auth: Replace user_email_is_unique validator.

As we migrate to allow reuse of the same email with multiple realms, we need to replace the old "no email reuse" validators. Because stealing the email for a system bot would be problematic, we still ban doing so. This commit only affects the realm creation logic, not registering an account in an existing realm.
2025-11-02 13:03:29 +00:00 · 2017-11-22 11:05:53 -08:00
parent d6cfa56bc1
commit e6f460f511
4 changed files with 15 additions and 20 deletions
--- a/zerver/forms.py
+++ b/zerver/forms.py
@@ -17,7 +17,7 @@ from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.http import HttpRequest
 from jinja2 import Markup as mark_safe

-from zerver.lib.actions import do_change_password, user_email_is_unique, \
+from zerver.lib.actions import do_change_password, email_not_system_bot, \
    validate_email_for_realm
 from zerver.lib.name_restrictions import is_reserved_subdomain, is_disposable_domain
 from zerver.lib.request import JsonableError
@@ -173,7 +173,8 @@ def email_is_not_disposable(email):

 class RealmCreationForm(forms.Form):
    # This form determines whether users can create a new realm.
-    email = forms.EmailField(validators=[user_email_is_unique, email_is_not_disposable])
+    email = forms.EmailField(validators=[email_not_system_bot,
+                                         email_is_not_disposable])

 class LoggingSetPasswordForm(SetPasswordForm):
    def save(self, commit=True):
--- a/zerver/lib/actions.py
+++ b/zerver/lib/actions.py
@@ -3916,13 +3916,9 @@ def do_send_confirmation_email(invitee, referrer, body):
    send_email('zerver/emails/invitation', to_email=invitee.email, from_name=from_name,
               from_address=FromAddress.NOREPLY, context=context)

-def user_email_is_unique(email):
-    # type: (Text) -> None
-    try:
-        get_user_profile_by_email(email)
-        raise ValidationError('%s already has an account' % (email,))
-    except UserProfile.DoesNotExist:
-        pass
+def email_not_system_bot(email: Text) -> None:
+    if email.lower() in settings.CROSS_REALM_BOT_EMAILS:
+        raise ValidationError('%s is an email address reserved for system bots' % (email,))

 def validate_email_for_realm(target_realm, email):
    # type: (Optional[Realm], Text) -> None
--- a/zerver/tests/test_signup.py
+++ b/zerver/tests/test_signup.py
@@ -1214,14 +1214,18 @@ class RealmCreationTest(ZulipTestCase):

    def test_create_realm_existing_email(self) -> None:
        """
-        Trying to create a realm with an existing email should just redirect to
-        a login page.
+        Trying to create a realm with an existing email should succeed.
        """
        with self.settings(OPEN_REALM_CREATION=True):
            email = self.example_email("hamlet")
            result = self.client_post('/create_realm/', {'email': email})
-            self.assertEqual(result.status_code, 302)
-            self.assertIn('login', result['Location'])
+            result = self.client_get(result["Location"])
+            self.assert_in_response("Check your email so we can get started.", result)
+
+    def test_create_realm_as_system_bot(self) -> None:
+        result = self.client_post('/create_realm/', {'email': 'notification-bot@zulip.com'})
+        self.assertEqual(result.status_code, 200)
+        self.assert_in_response('notification-bot@zulip.com is an email address reserved', result)

    def test_create_realm_no_creation_key(self) -> None:
        """
--- a/zerver/views/registration.py
+++ b/zerver/views/registration.py
@@ -19,7 +19,7 @@ from zerver.lib.send_email import send_email, FromAddress
 from zerver.lib.events import do_events_register
 from zerver.lib.actions import do_change_password, do_change_full_name, do_change_is_admin, \
    do_activate_user, do_create_user, do_create_realm, \
-    user_email_is_unique, compute_mit_user_fullname, validate_email_for_realm, \
+    email_not_system_bot, compute_mit_user_fullname, validate_email_for_realm, \
    do_set_user_display_setting, lookup_default_stream_groups, bulk_add_subscriptions
 from zerver.forms import RegistrationForm, HomepageForm, RealmCreationForm, \
    CreateUserForm, FindMyTeamForm
@@ -326,12 +326,6 @@ def create_realm(request: HttpRequest, creation_key: Optional[Text]=None) -> Htt
            if (creation_key is not None and check_key_is_valid(creation_key)):
                RealmCreationKey.objects.get(creation_key=creation_key).delete()
            return HttpResponseRedirect(reverse('send_confirm', kwargs={'email': email}))
-        try:
-            email = request.POST['email']
-            user_email_is_unique(email)
-        except ValidationError:
-            # Maybe the user is trying to log in
-            return redirect_to_email_login_url(email)
    else:
        form = RealmCreationForm()
    return render(request,