a download with an invalid URN' do + post '/en/summary-document/download', params: { + appointment_summary: { + urn: 'PMY9-0GCUwhoopsies', + appointment_type: 'standard', + supplementary_benefits: true, + supplementary_debt: true, + supplementary_ill_health: true, + supplementary_defined_benefit_pensions: true, + supplementary_pension_transfers: true + } + } + + expect(response.status).to eq(422) + end +end