paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-04 22:13:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Limit cross-realm private messages to zulip.com users

Browse Source 
Cross-realm private messages are only used to respond to support
requests. So now cross-realm private messages are only allowed if
exactly two realms are in the private message and one of them is
zulip.com.

(imported from commit f01a2824e214682acb22a6995714a9d1b0d0c66f)
This commit is contained in:
Jason Michalski
2014-01-14 03:25:04 -05:00
committed by Tim Abbott
parent b1cf9c3e25
commit 60f878b45e
2 changed files with 130 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
zerver/lib/actions.py
View File

@@ -420,15 +420,26 @@ def create_stream_if_needed(realm, stream_name, invite_only=False):
def recipient_for_emails(emails, not_forged_mirror_message, def recipient_for_emails(emails, not_forged_mirror_message,
user_profile, sender): user_profile, sender):
recipient_profile_ids = set() recipient_profile_ids = set()
realm_domains = set()
realm_domains.add(sender.realm.domain)
for email in emails: for email in emails:
try: try:
recipient_profile_ids.add(get_user_profile_by_email(email).id) user_profile = get_user_profile_by_email(email)
except UserProfile.DoesNotExist: except UserProfile.DoesNotExist:
raise ValidationError("Invalid email '%s'" % (email,)) raise ValidationError("Invalid email '%s'" % (email,))
recipient_profile_ids.add(user_profile.id)
realm_domains.add(user_profile.realm.domain)
if not_forged_mirror_message and user_profile.id not in recipient_profile_ids: if not_forged_mirror_message and user_profile.id not in recipient_profile_ids:
raise ValidationError("User not authorized for this query") raise ValidationError("User not authorized for this query")
# Prevent cross realm private messages unless it is between only two realms
# and one of the realms is zulip.com.
if len(realm_domains) == 2 and 'zulip.com' not in realm_domains:
raise ValidationError("You can't send private messages outside of your organization.")
if len(realm_domains) > 2:
raise ValidationError("You can't send private messages outside of your organization.")
# If the private message is just between the sender and # If the private message is just between the sender and
# another person, force it to be a personal internally # another person, force it to be a personal internally
if (len(recipient_profile_ids) == 2 if (len(recipient_profile_ids) == 2

120
zerver/tests.py
View File

@@ -417,14 +417,15 @@ class AuthedTestCase(TestCase):
recipient__type = Recipient.STREAM) recipient__type = Recipient.STREAM)
return [get_display_recipient(sub.recipient) for sub in subs] return [get_display_recipient(sub.recipient) for sub in subs]
def send_message(self, sender_name, recipient_name, message_type, def send_message(self, sender_name, recipient_list, message_type,
content="test content", subject="test", **kwargs): content="test content", subject="test", **kwargs):
sender = get_user_profile_by_email(sender_name) sender = get_user_profile_by_email(sender_name)
if message_type == Recipient.PERSONAL: if message_type == Recipient.PERSONAL:
message_type_name = "private" message_type_name = "private"
else: else:
message_type_name = "stream" message_type_name = "stream"
recipient_list = [recipient_name] # Doesn't work for group PMs. if isinstance(recipient_list, basestring):
recipient_list = [recipient_list]
(sending_client, _) = Client.objects.get_or_create(name="test suite") (sending_client, _) = Client.objects.get_or_create(name="test suite")
return check_send_message( return check_send_message(
@@ -613,6 +614,121 @@ class StreamAdminTest(AuthedTestCase):
result = self.client.post('/json/rename_stream?old_name=stream_name1&new_name=stream_name2') result = self.client.post('/json/rename_stream?old_name=stream_name1&new_name=stream_name2')
self.assert_json_error(result, 'Must be a realm administrator') self.assert_json_error(result, 'Must be a realm administrator')
class TestCrossRealmPMs(AuthedTestCase):
def create_user(self, email):
username, domain = email.split('@')
self.register(username, 'test', domain=domain)
return get_user_profile_by_email(email)
def test_same_realm(self):
"""Users on the same realm can PM each other"""
r1 = Realm.objects.create(domain='1.example.com')
deployment = Deployment.objects.filter()[0]
deployment.realms.add(r1)
user1_email = 'user1@1.example.com'
user1 = self.create_user(user1_email)
user2_email = 'user2@1.example.com'
user2 = self.create_user(user2_email)
self.send_message(user1_email, user2_email, Recipient.PERSONAL)
messages = get_user_messages(user2)
self.assertEqual(len(messages), 1)
self.assertEquals(messages[0].sender.pk, user1.pk)
def test_diffrent_realms(self):
"""Users on the different realms can not PM each other"""
r1 = Realm.objects.create(domain='1.example.com')
r2 = Realm.objects.create(domain='2.example.com')
deployment = Deployment.objects.filter()[0]
deployment.realms.add(r1)
deployment.realms.add(r2)
user1_email = 'user1@1.example.com'
self.create_user(user1_email)
user2_email = 'user2@2.example.com'
self.create_user(user2_email)
with self.assertRaisesRegexp(JsonableError,
'You can\'t send private messages outside of your organization.'):
self.send_message(user1_email, user2_email, Recipient.PERSONAL)
def test_three_diffrent_realms(self):
"""Users on three different realms can not PM each other"""
r1 = Realm.objects.create(domain='1.example.com')
r2 = Realm.objects.create(domain='2.example.com')
r3 = Realm.objects.create(domain='3.example.com')
deployment = Deployment.objects.filter()[0]
deployment.realms.add(r1)
deployment.realms.add(r2)
deployment.realms.add(r3)
user1_email = 'user1@1.example.com'
self.create_user(user1_email)
user2_email = 'user2@2.example.com'
self.create_user(user2_email)
user3_email = 'user3@2.example.com'
self.create_user(user3_email)
with self.assertRaisesRegexp(JsonableError,
'You can\'t send private messages outside of your organization.'):
self.send_message(user1_email, [user2_email, user3_email], Recipient.PERSONAL)
def test_from_zulip_realm(self):
"""Users in the zulip.com realm can PM any realm"""
r1 = Realm.objects.create(domain='1.example.com')
deployment = Deployment.objects.filter()[0]
deployment.realms.add(r1)
user1_email = 'user1@zulip.com'
user1 = self.create_user(user1_email)
user2_email = 'user2@1.example.com'
user2 = self.create_user(user2_email)
self.send_message(user1_email, user2_email, Recipient.PERSONAL)
messages = get_user_messages(user2)
self.assertEqual(len(messages), 1)
self.assertEquals(messages[0].sender.pk, user1.pk)
def test_to_zulip_realm(self):
"""All users can PM users in the zulip.com realm"""
r1 = Realm.objects.create(domain='1.example.com')
deployment = Deployment.objects.filter()[0]
deployment.realms.add(r1)
user1_email = 'user1@1.example.com'
user1 = self.create_user(user1_email)
user2_email = 'user2@zulip.com'
user2 = self.create_user(user2_email)
self.send_message(user1_email, user2_email, Recipient.PERSONAL)
messages = get_user_messages(user2)
self.assertEqual(len(messages), 1)
self.assertEquals(messages[0].sender.pk, user1.pk)
def test_zulip_realm_can_not_join_realms(self):
"""Adding a zulip.com user to a PM will not let you cross realms"""
r1 = Realm.objects.create(domain='1.example.com')
r2 = Realm.objects.create(domain='2.example.com')
deployment = Deployment.objects.filter()[0]
deployment.realms.add(r1)
deployment.realms.add(r2)
user1_email = 'user1@1.example.com'
self.create_user(user1_email)
user2_email = 'user2@2.example.com'
self.create_user(user2_email)
user3_email = 'user3@zulip.com'
self.create_user(user3_email)
with self.assertRaisesRegexp(JsonableError,
'You can\'t send private messages outside of your organization.'):
self.send_message(user1_email, [user2_email, user3_email],
Recipient.PERSONAL)
class PermissionTest(TestCase): class PermissionTest(TestCase):
def test_get_admin_users(self): def test_get_admin_users(self):
user_profile = get_user_profile_by_email('hamlet@zulip.com') user_profile = get_user_profile_by_email('hamlet@zulip.com')