[PM-31483] adding guard for when email verification FF is disabled (#6927)

* [PM-31483] adding guard for when email verification FF is disabled * [PM-31483] removing need for client fallback endpoint * [PM-31483] fixing test after main merge * [PM-31483] changing error when email protected send should not be allowed to be viewed
2026-03-01 10:51:26 +00:00 · 2026-02-12 13:58:44 -08:00
parent cde8ceca31
commit 94f7266feb
3 changed files with 77 additions and 11 deletions
--- a/src/Api/Tools/Controllers/SendsController.cs
+++ b/src/Api/Tools/Controllers/SendsController.cs
@@ -82,11 +82,9 @@ public class SendsController : Controller
            throw new BadRequestException("Could not locate send");
        }

-        /* This guard can be removed once feature flag is retired*/
-        var sendEmailOtpEnabled = _featureService.IsEnabled(FeatureFlagKeys.SendEmailOTP);
-        if (sendEmailOtpEnabled && send.AuthType == AuthType.Email && send.Emails is not null)
+        if (send.AuthType == AuthType.Email && send.Emails is not null)
        {
-            return new UnauthorizedResult();
+            throw new NotFoundException();
        }

        var sendAuthResult =
@@ -137,11 +135,9 @@ public class SendsController : Controller
            throw new BadRequestException("Could not locate send");
        }

-        /* This guard can be removed once feature flag is retired*/
-        var sendEmailOtpEnabled = _featureService.IsEnabled(FeatureFlagKeys.SendEmailOTP);
-        if (sendEmailOtpEnabled && send.AuthType == AuthType.Email && send.Emails is not null)
+        if (send.AuthType == AuthType.Email && send.Emails is not null)
        {
-            return new UnauthorizedResult();
+            throw new NotFoundException();
        }

        var (url, result) = await _anonymousSendCommand.GetSendFileDownloadUrlAsync(send, fileId,
@@ -229,7 +225,6 @@ public class SendsController : Controller
    }

    [Authorize(Policy = Policies.Send)]
-    // [RequireFeature(FeatureFlagKeys.SendEmailOTP)]  /* Uncomment once client fallback re-try logic is added */
    [HttpPost("access/")]
    public async Task<IActionResult> AccessUsingAuth()
    {
@@ -240,6 +235,13 @@ public class SendsController : Controller
            throw new BadRequestException("Could not locate send");
        }

+        /* This guard can be removed once feature flag is retired*/
+        var sendEmailOtpEnabled = _featureService.IsEnabled(FeatureFlagKeys.SendEmailOTP);
+        if (!sendEmailOtpEnabled && send.AuthType == AuthType.Email && send.Emails is not null)
+        {
+            throw new NotFoundException();
+        }
+
        if (!INonAnonymousSendCommand.SendCanBeAccessed(send))
        {
            throw new NotFoundException();
@@ -270,7 +272,6 @@ public class SendsController : Controller
    }

    [Authorize(Policy = Policies.Send)]
-    // [RequireFeature(FeatureFlagKeys.SendEmailOTP)]  /* Uncomment once client fallback re-try logic is added */
    [HttpPost("access/file/{fileId}")]
    public async Task<IActionResult> GetSendFileDownloadDataUsingAuth(string fileId)
    {
@@ -282,6 +283,13 @@ public class SendsController : Controller
            throw new BadRequestException("Could not locate send");
        }

+        /* This guard can be removed once feature flag is retired*/
+        var sendEmailOtpEnabled = _featureService.IsEnabled(FeatureFlagKeys.SendEmailOTP);
+        if (!sendEmailOtpEnabled && send.AuthType == AuthType.Email && send.Emails is not null)
+        {
+            throw new NotFoundException();
+        }
+
        var (url, result) = await _nonAnonymousSendCommand.GetSendFileDownloadUrlAsync(send, fileId);

        if (result.Equals(SendAccessResult.Denied))