auth: Handle the case of invalid subdomain at various points.

Fixes #16770.
2025-11-03 05:23:35 +00:00 · 2020-12-13 00:51:06 +05:30
parent 6c888977a6
commit 6f0e8a9888
2 changed files with 23 additions and 6 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -3175,6 +3175,16 @@ class JSONFetchAPIKeyTest(ZulipTestCase):
                                  dict(password="wrong"))
        self.assert_json_error(result, "Your username or password is incorrect.", 400)

+    def test_invalid_subdomain(self) -> None:
+        username = 'hamlet'
+        user = self.example_user(username)
+        self.login_user(user)
+        with mock.patch("zerver.views.auth.get_realm_from_request", return_value=None):
+            result = self.client_post("/json/fetch_api_key",
+                                      dict(username=username,
+                                           password=initial_password(user.delivery_email)))
+        self.assert_json_error(result, "Invalid subdomain", 400)
+
 class FetchAPIKeyTest(ZulipTestCase):
    def setUp(self) -> None:
        super().setUp()
@@ -3281,6 +3291,13 @@ class DevFetchAPIKeyTest(ZulipTestCase):
                                      dict(username=self.email))
            self.assert_json_error_contains(result, "DevAuthBackend not enabled.", 400)

+    def test_invalid_subdomain(self) -> None:
+        with mock.patch("zerver.views.auth.get_realm_from_request", return_value=None):
+            result = self.client_post("/api/v1/dev_fetch_api_key",
+                                      dict(username=self.email,
+                                           password=initial_password(self.email)))
+            self.assert_json_error_contains(result, "Invalid subdomain", 400)
+
 class DevGetEmailsTest(ZulipTestCase):
    def test_success(self) -> None:
        result = self.client_get("/api/v1/dev_list_users")