From 730d25ae7218d731590b322d4f419a7df6d4e4fb Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Thu, 30 Apr 2020 13:56:31 +0100
Subject: Add ability to disallow updates in a category.

Add a tickbox to the category admin, and do not allow updates on
reports made in those selected categories.
---
 t/app/controller/admin/bodies.t   | 11 +++++++++++
 t/app/controller/report_updates.t | 33 +++++++++++++++++++++------------
 2 files changed, 32 insertions(+), 12 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index c73a90da1..7ec7aed75 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -261,6 +261,17 @@ subtest 'open311 protection editing' => sub {
     is $contact->get_extra_metadata('open311_protect'), 1, 'Open311 protect flag set';
 };
 
+subtest 'updates disabling' => sub {
+    $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
+    $mech->submit_form_ok( { with_fields => {
+        updates_disallowed => 1,
+        note => 'Disabling updates',
+    } } );
+    $mech->content_contains('Values updated');
+    my $contact = $body->contacts->find({ category => 'test category' });
+    is $contact->get_extra_metadata('updates_disallowed'), 1, 'Updates disallowed flag set';
+};
+
 
 }; # END of override wrap
 
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 07ee48587..e8ab1cc85 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -22,6 +22,8 @@ my $user2 = $mech->create_user_ok('commenter@example.com', name => 'Commenter');
 
 my $body = $mech->create_body_ok(2504, 'Westminster City Council');
 
+my $contact = $mech->create_contact_ok( body_id => $body->id, category => 'Other', email => 'other' );
+
 my $dt = DateTime->new(
     year   => 2011,
     month  => 04,
@@ -1893,6 +1895,18 @@ for my $test (
     };
 }
 
+$mech->log_in_ok( $report->user->email );
+
+my %standard_fields = (
+    name => $report->user->name,
+    update => 'update text',
+    photo1 => '',
+    photo2 => '',
+    photo3 => '',
+    may_show_name => 1,
+    add_alert => 1,
+);
+
 for my $test (
     {
         desc => 'update confirmed without marking as fixed leaves state unchanged',
@@ -2094,18 +2108,6 @@ for my $test (
     },
 ) {
     subtest $test->{desc} => sub {
-        $mech->log_in_ok( $report->user->email );
-
-        my %standard_fields = (
-            name => $report->user->name,
-            update => 'update text',
-            photo1 => '',
-            photo2 => '',
-            photo3 => '',
-            may_show_name => 1,
-            add_alert => 1,
-        );
-
         my %expected_fields = (
             %standard_fields,
             %{ $test->{expected_form_fields} },
@@ -2178,4 +2180,11 @@ FixMyStreet::override_config {
     };
 };
 
+subtest 'check disabling of updates per category' => sub {
+    $contact->set_extra_metadata( updates_disallowed => 1 );
+    $contact->update;
+    $mech->get_ok("/report/$report_id");
+    $mech->content_lacks('Provide an update');
+};
+
 done_testing();
-- 
cgit v1.2.3


From f6d807fd5217a19ac488f652d1f0853a7891231f Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Fri, 1 May 2020 15:42:01 +0100
Subject: Add way to disallow report reopening in a category

Add a tickbox to the category admin, and do not allow reopening on
reports made in the selected categories.
---
 t/app/controller/admin/bodies.t   | 11 +++++++++++
 t/app/controller/report_updates.t | 11 +++++++++++
 2 files changed, 22 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index 7ec7aed75..d3e4074f9 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -272,6 +272,17 @@ subtest 'updates disabling' => sub {
     is $contact->get_extra_metadata('updates_disallowed'), 1, 'Updates disallowed flag set';
 };
 
+subtest 'reopen disabling' => sub {
+    $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
+    $mech->submit_form_ok( { with_fields => {
+        reopening_disallowed => 1,
+        note => 'Disabling reopening',
+    } } );
+    $mech->content_contains('Values updated');
+    my $contact = $body->contacts->find({ category => 'test category' });
+    is $contact->get_extra_metadata('reopening_disallowed'), 1, 'Reopening disallowed flag set';
+};
+
 
 }; # END of override wrap
 
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index e8ab1cc85..e97b04f12 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -2145,6 +2145,17 @@ for my $test (
     };
 }
 
+subtest 'check disabling of reopening' => sub {
+    $report->state('fixed - council');
+    $report->update;
+    $mech->get_ok("/report/$report_id");
+    $mech->content_contains('This problem has not been fixed');
+    $contact->set_extra_metadata( reopening_disallowed => 1 );
+    $contact->update;
+    $mech->get_ok("/report/$report_id");
+    $mech->content_lacks('This problem has not been fixed');
+};
+
 subtest 'check have to be logged in for creator fixed questionnaire' => sub {
     $mech->log_out_ok();
 
-- 
cgit v1.2.3


From 5ce552af2b66613272dc9cfe2d46532e057f44f7 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Thu, 7 May 2020 12:44:23 +0100
Subject: Fix dashboard report CSV export.

The change to join in e16054150 did not include a collapse that the
previous prefetch was doing, so multiple rows per result were being
returned.
---
 t/app/controller/dashboard.t | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t
index 72fc00128..c62ada89a 100644
--- a/t/app/controller/dashboard.t
+++ b/t/app/controller/dashboard.t
@@ -70,6 +70,7 @@ foreach my $problem (@fixed_problems) {
 
 foreach my $problem (@closed_problems) {
     $problem->update({ state => 'closed' });
+    $mech->create_comment_for_problem($problem, $counciluser, 'Name', 'in progress text', 0, 'confirmed', 'in progress');
     $mech->create_comment_for_problem($problem, $counciluser, 'Title', 'text', 0, 'confirmed', 'closed');
 }
 
@@ -214,7 +215,7 @@ FixMyStreet::override_config {
     subtest 'export updates as csv' => sub {
         $mech->get_ok('/dashboard?updates=1&export=1');
         my @rows = $mech->content_as_csv;
-        is scalar @rows, 15, '1 (header) + 14 (updates) = 15 lines';
+        is scalar @rows, 18, '1 (header) + 17 (updates) = 18 lines';
         is scalar @{$rows[0]}, 8, '8 columns present';
 
         is_deeply $rows[0],
-- 
cgit v1.2.3


From ecc5a7b9ca20418f1bdb45cdc3ce5b41a11f3593 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 15 Apr 2020 19:12:31 +0100
Subject: Add assigned_(users|categories)_only functionality

Users with assigned_categories_only will only see staff features on a
report page in their assigned categories.

Users will only see staff features on a report page in a category with
assigned_users_only if it is in their assigned categories.
---
 t/app/controller/admin/bodies.t   | 10 ++++++++
 t/app/controller/admin/users.t    | 10 +++++++-
 t/app/controller/report_inspect.t | 52 ++++++++++++++++++++++++++++++++++++---
 3 files changed, 68 insertions(+), 4 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index d3e4074f9..883386380 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -261,6 +261,16 @@ subtest 'open311 protection editing' => sub {
     is $contact->get_extra_metadata('open311_protect'), 1, 'Open311 protect flag set';
 };
 
+subtest 'test assigned_users_only setting' => sub {
+    $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
+    $mech->submit_form_ok( { with_fields => {
+        assigned_users_only => 1,
+    } } );
+    $mech->content_contains('Values updated');
+    my $contact = $body->contacts->find({ category => 'test category' });
+    is $contact->get_extra_metadata('assigned_users_only'), 1;
+};
+
 subtest 'updates disabling' => sub {
     $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
     $mech->submit_form_ok( { with_fields => {
diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index 4f0298103..bc8d28e2d 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -299,6 +299,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -320,6 +321,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -341,6 +343,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
                 roles => $role->id,
             },
@@ -365,6 +368,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
@@ -385,6 +389,7 @@ FixMyStreet::override_config {
                 flagged => 'on',
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
@@ -394,7 +399,7 @@ FixMyStreet::override_config {
             log_entries => [qw/edit edit edit edit/],
         },
         {
-            desc => 'edit user add is_superuser',
+            desc => 'edit user add is_superuser and assigned_categories_only',
             fields => {
                 name => 'Changed User',
                 email => 'changed@example.com',
@@ -405,10 +410,12 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => undef,
                 area_ids => undef,
+                assigned_categories_only => undef,
                 %default_perms,
             },
             changes => {
                 is_superuser => 'on',
+                assigned_categories_only => 'on',
             },
             removed => [
                 keys %default_perms,
@@ -428,6 +435,7 @@ FixMyStreet::override_config {
                 flagged => undef,
                 is_superuser => 'on',
                 area_ids => undef,
+                assigned_categories_only => 'on',
             },
             changes => {
                 is_superuser => undef,
diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index 8deb2667e..2852f8d18 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -822,7 +822,53 @@ FixMyStreet::override_config {
     };
 };
 
+FixMyStreet::override_config {
+    MAPIT_URL => 'http://mapit.uk/',
+    ALLOWED_COBRANDS => 'oxfordshire',
+}, sub {
+    subtest 'test relevant staff user display' => sub {
+        $user->user_body_permissions->create({ body => $oxon, permission_type => 'planned_reports' });
+        $user->user_body_permissions->create({ body => $oxon, permission_type => 'moderate' });
+        $mech->log_in_ok('body@example.com');
 
-END {
-    done_testing();
-}
+        # First, check user can see staff things on reports 2 and 3
+        $mech->get_ok("/report/$report2_id");
+        $mech->content_contains('<select class="form-control" name="state"  id="state">');
+        $mech->content_contains('<div class="inspect-section">');
+        $mech->get_ok("/report/$report3_id");
+        $mech->content_contains('<select class="form-control" name="state"  id="state">');
+        $mech->content_contains('<div class="inspect-section">');
+
+        # User's categories are ["Cows"], which is currently report 2
+        # So should be able to see staff things on 2, but no longer on 3
+        $user->set_extra_metadata(assigned_categories_only => 1);
+        $user->update;
+        $mech->get_ok("/report/$report2_id");
+        $mech->content_contains('<select class="form-control" name="state"  id="state">');
+        $mech->content_contains('<div class="inspect-section">');
+        $mech->get_ok("/report/$report3_id");
+        $mech->content_lacks('<select class="form-control" name="state"  id="state">');
+        $mech->content_lacks('<div class="inspect-section">');
+        $mech->content_lacks('Moderate this report');
+        $mech->content_lacks('shortlist');
+        $user->unset_extra_metadata('assigned_categories_only');
+        $user->update;
+
+        # Contact 2 is "Sheep", which is currently report 3
+        # So again, should be able to see staff things on 2, but no longer on 3
+        $contact2->set_extra_metadata(assigned_users_only => 1);
+        $contact2->update;
+        $mech->get_ok("/report/$report2_id");
+        $mech->content_contains('<select class="form-control" name="state"  id="state">');
+        $mech->content_contains('<div class="inspect-section">');
+        $mech->get_ok("/report/$report3_id");
+        $mech->content_lacks('<select class="form-control" name="state"  id="state">');
+        $mech->content_lacks('<div class="inspect-section">');
+        $mech->content_lacks('Moderate this report');
+        $mech->content_lacks('shortlist');
+        $contact2->unset_extra_metadata('assigned_users_only');
+        $contact2->update;
+    };
+};
+
+done_testing();
-- 
cgit v1.2.3


From d1622dc20c1623e3f7fb54d72d99370af796c197 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Fri, 17 Apr 2020 14:07:32 +0100
Subject: Extend assigned_*_only to report lists.

Shortlist buttons and extended print information
will not appear where not allowed.
---
 t/app/controller/around.t | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/around.t b/t/app/controller/around.t
index 186b833fd..6e49c6f29 100644
--- a/t/app/controller/around.t
+++ b/t/app/controller/around.t
@@ -150,7 +150,7 @@ subtest 'check missing body message not shown when it does not need to be' => su
 };
 
 for my $permission ( qw/ report_inspect report_mark_private/ ) {
-    subtest 'check non public reports are displayed on around page with $permission permission' => sub {
+    subtest "check non public reports are displayed on around page with $permission permission" => sub {
         my $body = FixMyStreet::DB->resultset('Body')->find( $body_edin_id );
         my $body2 = FixMyStreet::DB->resultset('Body')->find( $body_west_id );
         my $user = $mech->log_in_ok( 'test@example.com' );
@@ -218,6 +218,29 @@ for my $permission ( qw/ report_inspect report_mark_private/ ) {
     };
 }
 
+subtest 'check assigned-only list items do not display shortlist buttons' => sub {
+    my $body = FixMyStreet::DB->resultset('Body')->find( $body_edin_id );
+    my $contact = $mech->create_contact_ok( category => 'Horses', body_id => $body->id, email => "horses\@example.org" );
+    $edinburgh_problems[4]->update({ category => 'Horses' });
+
+    my $user = $mech->log_in_ok( 'test@example.com' );
+    $user->set_extra_metadata(assigned_categories_only => 1);
+    $user->user_body_permissions->delete();
+    $user->set_extra_metadata(categories => [ $contact->id ]);
+    $user->update({ from_body => $body });
+    $user->user_body_permissions->find_or_create({ body => $body, permission_type => 'planned_reports' });
+
+    FixMyStreet::override_config {
+        ALLOWED_COBRANDS => 'fixmystreet',
+        MAPIT_URL => 'http://mapit.uk/',
+    }, sub {
+        $mech->get_ok('/around?pc=EH1+1BB');
+    };
+    $mech->content_contains('shortlist-add-' . $edinburgh_problems[4]->id);
+    $mech->content_lacks('shortlist-add-' . $edinburgh_problems[3]->id);
+    $mech->content_lacks('shortlist-add-' . $edinburgh_problems[1]->id);
+};
+
 my $body = $mech->create_body_ok(2237, "Oxfordshire");
 
 subtest 'check category, status and extra filtering works on /around' => sub {
-- 
cgit v1.2.3


From 37306b9f6f4cb9b58c5e4a7bdc12e90dff879481 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Fri, 24 Apr 2020 17:35:50 +0100
Subject: Disable rename on unprotected Open311 categories.

If you rename an Open311 category when it is not protected, it will only
get reinstated/deleted by the Open311 populate script shortly after, and
can cause issues due to the problem category renaming that occurs.
---
 t/app/controller/admin/bodies.t | 2 ++
 1 file changed, 2 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index d3e4074f9..74084afbf 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -210,6 +210,7 @@ subtest 'check open311 configuring' => sub {
 
 subtest 'check open311 devolved editing' => sub {
     $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
+    $mech->content_contains("name=\"category\"\n    size=\"30\" value=\"test category\"\n    readonly>", 'Cannot edit Open311 category name');
     $mech->submit_form_ok( { with_fields => {
         send_method => 'Email',
         email => 'testing@example.org',
@@ -217,6 +218,7 @@ subtest 'check open311 devolved editing' => sub {
     } } );
     $mech->content_contains('Values updated');
     $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
+    $mech->content_contains("name=\"category\"\n    size=\"30\" value=\"test category\"\n    required>", 'Can edit as now devolved');
     $mech->submit_form_ok( { with_fields => {
         send_method => '',
         email => 'open311-code',
-- 
cgit v1.2.3


From 538a26498c3516b5bc24636414911b955333f934 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Wed, 6 May 2020 17:14:10 +0100
Subject: display user detail for contributed_by in report_edit

Include name, email and body rather than just user id.
---
 t/app/controller/admin/report_edit.t | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/report_edit.t b/t/app/controller/admin/report_edit.t
index 438bcc241..01f091412 100644
--- a/t/app/controller/admin/report_edit.t
+++ b/t/app/controller/admin/report_edit.t
@@ -9,6 +9,7 @@ my $user2 = $mech->create_user_ok('test2@example.com', name => 'Test User 2');
 my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super User', is_superuser => 1);
 
 my $oxfordshire = $mech->create_body_ok(2237, 'Oxfordshire County Council');
+my $user3 = $mech->create_user_ok('body_user@example.com', name => 'Body User', from_body => $oxfordshire);
 my $oxfordshirecontact = $mech->create_contact_ok( body_id => $oxfordshire->id, category => 'Potholes', email => 'potholes@example.com' );
 $mech->create_contact_ok( body_id => $oxfordshire->id, category => 'Traffic lights', email => 'lights@example.com' );
 
@@ -707,4 +708,20 @@ subtest "Test display of fields extra data" => sub {
     $mech->content_contains('Report URL (report_url)</strong>: http://example.com');
 };
 
+subtest "Test display of contributed_as data" => sub {
+    $report->update( { extra => undef } );
+    $mech->get_ok("/admin/report_edit/$report_id");
+    $mech->content_contains('Extra data: No');
+
+    $report->set_extra_metadata( contributed_as => 'another_user' );
+    $report->set_extra_metadata( contributed_by => $user3->id );
+    $report->update;
+
+    $report->discard_changes;
+
+    $mech->get_ok("/admin/report_edit/$report_id");
+    $mech->content_like(qr!Created By</strong>: <a[^>]*>Body User \(@{[ $user3->email ]}!);
+    $mech->content_contains('Created Body</strong>: Oxfordshire County Council');
+};
+
 done_testing();
-- 
cgit v1.2.3


From c80f13eeac448e99873b690411d7f6e83b07dd06 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Thu, 7 May 2020 15:10:46 +0100
Subject: admin interface for per category anonymous reporting

Add an interface to enable a category to accept anonymous reports, plus
the code to handle permitting this.

It's only available on single body cobrand sites in the default
configuration.
---
 t/app/controller/admin/bodies.t    | 34 +++++++++++++++++
 t/app/controller/report_new_anon.t | 75 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 109 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index 9f7b18cde..80ee22630 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -1,3 +1,13 @@
+package FixMyStreet::Cobrand::AnonAllowedByCategory;
+use parent 'FixMyStreet::Cobrand::UKCouncils';
+sub council_url { 'anonbycategory' }
+sub council_name { 'Aberdeen City Council' }
+sub council_area { 'Aberdeen' }
+sub council_area_id { 2650 }
+sub anonymous_account { { email => 'anoncategory@example.org', name => 'Anonymous Category' } }
+
+package main;
+
 use FixMyStreet::TestMech;
 
 my $mech = FixMyStreet::TestMech->new;
@@ -295,8 +305,32 @@ subtest 'reopen disabling' => sub {
     is $contact->get_extra_metadata('reopening_disallowed'), 1, 'Reopening disallowed flag set';
 };
 
+subtest 'allow anonymous reporting' => sub {
+    $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
+    $mech->content_lacks('Allow anonymous reports');
+};
 
 }; # END of override wrap
+FixMyStreet::override_config {
+    MAPIT_URL => 'http://mapit.uk/',
+    MAPIT_TYPES => [ 'UTA' ],
+    BASE_URL => 'http://www.example.org',
+    ALLOWED_COBRANDS => [ "fixmystreet", "anonallowedbycategory" ],
+}, sub {
+
+subtest 'allow anonymous reporting' => sub {
+    $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
+    $mech->submit_form_ok( { with_fields => {
+        anonymous_allowed => 1,
+        note => 'Anonymous Allowed',
+    } } );
+    $mech->content_contains('Values updated');
+    my $contact = $body->contacts->find({ category => 'test category' });
+    is $contact->get_extra_metadata('anonymous_allowed'), 1, 'Anonymous reports allowed flag set';
+};
+
+};
+
 
 FixMyStreet::override_config {
     MAPIT_URL => 'http://mapit.uk/',
diff --git a/t/app/controller/report_new_anon.t b/t/app/controller/report_new_anon.t
index d86bc8134..cba360f05 100644
--- a/t/app/controller/report_new_anon.t
+++ b/t/app/controller/report_new_anon.t
@@ -17,6 +17,14 @@ sub allow_anonymous_reports {
 }
 sub anonymous_account { { email => 'anoncategory@example.org', name => 'Anonymous Category' } }
 
+package FixMyStreet::Cobrand::AnonAllowedByCategory;
+use parent 'FixMyStreet::Cobrand::UKCouncils';
+sub council_url { 'anonbycategory' }
+sub council_name { 'Edinburgh City Council' }
+sub council_area { 'Edinburgh' }
+sub council_area_id { 2651 }
+sub anonymous_account { { email => 'anoncategory@example.org', name => 'Anonymous Category' } }
+
 package main;
 
 use FixMyStreet::TestMech;
@@ -269,4 +277,71 @@ subtest "test report creation anonymously by button, per category" => sub {
 
 };
 
+$contact2->set_extra_metadata( anonymous_allowed => 1 );
+$contact2->update;
+
+FixMyStreet::override_config {
+    ALLOWED_COBRANDS => 'anonallowedbycategory',
+    MAPIT_URL => 'http://mapit.uk/',
+}, sub {
+
+subtest "test report creation anonymously by button, per category from metadata" => sub {
+    $mech->get_ok('/around');
+    $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB', } }, "submit location" );
+    $mech->follow_link_ok( { text_regex => qr/skip this step/i, }, "follow 'skip this step' link" );
+    $mech->submit_form_ok({
+        button => 'submit_category_part_only',
+        with_fields => {
+            category => 'Street lighting',
+        }
+    }, "submit category with no anonymous reporting");
+    $mech->content_lacks('<button name="report_anonymously" value="yes" class="btn btn--block">'); # non-JS button, JS button always there
+    $mech->submit_form_ok({
+        button => 'submit_register',
+        with_fields => {
+            category => 'Trees',
+        }
+    }, "submit category with anonymous reporting");
+
+    $mech->submit_form_ok({
+        button => 'report_anonymously',
+        with_fields => {
+            title => 'Test Report',
+            detail => 'Test report details.',
+        }
+    }, "submit good details");
+    $mech->content_contains('Your issue is on its way to the council');
+
+    my $report = FixMyStreet::DB->resultset("Problem")->search({}, { order_by => { -desc => 'id' } })->first;
+    ok $report, "Found the report";
+
+    is $report->state, 'confirmed', "report confirmed";
+    is $report->bodies_str, $body->id;
+    is $report->name, 'Anonymous Category';
+    is $report->anonymous, 1; # Doesn't change behaviour here, but uses anon account's name always
+    is $report->get_extra_metadata('contributed_as'), 'anonymous_user';
+};
+
+};
+
+FixMyStreet::override_config {
+    ALLOWED_COBRANDS => [ { fixmystreet => '.' } ],
+    BASE_URL => 'https://www.fixmystreet.com',
+    MAPIT_URL => 'http://mapit.uk/',
+}, sub {
+subtest "test anonymously by button, per category from metadata limited to cobrand" => sub {
+    $mech->get_ok('/around');
+    $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB', } }, "submit location" );
+    $mech->follow_link_ok( { text_regex => qr/skip this step/i, }, "follow 'skip this step' link" );
+    $mech->submit_form_ok({
+        button => 'submit_category_part_only',
+        with_fields => {
+            category => 'Trees',
+        }
+    }, "submit category with no anonymous reporting");
+    $mech->content_lacks('<button name="report_anonymously" value="yes" class="btn btn--block">'); # non-JS button, JS button always there
+};
+
+};
+
 done_testing();
-- 
cgit v1.2.3


From 901834444846905c85e56528b020bd1a667cb5d2 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Mon, 11 May 2020 16:56:46 +0100
Subject: Make sure category shown in all its groups.

