paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-10 17:07:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth: Use HTTP status 404 for invalid realms.

Browse Source 
Apparently, our invalid realm error page had HTTP status 200, which
could be confusing and in particular broken our mobile app's error
handling for this case.
This commit is contained in:
Tim Abbott
2019-03-11 17:56:52 -07:00
parent d75d2c9974
commit 983e24a7f5
4 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
zerver/middleware.py
View File

@@ -373,7 +373,7 @@ class SessionHostDomainMiddleware(SessionMiddleware):
if subdomain != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN: if subdomain != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN:
realm = get_realm(subdomain) realm = get_realm(subdomain)
if (realm is None): if (realm is None):
return render(request, "zerver/invalid_realm.html") return render(request, "zerver/invalid_realm.html", status=404)
""" """
If request.session was modified, or if the configuration is to save the If request.session was modified, or if the configuration is to save the
session every time, save the changes and set a session cookie or delete session every time, save the changes and set a session cookie or delete

10
zerver/tests/test_auth_backends.py
View File

@@ -592,8 +592,9 @@ class SocialAuthBase(ZulipTestCase):
account_data_dict = self.get_account_data_dict(email=self.email, name=self.name) account_data_dict = self.get_account_data_dict(email=self.email, name=self.name)
result = self.social_auth_test(account_data_dict, result = self.social_auth_test(account_data_dict,
subdomain='nonexistent') subdomain='nonexistent')
self.assert_in_success_response(["There is no Zulip organization hosted at this subdomain."], self.assert_in_response("There is no Zulip organization hosted at this subdomain.",
result) result)
self.assertEqual(result.status_code, 404)
def test_user_cannot_log_into_wrong_subdomain(self) -> None: def test_user_cannot_log_into_wrong_subdomain(self) -> None:
account_data_dict = self.get_account_data_dict(email=self.email, name=self.name) account_data_dict = self.get_account_data_dict(email=self.email, name=self.name)
@@ -1261,8 +1262,9 @@ class GoogleSubdomainLoginTest(GoogleOAuthTest):
account_response = ResponseMock(200, account_data) account_response = ResponseMock(200, account_data)
result = self.google_oauth2_test(token_response, account_response, result = self.google_oauth2_test(token_response, account_response,
subdomain='nonexistent') subdomain='nonexistent')
self.assert_in_success_response(["There is no Zulip organization hosted at this subdomain."], self.assert_in_response("There is no Zulip organization hosted at this subdomain.",
result) result)
self.assertEqual(result.status_code, 404)
def test_user_cannot_log_into_wrong_subdomain(self) -> None: def test_user_cannot_log_into_wrong_subdomain(self) -> None:
token_response = ResponseMock(200, {'access_token': "unique_token"}) token_response = ResponseMock(200, {'access_token': "unique_token"})

3
zerver/tests/test_docs.py
View File

@@ -355,7 +355,8 @@ class PlansPageTest(ZulipTestCase):
self.assert_in_success_response(["Sign up now"], result) self.assert_in_success_response(["Sign up now"], result)
# Test non-existant domain # Test non-existant domain
result = self.client_get("/plans/", subdomain="moo") result = self.client_get("/plans/", subdomain="moo")
self.assert_in_success_response(["does not exist"], result) self.assertEqual(result.status_code, 404)
self.assert_in_response("does not exist", result)
# Test valid domain, no login # Test valid domain, no login
realm = get_realm("zulip") realm = get_realm("zulip")
realm.plan_type = Realm.STANDARD_FREE realm.plan_type = Realm.STANDARD_FREE

8
zerver/tests/test_signup.py
View File

@@ -320,9 +320,9 @@ class PasswordResetTest(ZulipTestCase):
subdomain="invalid") subdomain="invalid")
# check the redirect link telling you to check mail for password reset link # check the redirect link telling you to check mail for password reset link
self.assertEqual(result.status_code, 200) self.assertEqual(result.status_code, 404)
self.assert_in_success_response(["There is no Zulip organization hosted at this subdomain."], self.assert_in_response("There is no Zulip organization hosted at this subdomain.",
result) result)
from django.core.mail import outbox from django.core.mail import outbox
self.assertEqual(len(outbox), 0) self.assertEqual(len(outbox), 0)
@@ -440,7 +440,7 @@ class LoginTest(ZulipTestCase):
def test_login_invalid_subdomain(self) -> None: def test_login_invalid_subdomain(self) -> None:
result = self.login_with_return(self.example_email("hamlet"), "xxx", result = self.login_with_return(self.example_email("hamlet"), "xxx",
subdomain="invalid") subdomain="invalid")
self.assertEqual(result.status_code, 200) self.assertEqual(result.status_code, 404)
self.assert_in_response("There is no Zulip organization hosted at this subdomain.", result) self.assert_in_response("There is no Zulip organization hosted at this subdomain.", result)
self.assertIsNone(get_session_dict_user(self.client.session)) self.assertIsNone(get_session_dict_user(self.client.session))