[PM-31787] Users can access the sends after the limit was reached (#6958)

* fix file type send increment behavior * fix text send access increment behavior * fix & update tests * cleanup unused service * fix broken test constructor expecting unused service
2026-02-24 00:23:05 +00:00 · 2026-02-10 07:57:43 -07:00
parent e5cf9dff2e
commit bc94934808
5 changed files with 547 additions and 24 deletions
--- a/src/Api/Tools/Controllers/SendsController.cs
+++ b/src/Api/Tools/Controllers/SendsController.cs
@@ -240,6 +240,11 @@ public class SendsController : Controller
            throw new BadRequestException("Could not locate send");
        }

+        if (!INonAnonymousSendCommand.SendCanBeAccessed(send))
+        {
+            throw new NotFoundException();
+        }
+
        var sendResponse = new SendAccessResponseModel(send);
        if (send.UserId.HasValue && !send.HideEmail.GetValueOrDefault())
        {
@@ -247,9 +252,19 @@ public class SendsController : Controller
            sendResponse.CreatorIdentifier = creator.Email;
        }

-        send.AccessCount++;
-        await _sendRepository.ReplaceAsync(send);
-        await _pushNotificationService.PushSyncSendUpdateAsync(send);
+        /*
+         * AccessCount is incremented differently for File and Text Send types:
+         * - Text Sends are incremented at every access
+         * - File Sends are incremented only when the file is downloaded
+         *
+         * Note that this endpoint is initially called for all Send types
+         */
+        if (send.Type == SendType.Text)
+        {
+            send.AccessCount++;
+            await _sendRepository.ReplaceAsync(send);
+            await _pushNotificationService.PushSyncSendUpdateAsync(send);
+        }

        return new ObjectResult(sendResponse);
    }
@@ -267,11 +282,12 @@ public class SendsController : Controller
            throw new BadRequestException("Could not locate send");
        }

-        var url = await _sendFileStorageService.GetSendFileDownloadUrlAsync(send, fileId);
+        var (url, result) = await _nonAnonymousSendCommand.GetSendFileDownloadUrlAsync(send, fileId);

-        send.AccessCount++;
-        await _sendRepository.ReplaceAsync(send);
-        await _pushNotificationService.PushSyncSendUpdateAsync(send);
+        if (result.Equals(SendAccessResult.Denied))
+        {
+            throw new NotFoundException();
+        }

        return new ObjectResult(new SendFileDownloadDataResponseModel() { Id = fileId, Url = url });
    }