When compiling the reporting category dropdown, only one instance of
each value was used. But if a value appears twice, from two different
bodies, in different groups, it would then not appear in all the groups
it would be expected to. Make sure we update the list of groups of the
category if we come across another with the same value.
---
 t/app/controller/report_new.t | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t
index d2da75f2c..6af709c2c 100644
--- a/t/app/controller/report_new.t
+++ b/t/app/controller/report_new.t
@@ -641,10 +641,10 @@ subtest "category groups" => sub {
         }
     }, sub {
         $contact2->update( { extra => { group => ['Roads','Pavements'] } } );
-        $contact9->update( { extra => { group => 'Roads' } } );
+        $contact9->update( { extra => { group => 'Pavements' } } );
         $contact10->update( { extra => { group => 'Roads' } } );
         $mech->get_ok("/report/new?lat=$saved_lat&lon=$saved_lon");
-        $mech->content_like(qr{<optgroup label="Pavements">\s*<option value='Potholes'>Potholes</option></optgroup>});
+        $mech->content_like(qr{<optgroup label="Pavements">\s*<option value='Potholes'>Potholes</option>\s*<option value='Street lighting'>Street lighting</option></optgroup>});
         $mech->content_like(qr{<optgroup label="Roads">\s*<option value='Potholes'>Potholes</option>\s*<option value='Street lighting'>Street lighting</option></optgroup>});
     };
 };
-- 
cgit v1.2.3


From 5412a569e233b82c8f971e07c57c73d2ef3f6733 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 27 May 2020 21:01:10 +0100
Subject: Mark user as active when sent an email alert.

---
 t/app/controller/alert_new.t | 2 ++
 1 file changed, 2 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/alert_new.t b/t/app/controller/alert_new.t
index 7eba90530..d968b56b1 100644
--- a/t/app/controller/alert_new.t
+++ b/t/app/controller/alert_new.t
@@ -523,6 +523,8 @@ subtest "Test alerts are not sent for no-text updates" => sub {
     };
 
     $mech->email_count_is(1);
+    $user2->discard_changes;
+    isnt $user2->last_active, undef, 'Last active has been set';
 
     $mech->delete_user($user1);
     $mech->delete_user($user2);
-- 
cgit v1.2.3


From 766f0ed07864ac89a81d9356a8960c3c0744fc99 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Mon, 1 Jun 2020 10:47:27 +0100
Subject: [fixmystreet.com] Add option for recaptcha.

We are getting spam submissions of e.g. alert subscribe form,
which causes people to get a confirmation email.
---
 t/app/controller/alert.t | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/alert.t b/t/app/controller/alert.t
index 41aee5bbc..34e68177c 100644
--- a/t/app/controller/alert.t
+++ b/t/app/controller/alert.t
@@ -1,6 +1,7 @@
 use FixMyStreet::TestMech;
 my $mech = FixMyStreet::TestMech->new;
 
+use Test::MockModule;
 use t::Mock::Nominatim;
 
 # check that we can get the page
@@ -73,4 +74,25 @@ FixMyStreet::override_config {
     is $mech->uri->path, '/rss/reports/Cheltenham/Lansdown';
 };
 
+FixMyStreet::override_config {
+    ALLOWED_COBRANDS => 'fixmystreet',
+    MAPIT_URL => 'http://mapit.uk/',
+    GEOCODER => '',
+    RECAPTCHA => { secret => 'secret', site_key => 'site_key' },
+}, sub {
+    subtest 'recaptcha' => sub {
+        $mech->get_ok('/alert/list?pc=EH11BB');
+        $mech->content_lacks('g-recaptcha'); # GB is default test country
+
+        my $mod_app = Test::MockModule->new('FixMyStreet::App');
+        $mod_app->mock('user_country', sub { 'FR' });
+        my $mod_lwp = Test::MockModule->new('LWP::UserAgent');
+        $mod_lwp->mock('post', sub { HTTP::Response->new(200, 'OK', [], '{ "success": true }') });
+
+        $mech->get_ok('/alert/list?pc=EH11BB');
+        $mech->content_contains('g-recaptcha');
+        $mech->submit_form_ok({ with_fields => { rznvy => 'someone@example.org' } });
+    };
+};
+
 done_testing();
-- 
cgit v1.2.3


From ce5588038dfafb2db53c7de7e0d34e8c59bed8ba Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Fri, 29 May 2020 11:09:09 +0100
Subject: Small refactor of around.t, add "lat,lon" test.

---
 t/app/controller/around.t | 95 ++++++++++++++++-------------------------------
 1 file changed, 32 insertions(+), 63 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/around.t b/t/app/controller/around.t
index 6e49c6f29..be8b0df9e 100644
--- a/t/app/controller/around.t
+++ b/t/app/controller/around.t
@@ -53,6 +53,11 @@ foreach my $test (
     };
 }
 
+FixMyStreet::override_config {
+    ALLOWED_COBRANDS => 'fixmystreet',
+    MAPIT_URL => 'http://mapit.uk/',
+}, sub {
+
 # check that exact queries result in the correct lat,lng
 foreach my $test (
     {
@@ -69,16 +74,18 @@ foreach my $test (
 {
     subtest "check lat/lng for '$test->{pc}'" => sub {
         $mech->get_ok('/');
-        FixMyStreet::override_config {
-            ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ],
-            MAPIT_URL => 'http://mapit.uk/',
-        }, sub {
-            $mech->submit_form_ok( { with_fields => { pc => $test->{pc} } },
-                "good location" );
-        };
+        $mech->submit_form_ok( { with_fields => { pc => $test->{pc} } },
+            "good location" );
         is_deeply $mech->page_errors, [], "no errors for pc '$test->{pc}'";
         is_deeply $mech->extract_location, $test,
           "got expected location for pc '$test->{pc}'";
+        $mech->get_ok('/');
+        my $pc = "$test->{latitude},$test->{longitude}";
+        $mech->submit_form_ok( { with_fields => { pc => $pc } },
+            "good location" );
+        is_deeply $mech->page_errors, [], "no errors for pc '$pc'";
+        is_deeply $mech->extract_location, { %$test, pc => $pc },
+          "got expected location for pc '$pc'";
     };
 }
 
@@ -93,10 +100,10 @@ my @edinburgh_problems = $mech->create_problems_for_body( 5, $body_edin_id, 'Aro
 
 subtest 'check lookup by reference' => sub {
     $mech->get_ok('/');
-    $mech->submit_form_ok( { with_fields => { pc => 'ref:12345' } }, 'bad ref');
+    $mech->submit_form_ok( { with_fields => { pc => '12345' } }, 'bad ref');
     $mech->content_contains('Searching found no reports');
     my $id = $edinburgh_problems[0]->id;
-    $mech->submit_form_ok( { with_fields => { pc => "ref:$id" } }, 'good ref');
+    $mech->submit_form_ok( { with_fields => { pc => $id } }, 'good ref');
     is $mech->uri->path, "/report/$id", "redirected to report page";
 };
 
@@ -106,19 +113,14 @@ subtest 'check lookup by reference does not show non_public reports' => sub {
     });
     my $id = $edinburgh_problems[0]->id;
     $mech->get_ok('/');
-    $mech->submit_form_ok( { with_fields => { pc => "ref:$id" } }, 'non_public ref');
+    $mech->submit_form_ok( { with_fields => { pc => $id } }, 'non_public ref');
     $mech->content_contains('Searching found no reports');
 };
 
 subtest 'check non public reports are not displayed on around page' => sub {
     $mech->get_ok('/');
-    FixMyStreet::override_config {
-        ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ],
-        MAPIT_URL => 'http://mapit.uk/',
-    }, sub {
-        $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
-            "good location" );
-    };
+    $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
+        "good location" );
     $mech->content_contains( "Around page Test 3 for $body_edin_id",
         'problem to be marked non public visible' );
 
@@ -126,26 +128,16 @@ subtest 'check non public reports are not displayed on around page' => sub {
     ok $private->update( { non_public => 1 } ), 'problem marked non public';
 
     $mech->get_ok('/');
-    FixMyStreet::override_config {
-        ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ],
-        MAPIT_URL => 'http://mapit.uk/',
-    }, sub {
-        $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
-            "good location" );
-    };
+    $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
+        "good location" );
     $mech->content_lacks( "Around page Test 3 for $body_edin_id",
         'problem marked non public is not visible' );
 };
 
 subtest 'check missing body message not shown when it does not need to be' => sub {
     $mech->get_ok('/');
-    FixMyStreet::override_config {
-        ALLOWED_COBRANDS => 'fixmystreet',
-        MAPIT_URL => 'http://mapit.uk/',
-    }, sub {
-        $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
-            "good location" );
-    };
+    $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
+        "good location" );
     $mech->content_lacks('yet have details for the other councils that cover this location');
 };
 
@@ -162,24 +154,14 @@ for my $permission ( qw/ report_inspect report_mark_private/ ) {
         });
 
         $mech->get_ok('/');
-        FixMyStreet::override_config {
-            ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ],
-            MAPIT_URL => 'http://mapit.uk/',
-        }, sub {
-            $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
-                "good location" );
-        };
+        $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
+            "good location" );
         $mech->content_contains( "Around page Test 3 for $body_edin_id",
             'problem marked non public is visible' );
         $mech->content_contains( "Around page Test 2 for $body_edin_id",
             'problem marked public is visible' );
 
-        FixMyStreet::override_config {
-            ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ],
-            MAPIT_URL => 'http://mapit.uk/',
-        }, sub {
-            $mech->get_ok('/around?pc=EH1+1BB&status=non_public');
-        };
+        $mech->get_ok('/around?pc=EH1+1BB&status=non_public');
         $mech->content_contains( "Around page Test 3 for $body_edin_id",
             'problem marked non public is visible' );
         $mech->content_lacks( "Around page Test 2 for $body_edin_id",
@@ -193,24 +175,14 @@ for my $permission ( qw/ report_inspect report_mark_private/ ) {
         });
 
         $mech->get_ok('/');
-        FixMyStreet::override_config {
-            ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ],
-            MAPIT_URL => 'http://mapit.uk/',
-        }, sub {
-            $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
-                "good location" );
-        };
+        $mech->submit_form_ok( { with_fields => { pc => 'EH1 1BB' } },
+            "good location" );
         $mech->content_lacks( "Around page Test 3 for $body_edin_id",
             'problem marked non public is not visible' );
         $mech->content_contains( "Around page Test 2 for $body_edin_id",
             'problem marked public is visible' );
 
-        FixMyStreet::override_config {
-            ALLOWED_COBRANDS => [ { 'fixmystreet' => '.' } ],
-            MAPIT_URL => 'http://mapit.uk/',
-        }, sub {
-            $mech->get_ok('/around?pc=EH1+1BB&status=non_public');
-        };
+        $mech->get_ok('/around?pc=EH1+1BB&status=non_public');
         $mech->content_lacks( "Around page Test 3 for $body_edin_id",
             'problem marked non public is not visible' );
         $mech->content_lacks( "Around page Test 2 for $body_edin_id",
@@ -230,17 +202,14 @@ subtest 'check assigned-only list items do not display shortlist buttons' => sub
     $user->update({ from_body => $body });
     $user->user_body_permissions->find_or_create({ body => $body, permission_type => 'planned_reports' });
 
-    FixMyStreet::override_config {
-        ALLOWED_COBRANDS => 'fixmystreet',
-        MAPIT_URL => 'http://mapit.uk/',
-    }, sub {
-        $mech->get_ok('/around?pc=EH1+1BB');
-    };
+    $mech->get_ok('/around?pc=EH1+1BB');
     $mech->content_contains('shortlist-add-' . $edinburgh_problems[4]->id);
     $mech->content_lacks('shortlist-add-' . $edinburgh_problems[3]->id);
     $mech->content_lacks('shortlist-add-' . $edinburgh_problems[1]->id);
 };
 
+}; # End big override_config
+
 my $body = $mech->create_body_ok(2237, "Oxfordshire");
 
 subtest 'check category, status and extra filtering works on /around' => sub {
-- 
cgit v1.2.3


From abc63a85b47bbc6b9e81c8256a226864ac7fe0ce Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Fri, 29 May 2020 11:09:36 +0100
Subject: Add Open Location Codes support to search box.

---
 t/app/controller/around.t | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/around.t b/t/app/controller/around.t
index be8b0df9e..784801517 100644
--- a/t/app/controller/around.t
+++ b/t/app/controller/around.t
@@ -9,6 +9,7 @@ use constant MIN_ZOOM_LEVEL => 88;
 package main;
 
 use Test::MockModule;
+use t::Mock::Nominatim;
 
 use FixMyStreet::TestMech;
 my $mech = FixMyStreet::TestMech->new;
@@ -89,6 +90,30 @@ foreach my $test (
     };
 }
 
+subtest "check lat/lng for full plus code" => sub {
+    $mech->get_ok('/');
+    $mech->submit_form_ok( { with_fields => { pc => "9C7RXR26+R5" } } );
+    is_deeply $mech->page_errors, [], "no errors for plus code";
+    is_deeply $mech->extract_location, {
+        pc => "9C7RXR26+R5",
+        latitude  => 55.952063,
+        longitude => -3.189562,
+    },
+      "got expected location for full plus code";
+};
+
+subtest "check lat/lng for short plus code" => sub {
+    $mech->get_ok('/');
+    $mech->submit_form_ok( { with_fields => { pc => "XR26+R5 Edinburgh" } } );
+    is_deeply $mech->page_errors, [], "no errors for plus code";
+    is_deeply $mech->extract_location, {
+        pc => "XR26+R5 Edinburgh",
+        latitude  => 55.952063,
+        longitude => -3.189562,
+    },
+      "got expected location for short plus code";
+};
+
 my $body_edin_id = $mech->create_body_ok(2651, 'City of Edinburgh Council')->id;
 my $body_west_id = $mech->create_body_ok(2504, 'Westminster City Council')->id;
 
-- 
cgit v1.2.3


From 51eae76dd663d23c1f4bb1e809e9c258e800cb73 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 10 Jun 2020 14:29:35 +0100
Subject: Only show access tokens once, and store hashed.

---
 t/app/controller/auth.t         | 11 ++++++-----
 t/app/controller/auth_profile.t | 12 ++++++------
 t/app/controller/dashboard.t    |  5 +++--
 3 files changed, 15 insertions(+), 13 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 24deb8cab..8b4b772fc 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -245,19 +245,20 @@ subtest "check logging in with token" => sub {
 
     my $user =  FixMyStreet::DB->resultset('User')->find( { email => $test_email } );
     # token needs to be 18 characters
-    $user->set_extra_metadata('access_token', '1234567890abcdefgh');
+    my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' });
+    $user->set_extra_metadata('access_token', $u->password);
     $user->update();
 
-    $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
+    $mech->add_header('Authorization', 'Bearer ' . $user->id . '-1234567890abcdefgh');
     $mech->logged_in_ok;
 
     $mech->delete_header('Authorization');
     $mech->not_logged_in_ok;
 
-    $mech->get_ok('/auth/check_auth?access_token=1234567890abcdefgh');
+    $mech->get_ok('/auth/check_auth?access_token=' . $user->id . '-1234567890abcdefgh');
 
-    $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
-    $user->set_extra_metadata('access_token', 'XXXXXXXXXXXXXXXXXX');
+    $mech->add_header('Authorization', 'Bearer ' . $user->id . '-1234567890abcdefgh');
+    $user->set_extra_metadata('access_token', '$2a$08$HNslSx7Uic7q6Ti5WYT5JOT6npYPwrwLnDMJMJoD22LIqG5TfDIKf');
     $user->update();
     $mech->not_logged_in_ok;
 
diff --git a/t/app/controller/auth_profile.t b/t/app/controller/auth_profile.t
index e5dfe2764..230e02d2b 100644
--- a/t/app/controller/auth_profile.t
+++ b/t/app/controller/auth_profile.t
@@ -417,16 +417,16 @@ subtest "Test generate token page" => sub {
         "submit generate token form"
     );
     $mech->content_contains( 'Your token has been generated', "token generated" );
+    my ($token) = $mech->content =~ /<span>(.*?)<\/span>/;
+    my @parts = split /-/, $token, 2;
+    is $parts[0], $user->id, 'token has user ID at start';
 
     $user->discard_changes();
-    my $token = $user->get_extra_metadata('access_token');
-    ok $token, 'access token set';
-
-    $mech->content_contains($token, 'access token displayed');
+    $user->password($user->get_extra_metadata('access_token'), 1);
+    ok $user->check_password($parts[1]), 'access token set';
 
     $mech->get_ok('/auth/generate_token');
-    $mech->content_contains('Current token:');
-    $mech->content_contains($token, 'access token displayed');
+    $mech->content_lacks($parts[1], 'access token not displayed');
     $mech->content_contains('If you generate a new token');
 
     $mech->log_out_ok;
diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t
index c62ada89a..0f07bcae0 100644
--- a/t/app/controller/dashboard.t
+++ b/t/app/controller/dashboard.t
@@ -236,14 +236,15 @@ FixMyStreet::override_config {
     subtest 'export as csv using token' => sub {
         $mech->log_out_ok;
 
-        $counciluser->set_extra_metadata('access_token', '1234567890abcdefgh');
+        my $u = FixMyStreet::DB->resultset("User")->new({ password => '1234567890abcdefgh' });
+        $counciluser->set_extra_metadata('access_token', $u->password);
         $counciluser->update();
 
         $mech->get_ok('/dashboard?export=1');
         like $mech->res->header('Content-type'), qr'text/html';
         $mech->content_lacks('Report ID');
 
-        $mech->add_header('Authorization', 'Bearer 1234567890abcdefgh');
+        $mech->add_header('Authorization', 'Bearer ' . $counciluser->id . '-1234567890abcdefgh');
         $mech->get_ok('/dashboard?export=1');
         like $mech->res->header('Content-type'), qr'text/csv';
         $mech->content_contains('Report ID');
-- 
cgit v1.2.3


From d157073eb872a98f9c697a0e3e959f498a922e12 Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Thu, 23 Apr 2020 15:47:59 +0100
Subject: =?UTF-8?q?Don=E2=80=99t=20show=20`sent=5Fto`=20on=20moderation=20?=
 =?UTF-8?q?diff?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 t/app/controller/moderate.t | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/moderate.t b/t/app/controller/moderate.t
index 8e84bd392..43ae1c980 100644
--- a/t/app/controller/moderate.t
+++ b/t/app/controller/moderate.t
@@ -51,7 +51,7 @@ sub create_report {
         longitude          => '0.007831',
         user_id            => $user2->id,
         photo              => '74e3362283b6ef0c48686fb0e161da4043bbcc97.jpeg',
-        extra => { moon => 'waxing full' },
+        extra => { moon => 'waxing full', sent_to => [ 'authority@example.org' ] },
     });
 }
 my $report = create_report();
@@ -115,6 +115,7 @@ subtest 'Problem moderation' => sub {
         }});
         $mech->base_like( qr{\Q$REPORT_URL\E} );
         $mech->content_like(qr/Moderated by Bromley Council/);
+        $mech->content_lacks('sent_to = ARRAY(0x');
 
         $report->discard_changes;
         is $report->title, 'Good good';
-- 
cgit v1.2.3


From 41ed9db574ecb77504992f3836ced7f25fe1768d Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Wed, 13 May 2020 16:42:47 +0100
Subject: [Hackney] Enable OIDC social login

---
 t/app/controller/auth_social.t | 62 ++++++++++++++++++++++++++++++++++++------
 1 file changed, 54 insertions(+), 8 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/auth_social.t b/t/app/controller/auth_social.t
index 200863029..e56fcda98 100644
--- a/t/app/controller/auth_social.t
+++ b/t/app/controller/auth_social.t
@@ -15,9 +15,12 @@ FixMyStreet::App->log->disable('info');
 END { FixMyStreet::App->log->enable('info'); }
 
 my $body = $mech->create_body_ok(2504, 'Westminster City Council');
+my $body2 = $mech->create_body_ok(2508, 'Hackney Council');
 
 my ($report) = $mech->create_problems_for_body(1, $body->id, 'My Test Report');
 my $test_email = $report->user->email;
+my ($report2) = $mech->create_problems_for_body(1, $body2->id, 'My Test Report');
+my $test_email2 = $report->user->email;
 
 my $contact = $mech->create_contact_ok(
     body_id => $body->id, category => 'Damaged bin', email => 'BIN',
@@ -26,11 +29,21 @@ my $contact = $mech->create_contact_ok(
         { code => 'bin_service', description => 'Service needed', required => 'False' },
     ]
 );
+$mech->create_contact_ok(
+    body_id => $body2->id, category => 'Damaged bin', email => 'BIN',
+    extra => [
+        { code => 'bin_type', description => 'Type of bin', required => 'True' },
+        { code => 'bin_service', description => 'Service needed', required => 'False' },
+    ]
+);
 # Two options, incidentally, so that the template "Only one option, select it"
 # code doesn't kick in and make the tests pass
 my $contact2 = $mech->create_contact_ok(
     body_id => $body->id, category => 'Whatever', email => 'WHATEVER',
 );
+$mech->create_contact_ok(
+    body_id => $body2->id, category => 'Whatever', email => 'WHATEVER',
+);
 
 my $resolver = Test::MockModule->new('Email::Valid');
 my $social = Test::MockModule->new('FixMyStreet::App::Controller::Auth::Social');
@@ -88,6 +101,38 @@ for my $test (
     user_extras => [
         [westminster_account_id => "1c304134-ef12-c128-9212-123908123901"],
     ],
+}, {
+    type => 'oidc',
+    config => {
+        ALLOWED_COBRANDS => 'hackney',
+        MAPIT_URL => 'http://mapit.uk/',
+        COBRAND_FEATURES => {
+            anonymous_account => {
+                hackney => 'test',
+            },
+            oidc_login => {
+                hackney => {
+                    client_id => 'example_client_id',
+                    secret => 'example_secret_key',
+                    auth_uri => 'http://oidc.example.org/oauth2/v2.0/authorize_google',
+                    token_uri => 'http://oidc.example.org/oauth2/v2.0/token_google',
+                    allowed_domains => [ 'example.org' ],
+                }
+            }
+        }
+    },
+    email => $mech->uniquify_email('oidc_google@example.org'),
+    uid => "hackney:example_client_id:my_google_user_id",
+    mock => 't::Mock::OpenIDConnect',
+    mock_hosts => ['oidc.example.org'],
+    host => 'oidc.example.org',
+    error_callback => '/auth/OIDC?error=ERROR',
+    success_callback => '/auth/OIDC?code=response-code&state=login',
+    redirect_pattern => qr{oidc\.example\.org/oauth2/v2\.0/authorize_google},
+    pc => 'E8 1DY',
+    # Need to use a different report that's within Hackney
+    report => $report2,
+    report_email => $test_email2,
 }
 ) {
 
@@ -100,6 +145,7 @@ for my $state ( 'refused', 'no email', 'existing UID', 'okay' ) {
         next if $page eq 'update' && !$test->{update};
 
         subtest "test $test->{type} '$state' login for page '$page'" => sub {
+            my $test_report = $test->{report} || $report;
             # Lots of user changes happening here, make sure we don't confuse
             # Catalyst with a cookie session user that no longer exists
             $mech->log_out_ok;
@@ -115,9 +161,9 @@ for my $state ( 'refused', 'no email', 'existing UID', 'okay' ) {
                 $mech->delete_user($test->{email});
             }
             if ($page eq 'my' && $state eq 'existing UID') {
-                $report->update({ user_id => FixMyStreet::DB->resultset( 'User' )->find( { email => $test->{email} } )->id });
+                $test_report->update({ user_id => FixMyStreet::DB->resultset( 'User' )->find( { email => $test->{email} } )->id });
             } else {
-                $report->update({ user_id => FixMyStreet::DB->resultset( 'User' )->find( { email => $test_email } )->id });
+                $test_report->update({ user_id => FixMyStreet::DB->resultset( 'User' )->find( { email => ($report->{test_email} || $test_email) } )->id });
             }
 
