Update registration to check new live field

landonshumway-ia · landonshumway-ia · commit 58a5925daaaf · 2025-06-26T14:31:33.000-07:00
diff --git a/backend/compact-connect/lambdas/python/provider-data-v1/handlers/provider_users.py b/backend/compact-connect/lambdas/python/provider-data-v1/handlers/provider_users.py
@@ -351,14 +351,34 @@ def _post_provider_email_verify(event: dict, context: LambdaContext):  # noqa: A
         new_email = provider_data.pendingEmailAddress
 
         # Update email in Cognito
-        config.cognito_client.admin_update_user_attributes(
-            UserPoolId=config.provider_user_pool_id,
-            Username=current_email,  # Current username (email)
-            UserAttributes=[
-                {'Name': 'email', 'Value': new_email},
-                {'Name': 'email_verified', 'Value': 'true'},
-            ],
-        )
+        try:
+            config.cognito_client.admin_update_user_attributes(
+                UserPoolId=config.provider_user_pool_id,
+                Username=current_email,  # Current username (email)
+                UserAttributes=[
+                    {'Name': 'email', 'Value': new_email},
+                    {'Name': 'email_verified', 'Value': 'true'},
+                ],
+            )
+        except ClientError as e:
+            if e.response['Error']['Code'] == 'AliasExistsException':
+                # Another user was created with this email between verification start and finish
+                logger.warning(
+                    'Email address became unavailable during verification process',
+                    compact=compact,
+                    provider_id=provider_id,
+                    new_email=new_email,
+                )
+                # Clear the verification data since the email is no longer available
+                config.data_client.clear_provider_email_verification_data(
+                    compact=compact,
+                    provider_id=provider_id,
+                )
+                raise CCInvalidRequestException(
+                    'Email address is no longer available. Please try again with a different email address.'
+                ) from e
+            # Re-raise other Cognito errors
+            raise
 
         # Update the provider record with new email and clear verification data
         config.data_client.complete_provider_email_update(
diff --git a/backend/compact-connect/lambdas/python/provider-data-v1/tests/function/test_handlers/test_provider_users_email.py b/backend/compact-connect/lambdas/python/provider-data-v1/tests/function/test_handlers/test_provider_users_email.py
@@ -507,3 +507,58 @@ def test_endpoint_calls_email_service_client_with_change_notification(self, mock
         mock_email_service_client.send_provider_email_change_notification.assert_called_once_with(
             compact=DEFAULT_COMPACT, old_email_address=TEST_OLD_EMAIL, new_email_address=TEST_NEW_EMAIL
         )
+
+    @patch('cc_common.config._Config.email_service_client')
+    def test_endpoint_returns_400_if_new_email_becomes_unavailable_during_verification(self, mock_email_service_client):
+        from cc_common.data_model.schema.provider import ProviderData
+        from handlers.provider_users import provider_users_api_handler
+
+        # First create the old email user in Cognito so we can update it
+        self.config.cognito_client.admin_create_user(
+            UserPoolId=self.config.provider_user_pool_id,
+            Username=TEST_OLD_EMAIL,
+            UserAttributes=[
+                {'Name': 'email', 'Value': TEST_OLD_EMAIL},
+                {'Name': 'email_verified', 'Value': 'true'},
+                {'Name': 'custom:compact', 'Value': DEFAULT_COMPACT},
+                {'Name': 'custom:providerId', 'Value': DEFAULT_PROVIDER_ID},
+            ],
+            MessageAction='SUPPRESS',
+        )
+
+        # Create another user with the new email address to simulate it becoming unavailable
+        # This simulates someone else registering with this email between verification start and finish
+        self.config.cognito_client.admin_create_user(
+            UserPoolId=self.config.provider_user_pool_id,
+            Username=TEST_NEW_EMAIL,
+            UserAttributes=[
+                {'Name': 'email', 'Value': TEST_NEW_EMAIL},
+                {'Name': 'email_verified', 'Value': 'true'},
+            ],
+            MessageAction='SUPPRESS',
+        )
+
+        event = self._when_testing_provider_user_event_with_custom_claims()
+
+        resp = provider_users_api_handler(event, self.mock_context)
+
+        self.assertEqual(400, resp['statusCode'])
+        resp_body = json.loads(resp['body'])
+        self.assertEqual(
+            'Email address is no longer available. Please try again with a different email address.',
+            resp_body['message'],
+        )
+
+        # Verify pending fields were cleared from the provider record
+        test_provider_record = self.test_data_generator.generate_default_provider()
+        stored_provider_data = ProviderData.from_database_record(
+            self.test_data_generator.load_provider_data_record_from_database(test_provider_record)
+        )
+
+        # Pending fields should be cleared
+        self.assertIsNone(stored_provider_data.pendingEmailAddress)
+        self.assertIsNone(stored_provider_data.emailVerificationCode)
+        self.assertIsNone(stored_provider_data.emailVerificationExpiry)
+
+        # Original email should remain unchanged
+        self.assertEqual(TEST_OLD_EMAIL, stored_provider_data.compactConnectRegisteredEmailAddress)
