From e6f460f511e68796393c4581a40f4c4d17fe84c7 Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Wed, 22 Nov 2017 11:05:53 -0800
Subject: [PATCH] auth: Replace user_email_is_unique validator.

As we migrate to allow reuse of the same email with multiple realms,
we need to replace the old "no email reuse" validators.  Because
stealing the email for a system bot would be problematic, we still ban
doing so.

This commit only affects the realm creation logic, not registering an
account in an existing realm.
---
 zerver/forms.py              |  5 +++--
 zerver/lib/actions.py        | 10 +++-------
 zerver/tests/test_signup.py  | 12 ++++++++----
 zerver/views/registration.py |  8 +-------
 4 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/zerver/forms.py b/zerver/forms.py
index a2a023b2ad..af8d61af8e 100644
--- a/zerver/forms.py
+++ b/zerver/forms.py
@@ -17,7 +17,7 @@ from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.http import HttpRequest
 from jinja2 import Markup as mark_safe
 
-from zerver.lib.actions import do_change_password, user_email_is_unique, \
+from zerver.lib.actions import do_change_password, email_not_system_bot, \
     validate_email_for_realm
 from zerver.lib.name_restrictions import is_reserved_subdomain, is_disposable_domain
 from zerver.lib.request import JsonableError
@@ -173,7 +173,8 @@ def email_is_not_disposable(email):
 
 class RealmCreationForm(forms.Form):
     # This form determines whether users can create a new realm.
-    email = forms.EmailField(validators=[user_email_is_unique, email_is_not_disposable])
+    email = forms.EmailField(validators=[email_not_system_bot,
+                                         email_is_not_disposable])
 
 class LoggingSetPasswordForm(SetPasswordForm):
     def save(self, commit=True):
diff --git a/zerver/lib/actions.py b/zerver/lib/actions.py
index 663021cc76..9e58de03d4 100644
--- a/zerver/lib/actions.py
+++ b/zerver/lib/actions.py
@@ -3916,13 +3916,9 @@ def do_send_confirmation_email(invitee, referrer, body):
     send_email('zerver/emails/invitation', to_email=invitee.email, from_name=from_name,
                from_address=FromAddress.NOREPLY, context=context)
 
-def user_email_is_unique(email):
-    # type: (Text) -> None
-    try:
-        get_user_profile_by_email(email)
-        raise ValidationError('%s already has an account' % (email,))
-    except UserProfile.DoesNotExist:
-        pass
+def email_not_system_bot(email: Text) -> None:
+    if email.lower() in settings.CROSS_REALM_BOT_EMAILS:
+        raise ValidationError('%s is an email address reserved for system bots' % (email,))
 
 def validate_email_for_realm(target_realm, email):
     # type: (Optional[Realm], Text) -> None
diff --git a/zerver/tests/test_signup.py b/zerver/tests/test_signup.py
index d346b8c861..a2e6173529 100644
--- a/zerver/tests/test_signup.py
+++ b/zerver/tests/test_signup.py
@@ -1214,14 +1214,18 @@ class RealmCreationTest(ZulipTestCase):
 
     def test_create_realm_existing_email(self) -> None:
         """
-        Trying to create a realm with an existing email should just redirect to
-        a login page.
+        Trying to create a realm with an existing email should succeed.
         """
         with self.settings(OPEN_REALM_CREATION=True):
             email = self.example_email("hamlet")
             result = self.client_post('/create_realm/', {'email': email})
-            self.assertEqual(result.status_code, 302)
-            self.assertIn('login', result['Location'])
+            result = self.client_get(result["Location"])
+            self.assert_in_response("Check your email so we can get started.", result)
+
+    def test_create_realm_as_system_bot(self) -> None:
+        result = self.client_post('/create_realm/', {'email': 'notification-bot@zulip.com'})
+        self.assertEqual(result.status_code, 200)
+        self.assert_in_response('notification-bot@zulip.com is an email address reserved', result)
 
     def test_create_realm_no_creation_key(self) -> None:
         """
diff --git a/zerver/views/registration.py b/zerver/views/registration.py
index af3a7b3e9e..790b282dea 100644
--- a/zerver/views/registration.py
+++ b/zerver/views/registration.py
@@ -19,7 +19,7 @@ from zerver.lib.send_email import send_email, FromAddress
 from zerver.lib.events import do_events_register
 from zerver.lib.actions import do_change_password, do_change_full_name, do_change_is_admin, \
     do_activate_user, do_create_user, do_create_realm, \
-    user_email_is_unique, compute_mit_user_fullname, validate_email_for_realm, \
+    email_not_system_bot, compute_mit_user_fullname, validate_email_for_realm, \
     do_set_user_display_setting, lookup_default_stream_groups, bulk_add_subscriptions
 from zerver.forms import RegistrationForm, HomepageForm, RealmCreationForm, \
     CreateUserForm, FindMyTeamForm
@@ -326,12 +326,6 @@ def create_realm(request: HttpRequest, creation_key: Optional[Text]=None) -> Htt
             if (creation_key is not None and check_key_is_valid(creation_key)):
                 RealmCreationKey.objects.get(creation_key=creation_key).delete()
             return HttpResponseRedirect(reverse('send_confirm', kwargs={'email': email}))
-        try:
-            email = request.POST['email']
-            user_email_is_unique(email)
-        except ValidationError:
-            # Maybe the user is trying to log in
-            return redirect_to_email_login_url(email)
     else:
         form = RealmCreationForm()
     return render(request,