             # Set up a mock to catch (most, see below) requests to the OAuth API
@@ -139,7 +185,7 @@ for my $state ( 'refused', 'no email', 'existing UID', 'okay' ) {
                 $mech->get_ok('/my');
             } elsif ($page eq 'report') {
                 $mech->get_ok('/');
-                $mech->submit_form_ok( { with_fields => { pc => 'SW1A1AA' } }, "submit location" );
+                $mech->submit_form_ok( { with_fields => { pc => $test->{pc} || 'SW1A1AA' } }, "submit location" );
                 $mech->follow_link_ok( { text_regex => qr/skip this step/i, }, "follow 'skip this step' link" );
                 $mech->submit_form(with_fields => {
                     category => 'Damaged bin',
@@ -150,7 +196,7 @@ for my $state ( 'refused', 'no email', 'existing UID', 'okay' ) {
                     bin_type => 'Salt bin',
                 };
             } else {
-                $mech->get_ok('/report/' . $report->id);
+                $mech->get_ok('/report/' . $test_report->id);
                 $fields = {
                     update => 'Test update',
                 };
@@ -243,17 +289,17 @@ for my $state ( 'refused', 'no email', 'existing UID', 'okay' ) {
                     }
                 }
                 if ($state eq 'existing UID') {
-                    my $report_id = $report->id;
-                    $mech->content_contains( $report->title );
+                    my $report_id = $test_report->id;
+                    $mech->content_contains( $test_report->title );
                     $mech->content_contains( "/report/$report_id" );
                 }
-                if ($test->{type} eq 'oidc') {
+                if ($test->{type} eq 'oidc' && $test->{password_change_pattern}) {
                     ok $mech->find_link( text => 'Change password', url_regex => $test->{password_change_pattern} );
                 }
             }
 
             $mech->get('/auth/sign_out');
-            if ($test->{type} eq 'oidc' && $state ne 'refused' && $state ne 'no email') {
+            if ($test->{type} eq 'oidc' && $test->{logout_redirect_pattern} && $state ne 'refused' && $state ne 'no email') {
                 # XXX the 'no email' situation is skipped because of some confusion
                 # with the hosts/sessions that I've not been able to get to the bottom of.
                 # The code does behave as expected when testing manually, however.
-- 
cgit v1.2.3


From 832dd8e367b9c83619981bf9828dea405d15ce02 Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Tue, 16 Jun 2020 16:23:03 +0100
Subject: Display contents of lists in report extra data in admin

---
 t/app/controller/admin/report_edit.t | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/report_edit.t b/t/app/controller/admin/report_edit.t
index 01f091412..f8101ab76 100644
--- a/t/app/controller/admin/report_edit.t
+++ b/t/app/controller/admin/report_edit.t
@@ -686,16 +686,28 @@ subtest "Test display of fields extra data" => sub {
     $mech->get_ok("/admin/report_edit/$report_id");
     $mech->content_contains('Extra data: No');
 
-    $report->push_extra_fields( {
-        name => 'report_url',
-        value => 'http://example.com',
-    });
+    $report->push_extra_fields(
+        {
+            name => 'report_url',
+            value => 'http://example.com',
+        },
+        {
+            name => 'sent_to',
+            value => [ 'onerecipient@example.org' ],
+        },
+        {
+            name => 'sent_too',
+            value => [ 'onemorerecipient@example.org', 'another@example.org' ],
+        },
+    );
     $report->update;
 
     $report->discard_changes;
 
     $mech->get_ok("/admin/report_edit/$report_id");
     $mech->content_contains('report_url</strong>: http://example.com');
+    $mech->content_contains('sent_to</strong>: onerecipient@example.org');
+    $mech->content_contains('sent_too</strong>: onemorerecipient@example.org, another@example.org');
 
     $report->set_extra_fields( {
         description => 'Report URL',
-- 
cgit v1.2.3


From f4b5a6263b1529003a42787b404952ab28aefeba Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Thu, 2 Jul 2020 17:13:50 +0100
Subject: [Hackney] Use cobrand feature config for email envelope domain

---
 t/app/controller/auth_social.t | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/auth_social.t b/t/app/controller/auth_social.t
index e56fcda98..1f6889dcc 100644
--- a/t/app/controller/auth_social.t
+++ b/t/app/controller/auth_social.t
@@ -118,7 +118,13 @@ for my $test (
                     token_uri => 'http://oidc.example.org/oauth2/v2.0/token_google',
                     allowed_domains => [ 'example.org' ],
                 }
-            }
+            },
+            do_not_reply_email => {
+                hackney => 'fms-hackney-DO-NOT-REPLY@hackney-example.com',
+            },
+            verp_email_domain => {
+                hackney => 'hackney-example.com',
+            },
         }
     },
     email => $mech->uniquify_email('oidc_google@example.org'),
-- 
cgit v1.2.3


From 9a12c0dac0b7677938f33f5abb639a296adff9c5 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Thu, 25 Jun 2020 16:23:33 +0100
Subject: Add option to check password on Have I Been Pwned.

If switched on, sends first five letters of the SHA1 hash of the entered
password to HIBP's API, which then returns all matching hashes in their
database of breached passwords. If we find a match, tell the user they
need to pick a different password.
---
 t/app/controller/auth.t | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/auth.t b/t/app/controller/auth.t
index 8b4b772fc..0326bbacd 100644
--- a/t/app/controller/auth.t
+++ b/t/app/controller/auth.t
@@ -288,6 +288,23 @@ subtest 'check common password AJAX call' => sub {
     $mech->content_contains("true");
 };
 
+subtest 'check hibp password call' => sub {
+    FixMyStreet::override_config {
+        CHECK_HAVEIBEENPWNED => 1,
+    }, sub {
+        my $lwp = Test::MockModule->new('LWP::Simple');
+        # Switch mock round from live site, so we know we're not testing live site by mistake
+        $lwp->mock(get => sub($) {
+            return '9958D0F0EE6744E7CCAFC84515FCFAD7B1B:10' if $_[0] =~ /6EF4D$/; # squirblewirble
+            return '';
+        });
+        $mech->post_ok('/auth/common_password', { password_register => 'p@ssword2' });
+        $mech->content_contains("true");
+        $mech->post_ok('/auth/common_password', { password_register => 'squirblewirble' });
+        $mech->content_contains("That password has appeared in a known");
+    };
+};
+
 subtest 'test forgotten password page' => sub {
     $mech->get_ok('/auth/forgot');
     $mech->content_contains('Forgot password');
-- 
cgit v1.2.3


From 9b7df4542b75f4463d0f3de0a8b68db32c2353a6 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Tue, 14 Jul 2020 14:51:43 +0100
Subject: [UK] Show message if site-wide update disallowed.

---
 t/app/controller/admin/bodies.t | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index 80ee22630..75db6f87c 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -413,4 +413,31 @@ subtest 'check log of the above' => sub {
     $mech->content_contains('Edited body <a href="/admin/body/' . $body->id . '">Aberdeen City Council</a>');
 };
 
+subtest 'check update disallowed message' => sub {
+    FixMyStreet::override_config {
+        MAPIT_URL => 'http://mapit.uk/',
+        ALLOWED_COBRANDS => 'bathnes',
+        COBRAND_FEATURES => { updates_allowed => { bathnes => 'open' } }
+    }, sub {
+        $mech->get_ok('/admin/body/' . $body->id .'/test%20category');
+        $mech->content_contains('even if this is unticked, only open reports can have updates left on them.');
+    };
+    FixMyStreet::override_config {
+        MAPIT_URL => 'http://mapit.uk/',
+        ALLOWED_COBRANDS => 'bathnes',
+        COBRAND_FEATURES => { updates_allowed => { bathnes => 'staff' } }
+    }, sub {
+        $mech->get_ok('/admin/body/' . $body->id .'/test%20category');
+        $mech->content_contains('even if this is unticked, only staff will be able to leave updates.');
+    };
+    FixMyStreet::override_config {
+        MAPIT_URL => 'http://mapit.uk/',
+        ALLOWED_COBRANDS => 'bathnes',
+        COBRAND_FEATURES => { updates_allowed => { bathnes => 'reporter' } }
+    }, sub {
+        $mech->get_ok('/admin/body/' . $body->id .'/test%20category');
+        $mech->content_contains('even if this is unticked, only the problem reporter will be able to leave updates');
+    };
+};
+
 done_testing();
-- 
cgit v1.2.3


From 67823bc788ce744e1228a8602b9a5aa805771ced Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Fri, 10 Jul 2020 14:38:17 +0100
Subject: Centralise update creation to include fields.

Given the user, we can infer the name if not provided, and the extra
data if a staff user. We can also provide defaults for various other
fields. Always have superuser take precedence over from_body.
---
 t/app/controller/admin/report_edit.t | 22 +++-------------------
 t/app/controller/admin/update_edit.t |  4 ++--
 t/app/controller/report_updates.t    |  6 +++---
 3 files changed, 8 insertions(+), 24 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/report_edit.t b/t/app/controller/admin/report_edit.t
index f8101ab76..e041154db 100644
--- a/t/app/controller/admin/report_edit.t
+++ b/t/app/controller/admin/report_edit.t
@@ -329,7 +329,6 @@ foreach my $test (
             closed_updates => undef,
         },
         expect_comment => 1,
-        user_body => $oxfordshire,
         changes   => { state => 'investigating' },
         log_entries => [
             qw/edit state_change edit edit resend edit state_change edit state_change edit state_change edit state_change edit state_change edit edit edit edit edit/
@@ -351,7 +350,6 @@ foreach my $test (
         },
         expect_comment => 1,
         expected_text => '*Category changed from ‘Other’ to ‘Potholes’*',
-        user_body => $oxfordshire,
         changes   => { state => 'in progress', category => 'Potholes' },
         log_entries => [
             qw/edit state_change category_change edit state_change edit edit resend edit state_change edit state_change edit state_change edit state_change edit state_change edit edit edit edit edit/
@@ -364,11 +362,6 @@ foreach my $test (
         $report->comments->delete;
         $log_entries->reset;
 
-        if ( $test->{user_body} ) {
-            $superuser->from_body( $test->{user_body}->id );
-            $superuser->update;
-        }
-
         $mech->get_ok("/admin/report_edit/$report_id");
 
         @{$test->{fields}}{'external_id', 'external_body', 'external_team', 'category'} = (13, "", "", "Other");
@@ -440,21 +433,12 @@ foreach my $test (
             } else {
                 is $comment->text, '', 'comment has no text';
             }
-            if ( $test->{user_body} ) {
-                ok $comment->get_extra_metadata('is_body_user'), 'body user metadata set';
-                ok !$comment->get_extra_metadata('is_superuser'), 'superuser metadata not set';
-                is $comment->name, $test->{user_body}->name, 'comment name is body name';
-            } else {
-                ok !$comment->get_extra_metadata('is_body_user'), 'body user metadata not set';
-                ok $comment->get_extra_metadata('is_superuser'), 'superuser metadata set';
-                is $comment->name, _('an administrator'), 'comment name is admin';
-            }
+            ok !$comment->get_extra_metadata('is_body_user'), 'body user metadata not set';
+            ok $comment->get_extra_metadata('is_superuser'), 'superuser metadata set';
+            is $comment->name, _('an administrator'), 'comment name is admin';
         } else {
             is $report->comments->count, 0, 'report has no comments';
         }
-
-        $superuser->from_body(undef);
-        $superuser->update;
     };
 }
 
diff --git a/t/app/controller/admin/update_edit.t b/t/app/controller/admin/update_edit.t
index 57c8973d4..8650e7771 100644
--- a/t/app/controller/admin/update_edit.t
+++ b/t/app/controller/admin/update_edit.t
@@ -81,7 +81,7 @@ for my $test (
         fields => {
             text => 'this is an update',
             state => 'confirmed',
-            name => '',
+            name => 'Test User',
             anonymous => 1,
             username => $update->user->email,
         },
@@ -96,7 +96,7 @@ for my $test (
         fields => {
             text => 'this is a changed update',
             state => 'confirmed',
-            name => '',
+            name => 'Test User',
             anonymous => 1,
             username => $update->user->email,
         },
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index e97b04f12..3198cf70c 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -1096,10 +1096,10 @@ subtest $test->{desc} => sub {
     unlike $update_meta->[1], qr/Commenter/, 'commenter name not included';
     like $update_meta->[0], qr/investigating/i, 'update meta includes state change';
 
-    if ($test->{body} || $test->{bodyuser}) {
-        like $update_meta->[1], qr/Westminster/, 'body user update uses body name';
-    } elsif ($test->{superuser}) {
+    if ($test->{superuser}) {
         like $update_meta->[1], qr/an administrator/, 'superuser update says an administrator';
+    } elsif ($test->{body} || $test->{bodyuser}) {
+        like $update_meta->[1], qr/Westminster/, 'body user update uses body name';
     }
 
     ok $user->user_body_permissions->create({
-- 
cgit v1.2.3


From 88c607fa378951491c7ec0f3384bc8f27fbca467 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 15 Jul 2020 16:02:21 +0100
Subject: Fix lookups in templates of categories with &s.

A hash lookup in a template is escaping the key used, meaning the lookup
is failing anywhere we are using a category containing an ampersand as a
key. A continuation of the changes made in 527d763b.
---
 t/app/controller/around.t         |  4 ++--
 t/app/controller/report_inspect.t | 23 ++++++++++++-----------
 2 files changed, 14 insertions(+), 13 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/around.t b/t/app/controller/around.t
index 784801517..e35406bb6 100644
--- a/t/app/controller/around.t
+++ b/t/app/controller/around.t
@@ -217,8 +217,8 @@ for my $permission ( qw/ report_inspect report_mark_private/ ) {
 
 subtest 'check assigned-only list items do not display shortlist buttons' => sub {
     my $body = FixMyStreet::DB->resultset('Body')->find( $body_edin_id );
-    my $contact = $mech->create_contact_ok( category => 'Horses', body_id => $body->id, email => "horses\@example.org" );
-    $edinburgh_problems[4]->update({ category => 'Horses' });
+    my $contact = $mech->create_contact_ok( category => 'Horses & Ponies', body_id => $body->id, email => "horses\@example.org" );
+    $edinburgh_problems[4]->update({ category => 'Horses & Ponies' });
 
     my $user = $mech->log_in_ok( 'test@example.com' );
     $user->set_extra_metadata(assigned_categories_only => 1);
diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index 2852f8d18..de9d689cd 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -7,7 +7,7 @@ my $brum = $mech->create_body_ok(2514, 'Birmingham City Council');
 my $oxon = $mech->create_body_ok(2237, 'Oxfordshire County Council', { can_be_devolved => 1 } );
 my $contact = $mech->create_contact_ok( body_id => $oxon->id, category => 'Cows', email => 'cows@example.net' );
 my $contact2 = $mech->create_contact_ok( body_id => $oxon->id, category => 'Sheep', email => 'SHEEP', send_method => 'Open311' );
-my $contact3 = $mech->create_contact_ok( body_id => $oxon->id, category => 'Badgers', email => 'badgers@example.net' );
+my $contact3 = $mech->create_contact_ok( body_id => $oxon->id, category => 'Badgers & Voles', email => 'badgers@example.net' );
 my $rp = FixMyStreet::DB->resultset("ResponsePriority")->create({
     body => $oxon,
     name => 'High Priority',
@@ -683,19 +683,20 @@ FixMyStreet::override_config {
 
 FixMyStreet::override_config {
     MAPIT_URL => 'http://mapit.uk/',
-    ALLOWED_COBRANDS => 'fixmystreet',
+    ALLOWED_COBRANDS => 'oxfordshire',
 }, sub {
     subtest "test category not updated if fail to include public update" => sub {
         $mech->get_ok("/report/$report_id");
-        $mech->submit_form(button => 'save', with_fields => { category => 'Badgers' });
+        $mech->submit_form(button => 'save', with_fields => { category => 'Badgers & Voles' });
 
         $report->discard_changes;
         is $report->category, "Cows", "Report in correct category";
-        $mech->content_contains('Badgers" selected', 'Changed category still selected');
+        $mech->content_contains('Badgers &amp; Voles" selected', 'Changed category still selected');
     };
 
     subtest "test invalid form maintains Category and priority" => sub {
         $mech->get_ok("/report/$report_id");
+        $mech->content_like(qr/data-priorities='[^']*?Low Priority/);
         my $expected_fields = {
           state => 'action scheduled',
           category => 'Cows',
@@ -709,9 +710,9 @@ FixMyStreet::override_config {
         my $values = $mech->visible_form_values('report_inspect_form');
         is_deeply $values, $expected_fields, 'correct form fields present';
 
-        $mech->submit_form(button => 'save', with_fields => { category => 'Badgers', priority => $rp2->id });
+        $mech->submit_form(button => 'save', with_fields => { category => 'Badgers & Voles', priority => $rp2->id });
 
-        $expected_fields->{category} = 'Badgers';
+        $expected_fields->{category} = 'Badgers & Voles';
         $expected_fields->{priority} = $rp2->id;
 
         my $new_values = $mech->visible_form_values('report_inspect_form');
@@ -724,15 +725,15 @@ FixMyStreet::override_config {
         $mech->submit_form(
             button => 'save',
             with_fields => {
-                category => 'Badgers',
+                category => 'Badgers & Voles',
                 include_update => 1,
                 public_update => 'This is a public update',
         });
 
         $report->discard_changes;
-        is $report->category, "Badgers", "Report in correct category";
+        is $report->category, "Badgers & Voles", "Report in correct category";
         is $report->comments->count, 1, "Only leaves one update";
-        like $report->comments->first->text, qr/Category changed.*Badgers/, 'update text included category change';
+        like $report->comments->first->text, qr/Category changed.*Badgers & Voles/, 'update text included category change';
     };
 
     subtest "test non-public changing" => sub {
@@ -779,10 +780,10 @@ FixMyStreet::override_config {
     });
     subtest "test report not resent when category changes if send_method doesn't change" => sub {
         $mech->get_ok("/report/$report3_id");
-        $mech->submit_form(button => 'save', with_fields => { category => 'Badgers', include_update => undef, });
+        $mech->submit_form(button => 'save', with_fields => { category => 'Badgers & Voles', include_update => undef, });
 
         $report3->discard_changes;
-        is $report3->category, "Badgers", "Report in correct category";
+        is $report3->category, "Badgers & Voles", "Report in correct category";
         isnt $report3->whensent, undef, "Report not marked as unsent";
         is $report3->bodies_str, $oxon->id, "Reported to OCC";
     };
-- 
cgit v1.2.3


From 90afa8d790808979d1b1fd9c327e0139013b3b90 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 15 Jul 2020 15:17:13 +0100
Subject: Select matches for both filter category and group.

If both are specified, we want to treat it as an AND, not an OR.
---
 t/app/controller/around.t | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/around.t b/t/app/controller/around.t
index e35406bb6..ba5f8c48a 100644
--- a/t/app/controller/around.t
+++ b/t/app/controller/around.t
@@ -250,7 +250,10 @@ subtest 'check category, status and extra filtering works on /around' => sub {
     # Create one open and one fixed report in each category
     foreach my $category ( @$categories ) {
         my $contact = $mech->create_contact_ok( category => $category, body_id => $body->id, email => "$category\@example.org" );
-        if ($category ne 'Pothole') {
+        if ($category eq 'Vegetation') {
+            $contact->set_extra_metadata(group => ['Environment', 'Green']);
+            $contact->update;
+        } elsif ($category eq 'Flytipping') {
             $contact->set_extra_metadata(group => ['Environment']);
             $contact->update;
         }
@@ -281,6 +284,9 @@ subtest 'check category, status and extra filtering works on /around' => sub {
 
         $mech->get_ok( '/around?filter_group=Environment&bbox=' . $bbox );
         $mech->content_contains('<option value="Flytipping" selected>');
+
+        $mech->get_ok( '/around?filter_group=Environment&filter_category=Vegetation&bbox=' . $bbox );
+        $mech->content_like(qr/<optgroup label="Environment">.*?<option value="Vegetation" selected>.*?<optgroup label="Green">.*?<option value="Vegetation">/s);
     };
 
     $json = $mech->get_ok_json( '/around?ajax=1&filter_category=Pothole&bbox=' . $bbox );
-- 
cgit v1.2.3


From 60af4a782721257e2647cc37cff8234779361e43 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Thu, 16 Jul 2020 16:49:05 +0100
Subject: Spot user set on update not at object creation.

The changes in 67823bc78 create the necessary metadata at the creation
of a Comment object, but if the user is not included at that point but
later (as is done by the normal public update flow), then it would not
be created. Wrap the user accessor so we can make sure it is set.
---
 t/app/controller/report_updates.t | 1 +
 1 file changed, 1 insertion(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 3198cf70c..0b60ac02b 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -907,6 +907,7 @@ subtest "check comment with no status change has not status in meta" => sub {
 
         is $report->state, 'investigating', 'correct report state';
         is $update->problem_state, 'investigating', 'correct update state';
+        is $update->get_extra_metadata('is_body_user'), $body->id, 'correct metadata';
         $update_meta = $mech->extract_update_metas;
         like $update_meta->[0], qr/fixed/i, 'first update meta says fixed';
         unlike $update_meta->[2], qr/State changed to/, 'second update meta does not include state change';
-- 
cgit v1.2.3


From 5cff522976b840167b0ed7a1226c16b272238d06 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Mon, 20 Jul 2020 11:11:55 +0100
Subject: [Hounslow] skip disabled contacts in enquiry form

This is largely to resolve an issue with the TfL other category
appearing in the contact form even though it is disabled, and hence has
no contact details.
---
 t/app/controller/contact_enquiry.t | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/contact_enquiry.t b/t/app/controller/contact_enquiry.t
index af249ec6c..feb2a0545 100644
--- a/t/app/controller/contact_enquiry.t
+++ b/t/app/controller/contact_enquiry.t
@@ -40,9 +40,18 @@ my $contact4 = $mech->create_contact_ok(
     category => 'Carriageway Defect',
     email => 'potholes@example.com',
 );
+my $contact5 = $mech->create_contact_ok(
+    body_id => $body->id,
+    category => 'Other (disabled)',
+    email => 'other@example.com',
+);
 $contact->update( { extra => { group => 'General Enquiries' } } );
 $contact2->update( { extra => { group => 'General Enquiries' } } );
 $contact3->update( { extra => { group => 'Other' } } );
+$contact5->update( { extra => { group => 'Other' } } );
+
+$contact5->push_extra_fields({ code => '_fms_disable_', 'disable_form' => 'true', description => 'form_disabled' });
+$contact5->update;
 
 FixMyStreet::override_config { ALLOWED_COBRANDS => ['bromley'], }, sub {
     subtest 'redirected to / if general enquiries not enabled' => sub {
@@ -60,6 +69,7 @@ FixMyStreet::override_config {
     subtest 'Non-general enquiries category not shown' => sub {
         $mech->get_ok( '/contact/enquiry' );
         $mech->content_lacks('Carriageway Defect');
+        $mech->content_lacks('Other (disabled)');
         $mech->content_contains('FOI Request');
     };
 
-- 
cgit v1.2.3


From 2e761c6825d76944fd579c98cd0a222d420ea02d Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Fri, 31 Jul 2020 10:56:12 +0100
Subject: Lowercase contact email when looking for user.

---
 t/app/controller/contact.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/contact.t b/t/app/controller/contact.t
index d6e56e7cc..01e8b0886 100644
--- a/t/app/controller/contact.t
+++ b/t/app/controller/contact.t
@@ -382,7 +382,7 @@ for my $test (
 
         $mech->clear_emails_ok;
         $mech->get_ok('/contact');
-        $test->{fields}{em} = $user->email;
+        $test->{fields}{em} = ucfirst $user->email; # Check case
         $mech->submit_form_ok( { with_fields => $test->{fields} } );
 
         my $email = $mech->get_email;
-- 
cgit v1.2.3


From 994093c4675393bca6b84747e87a63e10cb063d9 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Tue, 4 Aug 2020 15:05:55 +0100
Subject: Do not error in export if report has bad category.

