2016-12-01 08:54:21 +01:00
|
|
|
import datetime
|
2018-06-19 14:50:36 +02:00
|
|
|
from email.utils import parseaddr
|
|
|
|
|
2014-07-03 18:18:00 +02:00
|
|
|
from django.conf import settings
|
2020-02-02 13:51:39 +01:00
|
|
|
from django.contrib.auth.views import INTERNAL_RESET_URL_TOKEN
|
2017-03-31 08:41:14 +02:00
|
|
|
from django.contrib.contenttypes.models import ContentType
|
2019-02-02 23:53:44 +01:00
|
|
|
from django.http import HttpResponse
|
2017-09-16 19:51:26 +02:00
|
|
|
from django.test import TestCase, override_settings
|
2017-04-15 04:03:56 +02:00
|
|
|
from django.utils.timezone import now as timezone_now
|
2018-04-23 20:02:45 +02:00
|
|
|
from django.core.exceptions import ValidationError
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-03-08 12:38:56 +01:00
|
|
|
from mock import patch, MagicMock
|
2020-03-12 14:17:25 +01:00
|
|
|
from zerver.lib.test_helpers import (
|
|
|
|
avatar_disk_path,
|
|
|
|
get_test_image_file,
|
|
|
|
reset_emails_in_zulip_realm,
|
|
|
|
)
|
2016-10-31 12:18:13 +01:00
|
|
|
|
2017-08-10 22:34:17 +02:00
|
|
|
from confirmation.models import Confirmation, create_confirmation_link, MultiuseInvite, \
|
2018-11-08 22:40:27 +01:00
|
|
|
generate_key, confirmation_url, get_object_from_key, ConfirmationKeyException, \
|
|
|
|
one_click_unsubscribe_link
|
2017-10-21 03:15:12 +02:00
|
|
|
from confirmation import settings as confirmation_settings
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2020-02-15 17:08:09 +01:00
|
|
|
from zerver.forms import HomepageForm, check_subdomain_available
|
2017-07-13 13:42:57 +02:00
|
|
|
from zerver.decorator import do_two_factor_login
|
2019-02-02 23:53:44 +01:00
|
|
|
from zerver.views.auth import \
|
2017-07-13 13:42:57 +02:00
|
|
|
redirect_and_log_into_subdomain, start_two_factor_auth
|
2016-10-12 05:13:32 +02:00
|
|
|
from zerver.views.invite import get_invitee_emails_set
|
2019-01-11 20:56:22 +01:00
|
|
|
from zerver.views.development.registration import confirmation_key
|
2017-04-20 08:25:15 +02:00
|
|
|
|
2014-01-31 21:08:40 +01:00
|
|
|
from zerver.models import (
|
2020-02-18 17:25:43 +01:00
|
|
|
get_realm, get_user, CustomProfileField,
|
2019-09-18 15:04:17 +02:00
|
|
|
CustomProfileFieldValue, DefaultStream, PreregistrationUser,
|
2019-01-29 13:39:21 +01:00
|
|
|
Realm, Recipient, Message, ScheduledEmail, UserProfile, UserMessage,
|
2020-02-10 17:37:57 +01:00
|
|
|
Stream, Subscription, flush_per_request_caches, get_system_bot,
|
2014-01-31 21:08:40 +01:00
|
|
|
)
|
|
|
|
from zerver.lib.actions import (
|
2020-02-10 17:37:57 +01:00
|
|
|
create_stream_if_needed,
|
2017-02-27 00:29:33 +01:00
|
|
|
do_change_is_admin,
|
2017-04-24 12:19:54 +02:00
|
|
|
get_stream,
|
2017-11-16 23:00:04 +01:00
|
|
|
do_create_default_stream_group,
|
|
|
|
do_add_default_stream,
|
2019-03-04 13:16:00 +01:00
|
|
|
do_create_realm,
|
2019-08-26 22:39:33 +02:00
|
|
|
get_default_streams_for_realm,
|
2014-01-31 21:08:40 +01:00
|
|
|
)
|
2019-03-16 02:32:43 +01:00
|
|
|
from zerver.lib.send_email import send_future_email, FromAddress, \
|
|
|
|
deliver_email
|
2016-09-13 22:49:03 +02:00
|
|
|
from zerver.lib.initial_password import initial_password
|
2017-03-21 18:08:40 +01:00
|
|
|
from zerver.lib.actions import (
|
|
|
|
do_deactivate_realm,
|
2017-08-25 08:14:55 +02:00
|
|
|
do_deactivate_user,
|
2017-03-21 18:08:40 +01:00
|
|
|
do_set_realm_property,
|
|
|
|
add_new_user_history,
|
|
|
|
)
|
2017-04-27 22:58:53 +02:00
|
|
|
from zerver.lib.mobile_auth_otp import xor_hex_strings, ascii_to_hex, \
|
|
|
|
otp_encrypt_api_key, is_valid_otp, hex_to_ascii, otp_decrypt_api_key
|
2019-03-15 18:51:39 +01:00
|
|
|
from zerver.lib.email_notifications import enqueue_welcome_emails, \
|
2018-11-08 22:40:27 +01:00
|
|
|
followup_day2_email_delay
|
2019-12-30 02:21:51 +01:00
|
|
|
from zerver.lib.rate_limiter import add_ratelimit_rule, remove_ratelimit_rule
|
2017-10-19 07:42:03 +02:00
|
|
|
from zerver.lib.subdomains import is_root_domain_available
|
2019-01-16 09:59:01 +01:00
|
|
|
from zerver.lib.stream_subscription import get_stream_subscriptions_for_user
|
2017-12-06 22:31:11 +01:00
|
|
|
from zerver.lib.test_helpers import find_key_by_email, queries_captured, \
|
2017-10-27 02:45:38 +02:00
|
|
|
HostRequestMock, load_subdomain_token
|
2016-11-10 19:30:09 +01:00
|
|
|
from zerver.lib.test_classes import (
|
|
|
|
ZulipTestCase,
|
|
|
|
)
|
2018-08-12 03:43:31 +02:00
|
|
|
from zerver.lib.name_restrictions import is_disposable_domain
|
2016-12-01 08:54:21 +01:00
|
|
|
from zerver.context_processors import common_context
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
import re
|
2017-08-17 18:28:21 +02:00
|
|
|
import smtplib
|
2019-12-30 02:21:51 +01:00
|
|
|
import time
