Merge branch 'main' of https://github.com/NHSDigital/nhs-notify-web-template-management into feature/CCM-11352_test-template-events

Author: bhansell1

lambdas/backend-client/src/__tests__/schemas/template-schema.test.ts

@@ -212,31 +212,6 @@ describe('Template schemas', () => {
     );
   });
 
-  test.each([
-    '<element>failed</element>',
-    '<element><nested>nested</nested></element>',
-    '<element attribute="failed">failed</element>',
-  ])(
-    'App template fields - should fail validation, when invalid characters are present %p',
-    async (message) => {
-      const result = $CreateUpdateTemplate.safeParse({
-        name: 'Test Template',
-        message,
-        templateType: 'NHS_APP',
-      });
-
-      expect(result.error?.flatten()).toEqual(
-        expect.objectContaining({
-          fieldErrors: {
-            message: [
-              'Message contains disallowed characters. Disallowed characters: <(.|\n)*?>',
-            ],
-          },
-        })
-      );
-    }
-  );
-
   describe('$CreateUpdateTemplate', () => {
     const commonFields = {
       name: 'Test Template',

lambdas/backend-client/src/schemas/constants.ts

@@ -1,9 +1,9 @@
 /*
- * Allowed character length and disallowed characters for NHS App, Email and SMS templates
+ * Allowed character length for NHS App, Email and SMS templates
+ * (app disallowed characters are handled by html encoding)
  * https://digital.nhs.uk/developer/api-catalogue/nhs-app#post-/communication/in-app/FHIR/R4/CommunicationRequest
  * https://digital.nhs.uk/developer/api-catalogue/nhs-notify#overview--message-character-limits
  */
-export const NHS_APP_DISALLOWED_CHARACTERS = '<(.|\n)*?>' as const;
 export const MAX_NHS_APP_CHARACTER_LENGTH = 5000 as const;
 export const MAX_SMS_CHARACTER_LENGTH = 918 as const;
 export const MAX_EMAIL_CHARACTER_LENGTH = 100_000 as const;

lambdas/backend-client/src/schemas/template-schema.ts

@@ -16,7 +16,6 @@ import {
   MAX_EMAIL_CHARACTER_LENGTH,
   MAX_NHS_APP_CHARACTER_LENGTH,
   MAX_SMS_CHARACTER_LENGTH,
-  NHS_APP_DISALLOWED_CHARACTERS,
 } from './constants';
 import { schemaFor } from './schema-for';
 import {
@@ -68,15 +67,7 @@ export const $EmailProperties = schemaFor<EmailProperties>()(
 export const $NhsAppProperties = schemaFor<NhsAppProperties>()(
   z.object({
     templateType: z.literal('NHS_APP'),
-    message: z
-      .string()
-      .trim()
-      .min(1)
-      .max(MAX_NHS_APP_CHARACTER_LENGTH)
-      // eslint-disable-next-line security/detect-non-literal-regexp
-      .refine((s) => !new RegExp(NHS_APP_DISALLOWED_CHARACTERS, 'gi').test(s), {
-        message: `Message contains disallowed characters. Disallowed characters: ${NHS_APP_DISALLOWED_CHARACTERS}`,
-      }),
+    message: z.string().trim().min(1).max(MAX_NHS_APP_CHARACTER_LENGTH),
   })
 );
 

tests/test-team/template-mgmt-api-tests/create-template.api.spec.ts

@@ -315,34 +315,6 @@ test.describe('POST /v1/template', () => {
         },
       });
     });
-
-    test('returns 400 if template has message disallowed characters', async ({
-      request,
-    }) => {
-      const response = await request.post(
-        `${process.env.API_BASE_URL}/v1/template`,
-        {
-          headers: {
-            Authorization: await user1.getAccessToken(),
-          },
-          data: TemplateAPIPayloadFactory.getCreateTemplatePayload({
-            templateType: 'NHS_APP',
-            message: '<>',
-          }),
-        }
-      );
-
-      expect(response.status()).toBe(400);
-
-      expect(await response.json()).toEqual({
-        statusCode: 400,
-        technicalMessage: 'Request failed validation',
-        details: {
-          message:
-            'Message contains disallowed characters. Disallowed characters: <(.|\n)*?>',
-        },
-      });
-    });
   });
 
   test.describe('SMS templates', () => {

tests/test-team/template-mgmt-api-tests/update-template.api.spec.ts

@@ -776,53 +776,6 @@ test.describe('POST /v1/template/:templateId', () => {
         technicalMessage: 'Request failed validation',
       });
     });
-
-    test('returns 400 if template message has disallowed characters', async ({
-      request,
-    }) => {
-      const createResponse = await request.post(
-        `${process.env.API_BASE_URL}/v1/template`,
-        {
-          headers: {
-            Authorization: await user1.getAccessToken(),
-          },
-          data: TemplateAPIPayloadFactory.getCreateTemplatePayload({
-            templateType: 'NHS_APP',
-          }),
-        }
-      );
-
-      expect(createResponse.status()).toBe(201);
-      const created = await createResponse.json();
-      templateStorageHelper.addAdHocTemplateKey({
-        templateId: created.template.id,
-        clientId: user1.clientId,
-      });
-
-      const updateResponse = await request.post(
-        `${process.env.API_BASE_URL}/v1/template/${created.template.id}`,
-        {
-          headers: {
-            Authorization: await user1.getAccessToken(),
-          },
-          data: TemplateAPIPayloadFactory.getUpdateTemplatePayload({
-            templateType: 'NHS_APP',
-            message: '<>',
-          }),
-        }
-      );
-
-      expect(updateResponse.status()).toBe(400);
-
-      expect(await updateResponse.json()).toEqual({
-        details: {
-          message:
-            'Message contains disallowed characters. Disallowed characters: <(.|\n)*?>',
-        },
-        statusCode: 400,
-        technicalMessage: 'Request failed validation',
-      });
-    });
   });
 
   test.describe('SMS templates', () => {