If category groups are enabled, the CSV export includes a subcategory,
but it was only fetching a valid groups value if the row's contact was
found.
---
 t/app/controller/dashboard.t | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t
index 0f07bcae0..526b1a4c3 100644
--- a/t/app/controller/dashboard.t
+++ b/t/app/controller/dashboard.t
@@ -83,6 +83,7 @@ my $categories = scraper {
 
 FixMyStreet::override_config {
     ALLOWED_COBRANDS => 'no2fa',
+    COBRAND_FEATURES => { category_groups => { no2fa => 1 } },
     MAPIT_URL => 'http://mapit.uk/',
 }, sub {
 
@@ -174,13 +175,14 @@ FixMyStreet::override_config {
     subtest 'export as csv' => sub {
         $mech->create_problems_for_body(1, $body->id, 'Title', {
             detail => "this report\nis split across\nseveral lines",
+            category => 'Problem one',
             areas => ",$alt_area_id,2651,",
         });
         $mech->get_ok('/dashboard?export=1');
         my @rows = $mech->content_as_csv;
         is scalar @rows, 19, '1 (header) + 18 (reports) = 19 lines';
 
-        is scalar @{$rows[0]}, 20, '20 columns present';
+        is scalar @{$rows[0]}, 21, '21 columns present';
 
         is_deeply $rows[0],
             [
@@ -189,6 +191,7 @@ FixMyStreet::override_config {
                 'Detail',
                 'User Name',
                 'Category',
+                'Subcategory',
                 'Created',
                 'Confirmed',
                 'Acknowledged',
@@ -207,9 +210,9 @@ FixMyStreet::override_config {
             ],
             'Column headers look correct';
 
-        is $rows[5]->[14], 'Trowbridge', 'Ward column is name not ID';
-        is $rows[5]->[15], '529025', 'Correct Easting conversion';
-        is $rows[5]->[16], '179716', 'Correct Northing conversion';
+        is $rows[5]->[15], 'Trowbridge', 'Ward column is name not ID';
+        is $rows[5]->[16], '529025', 'Correct Easting conversion';
+        is $rows[5]->[17], '179716', 'Correct Northing conversion';
     };
 
     subtest 'export updates as csv' => sub {
-- 
cgit v1.2.3


From ed0002b0d76560cc3d5b1e62f8395bbfae74403c Mon Sep 17 00:00:00 2001
From: Chris Mytton <chrism@mysociety.org>
Date: Wed, 8 Apr 2020 14:39:19 +0100
Subject: Add photo upload field to inspector form

This adds the code for photo uploads from the regular update form to the
inspector form, and adds details to the documentation.
---
 t/app/controller/report_inspect.t | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index de9d689cd..48dceaf04 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -1,5 +1,6 @@
 use FixMyStreet::TestMech;
 use Test::MockModule;
+use Path::Class;
 
 my $mech = FixMyStreet::TestMech->new;
 
@@ -42,6 +43,9 @@ my $user = $mech->log_in_ok('body@example.com');
 $user->set_extra_metadata('categories', [ $contact->id ]);
 $user->update( { from_body => $oxon } );
 
+my $sample_file = file(__FILE__)->parent->file("sample.jpg")->stringify;
+ok -e $sample_file, "sample file $sample_file exists";
+
 FixMyStreet::override_config {
     MAPIT_URL => 'http://mapit.uk/',
     ALLOWED_COBRANDS => 'fixmystreet',
@@ -589,7 +593,27 @@ FixMyStreet::override_config {
         $mech->get_ok("/report/$report_id");
         $mech->content_contains('Nearest calculated address', 'Address displayed');
         $mech->content_contains('Constitution Hill, London, SW1A', 'Correct address displayed');
-    }
+    };
+
+    subtest "test upload photo with public updates" => sub {
+        $user->user_body_permissions->delete;
+        $user->user_body_permissions->create({ body => $oxon, permission_type => 'report_inspect' });
+
+        $report->state('confirmed');
+        $report->update;
+        $mech->get_ok("/report/$report_id");
+        $mech->submit_form_ok({ button => 'save', with_fields => {
+            public_update => "This is a public update.", include_update => "1",
+            state => 'action scheduled',
+            photo1 => [ [ $sample_file, undef, Content_Type => 'image/jpeg' ], 1 ],
+        } });
+        $report->discard_changes;
+        my $comment = $report->comments(undef, { rows => 1, order_by => { -desc => "id" }})->first;
+        is $comment->photo, '74e3362283b6ef0c48686fb0e161da4043bbcc97.jpeg', 'photo added to comment';
+        $mech->get_ok("/report/$report_id");
+        $mech->content_contains("/photo/c/" . $comment->id . ".0.jpeg");
+    };
+
 };
 
 foreach my $test (
@@ -705,7 +729,10 @@ FixMyStreet::override_config {
           priority => $rp->id,
           include_update => '1',
           detailed_information => 'XXX164XXXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
-          traffic_information => ''
+          traffic_information => '',
+          photo1 => '',
+          photo2 => '',
+          photo3 => '',
         };
         my $values = $mech->visible_form_values('report_inspect_form');
         is_deeply $values, $expected_fields, 'correct form fields present';
-- 
cgit v1.2.3


From 7af4f2cc87cd6ff55501bb2856193a03fe72158c Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Wed, 5 Aug 2020 15:56:10 +0100
Subject: Add database index for user full text search.

---
 t/app/controller/admin/users.t | 2 --
 1 file changed, 2 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index bc8d28e2d..a3bd4a784 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -84,8 +84,6 @@ subtest 'user search' => sub {
         permissions => ['moderate', 'user_edit'],
     });
     $user->add_to_roles($role);
-    $mech->get_ok('/admin/users?search=' . $haringey->id );
-    $mech->content_contains('test@example.com');
     $mech->get_ok('/admin/users?role=' . $role->id);
     $mech->content_contains('selected>Role A');
     $mech->content_contains('test@example.com');
-- 
cgit v1.2.3


From e461de75b26e74c0d8c154a1a17d6019c2be30dd Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Fri, 7 Aug 2020 20:02:17 +0100
Subject: Offline process for CSV generation.

Include a status page, the option for access token requests to use this
system, and a script for manual generation.
---
 t/app/controller/dashboard.t | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/dashboard.t b/t/app/controller/dashboard.t
index 526b1a4c3..fd491b540 100644
--- a/t/app/controller/dashboard.t
+++ b/t/app/controller/dashboard.t
@@ -20,6 +20,8 @@ use strict;
 use warnings;
 
 use FixMyStreet::TestMech;
+use File::Temp 'tempdir';
+use Path::Tiny;
 use Web::Scraper;
 
 set_absolute_time('2014-02-01T12:00:00');
@@ -81,10 +83,15 @@ my $categories = scraper {
     },
 };
 
+my $UPLOAD_DIR = tempdir( CLEANUP => 1 );
+
 FixMyStreet::override_config {
     ALLOWED_COBRANDS => 'no2fa',
     COBRAND_FEATURES => { category_groups => { no2fa => 1 } },
     MAPIT_URL => 'http://mapit.uk/',
+    PHOTO_STORAGE_OPTIONS => {
+        UPLOAD_DIR => $UPLOAD_DIR,
+    },
 }, sub {
 
     subtest 'not logged in, redirected to login' => sub {
@@ -252,7 +259,37 @@ FixMyStreet::override_config {
         like $mech->res->header('Content-type'), qr'text/csv';
         $mech->content_contains('Report ID');
         $mech->delete_header('Authorization');
+
+        my $token = 'access_token=' . $counciluser->id . '-1234567890abcdefgh';
+        $mech->get_ok("/dashboard?export=2&$token");
+        is $mech->res->code, 202;
+        my $loc = $mech->res->header('Location');
+        like $loc, qr{/dashboard/csv/.*\.csv$};
+        $mech->get_ok("$loc?$token");
+        like $mech->res->header('Content-type'), qr'text/csv';
+        $mech->content_contains('Report ID');
     };
+
+    subtest 'view status page' => sub {
+        # Simulate a partly done file
+        my $f = Path::Tiny->tempfile(SUFFIX => '.csv-part', DIR => path($UPLOAD_DIR, 'dashboard_csv', $counciluser->id));
+        (my $name = $f->basename) =~ s/-part$//;;
+
+        my $token = 'access_token=' . $counciluser->id . '-1234567890abcdefgh';
+        $mech->get_ok("/dashboard/csv/$name?$token");
+        is $mech->res->code, 202;
+
+        $mech->log_in_ok( $counciluser->email );
+        $mech->get_ok('/dashboard/status');
+        $mech->content_contains('/dashboard/csv/www.example.org-body-' . $body->id . '-start_date-2014-01-02.csv');
+        $mech->content_like(qr/$name\s*<br>0KB\s*<i>In progress/);
+
+        $f->remove;
+        $mech->get_ok('/dashboard/status');
+        $mech->content_contains('/dashboard/csv/www.example.org-body-' . $body->id . '-start_date-2014-01-02.csv');
+        $mech->content_lacks('In progress');
+        $mech->content_lacks('setTimeout');
+    }
 };
 
 FixMyStreet::override_config {
-- 
cgit v1.2.3


From e268e2b893aaf8a99e457c085e9c77d140b77233 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 13 Aug 2020 21:15:08 +0100
Subject: Allow one more zoom level on most map types.

Not on StreetView/OpenMap Local based, which are not available.
---
 t/app/controller/around.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/around.t b/t/app/controller/around.t
index ba5f8c48a..29752ab02 100644
--- a/t/app/controller/around.t
+++ b/t/app/controller/around.t
@@ -413,7 +413,7 @@ subtest 'check map zoom level customisation' => sub {
         MAP_TYPE => 'OSM',
     }, sub {
         $mech->get('/around?latitude=51.754926&longitude=-1.256179');
-        $mech->content_contains('data-numZoomLevels=6');
+        $mech->content_contains('data-numZoomLevels=7');
         $mech->content_contains('data-zoomOffset=13');
     };
 
-- 
cgit v1.2.3


From 5430338004cc7169cec02ec83bf2e82683c8d907 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Fri, 21 Aug 2020 12:22:50 +0100
Subject: [UK] hide change asset button if category drop downs hidden

The change asset button code relies on the category drop downs being visible
which requires either the change report category or inspect report
permissions. Hide the button if these are not present and only fire the
update button code if it's present.

Fixes mysociety/fixmystreet-commercial#1961
---
 t/app/controller/report_inspect.t | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index 48dceaf04..96325760c 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -56,12 +56,14 @@ FixMyStreet::override_config {
         $mech->content_lacks('Private');
         $mech->content_lacks('Priority');
         $mech->content_lacks('Traffic management');
+        $mech->content_lacks('Change asset');
         $mech->content_lacks('/admin/report_edit/'.$report_id.'">admin</a>)');
 
         $user->user_body_permissions->create({ body => $oxon, permission_type => 'report_mark_private' });
         $mech->get_ok("/report/$report_id");
         $mech->content_contains('Private');
         $mech->content_contains('Save changes');
+        $mech->content_lacks('Change asset');
         $mech->content_lacks('Priority');
         $mech->content_lacks('Traffic management');
         $mech->content_lacks('/admin/report_edit/'.$report_id.'">admin</a>)');
@@ -71,6 +73,7 @@ FixMyStreet::override_config {
         $mech->content_contains('Private');
         $mech->content_contains('Save changes');
         $mech->content_contains('Priority');
+        $mech->content_lacks('Change asset');
         $mech->content_lacks('Traffic management');
         $mech->content_lacks('/admin/report_edit/'.$report_id.'">admin</a>)');
 
@@ -80,6 +83,7 @@ FixMyStreet::override_config {
         $mech->content_contains('Private');
         $mech->content_contains('Priority');
         $mech->content_contains('Traffic management');
+        $mech->content_contains('Change asset');
         $mech->content_lacks('/admin/report_edit/'.$report_id.'">admin</a>)');
     };
 
-- 
cgit v1.2.3


From f784713cbebb8e9026544ab969a5a3404f736429 Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Tue, 25 Aug 2020 17:04:01 +0100
Subject: =?UTF-8?q?Don=E2=80=99t=20display=20duplicate=20categories=20in?=
 =?UTF-8?q?=20filter=20on=20/around=20and=20/my?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 t/app/controller/around.t | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/around.t b/t/app/controller/around.t
index 29752ab02..3f5d31c02 100644
--- a/t/app/controller/around.t
+++ b/t/app/controller/around.t
@@ -309,6 +309,37 @@ subtest 'check category, status and extra filtering works on /around' => sub {
     is scalar @$pins, 1, 'correct number of external_body reports';
 };
 
+subtest 'check categories with same name are only shown once in filters' => sub {
+    my $params = {
+        postcode  => 'OX20 1SZ',
+        latitude  => 51.754926,
+        longitude => -1.256179,
+    };
+    my $bbox = ($params->{longitude} - 0.01) . ',' .  ($params->{latitude} - 0.01)
+                . ',' . ($params->{longitude} + 0.01) . ',' .  ($params->{latitude} + 0.01);
+
+    my $district = $mech->create_body_ok(2421, "Oxford City");
+    # Identically-named categories should be combined even if their extra metadata is different
+    my $contact2 = $mech->create_contact_ok( category => "Pothole", body_id => $district->id, email => 'pothole@district-example.org' );
+    $contact2->set_extra_metadata(some_extra_field => "dummy");
+    $contact2->update;
+    # And categories with the same display name should be combined too
+    my $contact3 = $mech->create_contact_ok( category => "Pothole (alternative)", body_id => $district->id, email => 'pothole-alternative@district-example.org' );
+    $contact3->set_extra_metadata(display_name => "Pothole");
+    $contact3->update;
+
+    FixMyStreet::override_config {
+        ALLOWED_COBRANDS => 'fixmystreet',
+        MAPIT_URL => 'http://mapit.uk/',
+        COBRAND_FEATURES => { category_groups => { fixmystreet => 1 } },
+    }, sub {
+        $mech->get_ok( '/around?bbox=' . $bbox );
+        $mech->content_contains('<option value="Pothole">');
+        $mech->content_unlike(qr{Pothole</option>.*<option value="Pothole">\s*Pothole</option>}s, "Pothole category only appears once");
+        $mech->content_lacks('<option value="Pothole (alternative)">');
+    };
+};
+
 subtest 'check old problems not shown by default on around page' => sub {
     my $params = {
         postcode  => 'OX20 1SZ',
-- 
cgit v1.2.3


From 1a3e36a5efcff2d0247729883e5edd0425216292 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Fri, 11 Sep 2020 17:27:19 +0100
Subject: do not use an invalid update state in a test

It's not possible to every have a comment where mark_fixed is true and
the problem_state is 'fixed - council' so update the test accordingly.
---
 t/app/controller/report_updates.t | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 0b60ac02b..92cbed861 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -844,8 +844,9 @@ subtest "check comment with no status change has not status in meta" => sub {
         $user->from_body( undef );
         $user->update;
 
+        $report->update( { state => 'fixed - user' } );
         my $comment = $report->comments->first;
-        $comment->update( { mark_fixed => 1, problem_state => 'fixed - council' } );
+        $comment->update( { mark_fixed => 1, problem_state => 'fixed - user' } );
 
         $mech->get_ok("/report/$report_id");
 
@@ -871,8 +872,8 @@ subtest "check comment with no status change has not status in meta" => sub {
 
         my $update = pop @updates;
 
-        is $report->state, 'fixed - council', 'correct report state';
-        is $update->problem_state, 'fixed - council', 'correct update state';
+        is $report->state, 'fixed - user', 'correct report state';
+        is $update->problem_state, 'fixed - user', 'correct update state';
         my $update_meta = $mech->extract_update_metas;
         unlike $update_meta->[1], qr/State changed to/, 'update meta does not include state change';
 
-- 
cgit v1.2.3


From 6aece0d14bf772aff62152e2572326be964bf161 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Fri, 18 Sep 2020 16:54:56 +0100
Subject: fix using multiple disable messages on category questions

Provide a stopper per disable message, rather than per question.
Previously there was one stopper per dropdown so only the last message
encountered was used.
---
 t/app/controller/report_new_open311.t | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_new_open311.t b/t/app/controller/report_new_open311.t
index 08435fb2b..7cd6dca09 100644
--- a/t/app/controller/report_new_open311.t
+++ b/t/app/controller/report_new_open311.t
@@ -394,6 +394,14 @@ subtest "Category extras includes form disabling string" => sub {
         $contact4->push_extra_fields({ datatype_description => 'Please please ring', description => 'Is it dangerous?', code => 'dangerous',
             variable => 'true', order => '0', values => [ { name => 'Yes', key => 'yes', disable => 1 }, { name => 'No', key => 'no' } ]
         });
+        $contact4->push_extra_fields({ datatype_description => 'Please ring different numbers', description => 'What sort of dangerous?', code => 'danger_type',
+            variable => 'true', order => '0', values => [
+                { name => 'slightly', key => 'slightly', disable => 1, disable_message => 'Ring the slightly number'  },
+                { name => 'very', key => 'very', disable => 1, disable_message => 'Ring the very number'  },
+                { name => 'extremely', key => 'extremely', disable => 1, disable_message => 'Ring the very number'  },
+                { name => 'No', key => 'no' }
+            ]
+        });
         $contact4->update;
         for (
           { url => '/report/new/ajax?' },
@@ -401,6 +409,7 @@ subtest "Category extras includes form disabling string" => sub {
         ) {
             my $json = $mech->get_ok_json($_->{url} . '&latitude=55.952055&longitude=-3.189579');
             my $output = $json->{by_category} ? $json->{by_category}{Pothole}{disable_form} : $json->{disable_form};
+            $output->{questions} = [ sort { $a->{message} cmp $b->{message} } @{ $output->{questions} } ];
             is_deeply $output, {
                 all => 'Please ring us!',
                 questions => [
@@ -409,6 +418,16 @@ subtest "Category extras includes form disabling string" => sub {
                         code => 'dangerous',
                         answers => [ 'yes' ],
                     },
+                    {
+                        message => 'Ring the slightly number',
+                        code => 'danger_type',
+                        answers => [ 'slightly' ],
+                    },
+                    {
+                        message => 'Ring the very number',
+                        code => 'danger_type',
+                        answers => [ 'very', 'extremely' ],
+                    },
                 ],
             };
         }
-- 
cgit v1.2.3


From ba1179d0378a35809f4eb2df0ceb3e189c4bd1bc Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Fri, 18 Sep 2020 20:11:31 +0100
Subject: Show username error in correct place only.

---
 t/app/controller/report_new_errors.t  | 20 ++++++++++++++++++++
 t/app/controller/report_new_open311.t |  4 ++--
 t/app/controller/report_updates.t     | 19 +++++++++++++++++--
 3 files changed, 39 insertions(+), 4 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_new_errors.t b/t/app/controller/report_new_errors.t
index f45f13c1e..c82a5fa13 100644
--- a/t/app/controller/report_new_errors.t
+++ b/t/app/controller/report_new_errors.t
@@ -695,6 +695,26 @@ subtest "test password errors for a user who is signing in as they report" => su
         $mech->follow_link_ok( { text_regex => qr/skip this step/i, },
             "follow 'skip this step' link" );
 
+        $mech->submit_form_ok(
+            {
+                button      => 'submit_sign_in',
+                with_fields => {
+                    title         => 'Test Report',
+                    detail        => 'Test report details.',
+                    photo1        => '',
+                    username      => 'test-2',
+                    password_sign_in => 'secret1',
+                    category      => 'Street lighting',
+                }
+            },
+            "submit with wrong password"
+        );
+
+        is_deeply $mech->page_errors, [
+            "Please enter a valid email",
+            "There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the \x{2018}No\x{2019} section of the form.",
+        ], "check there were errors";
+
         $mech->submit_form_ok(
             {
                 button      => 'submit_sign_in',
diff --git a/t/app/controller/report_new_open311.t b/t/app/controller/report_new_open311.t
index 7cd6dca09..9a8063a84 100644
--- a/t/app/controller/report_new_open311.t
+++ b/t/app/controller/report_new_open311.t
@@ -130,8 +130,8 @@ foreach my $test (
             'This information is required',
             'Please enter a subject',
             'Please enter some details',
-            'Please enter your email',
             'Please enter your name',
+            'Please enter your email',
         ],
         submit_with => {
             title => 'test',
@@ -170,8 +170,8 @@ foreach my $test (
             'This information is required',
             'Please enter a subject',
             'Please enter some details',
-            'Please enter your email',
             'Please enter your name',
+            'Please enter your email',
         ],
         submit_with => {
             title => 'test',
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 92cbed861..7ae5ed7b2 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -285,7 +285,7 @@ for my $test (
             password_sign_in => '',
         },
         changes => {},
-        field_errors => [ 'Please enter a message', 'Please enter your email', 'Please enter your name' ]
+        field_errors => [ 'Please enter a message', 'Please enter your name', 'Please enter your email' ]
     },
     {
         desc => 'Invalid email, no message',
@@ -303,7 +303,7 @@ for my $test (
             password_register => '',
         },
         changes => {},
-        field_errors => [ 'Please enter a message', 'Please enter a valid email', 'Please enter your name' ]
+        field_errors => [ 'Please enter a message', 'Please enter your name', 'Please enter a valid email' ]
     },
     {
         desc => 'email with spaces, no message',
@@ -1222,6 +1222,21 @@ $report->update;
 $report->comments->delete;
 
 for my $test (
+    {
+        desc => 'submit an update with bad email and password',
+        form_values => {
+            submit_update => 1,
+            username => 'registered@',
+            update        => 'Update from a user',
+            add_alert     => undef,
+            password_sign_in => 'secret',
+        },
+        field_errors => [
+            'Please enter a valid email',
+            "There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the \x{2018}No\x{2019} section of the form.",
+            'Please enter your name', # FIXME Not really necessary error
+        ],
+    },
     {
         desc => 'submit an update for a registered user, signing in with wrong password',
         form_values => {
-- 
cgit v1.2.3


From 85a6b7df9bd0b1711637b39d5a63ed6434686b33 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Mon, 21 Sep 2020 09:10:58 +0100
Subject: If text auth on, ask which method they wish to use

---
 t/app/controller/report_new_text.t | 49 ++++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 13 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_new_text.t b/t/app/controller/report_new_text.t
index 852cdac76..9256a00de 100644
--- a/t/app/controller/report_new_text.t
+++ b/t/app/controller/report_new_text.t
@@ -15,17 +15,43 @@ $mech->create_contact_ok( body_id => $body->id, category => 'Street lighting', e
 $mech->create_contact_ok( body_id => $body->id, category => 'Trees', email => 'trees@example.com' );
 
 # test that phone number validation works okay
+my %defaults = (
+    title => 'Title', detail => 'Detail', name => 'Bob Jones',
+    category => 'Street lighting', may_show_name => 1,
+    photo1 => '', photo2 => '', photo3 => '',
+    password_register => '', password_sign_in => '',
+);
 foreach my $test (
+    {
+        msg => 'missing update method',
+        pc => 'EH1 1BB',
+        fields => {
+            update_method => undef, phone => '', email => '',
+            %defaults,
+        },
+        changes => {
+            username => '',
+        },
+        errors => [ 'Please enter your email', 'Please pick your update preference' ],
+    },
+    {
+        msg => 'email method',
+        pc => 'EH1 1BB',
+        fields => {
+            update_method => 'email', phone => '', email => 'bademail',
+            %defaults,
+        },
+        changes => {
+            username => 'bademail',
+        },
+        errors => [ 'Please enter a valid email' ],
+    },
     {
         msg => 'invalid number',
         pc => 'EH1 1BB',
         fields => {
-            username => '0121 4960000000', email => '', phone => '',
-            title => 'Title', detail => 'Detail', name => 'Bob Jones',
-            category => 'Street lighting',
-            may_show_name => '1',
-            photo1 => '', photo2 => '', photo3 => '',
-            password_register => '', password_sign_in => '',
+            update_method => 'phone', phone => '0121 4960000000', email => '',
+            %defaults,
         },
         changes => {
             username => '01214960000000',
@@ -37,12 +63,8 @@ foreach my $test (
         msg => 'landline number',
         pc => 'EH1 1BB',
         fields => {
-            username => '0121 4960000', email => '', phone => '',
-            title => 'Title', detail => 'Detail', name => 'Bob Jones',
-            category => 'Street lighting',
-            may_show_name => '1',
-            photo1 => '', photo2 => '', photo3 => '',
-            password_register => '', password_sign_in => '',
+            update_method => 'phone', phone => '0121 4960000', email => '',
+            %defaults,
         },
         changes => {
             username => '0121 496 0000',
@@ -142,7 +164,8 @@ foreach my $test (
                     title => 'Test Report', detail => 'Test report details.',
                     photo1 => '',
                     name => 'Joe Bloggs', may_show_name => '1',
-                    username => $test_phone,
+                    update_method => 'phone',
+                    phone => $test_phone,
                     category => 'Street lighting',
                     password_register => $test->{password} ? 'secret' : '',
                 }
-- 
cgit v1.2.3


From 22cc2b0e1e6bb2dd7bde7231ad7f7190737ce545 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 24 Sep 2020 14:39:59 +0100
Subject: Split up two username fields.