|
2014-01-31 21:08:40 +01:00
|
|
|
import ujson
|
|
|
|
|
2019-02-24 04:40:44 +01:00
|
|
|
from typing import Any, List, Optional
|
2017-02-12 21:21:31 +01:00
|
|
|
|
2017-11-05 05:30:31 +01:00
|
|
|
import urllib
|
2017-11-02 14:11:48 +01:00
|
|
|
import pytz
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-04-20 08:30:50 +02:00
|
|
|
class RedirectAndLogIntoSubdomainTestCase(ZulipTestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_cookie_data(self) -> None:
|
2017-04-20 08:30:50 +02:00
|
|
|
realm = Realm.objects.all().first()
|
|
|
|
name = 'Hamlet'
|
2017-05-25 01:40:26 +02:00
|
|
|
email = self.example_email("hamlet")
|
2017-04-20 08:30:50 +02:00
|
|
|
response = redirect_and_log_into_subdomain(realm, name, email)
|
2017-10-27 02:45:38 +02:00
|
|
|
data = load_subdomain_token(response)
|
2018-03-12 12:54:50 +01:00
|
|
|
self.assertDictEqual(data, {'name': name, 'next': '',
|
|
|
|
'email': email,
|
2019-11-01 00:00:36 +01:00
|
|
|
'full_name_validated': False,
|
2017-04-20 08:30:50 +02:00
|
|
|
'subdomain': realm.subdomain,
|
2019-02-08 17:09:25 +01:00
|
|
|
'is_signup': False,
|
2020-02-06 18:27:10 +01:00
|
|
|
'desktop_flow_otp': None,
|
|
|
|
'mobile_flow_otp': None,
|
2019-02-08 17:09:25 +01:00
|
|
|
'multiuse_object_key': ''})
|
2017-04-20 08:30:50 +02:00
|
|
|
|
|
|
|
response = redirect_and_log_into_subdomain(realm, name, email,
|
2019-02-08 17:09:25 +01:00
|
|
|
is_signup=True,
|
|
|
|
multiuse_object_key='key')
|
2017-10-27 02:45:38 +02:00
|
|
|
data = load_subdomain_token(response)
|
2018-03-12 12:54:50 +01:00
|
|
|
self.assertDictEqual(data, {'name': name, 'next': '',
|
|
|
|
'email': email,
|
2019-11-01 00:00:36 +01:00
|
|
|
'full_name_validated': False,
|
|
|
|
'subdomain': realm.subdomain,
|
|
|
|
'is_signup': True,
|
2020-02-06 18:27:10 +01:00
|
|
|
'desktop_flow_otp': None,
|
|
|
|
'mobile_flow_otp': None,
|
2019-11-01 00:00:36 +01:00
|
|
|
'multiuse_object_key': 'key'
|
|
|
|
})
|
|
|
|
|
|
|
|
response = redirect_and_log_into_subdomain(realm, name, email,
|
|
|
|
is_signup=True,
|
|
|
|
full_name_validated=True,
|
|
|
|
multiuse_object_key='key')
|
|
|
|
data = load_subdomain_token(response)
|
|
|
|
self.assertDictEqual(data, {'name': name, 'next': '',
|
|
|
|
'email': email,
|
|
|
|
'full_name_validated': True,
|
2017-04-20 08:30:50 +02:00
|
|
|
'subdomain': realm.subdomain,
|
2019-02-08 17:09:25 +01:00
|
|
|
'is_signup': True,
|
2020-02-06 18:27:10 +01:00
|
|
|
'desktop_flow_otp': None,
|
|
|
|
'mobile_flow_otp': None,
|
2019-02-08 17:09:25 +01:00
|
|
|
'multiuse_object_key': 'key'
|
|
|
|
})
|
2017-04-20 08:30:50 +02:00
|
|
|
|
2017-08-25 06:32:57 +02:00
|
|
|
class DeactivationNoticeTestCase(ZulipTestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_redirection_for_deactivated_realm(self) -> None:
|
2017-08-25 06:32:57 +02:00
|
|
|
realm = get_realm("zulip")
|
|
|
|
realm.deactivated = True
|
|
|
|
realm.save(update_fields=["deactivated"])
|
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
for url in ('/register/', '/login/'):
|
|
|
|
result = self.client_get(url)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertIn('deactivated', result.url)
|
2017-08-25 06:32:57 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_redirection_for_active_realm(self) -> None:
|
2017-10-02 22:43:43 +02:00
|
|
|
for url in ('/register/', '/login/'):
|
|
|
|
result = self.client_get(url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2017-08-25 06:32:57 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_deactivation_notice_when_realm_is_active(self) -> None:
|
2017-08-25 06:32:57 +02:00
|
|
|
result = self.client_get('/accounts/deactivated/')
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertIn('login', result.url)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_deactivation_notice_when_deactivated(self) -> None:
|
2017-08-25 06:32:57 +02:00
|
|
|
realm = get_realm("zulip")
|
|
|
|
realm.deactivated = True
|
|
|
|
realm.save(update_fields=["deactivated"])
|
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
result = self.client_get('/accounts/deactivated/')
|
|
|
|
self.assertIn("Zulip Dev, has been deactivated.", result.content.decode())
|
2017-08-25 06:32:57 +02:00
|
|
|
|
2016-11-11 05:33:30 +01:00
|
|
|
class AddNewUserHistoryTest(ZulipTestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_add_new_user_history_race(self) -> None:
|
2016-11-11 05:33:30 +01:00
|
|
|
"""Sends a message during user creation"""
|
|
|
|
# Create a user who hasn't had historical messages added
|
2017-05-24 02:42:31 +02:00
|
|
|
realm = get_realm('zulip')
|
2019-02-24 04:40:44 +01:00
|
|
|
stream = Stream.objects.get(realm=realm, name='Denmark')
|
|
|
|
DefaultStream.objects.create(stream=stream, realm=realm)
|
2019-08-26 22:39:33 +02:00
|
|
|
# Make sure at least 3 messages are sent to Denmark and it's a default stream.
|
2020-03-07 11:43:05 +01:00
|
|
|
message_id = self.send_stream_message(self.example_user('hamlet'), stream.name, "test 1")
|
|
|
|
self.send_stream_message(self.example_user('hamlet'), stream.name, "test 2")
|
|
|
|
self.send_stream_message(self.example_user('hamlet'), stream.name, "test 3")
|
2019-08-26 22:39:33 +02:00
|
|
|
|
2016-11-11 05:33:30 +01:00
|
|
|
with patch("zerver.lib.actions.add_new_user_history"):
|
2017-05-24 02:42:31 +02:00
|
|
|
self.register(self.nonreg_email('test'), "test")
|
|
|
|
user_profile = self.nonreg_user('test')
|
2016-11-11 05:33:30 +01:00
|
|
|
subs = Subscription.objects.select_related("recipient").filter(
|
|
|
|
user_profile=user_profile, recipient__type=Recipient.STREAM)
|
|
|
|
streams = Stream.objects.filter(id__in=[sub.recipient.type_id for sub in subs])
|
2019-08-26 22:39:33 +02:00
|
|
|
|
|
|
|
# Sent a message afterwards to trigger a race between message
|
|
|
|
# sending and `add_new_user_history`.
|
2020-03-07 11:43:05 +01:00
|
|
|
race_message_id = self.send_stream_message(self.example_user('hamlet'),
|
2019-08-26 22:39:33 +02:00
|
|
|
streams[0].name, "test")
|
|
|
|
|
|
|
|
# Overwrite ONBOARDING_UNREAD_MESSAGES to 2
|
|
|
|
ONBOARDING_UNREAD_MESSAGES = 2
|
|
|
|
with patch("zerver.lib.actions.ONBOARDING_UNREAD_MESSAGES",
|
|
|
|
ONBOARDING_UNREAD_MESSAGES):
|
|
|
|
add_new_user_history(user_profile, streams)
|
|
|
|
|
|
|
|
# Our first message is in the user's history
|
|
|
|
self.assertTrue(UserMessage.objects.filter(user_profile=user_profile,
|
|
|
|
message_id=message_id).exists())
|
|
|
|
# The race message is in the user's history and marked unread.
|
|
|
|
self.assertTrue(UserMessage.objects.filter(user_profile=user_profile,
|
|
|
|
message_id=race_message_id).exists())
|
|
|
|
self.assertFalse(UserMessage.objects.get(user_profile=user_profile,
|
|
|
|
message_id=race_message_id).flags.read.is_set)
|
|
|
|
|
|
|
|
# Verify that the ONBOARDING_UNREAD_MESSAGES latest messages
|
|
|
|
# that weren't the race message are marked as unread.
|
|
|
|
latest_messages = UserMessage.objects.filter(
|
|
|
|
user_profile=user_profile,
|
|
|
|
message__recipient__type=Recipient.STREAM
|
|
|
|
).exclude(message_id=race_message_id).order_by('-message_id')[0:ONBOARDING_UNREAD_MESSAGES]
|
|
|
|
self.assertEqual(len(latest_messages), 2)
|
|
|
|
for msg in latest_messages:
|
|
|
|
self.assertFalse(msg.flags.read.is_set)
|
|
|
|
|
|
|
|
# Verify that older messages are correctly marked as read.
|
|
|
|
older_messages = UserMessage.objects.filter(
|
|
|
|
user_profile=user_profile,
|
|
|
|
message__recipient__type=Recipient.STREAM
|
|
|
|
).exclude(message_id=race_message_id).order_by(
|
|
|
|
'-message_id')[ONBOARDING_UNREAD_MESSAGES:ONBOARDING_UNREAD_MESSAGES + 1]
|
|
|
|
self.assertTrue(len(older_messages) > 0)
|
|
|
|
for msg in older_messages:
|
|
|
|
self.assertTrue(msg.flags.read.is_set)
|
2016-11-11 05:33:30 +01:00
|
|
|
|
2018-03-18 20:56:00 +01:00
|
|
|
class InitialPasswordTest(ZulipTestCase):
|
|
|
|
def test_none_initial_password_salt(self) -> None:
|
|
|
|
with self.settings(INITIAL_PASSWORD_SALT=None):
|
|
|
|
self.assertIsNone(initial_password('test@test.com'))
|
|
|
|
|
2016-09-13 22:49:03 +02:00
|
|
|
class PasswordResetTest(ZulipTestCase):
|
|
|
|
"""
|
|
|
|
Log in, reset password, log out, log in with new password.
