paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 04:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth: Redirect password reset page to /accounts/go when required.

Browse Source
This commit is contained in:
Vishnu KS
2021-08-19 13:25:54 +05:30
committed by Tim Abbott
parent b29b6f6526
commit d11d454206
2 changed files with 82 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
zerver/tests/test_signup.py
View File

@@ -426,6 +426,81 @@ class PasswordResetTest(ZulipTestCase):
# make sure old password no longer works # make sure old password no longer works
self.assert_login_failure(email, password=old_password) self.assert_login_failure(email, password=old_password)
@patch("django.http.HttpRequest.get_host")
def test_password_reset_page_redirects_for_root_alias_when_root_domain_landing_page_is_enabled(
self, mock_get_host: MagicMock
) -> None:
mock_get_host.return_value = "alias.testserver"
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True, ROOT_SUBDOMAIN_ALIASES=["alias"]):
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 302)
self.assertEqual(result.url, "/accounts/go/?next=%2Faccounts%2Fpassword%2Freset%2F")
mock_get_host.return_value = "www.testserver"
with self.settings(
ROOT_DOMAIN_LANDING_PAGE=True,
):
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 302)
self.assertEqual(result.url, "/accounts/go/?next=%2Faccounts%2Fpassword%2Freset%2F")
@patch("django.http.HttpRequest.get_host")
def test_password_reset_page_redirects_for_root_domain_when_root_domain_landing_page_is_enabled(
self, mock_get_host: MagicMock
) -> None:
mock_get_host.return_value = "testserver"
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True):
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 302)
self.assertEqual(result.url, "/accounts/go/?next=%2Faccounts%2Fpassword%2Freset%2F")
mock_get_host.return_value = "www.testserver.com"
with self.settings(
ROOT_DOMAIN_LANDING_PAGE=True,
EXTERNAL_HOST="www.testserver.com",
):
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 302)
self.assertEqual(result.url, "/accounts/go/?next=%2Faccounts%2Fpassword%2Freset%2F")
@patch("django.http.HttpRequest.get_host")
def test_password_reset_page_works_for_root_alias_when_root_domain_landing_page_is_not_enabled(
self, mock_get_host: MagicMock
) -> None:
mock_get_host.return_value = "alias.testserver"
with self.settings(ROOT_SUBDOMAIN_ALIASES=["alias"]):
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 200)
mock_get_host.return_value = "www.testserver"
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 200)
@patch("django.http.HttpRequest.get_host")
def test_password_reset_page_works_for_root_domain_when_root_domain_landing_page_is_not_enabled(
self, mock_get_host: MagicMock
) -> None:
mock_get_host.return_value = "testserver"
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 200)
mock_get_host.return_value = "www.testserver.com"
with self.settings(EXTERNAL_HOST="www.testserver.com", ROOT_SUBDOMAIN_ALIASES=[]):
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 200)
@patch("django.http.HttpRequest.get_host")
def test_password_reset_page_works_always_for_subdomains(
self, mock_get_host: MagicMock
) -> None:
mock_get_host.return_value = "lear.testserver"
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True):
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 200)
result = self.client_get("/accounts/password/reset/")
self.assertEqual(result.status_code, 200)
def test_password_reset_for_non_existent_user(self) -> None: def test_password_reset_for_non_existent_user(self) -> None:
email = "nonexisting@mars.com" email = "nonexisting@mars.com"

7
zerver/views/auth.py
View File

@@ -3,6 +3,7 @@ import secrets
import urllib import urllib
from functools import wraps from functools import wraps
from typing import Any, Dict, List, Mapping, Optional, cast from typing import Any, Dict, List, Mapping, Optional, cast
from urllib.parse import urlencode
import jwt import jwt
from cryptography.hazmat.primitives.ciphers.aead import AESGCM from cryptography.hazmat.primitives.ciphers.aead import AESGCM
@@ -959,6 +960,12 @@ def logout_then_login(request: HttpRequest, **kwargs: Any) -> HttpResponse:
def password_reset(request: HttpRequest) -> HttpResponse: def password_reset(request: HttpRequest) -> HttpResponse:
if is_subdomain_root_or_alias(request) and settings.ROOT_DOMAIN_LANDING_PAGE:
redirect_url = add_query_to_redirect_url(
reverse("realm_redirect"), urlencode({"next": reverse("password_reset")})
)
return HttpResponseRedirect(redirect_url)
response = DjangoPasswordResetView.as_view( response = DjangoPasswordResetView.as_view(
template_name="zerver/reset.html", template_name="zerver/reset.html",
form_class=ZulipPasswordResetForm, form_class=ZulipPasswordResetForm,