Rename the not-logging-in username field to username_register.
Keep the sign-in field as username because that e.g. overlaps
with auth code in two-factor authentication.
---
 t/app/controller/auth_social.t             |  6 ++--
 t/app/controller/contact_enquiry.t         |  6 ++--
 t/app/controller/report_display.t          |  2 +-
 t/app/controller/report_import.t           |  2 +-
 t/app/controller/report_new.t              | 10 +++---
 t/app/controller/report_new_errors.t       | 56 +++++++++++++++++++++---------
 t/app/controller/report_new_open311.t      | 11 +++---
 t/app/controller/report_new_text.t         |  6 ++--
 t/app/controller/report_new_unresponsive.t |  2 +-
 t/app/controller/report_update_text.t      | 20 +++++------
 t/app/controller/report_updates.t          | 45 +++++++++++++-----------
 11 files changed, 97 insertions(+), 69 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/auth_social.t b/t/app/controller/auth_social.t
index 1f6889dcc..9d1ea836f 100644
--- a/t/app/controller/auth_social.t
+++ b/t/app/controller/auth_social.t
@@ -241,7 +241,8 @@ for my $state ( 'refused', 'no email', 'existing UID', 'okay' ) {
                 $mech->content_contains('We need your email address, please give it below.');
                 # We don't have an email, so check that we can still submit it,
                 # and the ID carries through the confirmation
-                $fields->{username} = $test->{email};
+                $fields->{username} = $test->{email} if $page eq 'my';
+                $fields->{username_register} = $test->{email} unless $page eq 'my';
                 $fields->{name} = 'Ffion Tester' unless $page eq 'my';
                 $mech->submit_form(with_fields => $fields, $page eq 'my' ? (button => 'sign_in_by_code') : ());
                 $mech->content_contains('Nearly done! Now check your email');
@@ -408,7 +409,8 @@ for my $tw_state ( 'refused', 'existing UID', 'no email' ) {
                 $mech->content_contains('We need your email address, please give it below.');
                 # We don't have an email, so check that we can still submit it,
                 # and the ID carries through the confirmation
-                $fields->{username} = $tw_email;
+                $fields->{username_register} = $tw_email unless $page eq 'my';
+                $fields->{username} = $tw_email if $page eq 'my';
                 $fields->{name} = 'Ffion Tester' unless $page eq 'my';
                 $mech->submit_form(with_fields => $fields, $page eq 'my' ? (button => 'sign_in_by_code') : ());
                 $mech->content_contains('Nearly done! Now check your email');
diff --git a/t/app/controller/contact_enquiry.t b/t/app/controller/contact_enquiry.t
index feb2a0545..f1b5b15cd 100644
--- a/t/app/controller/contact_enquiry.t
+++ b/t/app/controller/contact_enquiry.t
@@ -80,7 +80,7 @@ FixMyStreet::override_config {
         $mech->submit_form_ok( {
             with_fields => {
                 name => 'Test User',
-                username => 'testuser@example.org',
+                username_register => 'testuser@example.org',
                 category => 'Other',
                 detail => 'This is a general enquiry',
             }
@@ -149,7 +149,7 @@ FixMyStreet::override_config {
         $mech->submit_form_ok( {
             with_fields => {
                 name => 'Simon Neil',
-                username => $user->email,
+                username_register => $user->email,
                 category => 'General Enquiry',
                 detail => 'This is a general enquiry',
             }
@@ -212,7 +212,7 @@ FixMyStreet::override_config {
             submit_problem => 1,
             token => $csrf,
             name => 'Test User',
-            username => 'testuser@example.org',
+            username_register => 'testuser@example.org',
             category => 'Other',
             detail => encode_utf8('This is a general enquiry‽'),
             photo1         => [ $sample_jpeg, undef, Content_Type => 'image/jpeg' ],
diff --git a/t/app/controller/report_display.t b/t/app/controller/report_display.t
index 4bd0fc991..00c7bf19b 100644
--- a/t/app/controller/report_display.t
+++ b/t/app/controller/report_display.t
@@ -109,7 +109,7 @@ subtest "test a good report" => sub {
 
     my %fields = (
         name      => '',
-        username => '',
+        username_register => '',
         update    => '',
         add_alert => 1, # defaults to true
         fixed     => undef
diff --git a/t/app/controller/report_import.t b/t/app/controller/report_import.t
index b2e15330a..7b5ede7a9 100644
--- a/t/app/controller/report_import.t
+++ b/t/app/controller/report_import.t
@@ -376,7 +376,7 @@ subtest "Submit a correct entry (with location) to cobrand" => sub {
         photo2         => '',
         photo3         => '',
         phone         => '',
-        username => 'test-ll@example.com',
+        username_register => 'test-ll@example.com',
       },
       "check imported fields are shown"
           or diag Dumper( $mech->visible_form_values ); use Data::Dumper;
diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t
index 6af709c2c..b0c93c332 100644
--- a/t/app/controller/report_new.t
+++ b/t/app/controller/report_new.t
@@ -156,7 +156,7 @@ foreach my $test (
                     photo1        => '',
                     name          => 'Joe Bloggs',
                     may_show_name => '1',
-                    username      => 'test-1@example.com',
+                    username_register => 'test-1@example.com',
                     phone         => '07903 123 456',
                     category      => 'Street lighting',
                     password_register => $test->{password} ? 'secret' : '',
@@ -680,7 +680,7 @@ subtest "test report creation for a category that is non public" => sub {
                     title         => 'Test Report',
                     detail        => 'Test report details.',
                     photo1        => '',
-                    username      => $user->email,
+                    username_register => $user->email,
                     name          => 'Joe Bloggs',
                     category      => 'Street lighting',
                 }
@@ -940,7 +940,7 @@ for my $test (
             title             => "Test Report",
             detail            => 'Test report details.',
             photo1            => '',
-            username          => 'firstlast@example.com',
+            username_register => 'firstlast@example.com',
             may_show_name     => '1',
             phone             => '07903 123 456',
             category          => 'Trees',
@@ -1085,7 +1085,7 @@ subtest "test Hart" => sub {
                 $mech->submit_form_ok( { with_fields => { pc => 'GU51 4AE' } }, "submit location" );
                 $mech->follow_link_ok( { text_regex => qr/skip this step/i, }, "follow 'skip this step' link" );
                 my %optional_fields = $test->{confirm} ?  () :
-                    ( username => $test_email, phone => '07903 123 456' );
+                    ( username_register => $test_email, phone => '07903 123 456' );
 
                 # we do this as otherwise test::www::mechanize::catalyst
                 # goes to the value set in ->host above irregardless and
@@ -1279,7 +1279,7 @@ subtest "extra google analytics code displayed on email confirmation problem cre
             title             => "Test Report",
             detail            => 'Test report details.',
             photo1            => '',
-            username          => 'firstlast@example.com',
+            username_register => 'firstlast@example.com',
             name              => 'Test User',
             may_show_name     => '1',
             phone             => '07903 123 456',
diff --git a/t/app/controller/report_new_errors.t b/t/app/controller/report_new_errors.t
index c82a5fa13..470cb7d79 100644
--- a/t/app/controller/report_new_errors.t
+++ b/t/app/controller/report_new_errors.t
@@ -112,6 +112,7 @@ foreach my $test (
             photo3        => '',
             name          => '',
             may_show_name => '1',
+            username_register => '',
             username      => '',
             phone         => '',
             password_sign_in => '',
@@ -137,6 +138,7 @@ foreach my $test (
             photo3        => '',
             name          => '',
             may_show_name => '1',
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Something bad',
@@ -165,6 +167,7 @@ foreach my $test (
             photo3        => '',
             name          => '',
             may_show_name => '1',
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Street lighting',
@@ -190,6 +193,7 @@ foreach my $test (
             photo3        => '',
             name          => '',
             may_show_name => undef,
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Street lighting',
@@ -215,6 +219,7 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Jones',
             may_show_name => undef,
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Street lighting',
@@ -239,6 +244,7 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Jones',
             may_show_name => '1',
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Street lighting',
@@ -263,6 +269,7 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Jones',
             may_show_name => '1',
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Street lighting',
@@ -287,6 +294,7 @@ foreach my $test (
             photo3        => '',
             name          => 'DUDE',
             may_show_name => '1',
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Street lighting',
@@ -310,6 +318,7 @@ foreach my $test (
             photo3        => '',
             name          => 'anonymous',
             may_show_name => '1',
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Street lighting',
@@ -333,13 +342,14 @@ foreach my $test (
             photo3        => '',
             name          => 'Joe Smith',
             may_show_name => '1',
-            username      => 'not an email',
+            username_register => 'not an email',
+            username      => '',
             phone         => '',
             category      => 'Street lighting',
             password_sign_in => '',
             password_register => '',
         },
-        changes => { username => 'notanemail' },
+        changes => {},
         errors  => [ 'Please enter a valid email', ],
     },
     {
@@ -353,6 +363,7 @@ foreach my $test (
             photo3        => '',
             name          => '',
             may_show_name => '1',
+            username_register => '',
             username      => '',
             phone         => '',
             category      => 'Street lighting',
@@ -379,7 +390,8 @@ foreach my $test (
             photo3        => '',
             name          => '  Bob    Jones   ',
             may_show_name => '1',
-            username      => '   BOB @ExAmplE.COM   ',
+            username_register => '   BOB @ExAmplE.COM   ',
+            username      => '',
             phone         => '',
             category      => 'Street lighting',
             password_sign_in => '',
@@ -387,7 +399,6 @@ foreach my $test (
         },
         changes => {
             name  => 'Bob Jones',
-            username => 'bob@example.com',
         },
         errors => [ 'Please enter a subject', 'Please enter some details', ],
     },
@@ -402,7 +413,8 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Jones',
             may_show_name => '1',
-            username      => 'bob@example.com',
+            username_register => 'bob@example.com',
+            username      => '',
             phone         => '',
             category      => 'Street lighting',
             password_sign_in => '',
@@ -424,7 +436,8 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Jones',
             may_show_name => '1',
-            username      => 'bob@example.com',
+            username_register => 'bob@example.com',
+            username      => '',
             phone         => '',
             category      => 'Street lighting',
             password_sign_in => '',
@@ -446,7 +459,8 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Jones',
             may_show_name => '1',
-            username      => 'bob@example.com',
+            username_register => 'bob@example.com',
+            username      => '',
             phone         => '',
             category      => 'Street lighting',
             password_sign_in => '',
@@ -468,14 +482,14 @@ foreach my $test (
             photo3        => '',
             name          => 'Joe Smith',
             may_show_name => '1',
-            username      => 'user@example.com',
+            username_register => 'user@example.com',
+            username      => '',
             phone         => '',
             category      => 'Street lighting',
             password_sign_in => '',
             password_register => '',
         },
         changes => {
-            username => 'user@example.com',
             title => 'User@example.com'
         },
         errors  => [ 'Please make sure you are not including an email address', ],
@@ -492,7 +506,8 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Example',
             may_show_name => '1',
-            username      => 'bob@example.com',
+            username_register => 'bob@example.com',
+            username      => '',
             phone         => '',
             category      => 'Trees',
             password_sign_in => '',
@@ -512,7 +527,8 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Example',
             may_show_name => '1',
-            username      => 'bob@example.com',
+            username_register => 'bob@example.com',
+            username      => '',
             phone         => '',
             category      => 'Trees',
             password_sign_in => '',
@@ -532,7 +548,8 @@ foreach my $test (
             photo3        => '',
             name          => 'Bob Example',
             may_show_name => '1',
-            username      => 'bob@example.com',
+            username_register => 'bob@example.com',
+            username      => '',
             phone         => '123456789 12345678910',
             category      => 'Trees',
             password_sign_in => '',
@@ -552,7 +569,8 @@ foreach my $test (
             photo3        => '',
             name          => 'This is a very long name that should fail validation',
             may_show_name => '1',
-            username      => 'bob@example.com',
+            username_register => 'bob@example.com',
+            username      => '',
             phone         => '',
             category      => 'Street lighting',
             password_sign_in => '',
@@ -572,7 +590,8 @@ foreach my $test (
             photo3        => '',
             name          => 'This is a very long name that should fail validation',
             may_show_name => '1',
-            username      => 'bob@example.com',
+            username_register => 'bob@example.com',
+            username      => '',
             phone         => '',
             category      => 'Trees',
             password_sign_in => '',
@@ -592,7 +611,8 @@ foreach my $test (
             photo3        => '',
             name          => 'This is a really extraordinarily long name that definitely should fail validation',
             may_show_name => '1',
-            username      => 'bob.has.a.very.long.email@thisisalonghostname.example.com',
+            username_register => 'bob.has.a.very.long.email@thisisalonghostname.example.com',
+            username      => '',
             phone         => '01234 5678910 09876 54321 ext 203',
             category      => 'Trees',
             password_sign_in => '',
@@ -612,7 +632,8 @@ foreach my $test (
             photo3        => '',
             name          => 'A User',
             may_show_name => '1',
-            username      => 'user@example.org',
+            username_register => 'user@example.org',
+            username      => '',
             phone         => '',
             category      => 'Trees',
             password_sign_in => '',
@@ -632,7 +653,8 @@ foreach my $test (
             photo3        => '',
             name          => 'A User',
             may_show_name => '1',
-            username      => 'user@example.org',
+            username_register => 'user@example.org',
+            username      => '',
             phone         => '',
             category      => 'Trees',
             password_sign_in => '',
diff --git a/t/app/controller/report_new_open311.t b/t/app/controller/report_new_open311.t
index 9a8063a84..ebbb06567 100644
--- a/t/app/controller/report_new_open311.t
+++ b/t/app/controller/report_new_open311.t
@@ -108,7 +108,8 @@ my $empty_form = {
     photo3        => '',
     name          => '',
     may_show_name => '1',
-    username      => '',
+    username_register => '',
+    username => '',
     phone         => '',
     category      => '',
     password_sign_in => '',
@@ -137,7 +138,7 @@ foreach my $test (
             title => 'test',
             detail => 'test detail',
             name => 'Test User',
-            username => 'testopen311@example.com',
+            username_register => 'testopen311@example.com',
             category => 'Street lighting',
             number => 27,
             type => 'old',
@@ -177,7 +178,7 @@ foreach my $test (
             title => 'test',
             detail => 'test detail',
             name => 'Test User',
-            username => 'testopen311@example.com',
+            username_register => 'testopen311@example.com',
             size => 'big',
             colour => 'red',
         },
@@ -201,7 +202,7 @@ foreach my $test (
         $mech->clear_emails_ok;
 
         # check that the user does not exist
-        my $test_email = $test->{submit_with}->{username};
+        my $test_email = $test->{submit_with}->{username_register};
         my $user = FixMyStreet::DB->resultset('User')->find( { email => $test_email } );
         if ( $user ) {
             $user->problems->delete;
@@ -452,7 +453,7 @@ subtest "Category extras includes form disabling string" => sub {
         # Test submission of whole form, switching back to a blocked category at the same time
         $mech->submit_form_ok({ with_fields => {
             category => 'Pothole', title => 'Title', detail => 'Detail',
-            username => 'testing@example.org', name => 'Testing Example',
+            username_register => 'testing@example.org', name => 'Testing Example',
         } });
         $mech->content_contains('<div id="js-category-stopper" class="box-warning" role="alert" aria-live="assertive">');
         $mech->content_contains('Please ring us!');
diff --git a/t/app/controller/report_new_text.t b/t/app/controller/report_new_text.t
index 9256a00de..8753e7e20 100644
--- a/t/app/controller/report_new_text.t
+++ b/t/app/controller/report_new_text.t
@@ -42,7 +42,7 @@ foreach my $test (
             %defaults,
         },
         changes => {
-            username => 'bademail',
+            username => '',
         },
         errors => [ 'Please enter a valid email' ],
     },
@@ -54,7 +54,7 @@ foreach my $test (
             %defaults,
         },
         changes => {
-            username => '01214960000000',
+            username => '',
             phone => '01214960000000',
         },
         errors => [ 'Please check your phone number is correct' ],
@@ -67,7 +67,7 @@ foreach my $test (
             %defaults,
         },
         changes => {
-            username => '0121 496 0000',
+            username => '',
             phone => '0121 496 0000',
         },
         errors => [ 'Please enter a mobile number', ],
diff --git a/t/app/controller/report_new_unresponsive.t b/t/app/controller/report_new_unresponsive.t
index 033475c25..211f7198d 100644
--- a/t/app/controller/report_new_unresponsive.t
+++ b/t/app/controller/report_new_unresponsive.t
@@ -107,7 +107,7 @@ sub make_report {
                 detail        => 'Test report details.',
                 photo1        => '',
                 name          => 'Joe Bloggs',
-                username      => $user->email,
+                username_register => $user->email,
                 may_show_name => '1',
                 phone         => '07903 123 456',
                 category      => 'Trees',
diff --git a/t/app/controller/report_update_text.t b/t/app/controller/report_update_text.t
index 52f221264..3f9a73773 100644
--- a/t/app/controller/report_update_text.t
+++ b/t/app/controller/report_update_text.t
@@ -62,7 +62,8 @@ for my $test (
     {
         desc => 'Invalid phone',
         fields => {
-            username => '01214960000000',
+            username_register => '01214960000000',
+            username => '',
             update => 'Update',
             name => 'Name',
             photo1 => '',
@@ -80,7 +81,8 @@ for my $test (
     {
         desc => 'landline number',
         fields => {
-            username => '01214960000',
+            username_register => '01214960000',
+            username => '',
             update => 'Update',
             name => 'Name',
             photo1 => '',
@@ -92,9 +94,7 @@ for my $test (
             password_register => '',
             password_sign_in => '',
         },
-        changes => {
-            username => '0121 496 0000',
-        },
+        changes => {},
         field_errors => [ 'Please enter a mobile number' ]
     },
   )
@@ -126,7 +126,7 @@ for my $test (
         desc => 'submit an update, unregistered, logged out',
         form_values => {
             submit_update => 1,
-            username => $test_phone,
+            username_register => $test_phone,
             update => 'Update from an unregistered user',
             add_alert => undef,
             name => 'Unreg User',
@@ -137,7 +137,7 @@ for my $test (
         desc => 'submit an update, unregistered, logged out, sign up for alerts',
         form_values => {
             submit_update => 1,
-            username => $test_phone,
+            username_register => $test_phone,
             update => 'Update from an unregistered user',
             add_alert => 1,
             name => 'Unreg User',
@@ -149,7 +149,7 @@ for my $test (
         registered => 1,
         form_values => {
             submit_update => 1,
-            username => $test_phone,
+            username_register => $test_phone,
             update => 'Update from a registered user',
             add_alert => undef,
             name => 'Reg User',
@@ -194,7 +194,7 @@ for my $test (
         ok $update, 'found update in database';
         is $update->state, 'unconfirmed', 'update unconfirmed';
         my $details = $test->{form_values};
-        is $update->user->phone, $details->{username}, 'update phone';
+        is $update->user->phone, $details->{username_register}, 'update phone';
         is $update->user->phone_verified, 1;
         is $update->text, $details->{update}, 'update text';
         is $add_alerts, $details->{add_alert} ? 1 : 0, 'do not sign up for alerts';
@@ -211,7 +211,7 @@ for my $test (
             ok $user->check_password( 'new_secret' ), 'password changed';
             is $user->name, 'Reg User', 'name changed';
         } else {
-            $user = FixMyStreet::DB->resultset( 'User' )->find( { phone => $details->{username} } );
+            $user = FixMyStreet::DB->resultset( 'User' )->find( { phone => $details->{username_register} } );
             ok $user, 'found user';
         }
 
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 7ae5ed7b2..760a5a45b 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -272,7 +272,8 @@ for my $test (
     {
         desc => 'No email, no message',
         fields => {
-            username  => '',
+            username_register => '',
+            username => '',
             update => '',
             name   => '',
             photo1 => '',
@@ -290,7 +291,8 @@ for my $test (
     {
         desc => 'Invalid email, no message',
         fields => {
-            username  => 'test',
+            username_register => 'test',
+            username => '',
             update => '',
             name   => '',
             photo1 => '',
@@ -308,7 +310,8 @@ for my $test (
     {
         desc => 'email with spaces, no message',
         fields => {
-            username => 'test @ example. com',
+            username_register => 'test @ example. com',
+            username => '',
             update => '',
             name   => '',
             photo1 => '',
@@ -320,15 +323,14 @@ for my $test (
             password_register => '',
             password_sign_in => '',
         },
-        changes => {
-            username => 'test@example.com',
-        },
+        changes => {},
         field_errors => [ 'Please enter a message', 'Please enter your name' ]
     },
     {
         desc => 'email with uppercase, no message',
         fields => {
-            username => 'test@EXAMPLE.COM',
+            username_register => 'test@EXAMPLE.COM',
+            username => '',
             update => '',
             name   => '',
             photo1 => '',
@@ -340,9 +342,7 @@ for my $test (
             password_register => '',
             password_sign_in => '',
         },
-        changes => {
-            username => 'test@example.com',
-        },
+        changes => {},
         field_errors => [ 'Please enter a message', 'Please enter your name' ]
     },
   )
@@ -369,6 +369,7 @@ for my $test (
         desc => 'submit an update for a non registered user',
         initial_values => {
             name          => '',
+            username_register => '',
             username => '',
             may_show_name => undef,
             add_alert     => 1,
@@ -382,7 +383,7 @@ for my $test (
         },
         form_values => {
             submit_update => 1,
-            username => 'unregistered@example.com',
+            username_register => 'unregistered@example.com',
             update        => 'Update from an unregistered user',
             add_alert     => undef,
             name          => 'Unreg User',
@@ -394,6 +395,7 @@ for my $test (
         desc => 'submit an update for a non registered user and sign up',
         initial_values => {
             name          => '',
+            username_register => '',
             username => '',
             may_show_name => undef,
             add_alert     => 1,
@@ -407,7 +409,7 @@ for my $test (
         },
         form_values => {
             submit_update => 1,
-            username => 'unregistered@example.com',
+            username_register => 'unregistered@example.com',
             update        => "update from an\r\n\r\nunregistered user",
             add_alert     => 1,
             name          => 'Unreg User',
@@ -465,14 +467,14 @@ for my $test (
 
         ok $update, 'found update in database';
         is $update->state, 'unconfirmed', 'update unconfirmed';
-        is $update->user->email, $details->{username}, 'update email';
+        is $update->user->email, $details->{username_register}, 'update email';
         is $update->text, $details->{update}, 'update text';
         is $add_alerts, $details->{add_alert} ? 1 : 0, 'do not sign up for alerts';
 
         $mech->get_ok( $url );
         $mech->content_contains("/report/$report_id#update_$update_id");
 
-        my $unreg_user = FixMyStreet::DB->resultset( 'User' )->find( { email => $details->{username} } );
+        my $unreg_user = FixMyStreet::DB->resultset( 'User' )->find( { email => $details->{username_register} } );
 
         ok $unreg_user, 'found user';
 
