From caa8656748e87956ea70fe477cde10114bccb684 Mon Sep 17 00:00:00 2001
From: Son <nguyenkims@users.noreply.github.com>
Date: Tue, 2 Nov 2021 15:30:18 +0100
Subject: [PATCH] create /dashboard/block_contact/:contact_id

---
 .../templates/dashboard/block_contact.html    | 28 +++++++++++++
 app/dashboard/views/unsubscribe.py            | 41 +++++++++++++++++--
 tests/dashboard/test_unsubscribe.py           | 23 ++++++++++-
 3 files changed, 87 insertions(+), 5 deletions(-)
 create mode 100644 app/dashboard/templates/dashboard/block_contact.html

diff --git a/app/dashboard/templates/dashboard/block_contact.html b/app/dashboard/templates/dashboard/block_contact.html
new file mode 100644
index 00000000..46ca8e3e
--- /dev/null
+++ b/app/dashboard/templates/dashboard/block_contact.html
@@ -0,0 +1,28 @@
+{% extends 'default.html' %}
+
+{% set active_page = "dashboard" %}
+
+{% block title %}
+  Block a sender
+{% endblock %}
+
+{% block default_content %}
+
+  <div class="card">
+    <div class="card-body">
+      <h1 class="h3">
+        Block sender
+      </h1>
+      <p>
+        You are about to block the sender <b>{{ contact.website_email }}</b> from sending emails to
+        <b>{{ contact.alias.email }}</b>
+      </p>
+
+      <form method="post">
+        <button class="btn btn-warning">Confirm</button>
+      </form>
+    </div>
+  </div>
+
+{% endblock %}
+
diff --git a/app/dashboard/views/unsubscribe.py b/app/dashboard/views/unsubscribe.py
index 269fe53a..753f7438 100644
--- a/app/dashboard/views/unsubscribe.py
+++ b/app/dashboard/views/unsubscribe.py
@@ -1,14 +1,15 @@
+"""
+Allow user to disable an alias or block a contact via the one click unsubscribe
+"""
+
 from app.db import Session
 
-"""
-Allow user to "unsubscribe", aka block an email alias
-"""
 
 from flask import redirect, url_for, flash, request, render_template
 from flask_login import login_required, current_user
 
 from app.dashboard.base import dashboard_bp
-from app.models import Alias
+from app.models import Alias, Contact
 
 
 @dashboard_bp.route("/unsubscribe/<alias_id>", methods=["GET", "POST"])
@@ -35,3 +36,35 @@ def unsubscribe(alias_id):
         return redirect(url_for("dashboard.index", highlight_alias_id=alias.id))
     else:  # ask user confirmation
         return render_template("dashboard/unsubscribe.html", alias=alias.email)
+
+
+@dashboard_bp.route("/block_contact/<contact_id>", methods=["GET", "POST"])
+@login_required
+def block_contact(contact_id):
+    contact = Contact.get(contact_id)
+    if not contact:
+        flash("Incorrect link. Redirect you to the home page", "warning")
+        return redirect(url_for("dashboard.index"))
+
+    if contact.user_id != current_user.id:
+        flash(
+            "You don't have access to this page. Redirect you to the home page",
+            "warning",
+        )
+        return redirect(url_for("dashboard.index"))
+
+    # automatic unsubscribe, according to https://tools.ietf.org/html/rfc8058
+    if request.method == "POST":
+        contact.block_forward = True
+        flash(f"Emails sent from {contact.website_email} are now blocked", "success")
+        Session.commit()
+
+        return redirect(
+            url_for(
+                "dashboard.alias_contact_manager",
+                alias_id=contact.alias_id,
+                highlight_contact_id=contact.id,
+            )
+        )
+    else:  # ask user confirmation
+        return render_template("dashboard/block_contact.html", contact=contact)
diff --git a/tests/dashboard/test_unsubscribe.py b/tests/dashboard/test_unsubscribe.py
index 4cbd05a0..af755276 100644
--- a/tests/dashboard/test_unsubscribe.py
+++ b/tests/dashboard/test_unsubscribe.py
@@ -1,12 +1,33 @@
 from app.models import (
     Alias,
+    Contact,
 )
 from tests.utils import login
 
 
-def test_add_contact_success(flask_client):
+def test_disable_alias(flask_client):
     login(flask_client)
     alias = Alias.first()
 
+    assert alias.enabled
     flask_client.post(f"/dashboard/unsubscribe/{alias.id}")
     assert not alias.enabled
+
+
+def test_block_contact(flask_client):
+    user = login(flask_client)
+    alias = Alias.first()
+    contact = Contact.create(
+        user_id=user.id,
+        alias_id=alias.id,
+        website_email="contact@example.com",
+        reply_email="re1@SL",
+        commit=True,
+    )
+
+    assert not contact.block_forward
+    flask_client.post(f"/dashboard/block_contact/{contact.id}")
+    assert contact.block_forward
+
+    # make sure the page loads
+    flask_client.get(f"/dashboard/block_contact/{contact.id}")