diff --git a/app/api/views/mailbox.py b/app/api/views/mailbox.py index e3ca02f2..866f0685 100644 --- a/app/api/views/mailbox.py +++ b/app/api/views/mailbox.py @@ -112,6 +112,13 @@ def update_mailbox(mailbox_id): if "default" in data: is_default = data.get("default") if is_default: + if not mailbox.verified: + return ( + jsonify( + error="Unverified mailbox cannot be used as default mailbox" + ), + 400, + ) user.default_mailbox_id = mailbox.id changed = True diff --git a/tests/api/test_mailbox.py b/tests/api/test_mailbox.py index cccfecd2..8b502076 100644 --- a/tests/api/test_mailbox.py +++ b/tests/api/test_mailbox.py @@ -73,31 +73,33 @@ def test_delete_default_mailbox(flask_client): def test_set_mailbox_as_default(flask_client): - user = User.create( - email="a@b.c", password="password", name="Test User", activated=True + user = login(flask_client) + + mb = Mailbox.create( + user_id=user.id, email="mb@gmail.com", verified=True, commit=True ) - db.session.commit() - - # create api_key - api_key = ApiKey.create(user.id, "for test") - db.session.commit() - - # create a mailbox - mb = Mailbox.create(user_id=user.id, email="mb@gmail.com") - db.session.commit() assert user.default_mailbox_id != mb.id r = flask_client.put( f"/api/mailboxes/{mb.id}", - headers={"Authentication": api_key.code}, json={"default": True}, ) assert r.status_code == 200 - - mb = Mailbox.get(mb.id) assert user.default_mailbox_id == mb.id + # <<< Cannot set an unverified mailbox as default >>> + mb.verified = False + db.session.commit() + + r = flask_client.put( + f"/api/mailboxes/{mb.id}", + json={"default": True}, + ) + + assert r.status_code == 400 + assert r.json == {"error": "Unverified mailbox cannot be used as default mailbox"} + def test_update_mailbox_email(flask_client): user = User.create(