@@ -497,6 +499,7 @@ for my $test (
         desc => 'overriding email confirmation allows report confirmation with no email sent',
         initial_values => {
             name          => '',
+            username_register => '',
             username => '',
             may_show_name => undef,
             add_alert     => 1,
@@ -510,7 +513,7 @@ for my $test (
         },
         form_values => {
             submit_update => 1,
-            username => 'unregistered@example.com',
+            username_register => 'unregistered@example.com',
             update        => "update no email confirm",
             add_alert     => 1,
             name          => 'Unreg User',
@@ -562,10 +565,10 @@ for my $test (
 
         ok $update, 'found update in database';
         is $update->state, 'confirmed', 'update confirmed';
-        is $update->user->email, $details->{username}, 'update email';
+        is $update->user->email, $details->{username_register}, 'update email';
         is $update->text, $details->{update}, 'update text';
 
-        my $unreg_user = FixMyStreet::DB->resultset( 'User' )->find( { email => $details->{username} } );
+        my $unreg_user = FixMyStreet::DB->resultset( 'User' )->find( { email => $details->{username_register} } );
 
         ok $unreg_user, 'found user';
 
@@ -1323,7 +1326,7 @@ subtest 'submit an update for a registered user, creating update by email' => su
     $mech->submit_form_ok( {
         with_fields => {
             submit_update => 1,
-            username => $user->email,
+            username_register => $user->email,
             update        => 'Update from a user',
             add_alert     => undef,
             name          => 'New Name',
@@ -1772,7 +1775,7 @@ for my $test (
         fields => {
             submit_update => 1,
             name          => 'Test User',
-            username => $report->user->email,
+            username_register => $report->user->email,
             may_show_name => 1,
             update        => 'update from owner',
             add_alert     => undef,
@@ -1794,7 +1797,7 @@ for my $test (
             submit_update => 1,
             name          => 'Test User',
             may_show_name => 1,
-            username => $report->user->email,
+            username_register => $report->user->email,
             update        => 'update from owner',
             add_alert     => undef,
             fixed         => 1,
@@ -1859,7 +1862,7 @@ for my $test (
         my $update = $report->comments->first;
         ok $update, 'found update';
         is $update->text, $results->{update}, 'update text';
-        is $update->user->email, $test->{fields}->{username}, 'update user';
+        is $update->user->email, $test->{fields}->{username_register}, 'update user';
         is $update->state, 'unconfirmed', 'update confirmed';
         is $update->anonymous, $test->{anonymous}, 'user anonymous';
 
-- 
cgit v1.2.3


From 2abe443efb8bbbd7cf3048eec271fd28a777932f Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Fri, 11 Sep 2020 18:11:03 +0100
Subject: Show error if text confirmation code sending fails

---
 t/app/controller/report_new_text.t    | 14 +++++++++++
 t/app/controller/report_update_text.t | 47 +++++++++++++++++++----------------
 2 files changed, 39 insertions(+), 22 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_new_text.t b/t/app/controller/report_new_text.t
index 8753e7e20..fa012c6ae 100644
--- a/t/app/controller/report_new_text.t
+++ b/t/app/controller/report_new_text.t
@@ -72,6 +72,19 @@ foreach my $test (
         },
         errors => [ 'Please enter a mobile number', ],
     },
+    {
+        msg => 'number that fails',
+        pc => 'EH1 1BB',
+        fields => {
+            update_method => 'phone', phone => '+18165550101', email => '',
+            %defaults,
+        },
+        changes => {
+            username => '',
+            phone => '+1 816-555-0101',
+        },
+        errors => [ 'Sending a confirmation text failed: "Unable to send (21408)"' ],
+    },
   )
 {
     subtest "check form errors where $test->{msg}" => sub {
@@ -82,6 +95,7 @@ foreach my $test (
             MAPIT_URL => 'http://mapit.uk/',
             SMS_AUTHENTICATION => 1,
             PHONE_COUNTRY => 'GB',
+            TWILIO_ACCOUNT_SID => 'AC123',
         }, sub {
             $mech->submit_form_ok( { with_fields => { pc => $test->{pc} } },
                 "submit location" );
diff --git a/t/app/controller/report_update_text.t b/t/app/controller/report_update_text.t
index 3f9a73773..fbf5ca0c6 100644
--- a/t/app/controller/report_update_text.t
+++ b/t/app/controller/report_update_text.t
@@ -58,22 +58,25 @@ my $comment = FixMyStreet::DB->resultset('Comment')->find_or_create( {
 my $comment_id = $comment->id;
 ok $comment, "created test update - $comment_id";
 
+my %defaults = (
+    username => '',
+    update => 'Update',
+    name => 'Name',
+    photo1 => '',
+    photo2 => '',
+    photo3 => '',
+    fixed => undef,
+    add_alert => 1,
+    may_show_name => undef,
+    password_sign_in => '',
+    password_register => '',
+);
 for my $test (
     {
         desc => 'Invalid phone',
         fields => {
             username_register => '01214960000000',
-            username => '',
-            update => 'Update',
-            name => 'Name',
-            photo1 => '',
-            photo2 => '',
-            photo3 => '',
-            fixed => undef,
-            add_alert => 1,
-            may_show_name => undef,
-            password_sign_in => '',
-            password_register => '',
+            %defaults,
         },
         changes => {},
         field_errors => [ 'Please check your phone number is correct' ]
@@ -82,21 +85,20 @@ for my $test (
         desc => 'landline number',
         fields => {
             username_register => '01214960000',
-            username => '',
-            update => 'Update',
-            name => 'Name',
-            photo1 => '',
-            photo2 => '',
-            photo3 => '',
-            fixed => undef,
-            add_alert => 1,
-            may_show_name => undef,
-            password_register => '',
-            password_sign_in => '',
+            %defaults,
         },
         changes => {},
         field_errors => [ 'Please enter a mobile number' ]
     },
+    {
+        desc => 'fails to send',
+        fields => {
+            username_register => '+18165550101',
+            %defaults,
+        },
+        changes => {},
+        field_errors => [ 'Sending a confirmation text failed: "Unable to send (21408)"' ]
+    },
   )
 {
     subtest "submit an update - $test->{desc}" => sub {
@@ -104,6 +106,7 @@ for my $test (
 
         FixMyStreet::override_config {
             SMS_AUTHENTICATION => 1,
+            TWILIO_ACCOUNT_SID => 'AC123',
             PHONE_COUNTRY => 'GB',
         }, sub {
             $mech->submit_form_ok( { with_fields => $test->{fields} }, 'submit update' );
-- 
cgit v1.2.3


From ab983c0445fde36a5338b199c7d3996580872e7c Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Fri, 7 Aug 2020 17:33:27 +0100
Subject: Enable HTML in updates from staff users

This also extends to response templates.
---
 t/app/controller/my.t             | 23 +++++++----
 t/app/controller/questionnaire.t  |  9 +++-
 t/app/controller/report_updates.t | 87 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 110 insertions(+), 9 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/my.t b/t/app/controller/my.t
index 673addf0c..85902ae1a 100644
--- a/t/app/controller/my.t
+++ b/t/app/controller/my.t
@@ -14,17 +14,12 @@ my $other_user = FixMyStreet::DB->resultset('User')->find_or_create({ email => '
 my @other = $mech->create_problems_for_body(1, 1234, 'Another Title', { user => $other_user });
 
 my $user = $mech->log_in_ok( 'test@example.com' );
-$mech->get_ok('/my');
-is $mech->uri->path, '/my', "stayed on '/my' page";
-
-$mech->content_contains('Test Title');
-$mech->content_lacks('Another Title');
-
 my @update;
 my $i = 0;
+my $staff_text = '<p>this is <script>how did this happen</script> <strong>an update</strong></p><ul><li>With</li><li>A</li><li>List</li></ul>';
 foreach ($user, $user, $other_user) {
     $update[$i] = FixMyStreet::DB->resultset('Comment')->create({
-        text => 'this is an update',
+        text => $staff_text,
         user => $_,
         state => 'confirmed',
         problem => $problems[0],
@@ -35,6 +30,20 @@ foreach ($user, $user, $other_user) {
     $i++;
 }
 
+subtest 'Check loading of /my page' => sub {
+    $mech->get_ok('/my');
+    is $mech->uri->path, '/my', "stayed on '/my' page";
+
+    $mech->content_contains('Test Title');
+    $mech->content_lacks('Another Title');
+    $mech->content_contains('&lt;p&gt;this is');
+    $mech->content_lacks('<p>this is  <strong>an update</strong></p><ul><li>With');
+
+    $update[0]->update({ extra => { is_superuser => 1 } });
+    $mech->get_ok('/my');
+    $mech->content_contains('<p>this is  <strong>an update</strong></p><ul><li>With');
+};
+
 foreach (
     { type => 'problem', id => 0, result => 404, desc => 'nothing' },
     { type => 'problem', obj => $problems[0], result => 200, desc => 'own report' },
diff --git a/t/app/controller/questionnaire.t b/t/app/controller/questionnaire.t
index b561b271a..592507288 100644
--- a/t/app/controller/questionnaire.t
+++ b/t/app/controller/questionnaire.t
@@ -351,7 +351,7 @@ my $comment = FixMyStreet::DB->resultset('Comment')->find_or_create(
         user_id    => $user->id,
         name       => 'A User',
         mark_fixed => 'false',
-        text       => 'This is some update text',
+        text       => 'This is some <strong>update</strong> text',
         state      => 'confirmed',
         confirmed  => $sent_time,
         anonymous  => 'f',
@@ -360,7 +360,12 @@ my $comment = FixMyStreet::DB->resultset('Comment')->find_or_create(
 subtest 'Check updates are shown correctly on questionnaire page' => sub {
     $mech->get_ok("/Q/" . $token->token);
     $mech->content_contains( 'Show all updates' );
-    $mech->content_contains( 'This is some update text' );
+    $mech->content_contains( 'This is some &lt;strong&gt;update&lt;/strong&gt; text' );
+};
+subtest 'Check staff update is shown correctly on questionnaire page' => sub {
+    $comment->update({ extra => { is_superuser => 1 } });
+    $mech->get_ok("/Q/" . $token->token);
+    $mech->content_contains( 'This is some <strong>update</strong> text' );
 };
 
 for my $test (
diff --git a/t/app/controller/report_updates.t b/t/app/controller/report_updates.t
index 92cbed861..9c44abc54 100644
--- a/t/app/controller/report_updates.t
+++ b/t/app/controller/report_updates.t
@@ -2200,4 +2200,91 @@ subtest 'check disabling of updates per category' => sub {
     $mech->content_lacks('Provide an update');
 };
 
+subtest 'check that only staff can display HTML in updates' => sub {
+    $report->comments->delete;
+    $user->update({ from_body => undef, is_superuser => 0 });
+
+    my @lines = (
+        "This update contains:",
+        "1. <strong>some staff-allowed HTML</strong>",
+        "2. *some Markdown-style italics*",
+        "3. <script>some disallowed HTML</script>",
+        "4. An automatic link: https://myfancylink.fixmystreet.com/",
+        "5. A block-level element: <p>This is its own para</p>",
+        ""
+    );
+    my $comment = FixMyStreet::DB->resultset('Comment')->create(
+        {
+            user          => $user,
+            problem_id    => $report->id,
+            text          => join("\n\n", @lines),
+            confirmed     => DateTime->now( time_zone => 'local'),
+            problem_state => 'confirmed',
+            anonymous     => 0,
+            mark_open     => 0,
+            mark_fixed    => 0,
+            state         => 'confirmed',
+        }
+    );
+
+    # First check that comments from a public user don't receive special treatment
+    $mech->get_ok( "/report/" . $report->id );
+
+    $mech->content_contains("1. &lt;strong&gt;some staff-allowed HTML&lt;/strong&gt;");
+    $mech->content_lacks("<strong>some staff-allowed HTML</strong>");
+
+    $mech->content_contains("2. *some Markdown-style italics*");
+    $mech->content_lacks("<i>some Markdown-style italics</i>");
+    $mech->content_lacks("&lt;i&gt;some Markdown-style italics&lt;/i&gt;");
+
+    $mech->content_contains("3. &lt;script&gt;some disallowed HTML&lt;/script&gt;");
+    $mech->content_lacks("<script>some disallowed HTML</script>");
+
+    $mech->content_contains('4. An automatic link: <a href="https://myfancylink.fixmystreet.com/">https://myfancylink.fixmystreet.com/</a>') or diag $mech->content;
+
+    $mech->content_contains("5. A block-level element: &lt;p&gt;This is its own para&lt;/p&gt;");
+    $mech->content_lacks("5. A block-level element: <p>This is its own para</p>");
+
+    # Now check that comments from a member of staff user do allow HTML/italic markup
+    $comment->set_extra_metadata(is_body_user => $body->id);
+    $comment->update;
+    $mech->get_ok( "/report/" . $report->id );
+
+    $mech->content_contains("1. <strong>some staff-allowed HTML</strong>");
+    $mech->content_lacks("&lt;strong&gt;some staff-allowed HTML&lt;/strong&gt;");
+
+    $mech->content_contains("2. <i>some Markdown-style italics</i>");
+    $mech->content_lacks("*some Markdown-style italics*");
+    $mech->content_lacks("&lt;i&gt;some Markdown-style italics&lt;/i&gt;");
+
+    $mech->content_lacks("some disallowed HTML");
+
+    $mech->content_contains('4. An automatic link: <a href="https://myfancylink.fixmystreet.com/">https://myfancylink.fixmystreet.com/</a>');
+
+    $mech->content_contains("5. A block-level element: <p>This is its own para</p>");
+    $mech->content_lacks("<p>\n5. A block-level element: <p>This is its own para</p></p>");
+
+    # and the same for superusers
+    $comment->unset_extra_metadata('is_body_user');
+    $comment->set_extra_metadata(is_superuser => 1);
+    $comment->update;
+    $mech->get_ok( "/report/" . $report->id );
+
+    $mech->content_contains("1. <strong>some staff-allowed HTML</strong>");
+    $mech->content_lacks("&lt;strong&gt;some staff-allowed HTML&lt;/strong&gt;");
+
+    $mech->content_contains("2. <i>some Markdown-style italics</i>");
+    $mech->content_lacks("*some Markdown-style italics*");
+    $mech->content_lacks("&lt;i&gt;some Markdown-style italics&lt;/i&gt;");
+
+    $mech->content_lacks("some disallowed HTML");
+
+    $mech->content_contains('4. An automatic link: <a href="https://myfancylink.fixmystreet.com/">https://myfancylink.fixmystreet.com/</a>');
+
+    $mech->content_contains("5. A block-level element: <p>This is its own para</p>");
+    $mech->content_lacks("<p>\n5. A block-level element: <p>This is its own para</p></p>");
+
+};
+
+
 done_testing();
-- 
cgit v1.2.3


From 245f12237ad2c796667d5d4736483474c1b481ce Mon Sep 17 00:00:00 2001
From: Dave Arter <davea@mysociety.org>
Date: Tue, 11 Aug 2020 09:18:12 +0100
Subject: Enable HTML in update alert emails.

---
 t/app/controller/alert_new.t | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/alert_new.t b/t/app/controller/alert_new.t
index d968b56b1..16455c7c4 100644
--- a/t/app/controller/alert_new.t
+++ b/t/app/controller/alert_new.t
@@ -866,4 +866,47 @@ subtest 'check setting include dates in new updates cobrand option' => sub {
     $include_date_in_alert_override->restore();
 };
 
+subtest 'check staff updates can include sanitized HTML' => sub {
+    my $user1 = $mech->create_user_ok('reporter@example.com', name => 'Reporter User');
+    my $user2 = $mech->create_user_ok('staff@example.com', name => 'Staff User', from_body => $body);
+    my $user3 = $mech->create_user_ok('updater@example.com', name => 'Another User');
+
+    my $dt = DateTime->now->add( minutes => -30 );
+    my $r_dt = $dt->clone->add( minutes => 20 );
+
+    my ($report) = $mech->create_problems_for_body(1, $body->id, 'Testing', {
+        user => $user1,
+    });
+
+    my $update1 = $mech->create_comment_for_problem($report, $user2, 'Staff User', 'This is some update text with <strong>HTML</strong> and *italics*. <script>not allowed</script>', 't', 'confirmed', undef, { confirmed  => $r_dt->clone->add( minutes => 8 ) });
+    $update1->set_extra_metadata(is_body_user => $user2->from_body->id);
+    $update1->update;
+
+    $mech->create_comment_for_problem($report, $user3, 'Updater User', 'Public users <i>cannot</i> use HTML. <script>not allowed</script>', 't', 'confirmed', undef, { confirmed  => $r_dt->clone->add( minutes => 9 ) });
+
+    my $alert_user1 = FixMyStreet::DB->resultset('Alert')->create( {
+            user       => $user1,
+            alert_type => 'new_updates',
+            parameter  => $report->id,
+            confirmed  => 1,
+            whensubscribed => $dt,
+    } );
+    ok $alert_user1, "alert created";
+
+    FixMyStreet::DB->resultset('AlertType')->email_alerts();
+    my $email = $mech->get_email;
+    my $plain = $mech->get_text_body_from_email($email);
+    like $plain, qr/This is some update text with <strong>HTML<\/strong> and \*italics\*\./, 'plain text part contains exactly what was entered';
+    like $plain, qr/Public users <i>cannot<\/i> use HTML\./, 'plain text part contains exactly what was entered';
+
+    my $html = $mech->get_html_body_from_email($email);
+    like $html, qr{This is some update text with <strong>HTML</strong> and <i>italics</i>\.}, 'HTML part contains HTML tags';
+    unlike $html, qr/<script>/, 'HTML part contains no script tags';
+
+    $mech->delete_user( $user1 );
+    $mech->delete_user( $user2 );
+    $mech->delete_user( $user3 );
+};
+
+
 done_testing();
-- 
cgit v1.2.3


From dffc4acfe67fb05f928806601bab8ce1057e7b67 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Tue, 29 Sep 2020 14:36:14 +0100
Subject: Translate HTML to text for update alert emails.

---
 t/app/controller/alert_new.t | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/alert_new.t b/t/app/controller/alert_new.t
index 16455c7c4..31d8c52ed 100644
--- a/t/app/controller/alert_new.t
+++ b/t/app/controller/alert_new.t
@@ -878,7 +878,7 @@ subtest 'check staff updates can include sanitized HTML' => sub {
         user => $user1,
     });
 
-    my $update1 = $mech->create_comment_for_problem($report, $user2, 'Staff User', 'This is some update text with <strong>HTML</strong> and *italics*. <script>not allowed</script>', 't', 'confirmed', undef, { confirmed  => $r_dt->clone->add( minutes => 8 ) });
+    my $update1 = $mech->create_comment_for_problem($report, $user2, 'Staff User', '<p>This is some update text with <strong>HTML</strong> and *italics*.</p> <ul><li>Even a list</li><li>Which might work</li><li>In the <a href="https://www.fixmystreet.com/">text</a> part</li></ul> <script>not allowed</script>', 't', 'confirmed', undef, { confirmed  => $r_dt->clone->add( minutes => 8 ) });
     $update1->set_extra_metadata(is_body_user => $user2->from_body->id);
     $update1->update;
 
@@ -896,7 +896,7 @@ subtest 'check staff updates can include sanitized HTML' => sub {
     FixMyStreet::DB->resultset('AlertType')->email_alerts();
     my $email = $mech->get_email;
     my $plain = $mech->get_text_body_from_email($email);
-    like $plain, qr/This is some update text with <strong>HTML<\/strong> and \*italics\*\./, 'plain text part contains exactly what was entered';
+    like $plain, qr/This is some update text with \*HTML\* and \*italics\*\.\r\n\r\n\* Even a list\r\n\r\n\* Which might work\r\n\r\n\* In the text \[https:\/\/www.fixmystreet.com\/\] part/, 'plain text part contains no HTML tags from staff update';
     like $plain, qr/Public users <i>cannot<\/i> use HTML\./, 'plain text part contains exactly what was entered';
 
     my $html = $mech->get_html_body_from_email($email);
-- 
cgit v1.2.3


From e3e1e9d54999692dc01f3fdd32693547af8deb7b Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 1 Oct 2020 14:44:07 +0100
Subject: Do not display deleted priorities in inspect form.

---
 t/app/controller/report_inspect.t | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index 96325760c..c10fe7f94 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -17,6 +17,11 @@ my $rp2 = FixMyStreet::DB->resultset("ResponsePriority")->create({
     body => $oxon,
     name => 'Low Priority',
 });
+my $rp3 = FixMyStreet::DB->resultset("ResponsePriority")->create({
+    body => $oxon,
+    name => 'Deleted Priority',
+    deleted => 1,
+});
 FixMyStreet::DB->resultset("ContactResponsePriority")->create({
     contact => $contact,
     response_priority => $rp,
@@ -447,6 +452,7 @@ FixMyStreet::override_config {
     subtest "default response priorities display correctly" => sub {
         $mech->get_ok("/report/$report_id");
         $mech->content_contains('Priority</label', 'report priority list present');
+        $mech->content_lacks('Deleted Priority');
         like $mech->content, qr/<select name="priority" id="problem_priority" class="form-control">[^<]*<option value="" selecte/s, 'blank priority option is selected';
         $mech->content_lacks('value="' . $rp->id . '" selected>High', 'non default priority not selected');
 
@@ -456,6 +462,12 @@ FixMyStreet::override_config {
         $mech->content_contains('value="' . $rp->id . '" selected>High', 'default priority selected');
     };
 
+    subtest "check when report has deleted priority" => sub {
+        $report->update({ response_priority => $rp3 });
+        $mech->get_ok("/report/$report_id");
+        $mech->content_contains('value="' . $rp3->id . '" selected>Deleted Priority');
+    };
+
     foreach my $test (
         { type => 'report_edit_priority', priority => 1 },
         { type => 'report_edit_category', category => 1 },
-- 
cgit v1.2.3


From 399b8a783a1833098ab8401087d8a6609ac6d515 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 1 Oct 2020 17:56:29 +0100
Subject: Record whether report made on desktop or mobile.

---
 t/app/controller/report_new.t | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t
index b0c93c332..77eb4fefb 100644
--- a/t/app/controller/report_new.t
+++ b/t/app/controller/report_new.t
@@ -149,7 +149,7 @@ foreach my $test (
 
         $mech->submit_form_ok(
             {
-                button      => 'submit_register',
+                button      => 'submit_register_mobile',
                 with_fields => {
                     title         => 'Test Report',
                     detail        => 'Test report details.',
-- 
cgit v1.2.3


From bf90bf71fbac2c8e1be96646715182f876eccd57 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Fri, 2 Oct 2020 14:14:17 +0100
Subject: =?UTF-8?q?Don=E2=80=99t=20strip=20all=20spaces=20from=20Open311?=
 =?UTF-8?q?=20categories.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If a category’s send method is Open311, only strip spaces from the
ends of the code. We are aware of active Open311 servers that have
codes with spaces in the middle.
---
 t/app/controller/admin/bodies.t | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index 75db6f87c..b63cacd9d 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -231,9 +231,10 @@ subtest 'check open311 devolved editing' => sub {
     $mech->content_contains("name=\"category\"\n    size=\"30\" value=\"test category\"\n    required>", 'Can edit as now devolved');
     $mech->submit_form_ok( { with_fields => {
         send_method => '',
-        email => 'open311-code',
+        email => 'open311 code',
         note => 'Removing email send method',
     } } );
+    $mech->content_contains('open311 code');
     $mech->content_contains('Values updated');
 };
 
-- 
cgit v1.2.3


From 043bce556a17545c2c26386d8368f47ba8f541e6 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Wed, 7 Oct 2020 12:06:54 +0100
Subject: Show all category history even if category renamed

---
 t/app/controller/admin/bodies.t | 1 +
 1 file changed, 1 insertion(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index b63cacd9d..542c3f4c0 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -111,6 +111,7 @@ subtest 'check contact renaming' => sub {
     $mech->get('/admin/body/' . $body->id . '/test%20category');
     is $mech->res->code, 404;
     $mech->get_ok('/admin/body/' . $body->id . '/testing%20category');
+    $mech->content_contains('<td><strong>test2@example.com</strong></td>');
     $report->discard_changes;
     is $report->category, 'testing category';
     $mech->submit_form_ok( { with_fields => { category => 'test category' } } );
-- 
cgit v1.2.3


From 2d87d6bf7c7fa4eae0e098586a0efe04c5d866fe Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 8 Oct 2020 11:31:21 +0100
Subject: Fix email alert on initial update template.

