Merge pull request #194 from ibi-group/twilio-sms-consent

Twilio SMS consent
ibi-group · Nov 17, 2023 · 1342ed7 · 1342ed7
2 parents 32f80b6 + 9e96283
commit 1342ed7
Show file tree

Hide file tree

Showing 6 changed files with 56 additions and 1 deletion.
diff --git a/src/main/java/org/opentripplanner/middleware/controllers/api/AbstractUserController.java b/src/main/java/org/opentripplanner/middleware/controllers/api/AbstractUserController.java
@@ -129,14 +129,18 @@ U preUpdateHook(U user, U preExistingUser, Request req) {
         if (user instanceof OtpUser) {
             OtpUser otpUser = (OtpUser) user;
             OtpUser existingOtpUser = (OtpUser) preExistingUser;
-            if(!otpUser.storeTripHistory && existingOtpUser.storeTripHistory) {
+            if (!otpUser.storeTripHistory && existingOtpUser.storeTripHistory) {
                 // If an OTP user no longer wants their trip history stored, remove all history from MongoDB.
                 ConnectedDataManager.removeUsersTripHistory(otpUser.id);
                 // Kick-off a trip history upload job to recompile and upload trip data to S3 minus the user's trip
                 // history.
                 TripHistoryUploadJob tripHistoryUploadJob = new TripHistoryUploadJob();
                 tripHistoryUploadJob.run();
             }
+
+            // Include select attributes from existingOtpUser marked @JsonIgnore and
+            // that are not set in otpUser.
+            otpUser.smsConsentDate = existingOtpUser.smsConsentDate;
         }
         return user;
     }

diff --git a/src/main/java/org/opentripplanner/middleware/controllers/api/OtpUserController.java b/src/main/java/org/opentripplanner/middleware/controllers/api/OtpUserController.java
@@ -16,6 +16,7 @@
 import spark.Request;
 import spark.Response;
 
+import java.util.Date;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -116,6 +117,7 @@ public VerificationResult sendVerificationText(Request req, Response res) {
         if (verification.getStatus().equals("pending")) {
             otpUser.phoneNumber = phoneNumber;
             otpUser.isPhoneNumberVerified = false;
+            otpUser.smsConsentDate = new Date();
             otpUser.notificationChannel.add(OtpUser.Notification.SMS);
             Persistence.otpUsers.replace(otpUser.id, otpUser);
         }

diff --git a/src/main/java/org/opentripplanner/middleware/models/OtpUser.java b/src/main/java/org/opentripplanner/middleware/models/OtpUser.java
@@ -47,6 +47,15 @@ public enum Notification {
      */
     public String phoneNumber;
 
+    /**
+     * The date when consent was given by user to receive SMS messages, as required by Twilio,
+     * see https://www.twilio.com/docs/verify/sms#consent-and-opt-in-policy.
+     * If the user starts the phone verification process, this field is populated
+     * just before the verification code is sent.
+     */
+    @JsonIgnore
+    public Date smsConsentDate;
+
     /**
      * The user's preferred locale, in language tag format
      * e.g. 'en-US', 'fr-FR', 'es-ES', 'zh-CN', etc.

diff --git a/src/main/resources/latest-spark-swagger-output.yaml b/src/main/resources/latest-spark-swagger-output.yaml
@@ -2562,6 +2562,9 @@ definitions:
           - "SMS"
       phoneNumber:
         type: "string"
+      smsConsentDate:
+        type: "string"
+        format: "date"
       preferredLocale:
         type: "string"
       pushDevices:

diff --git a/src/test/java/org/opentripplanner/middleware/controllers/api/OtpUserControllerTest.java b/src/test/java/org/opentripplanner/middleware/controllers/api/OtpUserControllerTest.java
@@ -1,8 +1,11 @@
 package org.opentripplanner.middleware.controllers.api;
 
+import org.eclipse.jetty.http.HttpMethod;
 import org.eclipse.jetty.http.HttpStatus;
 import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
@@ -14,10 +17,13 @@
 import org.opentripplanner.middleware.utils.JsonUtils;
 
 import java.io.IOException;
+import java.util.Date;
 import java.util.stream.Stream;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.opentripplanner.middleware.testutils.ApiTestUtils.getMockHeaders;
+import static org.opentripplanner.middleware.testutils.ApiTestUtils.makeRequest;
 import static org.opentripplanner.middleware.testutils.ApiTestUtils.mockAuthenticatedGet;
 import static org.opentripplanner.middleware.auth.Auth0Connection.restoreDefaultAuthDisabled;
 import static org.opentripplanner.middleware.auth.Auth0Connection.setAuthDisabled;
@@ -36,6 +42,7 @@ public static void setUp() throws IOException {
         otpUser.hasConsentedToTerms = true;
         otpUser.phoneNumber = INITIAL_PHONE_NUMBER;
         otpUser.isPhoneNumberVerified = true;
+        otpUser.smsConsentDate = new Date();
         Persistence.otpUsers.create(otpUser);
     }
 
@@ -105,4 +112,28 @@ private static Stream<Arguments> createPhoneNumberTestCases() {
             Arguments.of("555555", false)
         );
     }
+
+    /**
+     * smsConsentDate is not passed to/from the UI, so make sure that that field still gets persisted.
+     */
+    @Test
+    void canPreserveSmsConsentDate() throws Exception {
+        OtpUser u = new OtpUser();
+        u.id = otpUser.id;
+        u.email = otpUser.email;
+        u.hasConsentedToTerms = true;
+        u.phoneNumber = INITIAL_PHONE_NUMBER;
+        u.isPhoneNumberVerified = true;
+        u.smsConsentDate = null;
+
+        makeRequest(
+            String.format("api/secure/user/%s", otpUser.id),
+            JsonUtils.toJson(u),
+            getMockHeaders(otpUser),
+            HttpMethod.PUT
+        );
+
+        OtpUser updatedUser = Persistence.otpUsers.getById(otpUser.id);
+        Assertions.assertEquals(otpUser.smsConsentDate, updatedUser.smsConsentDate);
+    }
 }
diff --git a/src/test/java/org/opentripplanner/middleware/utils/NotificationUtilsTestCI.java b/src/test/java/org/opentripplanner/middleware/utils/NotificationUtilsTestCI.java
@@ -13,6 +13,7 @@
 import org.slf4j.LoggerFactory;
 
 import java.io.IOException;
+import java.util.Date;
 
 import static org.junit.jupiter.api.Assumptions.assumeTrue;
 import static org.opentripplanner.middleware.testutils.PersistenceTestUtils.createUser;
@@ -94,13 +95,18 @@ public void canSendSmsNotification() {
      */
     @Test
     public void canSendTwilioVerificationText() {
+        Assertions.assertNull(user.smsConsentDate);
+        Date beforeVerificationDate = new Date();
         Verification verification = NotificationUtils.sendVerificationText(
             // Note: phone number is configured in setup method above.
             user.phoneNumber,
             "en"
         );
         LOG.info("Verification status: {}", verification.getStatus());
         Assertions.assertNotNull(verification.getSid());
+        Date afterVerificationDate = new Date();
+        Assertions.assertTrue(user.smsConsentDate.getTime() >= beforeVerificationDate.getTime());
+        Assertions.assertTrue(user.smsConsentDate.getTime() <= afterVerificationDate.getTime());
     }
 
     /**