paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 04:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

create_preregistration_user: Add additional hardening assertion.

Browse Source 
TestMaybeSendToRegistration needs tweaking here, because it wasn't
setting the subdomain for the dummy request, so
maybe_send_to_registration was actually running with realm=None, which
is not right for these tests.

Also, test_sso_only_when_preregistration_user_exists was creating
PreregistrationUser without setting the realm, which was also incorrect.
This commit is contained in:
Mateusz Mandera
2022-01-27 23:32:49 +01:00
committed by Alex Vandiver
parent 0c227217b2
commit c93cef91e8
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
zerver/tests/test_auth_backends.py
View File

@@ -5932,7 +5932,7 @@ class TestRequireEmailFormatUsernames(ZulipTestCase):
class TestMaybeSendToRegistration(ZulipTestCase): class TestMaybeSendToRegistration(ZulipTestCase):
def test_sso_only_when_preregistration_user_does_not_exist(self) -> None: def test_sso_only_when_preregistration_user_does_not_exist(self) -> None:
rf = RequestFactory() rf = RequestFactory(HTTP_HOST=Realm.host_for_subdomain("zulip"))
request = rf.get("/") request = rf.get("/")
request.session = {} request.session = {}
request.user = None request.user = None
@@ -5961,11 +5961,13 @@ class TestMaybeSendToRegistration(ZulipTestCase):
self.assert_in_response(f'value="{confirmation_key}" name="key"', result) self.assert_in_response(f'value="{confirmation_key}" name="key"', result)
def test_sso_only_when_preregistration_user_exists(self) -> None: def test_sso_only_when_preregistration_user_exists(self) -> None:
rf = RequestFactory() rf = RequestFactory(HTTP_HOST=Realm.host_for_subdomain("zulip"))
request = rf.get("/") request = rf.get("/")
request.session = {} request.session = {}
request.user = None request.user = None
realm = get_realm("zulip")
# Creating a mock Django form in order to keep the test simple. # Creating a mock Django form in order to keep the test simple.
# This form will be returned by the create_hompage_form function # This form will be returned by the create_hompage_form function
# and will always be valid so that the code that we want to test # and will always be valid so that the code that we want to test
@@ -5975,7 +5977,7 @@ class TestMaybeSendToRegistration(ZulipTestCase):
return True return True
email = self.example_email("hamlet") email = self.example_email("hamlet")
user = PreregistrationUser(email=email) user = PreregistrationUser(email=email, realm=realm)
user.save() user.save()
with mock.patch("zerver.views.auth.HomepageForm", return_value=Form()): with mock.patch("zerver.views.auth.HomepageForm", return_value=Form()):

1
zerver/views/auth.py
View File

@@ -98,6 +98,7 @@ def create_preregistration_user(
full_name_validated: bool = False, full_name_validated: bool = False,
) -> PreregistrationUser: ) -> PreregistrationUser:
assert not (realm_creation and realm is not None) assert not (realm_creation and realm is not None)
assert not (realm is None and not realm_creation)
return PreregistrationUser.objects.create( return PreregistrationUser.objects.create(
email=email, email=email,