From c93cef91e8193472889b3b557d865be60ecfc97c Mon Sep 17 00:00:00 2001
From: Mateusz Mandera <mateusz.mandera@zulip.com>
Date: Thu, 27 Jan 2022 23:32:49 +0100
Subject: [PATCH] create_preregistration_user: Add additional hardening
 assertion.

TestMaybeSendToRegistration needs tweaking here, because it wasn't
setting the subdomain for the dummy request, so
maybe_send_to_registration was actually running with realm=None, which
is not right for these tests.

Also, test_sso_only_when_preregistration_user_exists was creating
PreregistrationUser without setting the realm, which was also incorrect.
---
 zerver/tests/test_auth_backends.py | 8 +++++---
 zerver/views/auth.py               | 1 +
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/zerver/tests/test_auth_backends.py b/zerver/tests/test_auth_backends.py
index 694f09bb8f..f464ef1e17 100644
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -5932,7 +5932,7 @@ class TestRequireEmailFormatUsernames(ZulipTestCase):
 
 class TestMaybeSendToRegistration(ZulipTestCase):
     def test_sso_only_when_preregistration_user_does_not_exist(self) -> None:
-        rf = RequestFactory()
+        rf = RequestFactory(HTTP_HOST=Realm.host_for_subdomain("zulip"))
         request = rf.get("/")
         request.session = {}
         request.user = None
@@ -5961,11 +5961,13 @@ class TestMaybeSendToRegistration(ZulipTestCase):
         self.assert_in_response(f'value="{confirmation_key}" name="key"', result)
 
     def test_sso_only_when_preregistration_user_exists(self) -> None:
-        rf = RequestFactory()
+        rf = RequestFactory(HTTP_HOST=Realm.host_for_subdomain("zulip"))
         request = rf.get("/")
         request.session = {}
         request.user = None
 
+        realm = get_realm("zulip")
+
         # Creating a mock Django form in order to keep the test simple.
         # This form will be returned by the create_hompage_form function
         # and will always be valid so that the code that we want to test
@@ -5975,7 +5977,7 @@ class TestMaybeSendToRegistration(ZulipTestCase):
                 return True
 
         email = self.example_email("hamlet")
-        user = PreregistrationUser(email=email)
+        user = PreregistrationUser(email=email, realm=realm)
         user.save()
 
         with mock.patch("zerver.views.auth.HomepageForm", return_value=Form()):
diff --git a/zerver/views/auth.py b/zerver/views/auth.py
index d749fe92b7..c2a672bc02 100644
--- a/zerver/views/auth.py
+++ b/zerver/views/auth.py
@@ -98,6 +98,7 @@ def create_preregistration_user(
     full_name_validated: bool = False,
 ) -> PreregistrationUser:
     assert not (realm_creation and realm is not None)
+    assert not (realm is None and not realm_creation)
 
     return PreregistrationUser.objects.create(
         email=email,