paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-17 04:12:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

auth: Ensure a realm can't be created on SOCIAL_AUTH_SUBDOMAIN.

Browse Source
This commit is contained in:
Mateusz Mandera
2021-08-23 15:14:05 +02:00
committed by Tim Abbott
parent f5b5ca6928
commit f064e3ebac
4 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
zerver/lib/actions.py
View File

@@ -4973,6 +4973,8 @@ def do_create_realm(
date_created: Optional[datetime.datetime] = None, date_created: Optional[datetime.datetime] = None,
is_demo_organization: Optional[bool] = False, is_demo_organization: Optional[bool] = False,
) -> Realm: ) -> Realm:
if string_id == settings.SOCIAL_AUTH_SUBDOMAIN:
raise AssertionError("Creating a realm on SOCIAL_AUTH_SUBDOMAIN is not allowed!")
if Realm.objects.filter(string_id=string_id).exists(): if Realm.objects.filter(string_id=string_id).exists():
raise AssertionError(f"Realm {string_id} already exists!") raise AssertionError(f"Realm {string_id} already exists!")
if not server_initialized(): if not server_initialized():

3
zerver/lib/name_restrictions.py
View File

@@ -1,7 +1,10 @@
from disposable_email_domains import blacklist from disposable_email_domains import blacklist
from django.conf import settings
def is_reserved_subdomain(subdomain: str) -> bool: def is_reserved_subdomain(subdomain: str) -> bool:
if subdomain == settings.SOCIAL_AUTH_SUBDOMAIN:
return True
if subdomain in ZULIP_RESERVED_SUBDOMAINS: if subdomain in ZULIP_RESERVED_SUBDOMAINS:
return True return True
if subdomain[-1] == "s" and subdomain[:-1] in ZULIP_RESERVED_SUBDOMAINS: if subdomain[-1] == "s" and subdomain[:-1] in ZULIP_RESERVED_SUBDOMAINS:

5
zerver/tests/test_realm.py
View File

@@ -59,6 +59,11 @@ class RealmTest(ZulipTestCase):
["INFO:root:Server not yet initialized. Creating the internal realm first."], ["INFO:root:Server not yet initialized. Creating the internal realm first."],
) )
def test_realm_creation_on_social_auth_subdomain_disallowed(self) -> None:
with self.settings(SOCIAL_AUTH_SUBDOMAIN="zulipauth"):
with self.assertRaises(AssertionError):
do_create_realm("zulipauth", "Test Realm")
def test_do_set_realm_name_caching(self) -> None: def test_do_set_realm_name_caching(self) -> None:
"""The main complicated thing about setting realm names is fighting the """The main complicated thing about setting realm names is fighting the
cache, and we start by populating the cache for Hamlet, and we end cache, and we start by populating the cache for Hamlet, and we end

6
zerver/tests/test_signup.py
View File

@@ -3409,6 +3409,12 @@ class RealmCreationTest(ZulipTestCase):
["Subdomain can only have lowercase letters, numbers, and '-'s."], result ["Subdomain can only have lowercase letters, numbers, and '-'s."], result
) )
with self.settings(SOCIAL_AUTH_SUBDOMAIN="zulipauth"):
result = self.client_get("/json/realm/subdomain/zulipauth")
self.assert_in_success_response(
["Subdomain unavailable. Please choose a different one."], result
)
result = self.client_get("/json/realm/subdomain/hufflepuff") result = self.client_get("/json/realm/subdomain/hufflepuff")
self.assert_in_success_response(["available"], result) self.assert_in_success_response(["available"], result)
self.assert_not_in_success_response(["unavailable"], result) self.assert_not_in_success_response(["unavailable"], result)