|
|
|
|
"""
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_password_reset(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
user = self.example_user("hamlet")
|
2020-03-12 14:17:25 +01:00
|
|
|
email = user.delivery_email
|
2016-09-13 22:49:03 +02:00
|
|
|
old_password = initial_password(email)
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user)
|
2016-09-13 22:49:03 +02:00
|
|
|
|
2016-12-01 08:54:21 +01:00
|
|
|
# test password reset template
|
|
|
|
result = self.client_get('/accounts/password/reset/')
|
2017-04-20 21:02:56 +02:00
|
|
|
self.assert_in_response('Reset your password', result)
|
2016-12-01 08:54:21 +01:00
|
|
|
|
2016-09-13 22:49:03 +02:00
|
|
|
# start the password reset process by supplying an email address
|
|
|
|
result = self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
|
|
|
|
# check the redirect link telling you to check mail for password reset link
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2016-09-13 22:49:03 +02:00
|
|
|
self.assertTrue(result["Location"].endswith(
|
2017-01-24 07:06:13 +01:00
|
|
|
"/accounts/password/reset/done/"))
|
2016-09-13 22:49:03 +02:00
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
2018-09-16 02:34:57 +02:00
|
|
|
self.assert_in_response("Check your email in a few minutes to finish the process.", result)
|
2016-09-13 22:49:03 +02:00
|
|
|
|
2017-07-05 21:29:27 +02:00
|
|
|
# Check that the password reset email is from a noreply address.
|
|
|
|
from django.core.mail import outbox
|
2017-07-11 20:25:50 +02:00
|
|
|
from_email = outbox[0].from_email
|
|
|
|
self.assertIn("Zulip Account Security", from_email)
|
2018-06-19 14:50:36 +02:00
|
|
|
tokenized_no_reply_email = parseaddr(from_email)[1]
|
|
|
|
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
|
2018-12-20 09:44:18 +01:00
|
|
|
self.assertIn("reset your password", outbox[0].body)
|
2017-07-05 21:29:27 +02:00
|
|
|
|
2016-09-23 04:23:48 +02:00
|
|
|
# Visit the password reset link.
|
2017-10-30 22:56:14 +01:00
|
|
|
password_reset_url = self.get_confirmation_url_from_outbox(
|
2018-12-20 09:44:18 +01:00
|
|
|
email, url_pattern=settings.EXTERNAL_HOST + r"(\S\S+)")
|
2016-09-13 22:49:03 +02:00
|
|
|
result = self.client_get(password_reset_url)
|
2020-02-02 13:51:39 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result.url.endswith('/{}/'.format(INTERNAL_RESET_URL_TOKEN)))
|
|
|
|
|
|
|
|
final_reset_url = result.url
|
|
|
|
result = self.client_get(final_reset_url)
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
2016-09-13 22:49:03 +02:00
|
|
|
|
|
|
|
# Reset your password
|
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
|
|
|
with self.settings(PASSWORD_MIN_LENGTH=3, PASSWORD_MIN_GUESSES=1000):
|
|
|
|
# Verify weak passwords don't work.
|
2020-02-02 13:51:39 +01:00
|
|
|
result = self.client_post(final_reset_url,
|
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
|
|
|
{'new_password1': 'easy',
|
|
|
|
'new_password2': 'easy'})
|
|
|
|
self.assert_in_response("The password is too weak.",
|
|
|
|
result)
|
|
|
|
|
2020-02-02 13:51:39 +01:00
|
|
|
result = self.client_post(final_reset_url,
|
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
|
|
|
{'new_password1': 'f657gdGGk9',
|
|
|
|
'new_password2': 'f657gdGGk9'})
|
|
|
|
# password reset succeeded
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith("/password/done/"))
|
2016-09-13 22:49:03 +02:00
|
|
|
|
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
|
|
|
# log back in with new password
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_by_email(email, password='f657gdGGk9')
|
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2016-09-13 22:49:03 +02:00
|
|
|
|
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
|
|
|
# make sure old password no longer works
|
2020-03-06 18:40:46 +01:00
|
|
|
self.assert_login_failure(email, password=old_password)
|
2016-09-13 22:49:03 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_password_reset_for_non_existent_user(self) -> None:
|
2017-08-11 07:55:51 +02:00
|
|
|
email = 'nonexisting@mars.com'
|
|
|
|
|
2017-11-18 03:17:50 +01:00
|
|
|
# start the password reset process by supplying an email address
|
|
|
|
result = self.client_post('/accounts/password/reset/', {'email': email})
|
2017-08-11 07:55:51 +02:00
|
|
|
|
|
|
|
# check the redirect link telling you to check mail for password reset link
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/password/reset/done/"))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
2018-09-16 02:34:57 +02:00
|
|
|
self.assert_in_response("Check your email in a few minutes to finish the process.", result)