A report's confirmation timestamp uses current_timestamp, and so
includes microseconds. An initial update text, to fit in with the
Open311 handling of updates, uses a DateTime object, which does not.
This means if a report is created when logged in, the initial update
can have a timestamp earlier than the report, and so is not alerted on.
---
 t/app/controller/report_new_update.t | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_new_update.t b/t/app/controller/report_new_update.t
index cbb31cea4..e20975c3a 100644
--- a/t/app/controller/report_new_update.t
+++ b/t/app/controller/report_new_update.t
@@ -1,4 +1,5 @@
 use FixMyStreet::TestMech;
+use FixMyStreet::Script::Alerts;
 
 # disable info logs for this test run
 FixMyStreet::App->log->disable('info');
@@ -43,6 +44,9 @@ subtest "test report creation with initial auto-update" => sub {
     is $comment->user->id, $comment_user->id;
     is $comment->external_id, 'auto-internal';
     is $comment->name, 'Glos Council';
+
+    FixMyStreet::Script::Alerts::send();
+    my $email = $mech->get_email;
 };
 
 done_testing;
-- 
cgit v1.2.3


From fc4071d089a61de05bbc88dbd8849fa92fa4b72e Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Fri, 9 Oct 2020 09:57:24 +0100
Subject: do not cache the service worker

As the contents of the service worker vary depending on if the user is
logged in don't cache it.
---
 t/app/controller/offline.t | 1 +
 1 file changed, 1 insertion(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/offline.t b/t/app/controller/offline.t
index 876475264..d48af676f 100644
--- a/t/app/controller/offline.t
+++ b/t/app/controller/offline.t
@@ -54,6 +54,7 @@ FixMyStreet::override_config {
 
 subtest 'service worker' => sub {
     $mech->get_ok('/service-worker.js');
+    is $mech->res->header('Cache-Control'), 'max-age=0', 'service worker is not cached';
     $mech->content_contains('translation_strings');
     $mech->content_contains('offline/fallback');
 };
-- 
cgit v1.2.3


From 19deaf332d2843e3b4337f3e2047bce47e4a7cd1 Mon Sep 17 00:00:00 2001
From: Chris Mytton <chrism@mysociety.org>
Date: Fri, 15 May 2020 17:42:06 +0100
Subject: [Oxfordshire] Add instruct defect functionality back in

In the past Oxfordshire had a way for inspectors to "instruct a defect",
which generated a CSV which got emailed to Oxfordshire with a list of
defects.

They now want to bring this functionality back, but instead of emailing
a CSV they want it to call an API.

As a first step towards that goal, this change adds back some of the
instruct defect functionality that was removed in 68e18ff.
---
 t/app/controller/report_inspect.t | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index c10fe7f94..367327c16 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -246,7 +246,7 @@ FixMyStreet::override_config {
         $user->update;
     };
 
-    subtest "test update is required when instructing" => sub {
+    subtest "test public update is required if include_update is checked" => sub {
         $report->update;
         $report->comments->delete_all;
         $mech->get_ok("/report/$report_id");
@@ -913,6 +913,41 @@ FixMyStreet::override_config {
         $contact2->unset_extra_metadata('assigned_users_only');
         $contact2->update;
     };
+
+    subtest 'instruct defect' => sub {
+        $user->user_body_permissions->create({ body => $oxon, permission_type => 'report_instruct' });
+        $mech->get_ok("/report/$report2_id");
+        $mech->submit_form_ok({ button => 'save', with_fields => {
+            public_update => "This is a public update.", include_update => "1",
+            state => 'action scheduled', raise_defect => 1,
+        } });
+        $report2->discard_changes;
+        is $report2->get_extra_metadata('inspected'), 1, 'report marked as inspected';
+        $mech->get_ok("/report/$report2_id");
+        my $meta = $mech->extract_update_metas;
+        like $meta->[0], qr/State changed to: Action scheduled/, 'First update mentions action scheduled';
+        like $meta->[1], qr/Posted by .*defect raised/, 'Update mentions defect raised';
+        my $log_entry = $report2->inspection_log_entry;
+        is $log_entry->object_id, $report2_id, 'Log entry has correct ID';
+        is $log_entry->object_type, 'problem', 'Log entry has correct type';
+        is $log_entry->action, 'inspected', 'Log entry has correct action';
+    };
+
+    subtest "test update is required when instructing defect" => sub {
+        $report2->unset_extra_metadata('inspected');
+        $report2->update;
+        $report2->inspection_log_entry->delete;
+        $report2->comments->delete_all;
+        $mech->get_ok("/report/$report2_id");
+        $mech->submit_form_ok({ button => 'save', with_fields => {
+            public_update => "", include_update => "0",
+            state => 'action scheduled', raise_defect => 1,
+        } });
+        is_deeply $mech->page_errors, [ "Please provide a public update for this report." ], 'errors match';
+        $report2->discard_changes;
+        is $report2->comments->count, 0, "Update wasn't created";
+        is $report2->get_extra_metadata('inspected'), undef, 'report not marked as inspected';
+    };
 };
 
 done_testing();
-- 
cgit v1.2.3


From 90d23fc7b21f4391aeb92418e212195a18d72d5e Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Tue, 11 Aug 2020 15:46:06 +0100
Subject: [Oxfordshire] Extra questions for raising defect.

---
 t/app/controller/report_inspect.t | 2 ++
 1 file changed, 2 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index 367327c16..d5eaed2c1 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -920,10 +920,12 @@ FixMyStreet::override_config {
         $mech->submit_form_ok({ button => 'save', with_fields => {
             public_update => "This is a public update.", include_update => "1",
             state => 'action scheduled', raise_defect => 1,
+            defect_item_category => 'Kerbing',
         } });
         $report2->discard_changes;
         is $report2->get_extra_metadata('inspected'), 1, 'report marked as inspected';
         $mech->get_ok("/report/$report2_id");
+        $mech->content_like(qr/Defect category<\/dt>\s*<dd>Kerbing/);
         my $meta = $mech->extract_update_metas;
         like $meta->[0], qr/State changed to: Action scheduled/, 'First update mentions action scheduled';
         like $meta->[1], qr/Posted by .*defect raised/, 'Update mentions defect raised';
-- 
cgit v1.2.3


From f4a9c33b3deeab5b17721ff42b54cad6a4713317 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 8 Oct 2020 16:33:24 +0100
Subject: [Oxfordshire] Traffic Management out of base.

---
 t/app/controller/report_inspect.t | 19 +++----------------
 1 file changed, 3 insertions(+), 16 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/report_inspect.t b/t/app/controller/report_inspect.t
index d5eaed2c1..3f267a086 100644
--- a/t/app/controller/report_inspect.t
+++ b/t/app/controller/report_inspect.t
@@ -60,7 +60,6 @@ FixMyStreet::override_config {
         $mech->content_lacks('Save changes');
         $mech->content_lacks('Private');
         $mech->content_lacks('Priority');
-        $mech->content_lacks('Traffic management');
         $mech->content_lacks('Change asset');
         $mech->content_lacks('/admin/report_edit/'.$report_id.'">admin</a>)');
 
@@ -70,7 +69,6 @@ FixMyStreet::override_config {
         $mech->content_contains('Save changes');
         $mech->content_lacks('Change asset');
         $mech->content_lacks('Priority');
-        $mech->content_lacks('Traffic management');
         $mech->content_lacks('/admin/report_edit/'.$report_id.'">admin</a>)');
 
         $user->user_body_permissions->create({ body => $oxon, permission_type => 'report_edit_priority' });
@@ -79,7 +77,6 @@ FixMyStreet::override_config {
         $mech->content_contains('Save changes');
         $mech->content_contains('Priority');
         $mech->content_lacks('Change asset');
-        $mech->content_lacks('Traffic management');
         $mech->content_lacks('/admin/report_edit/'.$report_id.'">admin</a>)');
 
         $user->user_body_permissions->create({ body => $oxon, permission_type => 'report_inspect' });
@@ -87,7 +84,6 @@ FixMyStreet::override_config {
         $mech->content_contains('Save changes');
         $mech->content_contains('Private');
         $mech->content_contains('Priority');
-        $mech->content_contains('Traffic management');
         $mech->content_contains('Change asset');
         $mech->content_lacks('/admin/report_edit/'.$report_id.'">admin</a>)');
     };
@@ -210,14 +206,14 @@ FixMyStreet::override_config {
         $user->user_body_permissions->create({ body => $oxon, permission_type => 'report_inspect' });
 
         $mech->get_ok("/report/$report_id");
-        $mech->submit_form_ok({ button => 'save', with_fields => { traffic_information => 'Yes', state => 'Action scheduled', include_update => undef } });
+        $mech->submit_form_ok({ button => 'save', with_fields => { detailed_information => 'Info', state => 'Action scheduled', include_update => undef } });
         $report->discard_changes;
         my $alert = FixMyStreet::DB->resultset('Alert')->find(
             { user => $user, alert_type => 'new_updates', confirmed => 1, }
         );
 
         is $report->state, 'action scheduled', 'report state changed';
-        is $report->get_extra_metadata('traffic_information'), 'Yes', 'report data changed';
+        is $report->get_extra_metadata('detailed_information'), 'Info', 'report data changed';
         ok defined( $alert ) , 'sign up for alerts';
     };
 
@@ -703,15 +699,6 @@ FixMyStreet::override_config {
         return $perms;
     });
 
-    subtest "Oxfordshire-specific traffic management options are shown" => sub {
-        $report->update({ state => 'confirmed' });
-        $mech->get_ok("/report/$report_id");
-        $mech->submit_form_ok({ button => 'save', with_fields => { traffic_information => 'Signs and Cones', state => 'Action scheduled', include_update => undef } });
-        $report->discard_changes;
-        is $report->state, 'action scheduled', 'report state changed';
-        is $report->get_extra_metadata('traffic_information'), 'Signs and Cones', 'report data changed';
-    };
-
     subtest "admin link present on inspect page on cobrand" => sub {
         my $report_edit_permission = $user->user_body_permissions->create({
             body => $oxon, permission_type => 'report_edit' });
@@ -745,7 +732,6 @@ FixMyStreet::override_config {
           priority => $rp->id,
           include_update => '1',
           detailed_information => 'XXX164XXXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
-          traffic_information => '',
           photo1 => '',
           photo2 => '',
           photo3 => '',
@@ -919,6 +905,7 @@ FixMyStreet::override_config {
         $mech->get_ok("/report/$report2_id");
         $mech->submit_form_ok({ button => 'save', with_fields => {
             public_update => "This is a public update.", include_update => "1",
+            traffic_information => 'Signs and cones',
             state => 'action scheduled', raise_defect => 1,
             defect_item_category => 'Kerbing',
         } });
-- 
cgit v1.2.3


From 3227d1b61693022f6cf0efa790449182efb25784 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 15 Oct 2020 21:57:06 +0100
Subject: Fix issue with unicode in extra in alert emails.

---
 t/app/controller/alert_new.t | 2 ++
 1 file changed, 2 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/alert_new.t b/t/app/controller/alert_new.t
index 31d8c52ed..562b173c8 100644
--- a/t/app/controller/alert_new.t
+++ b/t/app/controller/alert_new.t
@@ -1,3 +1,4 @@
+use utf8;
 use FixMyStreet::TestMech;
 use FixMyStreet::Script::Alerts;
 
@@ -880,6 +881,7 @@ subtest 'check staff updates can include sanitized HTML' => sub {
 
     my $update1 = $mech->create_comment_for_problem($report, $user2, 'Staff User', '<p>This is some update text with <strong>HTML</strong> and *italics*.</p> <ul><li>Even a list</li><li>Which might work</li><li>In the <a href="https://www.fixmystreet.com/">text</a> part</li></ul> <script>not allowed</script>', 't', 'confirmed', undef, { confirmed  => $r_dt->clone->add( minutes => 8 ) });
     $update1->set_extra_metadata(is_body_user => $user2->from_body->id);
+    $update1->set_extra_metadata(something_unicodey => "The cafɇ is here");
     $update1->update;
 
     $mech->create_comment_for_problem($report, $user3, 'Updater User', 'Public users <i>cannot</i> use HTML. <script>not allowed</script>', 't', 'confirmed', undef, { confirmed  => $r_dt->clone->add( minutes => 9 ) });
-- 
cgit v1.2.3


From 9150a5f72725d58055f9b5e60d339a781f9440f1 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Fri, 16 Oct 2020 15:11:50 +0100
Subject: allow bulk removal of staff status from users

Bulk option to remove body, roles and permisions, and disable login in
admin for users.

Fixes mysociety/fixmystreet-commercial#2025
---
 t/app/controller/admin/users.t | 49 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/users.t b/t/app/controller/admin/users.t
index a3bd4a784..6f3971149 100644
--- a/t/app/controller/admin/users.t
+++ b/t/app/controller/admin/users.t
@@ -6,6 +6,8 @@ my $user = $mech->create_user_ok('test@example.com', name => 'Test User');
 my $original_user_id = $user->id; # For log later
 my $user2 = $mech->create_user_ok('test2@example.com', name => 'Test User 2');
 my $user3 = $mech->create_user_ok('test3@example.com', name => 'Test User 3');
+my $user4 = $mech->create_user_ok('test4@example.com', name => 'Test User 4');
+my $user5 = $mech->create_user_ok('test5@example.com', name => 'Test User 5');
 
 my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super User', is_superuser => 1);
 
@@ -13,6 +15,21 @@ my $oxfordshire = $mech->create_body_ok(2237, 'Oxfordshire County Council');
 my $haringey = $mech->create_body_ok(2509, 'Haringey Borough Council');
 my $southend = $mech->create_body_ok(2607, 'Southend-on-Sea Borough Council');
 
+$user4->from_body( $oxfordshire->id );
+$user4->update;
+$user4->user_body_permissions->create( {
+    body => $oxfordshire,
+    permission_type => 'user_edit',
+} );
+$user5->from_body( $oxfordshire->id );
+$user5->update;
+my $occ_role = $user5->roles->create({
+    body => $oxfordshire,
+    name => 'Role A',
+    permissions => ['moderate', 'user_edit'],
+});
+$user5->add_to_roles($occ_role);
+
 $mech->log_in_ok( $superuser->email );
 
 subtest 'search abuse' => sub {
@@ -97,6 +114,38 @@ subtest 'user assign role' => sub {
     is $user->roles->count, 1;
 };
 
+subtest 'remove users from staff' => sub {
+    is $user4->from_body->id, $oxfordshire->id, 'user4 has a body';
+    is $user4->email_verified, 1, 'user4 email is verified';
+    is $user4->user_body_permissions->count, 1, 'user4 has permissions';
+    is $user5->from_body->id, $oxfordshire->id, 'user5 has a body';
+    is $user5->email_verified, 1, 'user5 email is verified';
+    is $user5->user_roles->count, 1, 'user5 has a role';
+
+    $mech->get_ok('/admin/users');
+    $mech->content_contains($user4->email);
+    $mech->content_contains($user5->email);
+
+    $mech->submit_form_ok({ with_fields => { uid => $user4->id, 'remove-staff' => 'remove-staff'} });
+    $mech->content_lacks($user4->email);
+    $mech->content_contains($user5->email);
+    $user4->discard_changes;
+    $user5->discard_changes;
+    is $user4->from_body, undef, 'user4 removed from body';
+    is $user4->email_verified, 0, 'user4 email unverified';
+    is $user4->user_body_permissions->count, 0, 'no user4 permissions';
+    is $user5->from_body->id, $oxfordshire->id, 'user5 has a body';
+    is $user5->email_verified, 1, 'user5 email is verified';
+    is $user5->user_roles->count, 1, 'user5 has a role';
+
+    $mech->submit_form_ok({ with_fields => { uid => $user5->id, 'remove-staff' => 'remove-staff'} });
+    $mech->content_lacks($user5->email);
+    $user5->discard_changes;
+    is $user5->from_body, undef, 'user5 has no body';
+    is $user5->email_verified, 0, 'user5 email unverified';
+    is $user5->user_roles->count, 0, 'no user5 roles';
+};
+
 subtest 'search does not show user from another council' => sub {
     FixMyStreet::override_config {
         ALLOWED_COBRANDS => [ 'oxfordshire' ],
-- 
cgit v1.2.3


From cfda101b3006f12280a41adc4b28ca555b867556 Mon Sep 17 00:00:00 2001
From: Struan Donald <struan@exo.org.uk>
Date: Fri, 23 Oct 2020 14:28:38 +0100
Subject: prevent editing of category names with hardcoded flag

If a category has hardcoded set to 1 in it's extra metadata then prevent
the name being edited in the admin. This is to avoid issues where the
name of the category is used in e.g. layers or other configuration and
changing it breaks things.

Also includes admin interface for setting this that is restricted to
super users only.

Fixes mysociety/fixmystreet-commercial#1992
---
 t/app/controller/admin/bodies.t | 65 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/admin/bodies.t b/t/app/controller/admin/bodies.t
index 542c3f4c0..811ac4362 100644
--- a/t/app/controller/admin/bodies.t
+++ b/t/app/controller/admin/bodies.t
@@ -15,6 +15,10 @@ my $mech = FixMyStreet::TestMech->new;
 my $superuser = $mech->create_user_ok('superuser@example.com', name => 'Super User', is_superuser => 1);
 $mech->log_in_ok( $superuser->email );
 my $body = $mech->create_body_ok(2650, 'Aberdeen City Council');
+my $body2 = $mech->create_body_ok(2237, 'Oxfordshire County Council');
+
+my $user = $mech->create_user_ok('user@example.com', name => 'OCC User', from_body => $body2);
+$user->user_body_permissions->create({ body => $body2, permission_type => 'category_edit' });
 
 # This override is wrapped around ALL the /admin/body tests
 FixMyStreet::override_config {
@@ -117,6 +121,8 @@ subtest 'check contact renaming' => sub {
     $mech->submit_form_ok( { with_fields => { category => 'test category' } } );
 };
 
+
+
 subtest 'check contact updating' => sub {
     $mech->get_ok('/admin/body/' . $body->id . '/test%20category');
     $mech->content_like(qr{test2\@example.com</strong>[^<]*</td>[^<]*<td>unconfirmed}s);
@@ -442,4 +448,63 @@ subtest 'check update disallowed message' => sub {
     };
 };
 
+subtest 'check hardcoded contact renaming' => sub {
+    FixMyStreet::override_config {
+        MAPIT_URL => 'http://mapit.uk/',
+        'ALLOWED_COBRANDS' => [ 'oxfordshire' ],
+    }, sub {
+        my $contact = FixMyStreet::DB->resultset('Contact')->create(
+            {
+                body_id => $body2->id,
+                category => 'protected category',
+                state => 'confirmed',
+                editor => $0,
+                whenedited => \'current_timestamp',
+                note => 'protected contact',
+                email => 'protected@example.org',
+            }
+        );
+        $contact->set_extra_metadata( 'hardcoded', 1 );
+        $contact->update;
+        $mech->get_ok('/admin/body/' . $body2->id .'/protected%20category');
+        $mech->content_contains( 'name="hardcoded"' );
+        $mech->content_like( qr'value="protected category"[^>]*readonly's );
+        $mech->submit_form_ok( { with_fields => { category => 'non protected category', note => 'rename category' } } );
+        $mech->content_contains( 'protected category' );
+        $mech->content_lacks( 'non protected category' );
+        $mech->get('/admin/body/' . $body2->id . '/non%20protected%20category');
+        is $mech->res->code, 404;
+
+        $mech->get_ok('/admin/body/' . $body2->id .'/protected%20category');
+        $mech->submit_form_ok( { with_fields => { hardcoded => 0, note => 'remove hardcoding'  } } );
+        $mech->get_ok('/admin/body/' . $body2->id .'/protected%20category');
+        $mech->content_unlike( qr'value="protected category"[^>]*readonly's );
+        $mech->submit_form_ok( { with_fields => { category => 'non protected category', note => 'rename category'  } } );
+        $mech->content_contains( 'non protected category' );
+        $mech->get_ok('/admin/body/' . $body2->id . '/non%20protected%20category');
+        $mech->get('/admin/body/' . $body2->id . '/protected%20category');
+        is $mech->res->code, 404;
+
+        $contact->discard_changes;
+        $contact->set_extra_metadata( 'hardcoded', 1 );
+        $contact->update;
+
+        $mech->log_out_ok( $superuser->email );
+        $mech->log_in_ok( $user->email );
+        $mech->get_ok('/admin/body/' . $body2->id . '/non%20protected%20category');
+        $mech->content_lacks( 'name="hardcoded"' );
+        $user->update( { is_superuser => 1 } );
+        $mech->get_ok('/admin/body/' . $body2->id . '/non%20protected%20category');
+        $mech->content_contains('name="hardcoded"' );
+        $user->update( { is_superuser => 0 } );
+        $mech->submit_form_ok( { with_fields => { hardcoded => 0, note => 'remove hardcoding'  } } );
+        $mech->content_lacks( 'name="hardcoded"' );
+
+        $contact->discard_changes;
+        is $contact->get_extra_metadata('hardcoded'), 1, "non superuser can't remove hardcoding";
+
+        $mech->log_out_ok( $user->email );
+    };
+};
+
 done_testing();
-- 
cgit v1.2.3


From ce1b3ec61fdaa954c26e55b8ce8cd1ad619b3538 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Mon, 29 Jun 2020 15:00:55 +0100
Subject: [Bromley] Add waste service lookup.

This creates an integration to view bin collection days, and
placeholders for the start of a non-map property-based reporting flow.
---
 t/app/controller/waste.t | 53 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 t/app/controller/waste.t

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
new file mode 100644
index 000000000..77b1ef5bc
--- /dev/null
+++ b/t/app/controller/waste.t
@@ -0,0 +1,53 @@
+use Test::MockModule;
+use FixMyStreet::TestMech;
+
+my $mech = FixMyStreet::TestMech->new;
+
+FixMyStreet::override_config {
+    ALLOWED_COBRANDS => ['bromley', 'fixmystreet'],
+    COBRAND_FEATURES => { echo => { bromley => { sample_data => 1 } }, waste => { bromley => 1 } },
+}, sub {
+    $mech->host('bromley.fixmystreet.com');
+    subtest 'Missing address lookup' => sub {
+        $mech->get_ok('/waste');
+        $mech->submit_form_ok({ with_fields => { postcode => 'BR1 1AA' } });
+        $mech->submit_form_ok({ with_fields => { address => 'missing' } });
+        $mech->content_contains('can’t find your address');
+    };
+    subtest 'Address lookup' => sub {
+        $mech->get_ok('/waste');
+        $mech->submit_form_ok({ with_fields => { postcode => 'BR1 1AA' } });
+        $mech->submit_form_ok({ with_fields => { address => '1000000002' } });
+        $mech->content_contains('2 Example Street');
+        $mech->content_contains('Food Waste');
+    };
+};
+
+package SOAP::Result;
+sub result { return $_[0]->{result}; }
+sub new { my $c = shift; bless { @_ }, $c; }
+
+package main;
+
+FixMyStreet::override_config {
+    ALLOWED_COBRANDS => 'bromley',
+    COBRAND_FEATURES => { echo => { bromley => { url => 'http://example.org' } }, waste => { bromley => 1 } },
+}, sub {
+    subtest 'Address lookup, mocking SOAP call' => sub {
+        my $integ = Test::MockModule->new('SOAP::Lite');
+        $integ->mock(call => sub {
+            return SOAP::Result->new(result => {
+                PointInfo => [
+                    { Description => '1 Example Street', SharedRef => { Value => { anyType => 1000000001 } } },
+                    { Description => '2 Example Street', SharedRef => { Value => { anyType => 1000000002 } } },
+                ],
+            });
+        });
+
+        $mech->get_ok('/waste');
+        $mech->submit_form_ok({ with_fields => { postcode => 'BR1 1AA' } });
+        $mech->content_contains('2 Example Street');
+    };
+};
+
+done_testing;
-- 
cgit v1.2.3


From dbde76a5090e772c806bd189426ee078b9b7e4ba Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Mon, 29 Jun 2020 16:07:52 +0100
Subject: [Bromley] Add waste reporting service.

