paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 21:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

create_preregistration_user: Add additional hardening assertion.

Browse Source 
TestMaybeSendToRegistration needs tweaking here, because it wasn't
setting the subdomain for the dummy request, so
maybe_send_to_registration was actually running with realm=None, which
is not right for these tests.

Also, test_sso_only_when_preregistration_user_exists was creating
PreregistrationUser without setting the realm, which was also incorrect.
This commit is contained in:
Mateusz Mandera
2022-01-27 23:32:49 +01:00
committed by Alex Vandiver
parent 7b795b6338
commit 3c5ea830a9
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
zerver/tests/test_auth_backends.py
View File

@@ -6599,7 +6599,7 @@ class TestRequireEmailFormatUsernames(ZulipTestCase):
class TestMaybeSendToRegistration(ZulipTestCase): class TestMaybeSendToRegistration(ZulipTestCase):
def test_sso_only_when_preregistration_user_does_not_exist(self) -> None: def test_sso_only_when_preregistration_user_does_not_exist(self) -> None:
rf = RequestFactory() rf = RequestFactory(HTTP_HOST=Realm.host_for_subdomain("zulip"))
request = rf.get("/") request = rf.get("/")
request.session = {} request.session = {}
request.user = None request.user = None
@@ -6629,11 +6629,13 @@ class TestMaybeSendToRegistration(ZulipTestCase):
self.assert_in_response(f'value="{confirmation_key}" name="key"', result) self.assert_in_response(f'value="{confirmation_key}" name="key"', result)
def test_sso_only_when_preregistration_user_exists(self) -> None: def test_sso_only_when_preregistration_user_exists(self) -> None:
rf = RequestFactory() rf = RequestFactory(HTTP_HOST=Realm.host_for_subdomain("zulip"))
request = rf.get("/") request = rf.get("/")
request.session = {} request.session = {}
request.user = None request.user = None
realm = get_realm("zulip")
# Creating a mock Django form in order to keep the test simple. # Creating a mock Django form in order to keep the test simple.
# This form will be returned by the create_homepage_form function # This form will be returned by the create_homepage_form function
# and will always be valid so that the code that we want to test # and will always be valid so that the code that we want to test
@@ -6643,7 +6645,7 @@ class TestMaybeSendToRegistration(ZulipTestCase):
return True return True
email = self.example_email("hamlet") email = self.example_email("hamlet")
user = PreregistrationUser(email=email) user = PreregistrationUser(email=email, realm=realm)
user.save() user.save()
create_confirmation_link(user, Confirmation.USER_REGISTRATION) create_confirmation_link(user, Confirmation.USER_REGISTRATION)

1
zerver/views/auth.py
View File

@@ -121,6 +121,7 @@ def create_preregistration_user(
full_name_validated: bool = False, full_name_validated: bool = False,
) -> PreregistrationUser: ) -> PreregistrationUser:
assert not (realm_creation and realm is not None) assert not (realm_creation and realm is not None)
assert not (realm is None and not realm_creation)
return PreregistrationUser.objects.create( return PreregistrationUser.objects.create(
email=email, email=email,