|
2017-08-11 07:55:51 +02:00
|
|
|
|
|
|
|
# Check that the password reset email is from a noreply address.
|
|
|
|
from django.core.mail import outbox
|
|
|
|
from_email = outbox[0].from_email
|
|
|
|
self.assertIn("Zulip Account Security", from_email)
|
2018-06-19 14:50:36 +02:00
|
|
|
tokenized_no_reply_email = parseaddr(from_email)[1]
|
|
|
|
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
|
2018-12-20 09:44:18 +01:00
|
|
|
self.assertIn('Somebody (possibly you) requested a new password', outbox[0].body)
|
|
|
|
self.assertIn('You do not have an account', outbox[0].body)
|
|
|
|
self.assertIn('safely ignore', outbox[0].body)
|
|
|
|
self.assertNotIn('reset your password', outbox[0].body)
|
|
|
|
self.assertNotIn('deactivated', outbox[0].body)
|
2017-08-11 07:55:51 +02:00
|
|
|
|
2018-05-21 05:02:27 +02:00
|
|
|
def test_password_reset_for_deactivated_user(self) -> None:
|
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-12 14:17:25 +01:00
|
|
|
email = user_profile.delivery_email
|
2018-05-21 05:02:27 +02:00
|
|
|
do_deactivate_user(user_profile)
|
|
|
|
|
|
|
|
# start the password reset process by supplying an email address
|
|
|
|
result = self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
|
|
|
|
# check the redirect link telling you to check mail for password reset link
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/password/reset/done/"))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
2018-09-16 02:34:57 +02:00
|
|
|
self.assert_in_response("Check your email in a few minutes to finish the process.", result)
|
2018-05-21 05:02:27 +02:00
|
|
|
|
|
|
|
# Check that the password reset email is from a noreply address.
|
|
|
|
from django.core.mail import outbox
|
|
|
|
from_email = outbox[0].from_email
|
|
|
|
self.assertIn("Zulip Account Security", from_email)
|
2018-06-19 14:50:36 +02:00
|
|
|
tokenized_no_reply_email = parseaddr(from_email)[1]
|
|
|
|
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
|
2018-12-20 09:44:18 +01:00
|
|
|
self.assertIn('Somebody (possibly you) requested a new password', outbox[0].body)
|
|
|
|
self.assertIn('has been deactivated', outbox[0].body)
|
|
|
|
self.assertIn('safely ignore', outbox[0].body)
|
|
|
|
self.assertNotIn('reset your password', outbox[0].body)
|
|
|
|
self.assertNotIn('not have an account', outbox[0].body)
|
2018-05-21 05:02:27 +02:00
|
|
|
|
|
|
|
def test_password_reset_with_deactivated_realm(self) -> None:
|
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-12 14:17:25 +01:00
|
|
|
email = user_profile.delivery_email
|
2018-05-21 05:02:27 +02:00
|
|
|
do_deactivate_realm(user_profile.realm)
|
|
|
|
|
|
|
|
# start the password reset process by supplying an email address
|
|
|
|
with patch('logging.info') as mock_logging:
|
|
|
|
result = self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
mock_logging.assert_called_once()
|
|
|
|
|
|
|
|
# check the redirect link telling you to check mail for password reset link
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/password/reset/done/"))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
2018-09-16 02:34:57 +02:00
|
|
|
self.assert_in_response("Check your email in a few minutes to finish the process.", result)
|
2018-05-21 05:02:27 +02:00
|
|
|
|
|
|
|
# Check that the password reset email is from a noreply address.
|
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
|
|
|
|
2019-12-30 21:13:02 +01:00
|
|
|
@override_settings(RATE_LIMITING=True)
|
|
|
|
def test_rate_limiting(self) -> None:
|
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-12 14:17:25 +01:00
|
|
|
email = user_profile.delivery_email
|
2019-12-30 21:13:02 +01:00
|
|
|
from django.core.mail import outbox
|
|
|
|
|
|
|
|
add_ratelimit_rule(10, 2, domain='password_reset_form_by_email')
|
|
|
|
start_time = time.time()
|
|
|
|
with patch('time.time', return_value=start_time):
|
|
|
|
self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
self.assert_length(outbox, 2)
|
|
|
|
|
|
|
|
# Too many password reset emails sent to the address, we won't send more.
|
|
|
|
self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
self.assert_length(outbox, 2)
|
|
|
|
|
|
|
|
# Resetting for a different address works though.
|
|
|
|
self.client_post('/accounts/password/reset/', {'email': self.example_email("othello")})
|
|
|
|
self.assert_length(outbox, 3)
|
|
|
|
self.client_post('/accounts/password/reset/', {'email': self.example_email("othello")})
|
|
|
|
self.assert_length(outbox, 4)
