From fc232759fb08204c0f4ab2ac8000d190446bdc72 Mon Sep 17 00:00:00 2001 From: lebaudantoine Date: Sat, 3 Aug 2024 23:14:01 +0200 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8(backend)=20support=20email=20anonymiz?= =?UTF-8?q?ation=20on=20user?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a new property 'email_anonymized' to the User model, to allow tracking a user's email without any personal data. In fact, we're dealing with professional data, thus it shouldn't be subject to the GDPR, however I prefer taking extra care when working with potentially first and last names. --- src/backend/core/models.py | 7 +++++++ src/backend/core/tests/test_models_users.py | 9 +++++++++ 2 files changed, 16 insertions(+) diff --git a/src/backend/core/models.py b/src/backend/core/models.py index 332af8f8..c0515edc 100644 --- a/src/backend/core/models.py +++ b/src/backend/core/models.py @@ -163,6 +163,13 @@ class User(AbstractBaseUser, BaseModel, auth_models.PermissionsMixin): """ return [] + @property + def email_anonymized(self): + """Anonymize the email address by replacing the local part with asterisks.""" + if not self.email: + return "" + return f"***@{self.email.split('@')[1]}" + class Resource(BaseModel): """Model to define access control""" diff --git a/src/backend/core/tests/test_models_users.py b/src/backend/core/tests/test_models_users.py index edea5bb9..8e313b8b 100644 --- a/src/backend/core/tests/test_models_users.py +++ b/src/backend/core/tests/test_models_users.py @@ -44,3 +44,12 @@ def test_models_users_send_mail_main_missing(): user.email_user("my subject", "my message") assert str(excinfo.value) == "User has no email address." + + +def test_models_users_email_anonymized(): + """The user's email should be anonymized if it exists.""" + user = factories.UserFactory(email="john.doe@world.com") + assert user.email_anonymized == "***@world.com" + + user = factories.UserFactory(email=None) + assert user.email_anonymized == ""