Merge pull request #630 from cisagov/rjm/516-security-email

Add test to 516 to check for logging in user who does not have domain role

src/registrar/config/urls.py

@@ -84,7 +84,7 @@ urlpatterns = [
         name="domain-nameservers",
     ),
     path(
-        "domain/<int:pk>/securityemail",
+        "domain/<int:pk>/security-email",
         views.DomainSecurityEmailView.as_view(),
         name="domain-security-email",
     ),

src/registrar/tests/test_views.py

@@ -1095,6 +1095,12 @@ class TestDomainPermissions(TestWithDomainPermissions):
             )
         self.assertEqual(response.status_code, 403)
 
+        with less_console_noise():
+            response = self.client.get(
+                reverse("domain-security-email", kwargs={"pk": self.domain.id})
+            )
+        self.assertEqual(response.status_code, 403)
+
 
 class TestDomainDetail(TestWithDomainPermissions, WebTest):
     def setUp(self):

src/registrar/views/domain.py

@@ -130,7 +130,7 @@ class DomainSecurityEmailView(DomainPermission, FormMixin, DetailView):
         """The form is valid, call setter in model."""
 
         # Set the security email from the form
-        new_email = form.cleaned_data["security_email"]
+        new_email = form.cleaned_data.get("security_email", "")
         domain = self.get_object()
         domain.set_security_email(new_email)
 

src/zap.conf

@@ -52,7 +52,7 @@
 10038	OUTOFSCOPE	http://app:8080/users
 10038	OUTOFSCOPE	http://app:8080/users/add
 10038	OUTOFSCOPE	http://app:8080/nameservers
-10038	OUTOFSCOPE	http://app:8080/securityemail
+10038	OUTOFSCOPE	http://app:8080/security-email
 10038	OUTOFSCOPE	http://app:8080/delete
 10038	OUTOFSCOPE	http://app:8080/withdraw 
 10038	OUTOFSCOPE	http://app:8080/withdrawconfirmed