|
|
|
|
|
|
|
|
# After time, password reset emails can be sent again.
|
|
|
|
with patch('time.time', return_value=start_time + 11):
|
|
|
|
self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
self.assert_length(outbox, 6)
|
|
|
|
|
|
|
|
remove_ratelimit_rule(10, 2, domain='password_reset_form_by_email')
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_wrong_subdomain(self) -> None:
|
2017-05-25 01:40:26 +02:00
|
|
|
email = self.example_email("hamlet")
|
2017-11-18 03:30:07 +01:00
|
|
|
|
|
|
|
# start the password reset process by supplying an email address
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/password/reset/', {'email': email},
|
|
|
|
subdomain="zephyr")
|
2017-04-24 12:19:54 +02:00
|
|
|
|
|
|
|
# check the redirect link telling you to check mail for password reset link
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/password/reset/done/"))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
2018-09-16 02:34:57 +02:00
|
|
|
self.assert_in_response("Check your email in a few minutes to finish the process.", result)
|
2017-04-24 12:19:54 +02:00
|
|
|
|
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 1)
|
2018-12-20 09:44:18 +01:00
|
|
|
tokenized_no_reply_email = parseaddr(outbox[0].from_email)[1]
|
2018-06-19 14:50:36 +02:00
|
|
|
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
|
2018-12-20 09:44:18 +01:00
|
|
|
self.assertIn('Somebody (possibly you) requested a new password', outbox[0].body)
|
|
|
|
self.assertIn('You do not have an account', outbox[0].body)
|
|
|
|
self.assertIn("active accounts in the following organization(s).\nhttp://zulip.testserver",
|
|
|
|
outbox[0].body)
|
|
|
|
self.assertIn('safely ignore', outbox[0].body)
|
|
|
|
self.assertNotIn('reset your password', outbox[0].body)
|
|
|
|
self.assertNotIn('deactivated', outbox[0].body)
|
2017-04-24 12:19:54 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invalid_subdomain(self) -> None:
|
2017-05-25 01:40:26 +02:00
|
|
|
email = self.example_email("hamlet")
|
2017-04-24 12:19:54 +02:00
|
|
|
|
2017-11-18 03:30:07 +01:00
|
|
|
# start the password reset process by supplying an email address
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/password/reset/', {'email': email},
|
|
|
|
subdomain="invalid")
|
2017-04-24 12:19:54 +02:00
|
|
|
|
|
|
|
# check the redirect link telling you to check mail for password reset link
|
2019-03-12 01:56:52 +01:00
|
|
|
self.assertEqual(result.status_code, 404)
|
|
|
|
self.assert_in_response("There is no Zulip organization hosted at this subdomain.",
|
|
|
|
result)
|
2017-04-24 12:19:54 +02:00
|
|
|
|
|
|
|
from django.core.mail import outbox
|
2017-11-18 03:30:07 +01:00
|
|
|
self.assertEqual(len(outbox), 0)
|
2017-04-24 12:19:54 +02:00
|
|
|
|
2017-10-24 20:44:01 +02:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_ldap_auth_only(self) -> None:
|
2017-10-24 20:44:01 +02:00
|
|
|
"""If the email auth backend is not enabled, password reset should do nothing"""
|
|
|
|
email = self.example_email("hamlet")
|
2017-11-18 03:17:50 +01:00
|
|
|
with patch('logging.info') as mock_logging:
|
|
|
|
result = self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
mock_logging.assert_called_once()
|
2017-10-24 20:44:01 +02:00
|
|
|
|
|
|
|
# check the redirect link telling you to check mail for password reset link
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/password/reset/done/"))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
2018-09-16 02:34:57 +02:00
|
|
|
self.assert_in_response("Check your email in a few minutes to finish the process.", result)
|
2017-10-24 20:44:01 +02:00
|
|
|
|
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
|
|
|
|
2018-05-29 07:09:48 +02:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.EmailAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
|
|
|
def test_ldap_and_email_auth(self) -> None:
|
|
|
|
"""If both email and ldap auth backends are enabled, limit password
|
|
|
|
reset to users outside the LDAP domain"""
|
|
|
|
# If the domain matches, we don't generate an email
|
|
|
|
with self.settings(LDAP_APPEND_DOMAIN="zulip.com"):
|
|
|
|
email = self.example_email("hamlet")
|
|
|
|
with patch('logging.info') as mock_logging:
|
|
|
|
result = self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
mock_logging.assert_called_once_with("Password reset not allowed for user in LDAP domain")
|
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
|
|
|
|
|
|
|
# If the domain doesn't match, we do generate an email
|
|
|
|
with self.settings(LDAP_APPEND_DOMAIN="example.com"):
|
|
|
|
email = self.example_email("hamlet")
|
|
|
|
with patch('logging.info') as mock_logging:
|
|
|
|
result = self.client_post('/accounts/password/reset/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/password/reset/done/"))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
|
|
|
self.assertEqual(len(outbox), 1)
|
|
|
|
message = outbox.pop()
|
2018-06-19 14:50:36 +02:00
|
|
|
tokenized_no_reply_email = parseaddr(message.from_email)[1]
|
|
|
|
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
|
2018-12-20 09:44:18 +01:00
|
|
|
self.assertIn('reset your password',
|
2018-05-29 07:09:48 +02:00
|
|
|
message.body)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_redirect_endpoints(self) -> None:
|
2016-11-14 19:13:59 +01:00
|
|
|
'''
|
|
|
|
These tests are mostly designed to give us 100% URL coverage
|
|
|
|
in our URL coverage reports. Our mechanism for finding URL
|
|
|
|
coverage doesn't handle redirects, so we just have a few quick
|
|
|
|
tests here.
|
|
|
|
'''
|
|
|
|
result = self.client_get('/accounts/password/reset/done/')
|
2016-11-19 21:54:00 +01:00
|
|
|
self.assert_in_success_response(["Check your email"], result)
|
2016-11-14 19:13:59 +01:00
|
|
|
|
|
|
|
result = self.client_get('/accounts/password/done/')
|
2016-11-19 21:54:00 +01:00
|
|
|
self.assert_in_success_response(["We've reset your password!"], result)
|
2016-11-14 19:13:59 +01:00
|
|
|
|
|
|
|
result = self.client_get('/accounts/send_confirm/alice@example.com')
|
2018-08-24 10:22:11 +02:00
|
|
|
self.assert_in_success_response(["/accounts/home/"], result)
|
2016-11-14 19:13:59 +01:00
|
|
|
|
2018-08-24 10:01:42 +02:00
|
|
|
result = self.client_get('/accounts/new/send_confirm/alice@example.com')
|
2018-08-24 10:22:11 +02:00
|
|
|
self.assert_in_success_response(["/new/"], result)
|
2018-08-24 10:01:42 +02:00
|
|
|
|
2016-08-23 02:08:42 +02:00
|
|
|
class LoginTest(ZulipTestCase):
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
Logging in, registration, and logging out.