This creates a non-map property-based reporting flow for reporting
missed collections and requesting new containers. Such reports are
always private, in categories that are hidden from the map filters
and never shown on .com.
---
 t/app/controller/waste.t | 85 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index 77b1ef5bc..454a593a6 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -1,8 +1,35 @@
 use Test::MockModule;
 use FixMyStreet::TestMech;
 
+FixMyStreet::App->log->disable('info');
+END { FixMyStreet::App->log->enable('info'); }
+
 my $mech = FixMyStreet::TestMech->new;
 
+my $body = $mech->create_body_ok(2482, 'Bromley Council');
+my $user = $mech->create_user_ok('test@example.net', name => 'Normal User');
+my $staff_user = $mech->create_user_ok('staff@example.org', from_body => $body, name => 'Staff User');
+$staff_user->user_body_permissions->create({ body => $body, permission_type => 'contribute_as_another_user' });
+$staff_user->user_body_permissions->create({ body => $body, permission_type => 'report_mark_private' });
+
+sub create_contact {
+    my ($params, @extra) = @_;
+    my $contact = $mech->create_contact_ok(body => $body, %$params);
+    $contact->set_extra_metadata(group => ['Waste']);
+    $contact->set_extra_fields(
+        { code => 'uprn', required => 1, automated => 'hidden_field' },
+        { code => 'service_id', required => 0, automated => 'hidden_field' },
+        @extra,
+    );
+    $contact->update;
+}
+
+create_contact({ category => 'Report missed collection', email => 'missed' });
+create_contact({ category => 'Request new container', email => 'request' },
+    { code => 'Quantity', required => 1, automated => 'hidden_field' },
+    { code => 'Container_Type', required => 1, automated => 'hidden_field' },
+);
+
 FixMyStreet::override_config {
     ALLOWED_COBRANDS => ['bromley', 'fixmystreet'],
     COBRAND_FEATURES => { echo => { bromley => { sample_data => 1 } }, waste => { bromley => 1 } },
@@ -21,6 +48,64 @@ FixMyStreet::override_config {
         $mech->content_contains('2 Example Street');
         $mech->content_contains('Food Waste');
     };
+    subtest 'Report a missed bin' => sub {
+        $mech->follow_link_ok({ text => 'Report a missed collection' });
+        $mech->submit_form_ok({ form_number => 2 });
+        $mech->content_contains('Please specify what was missed');
+        $mech->submit_form_ok({ with_fields => { 'service-101' => 1 } });
+        $mech->submit_form_ok({ with_fields => { name => "Test" } });
+        $mech->content_contains('Please enter your full name');
+        $mech->content_contains('Please specify at least one of phone or email');
+        $mech->submit_form_ok({ with_fields => { name => "Test McTest", email => 'test@example.org' } });
+        $mech->content_contains('Refuse collection');
+        $mech->content_contains('Test McTest');
+        $mech->content_contains('test@example.org');
+        $mech->submit_form_ok({ form_number => 3 });
+        $mech->submit_form_ok({ with_fields => { name => "Test McTest", email => $user->email } });
+        $mech->content_contains($user->email);
+        $mech->submit_form_ok({ with_fields => { process => 'summary' } });
+        $mech->content_contains('Your report has been sent');
+
+        is $user->alerts->count, 1;
+    };
+    subtest 'Check report visibility' => sub {
+        my $report = FixMyStreet::DB->resultset("Problem")->first;
+        my $res = $mech->get('/report/' . $report->id);
+        is $res->code, 403;
+        $mech->log_in_ok($user->email);
+        $mech->get_ok('/report/' . $report->id);
+        $mech->log_in_ok($staff_user->email);
+        $mech->get_ok('/report/' . $report->id);
+
+        $mech->host('www.fixmystreet.com');
+        $res = $mech->get('/report/' . $report->id);
+        is $res->code, 404;
+        $mech->log_in_ok($user->email);
+        $res = $mech->get('/report/' . $report->id);
+        is $res->code, 404;
+        $mech->log_in_ok($staff_user->email);
+        $res = $mech->get('/report/' . $report->id);
+        is $res->code, 404;
+        $mech->host('bromley.fixmystreet.com');
+    };
+    subtest 'Request a new container' => sub {
+        $mech->get_ok('/waste/uprn/1000000002/request');
+        $mech->submit_form_ok({ form_number => 2 });
+        $mech->content_contains('Please specify what you need');
+        $mech->submit_form_ok({ with_fields => { 'container-1' => 1 } });
+        $mech->content_contains('Quantity field is required');
+        $mech->submit_form_ok({ with_fields => { 'container-1' => 1, 'quantity-1' => 2 } });
+        $mech->submit_form_ok({ with_fields => { name => "Test McTest", email => $user->email } });
+        $mech->content_contains('Green Box');
+        $mech->content_contains('Test McTest');
+        $mech->content_contains($user->email);
+        $mech->submit_form_ok({ with_fields => { process => 'summary' } });
+        $mech->content_contains('Your request has been sent');
+        my $report = FixMyStreet::DB->resultset("Problem")->search(undef, { order_by => { -desc => 'id' } })->first;
+        is $report->get_extra_field_value('uprn'), 1000000002;
+        is $report->get_extra_field_value('Quantity'), 2;
+        is $report->get_extra_field_value('Container_Type'), 1;
+    };
 };
 
 package SOAP::Result;
-- 
cgit v1.2.3


From 613f45c6514ace275b3a49a5d50f7b83ed536b5f Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Mon, 29 Jun 2020 16:08:54 +0100
Subject: [Bromley] Add general enquiries.

This adds general enquiries to the reporting flow.
---
 t/app/controller/waste.t | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index 454a593a6..bbd0cd00a 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -29,6 +29,8 @@ create_contact({ category => 'Request new container', email => 'request' },
     { code => 'Quantity', required => 1, automated => 'hidden_field' },
     { code => 'Container_Type', required => 1, automated => 'hidden_field' },
 );
+create_contact({ category => 'General enquiry', email => 'general' },
+    { code => 'Notes', description => 'Notes', required => 1, datatype => 'text' });
 
 FixMyStreet::override_config {
     ALLOWED_COBRANDS => ['bromley', 'fixmystreet'],
@@ -106,6 +108,29 @@ FixMyStreet::override_config {
         is $report->get_extra_field_value('Quantity'), 2;
         is $report->get_extra_field_value('Container_Type'), 1;
     };
+    subtest 'General enquiry, bad data' => sub {
+        $mech->get_ok('/waste/uprn/1000000002/enquiry');
+        is $mech->uri->path, '/waste/uprn/1000000002';
+        $mech->get_ok('/waste/uprn/1000000002/enquiry?category=Bad');
+        is $mech->uri->path, '/waste/uprn/1000000002';
+        $mech->get_ok('/waste/uprn/1000000002/enquiry?service=1');
+        is $mech->uri->path, '/waste/uprn/1000000002';
+    };
+    subtest 'General enquiry, on behalf of someone else' => sub {
+        $mech->log_in_ok($staff_user->email);
+        $mech->get_ok('/waste/uprn/1000000002/enquiry?category=General+enquiry&service_id=537');
+        $mech->submit_form_ok({ with_fields => { extra_Notes => 'Some notes' } });
+        $mech->submit_form_ok({ with_fields => { name => "Test McTest", email => $user->email } });
+        $mech->content_contains('Some notes');
+        $mech->content_contains('Test McTest');
+        $mech->content_contains($user->email);
+        $mech->submit_form_ok({ with_fields => { process => 'summary' } });
+        $mech->content_contains('Your enquiry has been sent');
+        my $report = FixMyStreet::DB->resultset("Problem")->search(undef, { order_by => { -desc => 'id' } })->first;
+        is $report->get_extra_field_value('Notes'), 'Some notes';
+        is $report->user->email, $user->email;
+        is $report->get_extra_metadata('contributed_by'), $staff_user->id;
+    };
 };
 
 package SOAP::Result;
-- 
cgit v1.2.3


From bc19b9e00f3d59a2f0694f2fcc3aab54fef35e9e Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Mon, 19 Oct 2020 11:05:04 +0100
Subject: [Bromley] ICal generation.

---
 t/app/controller/waste.t | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index bbd0cd00a..9bc03e169 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -116,6 +116,18 @@ FixMyStreet::override_config {
         $mech->get_ok('/waste/uprn/1000000002/enquiry?service=1');
         is $mech->uri->path, '/waste/uprn/1000000002';
     };
+    subtest 'Checking calendar' => sub {
+        $mech->follow_link_ok({ text => 'Add to your calendar (.ics file)' });
+        $mech->content_contains('BEGIN:VCALENDAR');
+        my @events = split /BEGIN:VEVENT/, $mech->encoded_content;
+        shift @events; # Header
+        my $i = 0;
+        foreach (@events) {
+            $i++ if /DTSTART;VALUE=DATE:20200701/ && /SUMMARY:Refuse collection/;
+            $i++ if /DTSTART;VALUE=DATE:20200708/ && /SUMMARY:Paper & Cardboard/;
+        }
+        is $i, 2, 'Two events from the sample data in the calendar';
+    };
     subtest 'General enquiry, on behalf of someone else' => sub {
         $mech->log_in_ok($staff_user->email);
         $mech->get_ok('/waste/uprn/1000000002/enquiry?category=General+enquiry&service_id=537');
-- 
cgit v1.2.3


From 6337ebfd91a87eaf5efa077c5f9a9eff286c1f76 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Mon, 15 Jun 2020 21:02:37 +0100
Subject: [Bromley] Report missed bin within 2 working days.

---
 t/app/controller/waste.t | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index 9bc03e169..85536981b 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -1,9 +1,15 @@
+use utf8;
 use Test::MockModule;
+use Test::MockTime qw(:all);
 use FixMyStreet::TestMech;
 
 FixMyStreet::App->log->disable('info');
 END { FixMyStreet::App->log->enable('info'); }
 
+# Mock fetching bank holidays
+my $uk = Test::MockModule->new('FixMyStreet::Cobrand::UK');
+$uk->mock('_fetch_url', sub { '{}' });
+
 my $mech = FixMyStreet::TestMech->new;
 
 my $body = $mech->create_body_ok(2482, 'Bromley Council');
@@ -44,6 +50,7 @@ FixMyStreet::override_config {
         $mech->content_contains('can’t find your address');
     };
     subtest 'Address lookup' => sub {
+        set_fixed_time('2020-05-28T17:00:00Z'); # After sample data collection
         $mech->get_ok('/waste');
         $mech->submit_form_ok({ with_fields => { postcode => 'BR1 1AA' } });
         $mech->submit_form_ok({ with_fields => { address => '1000000002' } });
@@ -51,7 +58,15 @@ FixMyStreet::override_config {
         $mech->content_contains('Food Waste');
     };
     subtest 'Report a missed bin' => sub {
+        $mech->content_contains('service-101', 'Can report, last collection was 27th');
+        $mech->content_contains('service-537', 'Can report, last collection was 27th');
+        $mech->content_lacks('service-535', 'Cannot report, last collection was 20th');
+        $mech->content_lacks('service-542', 'Cannot report, last collection was 18th');
         $mech->follow_link_ok({ text => 'Report a missed collection' });
+        $mech->content_contains('service-101', 'Checkbox, last collection was 27th');
+        $mech->content_contains('service-537', 'Checkbox, last collection was 27th');
+        $mech->content_lacks('service-535', 'No checkbox, last collection was 20th');
+        $mech->content_lacks('service-542', 'No checkbox, last collection was 18th');
         $mech->submit_form_ok({ form_number => 2 });
         $mech->content_contains('Please specify what was missed');
         $mech->submit_form_ok({ with_fields => { 'service-101' => 1 } });
-- 
cgit v1.2.3


From ac82484fb2e2acc95012d8ba0894b1165743b8ea Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Wed, 17 Jun 2020 16:57:01 +0100
Subject: [Bromley] Send sent confirmation for waste reports

---
 t/app/controller/waste.t | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index 85536981b..9c7b9a3ac 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -2,6 +2,7 @@ use utf8;
 use Test::MockModule;
 use Test::MockTime qw(:all);
 use FixMyStreet::TestMech;
+use FixMyStreet::Script::Reports;
 
 FixMyStreet::App->log->disable('info');
 END { FixMyStreet::App->log->enable('info'); }
@@ -30,17 +31,18 @@ sub create_contact {
     $contact->update;
 }
 
-create_contact({ category => 'Report missed collection', email => 'missed' });
-create_contact({ category => 'Request new container', email => 'request' },
+create_contact({ category => 'Report missed collection', email => 'missed@example.org' });
+create_contact({ category => 'Request new container', email => 'request@example.org' },
     { code => 'Quantity', required => 1, automated => 'hidden_field' },
     { code => 'Container_Type', required => 1, automated => 'hidden_field' },
 );
-create_contact({ category => 'General enquiry', email => 'general' },
+create_contact({ category => 'General enquiry', email => 'general@example.org' },
     { code => 'Notes', description => 'Notes', required => 1, datatype => 'text' });
 
 FixMyStreet::override_config {
     ALLOWED_COBRANDS => ['bromley', 'fixmystreet'],
     COBRAND_FEATURES => { echo => { bromley => { sample_data => 1 } }, waste => { bromley => 1 } },
+    MAPIT_URL => 'http://mapit.uk/',
 }, sub {
     $mech->host('bromley.fixmystreet.com');
     subtest 'Missing address lookup' => sub {
@@ -82,6 +84,12 @@ FixMyStreet::override_config {
         $mech->content_contains($user->email);
         $mech->submit_form_ok({ with_fields => { process => 'summary' } });
         $mech->content_contains('Your report has been sent');
+        FixMyStreet::Script::Reports::send();
+        my @emails = $mech->get_email;
+        is $emails[0]->header('To'), '"Bromley Council" <missed@example.org>';
+        is $emails[1]->header('To'), $user->email;
+        my $body = $mech->get_text_body_from_email($emails[1]);
+        like $body, qr/Your report to Bromley Council has been logged/;
 
         is $user->alerts->count, 1;
     };
-- 
cgit v1.2.3


From b2735e814c73fe76c8526563b7c5473281938833 Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Thu, 18 Jun 2020 13:43:49 +0100
Subject: [Bromley] No updates on waste reports.

---
 t/app/controller/waste.t | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index 9c7b9a3ac..fe1b369d9 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -99,8 +99,12 @@ FixMyStreet::override_config {
         is $res->code, 403;
         $mech->log_in_ok($user->email);
         $mech->get_ok('/report/' . $report->id);
+        $mech->content_lacks('Provide an update');
+        $report->update({ state => 'fixed - council' });
         $mech->log_in_ok($staff_user->email);
         $mech->get_ok('/report/' . $report->id);
+        $mech->content_lacks('Provide an update');
+        $mech->content_contains( '<a href="/waste/uprn/1000000002">See your bin collections</a>' );
 
         $mech->host('www.fixmystreet.com');
         $res = $mech->get('/report/' . $report->id);
-- 
cgit v1.2.3


From d90e1157ee31c374248da0db42b70456c37ddd5b Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Fri, 19 Jun 2020 14:56:07 +0100
Subject: [Bromley] Look for open events.

---
 t/app/controller/waste.t | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index fe1b369d9..aac898da9 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -59,6 +59,9 @@ FixMyStreet::override_config {
         $mech->content_contains('2 Example Street');
         $mech->content_contains('Food Waste');
     };
+    subtest 'Thing already requested' => sub {
+        $mech->content_contains('A food waste collection has been reported as missed');
+    };
     subtest 'Report a missed bin' => sub {
         $mech->content_contains('service-101', 'Can report, last collection was 27th');
         $mech->content_contains('service-537', 'Can report, last collection was 27th');
@@ -135,6 +138,10 @@ FixMyStreet::override_config {
         is $report->get_extra_field_value('Quantity'), 2;
         is $report->get_extra_field_value('Container_Type'), 1;
     };
+    subtest 'Thing already requested' => sub {
+        $mech->get_ok('/waste/uprn/1000000002');
+        $mech->content_contains('A new paper &amp; cardboard container request has been made');
+    };
     subtest 'General enquiry, bad data' => sub {
         $mech->get_ok('/waste/uprn/1000000002/enquiry');
         is $mech->uri->path, '/waste/uprn/1000000002';
-- 
cgit v1.2.3


From 1a90fc2428eeca48347c8dc31f00ca6053e772bf Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew@mysociety.org>
Date: Tue, 28 Jul 2020 14:23:04 +0100
Subject: [Bromley] Check service unit as well as property.

If someone else in a block of flats has reported a missed collection,
others in the same service unit should not be able to report also.

Fixes https://github.com/mysociety/fixmystreet-commercial/issues/1945
---
 t/app/controller/waste.t | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index aac898da9..c86802631 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -61,15 +61,16 @@ FixMyStreet::override_config {
     };
     subtest 'Thing already requested' => sub {
         $mech->content_contains('A food waste collection has been reported as missed');
+        $mech->content_contains('A paper &amp; cardboard collection has been reported as missed'); # as part of service unit, not property
     };
     subtest 'Report a missed bin' => sub {
         $mech->content_contains('service-101', 'Can report, last collection was 27th');
-        $mech->content_contains('service-537', 'Can report, last collection was 27th');
+        $mech->content_lacks('service-537', 'Cannot report, last collection was 27th but the service unit has a report');
         $mech->content_lacks('service-535', 'Cannot report, last collection was 20th');
         $mech->content_lacks('service-542', 'Cannot report, last collection was 18th');
         $mech->follow_link_ok({ text => 'Report a missed collection' });
         $mech->content_contains('service-101', 'Checkbox, last collection was 27th');
-        $mech->content_contains('service-537', 'Checkbox, last collection was 27th');
+        $mech->content_lacks('service-537', 'No checkbox, last collection was 27th but the service unit has a report');
         $mech->content_lacks('service-535', 'No checkbox, last collection was 20th');
         $mech->content_lacks('service-542', 'No checkbox, last collection was 18th');
         $mech->submit_form_ok({ form_number => 2 });
-- 
cgit v1.2.3


From 0b97468330ab7146f16dfe4060a63d28ce445fa6 Mon Sep 17 00:00:00 2001
From: M Somerville <matthew-github@dracos.co.uk>
Date: Thu, 12 Nov 2020 11:48:24 +0000
Subject: [Bromley] Use property ID, rather than UPRN.

---
 t/app/controller/waste.t | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

(limited to 't/app/controller')

diff --git a/t/app/controller/waste.t b/t/app/controller/waste.t
index c86802631..748904995 100644
--- a/t/app/controller/waste.t
+++ b/t/app/controller/waste.t
@@ -25,6 +25,7 @@ sub create_contact {
     $contact->set_extra_metadata(group => ['Waste']);
     $contact->set_extra_fields(
         { code => 'uprn', required => 1, automated => 'hidden_field' },
+        { code => 'property_id', required => 1, automated => 'hidden_field' },
         { code => 'service_id', required => 0, automated => 'hidden_field' },
         @extra,
     );
@@ -55,7 +56,7 @@ FixMyStreet::override_config {
         set_fixed_time('2020-05-28T17:00:00Z'); # After sample data collection
         $mech->get_ok('/waste');
         $mech->submit_form_ok({ with_fields => { postcode => 'BR1 1AA' } });
-        $mech->submit_form_ok({ with_fields => { address => '1000000002' } });
+        $mech->submit_form_ok({ with_fields => { address => '12345' } });
         $mech->content_contains('2 Example Street');
         $mech->content_contains('Food Waste');
     };
@@ -108,7 +109,7 @@ FixMyStreet::override_config {
         $mech->log_in_ok($staff_user->email);
         $mech->get_ok('/report/' . $report->id);
         $mech->content_lacks('Provide an update');
-        $mech->content_contains( '<a href="/waste/uprn/1000000002">See your bin collections</a>' );
+        $mech->content_contains( '<a href="/waste/12345">See your bin collections</a>' );
 
         $mech->host('www.fixmystreet.com');
         $res = $mech->get('/report/' . $report->id);
@@ -122,7 +123,7 @@ FixMyStreet::override_config {
         $mech->host('bromley.fixmystreet.com');
     };
     subtest 'Request a new container' => sub {
-        $mech->get_ok('/waste/uprn/1000000002/request');
+        $mech->get_ok('/waste/12345/request');
         $mech->submit_form_ok({ form_number => 2 });
         $mech->content_contains('Please specify what you need');
         $mech->submit_form_ok({ with_fields => { 'container-1' => 1 } });
@@ -140,16 +141,16 @@ FixMyStreet::override_config {
         is $report->get_extra_field_value('Container_Type'), 1;
     };
     subtest 'Thing already requested' => sub {
-        $mech->get_ok('/waste/uprn/1000000002');
+        $mech->get_ok('/waste/12345');
         $mech->content_contains('A new paper &amp; cardboard container request has been made');
     };
     subtest 'General enquiry, bad data' => sub {
-        $mech->get_ok('/waste/uprn/1000000002/enquiry');
-        is $mech->uri->path, '/waste/uprn/1000000002';
-        $mech->get_ok('/waste/uprn/1000000002/enquiry?category=Bad');
-        is $mech->uri->path, '/waste/uprn/1000000002';
-        $mech->get_ok('/waste/uprn/1000000002/enquiry?service=1');
-        is $mech->uri->path, '/waste/uprn/1000000002';
+        $mech->get_ok('/waste/12345/enquiry');
+        is $mech->uri->path, '/waste/12345';
+        $mech->get_ok('/waste/12345/enquiry?category=Bad');
+        is $mech->uri->path, '/waste/12345';
+        $mech->get_ok('/waste/12345/enquiry?service=1');
+        is $mech->uri->path, '/waste/12345';
     };
     subtest 'Checking calendar' => sub {
         $mech->follow_link_ok({ text => 'Add to your calendar (.ics file)' });
@@ -165,7 +166,7 @@ FixMyStreet::override_config {
     };
     subtest 'General enquiry, on behalf of someone else' => sub {
         $mech->log_in_ok($staff_user->email);
-        $mech->get_ok('/waste/uprn/1000000002/enquiry?category=General+enquiry&service_id=537');
+        $mech->get_ok('/waste/12345/enquiry?category=General+enquiry&service_id=537');
         $mech->submit_form_ok({ with_fields => { extra_Notes => 'Some notes' } });
         $mech->submit_form_ok({ with_fields => { name => "Test McTest", email => $user->email } });
         $mech->content_contains('Some notes');
@@ -195,8 +196,8 @@ FixMyStreet::override_config {
         $integ->mock(call => sub {
             return SOAP::Result->new(result => {
                 PointInfo => [
-                    { Description => '1 Example Street', SharedRef => { Value => { anyType => 1000000001 } } },
-                    { Description => '2 Example Street', SharedRef => { Value => { anyType => 1000000002 } } },
+                    { Description => '1 Example Street', Id => '11345', SharedRef => { Value => { anyType => 1000000001 } } },
+                    { Description => '2 Example Street', Id => '12345', SharedRef => { Value => { anyType => 1000000002 } } },
                 ],
             });
         });
-- 
cgit v1.2.3