presence api: Use email to look up presence.

We don't want to use delivery_email to look up presence on email-restricted realms.
2025-11-03 05:23:35 +00:00 · 2020-03-18 14:19:03 +00:00
parent 5cfdfbe6b1
commit d71111f3dc
3 changed files with 23 additions and 11 deletions
--- a/zerver/models.py
+++ b/zerver/models.py
@@ -2189,14 +2189,6 @@ def get_user(email: str, realm: Realm) -> UserProfile:
    """
    return UserProfile.objects.select_related().get(email__iexact=email.strip(), realm=realm)

-def get_active_user_by_delivery_email(email: str, realm: Realm) -> UserProfile:
-    """Variant of get_user_by_delivery_email that excludes deactivated users.
-    See get_user_by_delivery_email docstring for important usage notes."""
-    user_profile = get_user_by_delivery_email(email, realm)
-    if not user_profile.is_active:
-        raise UserProfile.DoesNotExist()
-    return user_profile
-
 def get_active_user(email: str, realm: Realm) -> UserProfile:
    """Variant of get_user_by_email that excludes deactivated users.
    See get_user docstring for important usage notes."""
--- a/zerver/tests/test_presence.py
+++ b/zerver/tests/test_presence.py
@@ -357,6 +357,26 @@ class UserPresenceTests(ZulipTestCase):
            self.assertEqual(email_to_domain(email), 'zulip.com')

 class SingleUserPresenceTests(ZulipTestCase):
+    def test_email_access(self) -> None:
+        user = self.example_user('hamlet')
+        self.login_user(user)
+
+        other_user = self.example_user('othello')
+        other_user.email = 'email@zulip.com'
+        other_user.delivery_email = 'delivery_email@zulip.com'
+        other_user.save()
+
+        # Note that we don't leak any info on delivery emails.
+        result = self.client_get('/json/users/delivery_email@zulip.com/presence')
+        self.assert_json_error(result, 'No such user')
+
+        result = self.client_get('/json/users/not_even_in_realm@zulip.com/presence')
+        self.assert_json_error(result, 'No such user')
+
+        # For a known email, we may simply complain about lack of presence info.
+        result = self.client_get("/json/users/email@zulip.com/presence")
+        self.assert_json_error(result, 'No presence data for email@zulip.com')
+
    def test_single_user_get(self) -> None:

        # First, we setup the test with some data
--- a/zerver/views/presence.py
+++ b/zerver/views/presence.py
@@ -21,7 +21,7 @@ from zerver.lib.response import json_success, json_error
 from zerver.lib.timestamp import datetime_to_timestamp
 from zerver.lib.validator import check_bool, check_capped_string
 from zerver.models import UserActivity, UserPresence, UserProfile, \
-    get_active_user_by_delivery_email
+    get_active_user

 def get_presence_backend(request: HttpRequest, user_profile: UserProfile,
                         email: str) -> HttpResponse:
@@ -29,7 +29,7 @@ def get_presence_backend(request: HttpRequest, user_profile: UserProfile,
    # bots and other clients.  We may want to add slim_presence
    # support for it (or just migrate its API wholesale) later.
    try:
-        target = get_active_user_by_delivery_email(email, user_profile.realm)
+        target = get_active_user(email, user_profile.realm)
    except UserProfile.DoesNotExist:
        return json_error(_('No such user'))
    if target.is_bot:
@@ -37,7 +37,7 @@ def get_presence_backend(request: HttpRequest, user_profile: UserProfile,

    presence_dict = get_presence_for_user(target.id)
    if len(presence_dict) == 0:
-        return json_error(_('No presence data for %s') % (target.email,))
+        return json_error(_('No presence data for %s') % (email,))

    # For initial version, we just include the status and timestamp keys
    result = dict(presence=presence_dict[target.email])