|
|
|
|
"""
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2017-05-07 17:21:26 +02:00
|
|
|
user_profile = self.example_user('hamlet')
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login_deactivated_user(self) -> None:
|
2017-11-18 02:23:03 +01:00
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
do_deactivate_user(user_profile)
|
|
|
|
result = self.login_with_return(self.example_email("hamlet"), "xxx")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2017-11-20 07:23:55 +01:00
|
|
|
self.assert_in_response("Your account is no longer active.", result)
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(None)
|
2017-11-18 02:23:03 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login_bad_password(self) -> None:
|
2020-03-12 14:17:25 +01:00
|
|
|
user = self.example_user("hamlet")
|
|
|
|
password = "wrongpassword"
|
|
|
|
result = self.login_with_return(user.delivery_email, password=password)
|
|
|
|
self.assert_in_success_response([user.delivery_email], result)
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(None)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2020-03-12 14:17:25 +01:00
|
|
|
# Parallel test to confirm that the right password works using the
|
|
|
|
# same login code, which verifies our failing test isn't broken
|
|
|
|
# for some other reason.
|
|
|
|
password = initial_password(user.delivery_email)
|
|
|
|
result = self.login_with_return(user.delivery_email, password=password)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assert_logged_in_user_id(user.id)
|
|
|
|
|
2019-12-30 02:21:51 +01:00
|
|
|
@override_settings(RATE_LIMITING_AUTHENTICATE=True)
|
|
|
|
def test_login_bad_password_rate_limiter(self) -> None:
|
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-12 14:17:25 +01:00
|
|
|
email = user_profile.delivery_email
|
2019-12-30 21:17:11 +01:00
|
|
|
add_ratelimit_rule(10, 2, domain='authenticate_by_username')
|
2019-12-30 02:21:51 +01:00
|
|
|
|
|
|
|
start_time = time.time()
|
|
|
|
with patch('time.time', return_value=start_time):
|
|
|
|
self.login_with_return(email, password="wrongpassword")
|
|
|
|
self.assert_logged_in_user_id(None)
|
|
|
|
self.login_with_return(email, password="wrongpassword")
|
|
|
|
self.assert_logged_in_user_id(None)
|
|
|
|
|
|
|
|
# We're over the allowed limit, so the next attempt, even with the correct
|
|
|
|
# password, will get blocked.
|
|
|
|
result = self.login_with_return(email)
|
|
|
|
self.assert_in_success_response(["Try again in 10 seconds"], result)
|
|
|
|
|
|
|
|
# After time passes, we should be able to log in.
|
|
|
|
with patch('time.time', return_value=start_time + 11):
|
|
|
|
self.login_with_return(email)
|
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
|
|
|
|
2019-12-30 21:17:11 +01:00
|
|
|
remove_ratelimit_rule(10, 2, domain='authenticate_by_username')
|
2019-12-30 02:21:51 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login_nonexist_user(self) -> None:
|
2016-06-27 20:36:04 +02:00
|
|
|
result = self.login_with_return("xxx@zulip.com", "xxx")
|
2017-11-18 02:23:03 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
2016-07-12 15:41:45 +02:00
|
|
|
self.assert_in_response("Please enter a correct email and password", result)
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(None)
|
2017-11-18 02:23:03 +01:00
|
|
|
|
2017-11-17 10:47:43 +01:00
|
|
|
def test_login_wrong_subdomain(self) -> None:
|
2017-11-18 02:23:03 +01:00
|
|
|
with patch("logging.warning") as mock_warning:
|
|
|
|
result = self.login_with_return(self.mit_email("sipbtest"), "xxx")
|
|
|
|
mock_warning.assert_called_once()
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assert_in_response("Your Zulip account is not a member of the "
|
|
|
|
"organization associated with this subdomain.", result)
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(None)
|
2017-11-18 02:23:03 +01:00
|
|
|
|
2017-11-17 10:47:43 +01:00
|
|
|
def test_login_invalid_subdomain(self) -> None:
|
2017-11-18 02:23:03 +01:00
|
|
|
result = self.login_with_return(self.example_email("hamlet"), "xxx",
|
|
|
|
subdomain="invalid")
|
2019-03-12 01:56:52 +01:00
|
|
|
self.assertEqual(result.status_code, 404)
|
2017-11-18 02:23:03 +01:00
|
|
|
self.assert_in_response("There is no Zulip organization hosted at this subdomain.", result)
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(None)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_register(self) -> None:
|
2020-03-12 14:17:25 +01:00
|
|
|
reset_emails_in_zulip_realm()
|
|
|
|
|
2017-01-04 05:30:48 +01:00
|
|
|
realm = get_realm("zulip")
|
2019-02-24 04:40:44 +01:00
|
|
|
stream_names = ["stream_{}".format(i) for i in range(40)]
|
|
|
|
for stream_name in stream_names:
|
|
|
|
stream = self.make_stream(stream_name, realm=realm)
|
|
|
|
DefaultStream.objects.create(stream=stream, realm=realm)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-03-31 08:41:14 +02:00
|
|
|
# Clear all the caches.
|
|
|
|
flush_per_request_caches()
|
|
|
|
ContentType.objects.clear_cache()
|
|
|
|
|
2014-01-31 21:08:40 +01:00
|
|
|
with queries_captured() as queries:
|
2017-05-24 02:42:31 +02:00
|
|
|
self.register(self.nonreg_email('test'), "test")
|
2014-01-31 21:08:40 +01:00
|
|
|
# Ensure the number of queries we make is not O(streams)
|
2020-03-06 16:22:23 +01:00
|
|
|
self.assertEqual(len(queries), 77)
|
2017-05-24 02:42:31 +02:00
|
|
|
user_profile = self.nonreg_user('test')
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2016-11-08 16:45:48 +01:00
|
|
|
self.assertFalse(user_profile.enable_stream_desktop_notifications)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_register_deactivated(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
If you try to register for a deactivated realm, you get a clear error
|
|
|
|
page.
