Skip to content

Feat/auto emails #949

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: dev
Choose a base branch
from
Open

Feat/auto emails #949

wants to merge 7 commits into from
+458 −137

Conversation

@janekhuong
Copy link
Contributor

@janekhuong janekhuong commented Oct 21, 2025
edited
Loading

Tickets:

  • HAC-

List of changes:

  • Added backend functionality for sending batch decision emails

Type of change

  • New feature (non-breaking change which adds functionality)

How has this been tested?

Create test hackers with valid email addresses. In staff dashboard, change their statuses to accepted/declined. Click "Send Emails" button, choose to send acceptance or declined emails, and then confirm.

Questions for code reviewers?

  • Middleware.Auth.ensureAuthorized() calls in emails.js is failing; commented out for now but will figure it out

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • My changes generate no new warnings
  • Listed change(s) in the Changelog
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • I have made corresponding changes to the documentation
  • Any dependent changes have been merged and published in downstream modules

joshuazhou744
joshuazhou744 reviewed Nov 7, 2025
View reviewed changes
routes/api/emails.js
*/
automatedEmailRouter.route("/automated/status/:status/count").get(
Middleware.Auth.ensureAuthenticated(),
// Middleware.Auth.ensureAuthorized(),
Copy link

@joshuazhou744 joshuazhou744 Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the future we can include the handling for the :status parameter for ensureAuthorized in auth.service.js. i'm assuming since it's commented out, currently any hacker can send batch emails using the API bc there's no check to see if api/email/automated/... route is included in the executing user's role.

Copy link
Contributor

@tektaxi tektaxi Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we test this? log in as a hacker and try to execute the route in the console. we definitely need to have validation there

Copy link
Contributor

@tektaxi tektaxi Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can add permissions for this route to the staff role in the database, and then it should be fine. @janekhuong did you try that? do you need help figuring that out?

joshuazhou744
joshuazhou744 approved these changes Nov 7, 2025
View reviewed changes
Copy link

@joshuazhou744 joshuazhou744 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, I also tested it once locally. Only thing is there's no user validation for who can use this route (api/email/...)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tektaxi tektaxi tektaxi left review comments

@joshuazhou744 joshuazhou744 joshuazhou744 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@janekhuong @tektaxi @joshuazhou744