auth: Only automatically redirect for same domain redirects.

If the `deactivated_redirect` belongs to the same domain as `EXTERNAL_HOST`, automatically redirect, otherwise just point user to the new URL.
2025-11-04 05:53:43 +00:00 · 2025-06-18 19:38:48 +05:30
parent ba32e732c7
commit 9b15dce1b2
6 changed files with 71 additions and 19 deletions
--- a/zerver/lib/subdomains.py
+++ b/zerver/lib/subdomains.py
@@ -22,22 +22,27 @@ def get_subdomain(request: HttpRequest) -> str:
    # compatibility with older versions of Zulip, so that's a start.

    host = request.get_host().lower()
-    return get_subdomain_from_hostname(host)
+    subdomain = get_subdomain_from_hostname(host)
+    assert subdomain is not None
+    return subdomain


-def get_subdomain_from_hostname(host: str) -> str:
+def get_subdomain_from_hostname(
+    host: str, default_subdomain: str | None = Realm.SUBDOMAIN_FOR_ROOT_DOMAIN
+) -> str | None:
+    # Set `default_subdomain` as None to check if a valid subdomain was found.
    m = re.search(rf"\.{settings.EXTERNAL_HOST}(:\d+)?$", host)
    if m:
        subdomain = host[: m.start()]
        if subdomain in settings.ROOT_SUBDOMAIN_ALIASES:
-            return Realm.SUBDOMAIN_FOR_ROOT_DOMAIN
+            return default_subdomain
        return subdomain

    for subdomain, realm_host in settings.REALM_HOSTS.items():
        if re.search(rf"^{realm_host}(:\d+)?$", host):
            return subdomain

-    return Realm.SUBDOMAIN_FOR_ROOT_DOMAIN
+    return default_subdomain


 def is_subdomain_root_or_alias(request: HttpRequest) -> bool: