2017-10-19 07:21:57 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
|
|
|
from django.conf import settings
|
|
|
|
from django.http import HttpRequest
|
2017-10-20 06:30:34 +02:00
|
|
|
import re
|
2018-05-10 19:13:36 +02:00
|
|
|
from typing import Optional
|
2017-10-19 07:21:57 +02:00
|
|
|
|
2017-10-20 02:53:24 +02:00
|
|
|
from zerver.models import get_realm, Realm, UserProfile
|
2017-10-19 07:46:05 +02:00
|
|
|
|
2018-05-10 19:13:36 +02:00
|
|
|
def get_subdomain(request: HttpRequest) -> str:
|
2017-10-20 06:30:34 +02:00
|
|
|
|
|
|
|
# The HTTP spec allows, but doesn't require, a client to omit the
|
|
|
|
# port in the `Host` header if it's "the default port for the
|
|
|
|
# service requested", i.e. typically either 443 or 80; and
|
|
|
|
# whatever Django gets there, or from proxies reporting that via
|
|
|
|
# X-Forwarded-Host, it passes right through the same way. So our
|
|
|
|
# logic is a bit complicated to allow for that variation.
|
|
|
|
#
|
alias domains: Add a v1 of this feature.
The main limitation of this version is that it's controlled entirely
from settings, with nothing in the database and no web UI or even
management command to control it. That makes it a bit more of a
burden for the server admins than it'd ideally be, but that's fine
for now.
Relatedly, the web flow for realm creation still requires choosing a
subdomain even if the realm is destined to live at an alias domain.
Specific to the dev environment, there is an annoying quirk: the
special dev login flow doesn't work on a REALM_HOSTS realm. Also,
in this version the `add_new_realm` and `add_new_user` management
commands, which are intended for use in development environments only,
don't support this feature.
In manual testing, I've confirmed that a REALM_HOSTS realm works for
signup and login, with email/password, Google SSO, or GitHub SSO.
Most of that was in dev; I used zulipstaging.com to also test
* logging in with email and password;
* logging in with Google SSO... far enough to correctly determine
that my email address is associated with some other realm.
2017-10-20 06:36:50 +02:00
|
|
|
# For both EXTERNAL_HOST and REALM_HOSTS, we take a missing port
|
|
|
|
# to mean that any port should be accepted in Host. It's not
|
|
|
|
# totally clear that's the right behavior, but it keeps
|
|
|
|
# compatibility with older versions of Zulip, so that's a start.
|
2017-10-20 06:30:34 +02:00
|
|
|
|
2017-10-20 05:23:00 +02:00
|
|
|
host = request.get_host().lower()
|
2017-10-20 06:30:34 +02:00
|
|
|
|
|
|
|
m = re.search('\.%s(:\d+)?$' % (settings.EXTERNAL_HOST,),
|
|
|
|
host)
|
|
|
|
if m:
|
|
|
|
subdomain = host[:m.start()]
|
|
|
|
if subdomain in settings.ROOT_SUBDOMAIN_ALIASES:
|
|
|
|
return Realm.SUBDOMAIN_FOR_ROOT_DOMAIN
|
|
|
|
return subdomain
|
|
|
|
|
alias domains: Add a v1 of this feature.
The main limitation of this version is that it's controlled entirely
from settings, with nothing in the database and no web UI or even
management command to control it. That makes it a bit more of a
burden for the server admins than it'd ideally be, but that's fine
for now.
Relatedly, the web flow for realm creation still requires choosing a
subdomain even if the realm is destined to live at an alias domain.
Specific to the dev environment, there is an annoying quirk: the
special dev login flow doesn't work on a REALM_HOSTS realm. Also,
in this version the `add_new_realm` and `add_new_user` management
commands, which are intended for use in development environments only,
don't support this feature.
In manual testing, I've confirmed that a REALM_HOSTS realm works for
signup and login, with email/password, Google SSO, or GitHub SSO.
Most of that was in dev; I used zulipstaging.com to also test
* logging in with email and password;
* logging in with Google SSO... far enough to correctly determine
that my email address is associated with some other realm.
2017-10-20 06:36:50 +02:00
|
|
|
for subdomain, realm_host in settings.REALM_HOSTS.items():
|
|
|
|
if re.search('^%s(:\d+)?$' % (realm_host,),
|
|
|
|
host):
|
|
|
|
return subdomain
|
|
|
|
|
2017-10-20 06:30:34 +02:00
|
|
|
return Realm.SUBDOMAIN_FOR_ROOT_DOMAIN
|
2017-10-19 07:21:57 +02:00
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def is_subdomain_root_or_alias(request: HttpRequest) -> bool:
|
2017-10-20 05:10:32 +02:00
|
|
|
return get_subdomain(request) == Realm.SUBDOMAIN_FOR_ROOT_DOMAIN
|
2017-10-19 07:21:57 +02:00
|
|
|
|
2018-05-10 19:13:36 +02:00
|
|
|
def user_matches_subdomain(realm_subdomain: Optional[str], user_profile: UserProfile) -> bool:
|
2017-10-20 02:54:57 +02:00
|
|
|
if realm_subdomain is None:
|
2017-11-17 23:56:45 +01:00
|
|
|
return True # nocoverage # This state may no longer be possible.
|
2017-10-20 02:54:57 +02:00
|
|
|
return user_profile.realm.subdomain == realm_subdomain
|
2017-10-20 02:53:24 +02:00
|
|
|
|
2017-11-05 11:15:10 +01:00
|
|
|
def is_root_domain_available() -> bool:
|
2017-10-19 07:42:03 +02:00
|
|
|
if settings.ROOT_DOMAIN_LANDING_PAGE:
|
|
|
|
return False
|
|
|
|
return get_realm(Realm.SUBDOMAIN_FOR_ROOT_DOMAIN) is None
|