|
|
|
|
"""
|
2017-01-04 05:30:48 +01:00
|
|
|
realm = get_realm("zulip")
|
2014-01-31 21:08:40 +01:00
|
|
|
realm.deactivated = True
|
|
|
|
realm.save(update_fields=["deactivated"])
|
|
|
|
|
2017-10-02 08:41:00 +02:00
|
|
|
result = self.client_post('/accounts/home/', {'email': self.nonreg_email('test')},
|
|
|
|
subdomain="zulip")
|
2017-08-25 08:16:36 +02:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-10-02 08:41:00 +02:00
|
|
|
self.assertEqual('/accounts/deactivated/', result.url)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
with self.assertRaises(UserProfile.DoesNotExist):
|
2017-05-24 02:42:31 +02:00
|
|
|
self.nonreg_user('test')
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_register_deactivated_partway_through(self) -> None:
|
2017-10-02 08:41:00 +02:00
|
|
|
"""
|
|
|
|
If you try to register for a deactivated realm, you get a clear error
|
|
|
|
page.
|
|
|
|
"""
|
|
|
|
email = self.nonreg_email('test')
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email},
|
|
|
|
subdomain="zulip")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertNotIn('deactivated', result.url)
|
|
|
|
|
|
|
|
realm = get_realm("zulip")
|
|
|
|
realm.deactivated = True
|
|
|
|
realm.save(update_fields=["deactivated"])
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email, "abcd1234", subdomain="zulip")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual('/accounts/deactivated/', result.url)
|
|
|
|
|
|
|
|
with self.assertRaises(UserProfile.DoesNotExist):
|
|
|
|
self.nonreg_user('test')
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login_deactivated_realm(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
If you try to log in to a deactivated realm, you get a clear error page.
|
|
|
|
"""
|
2017-01-04 05:30:48 +01:00
|
|
|
realm = get_realm("zulip")
|
2014-01-31 21:08:40 +01:00
|
|
|
realm.deactivated = True
|
|
|
|
realm.save(update_fields=["deactivated"])
|
|
|
|
|
2017-10-02 08:41:00 +02:00
|
|
|
result = self.login_with_return(self.example_email("hamlet"), subdomain="zulip")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual('/accounts/deactivated/', result.url)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_logout(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2017-04-18 03:23:32 +02:00
|
|
|
# We use the logout API, not self.logout, to make sure we test
|
|
|
|
# the actual logout code path.
|
2016-07-28 00:30:22 +02:00
|
|
|
self.client_post('/accounts/logout/')
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(None)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_non_ascii_login(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
You can log in even if your password contain non-ASCII characters.
|
|
|
|
"""
|
2017-05-24 02:42:31 +02:00
|
|
|
email = self.nonreg_email('test')
|
2020-04-09 21:51:58 +02:00
|
|
|
password = "hümbüǵ"
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
# Registering succeeds.
|
2017-05-24 02:42:31 +02:00
|
|
|
self.register(email, password)
|
|
|
|
user_profile = self.nonreg_user('test')
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2017-04-18 03:23:32 +02:00
|
|
|
self.logout()
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(None)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
# Logging in succeeds.
|
2017-04-18 03:23:32 +02:00
|
|
|
self.logout()
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_by_email(email, password)
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-07-13 13:42:57 +02:00
|
|
|
@override_settings(TWO_FACTOR_AUTHENTICATION_ENABLED=False)
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login_page_redirects_logged_in_user(self) -> None:
|
2017-01-28 20:28:17 +01:00
|
|
|
"""You will be redirected to the app's main page if you land on the
|
|
|
|
login page when already logged in.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('cordelia')
|
2017-01-28 20:28:17 +01:00
|
|
|
response = self.client_get("/login/")
|
2017-10-06 08:36:23 +02:00
|
|
|
self.assertEqual(response["Location"], "http://zulip.testserver")
|
2017-01-28 20:28:17 +01:00
|
|
|
|
2018-05-21 06:40:18 +02:00
|
|
|
def test_options_request_to_login_page(self) -> None:
|
|
|
|
response = self.client_options('/login/')
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
2017-07-13 13:42:57 +02:00
|
|
|
@override_settings(TWO_FACTOR_AUTHENTICATION_ENABLED=True)
|
|
|
|
def test_login_page_redirects_logged_in_user_under_2fa(self) -> None:
|
|
|
|
"""You will be redirected to the app's main page if you land on the
|
|
|
|
login page when already logged in.
|
|
|
|
"""
|
|
|
|
user_profile = self.example_user("cordelia")
|
|
|
|
self.create_default_device(user_profile)
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('cordelia')
|
2017-07-13 13:42:57 +02:00
|
|
|
self.login_2fa(user_profile)
|
|
|
|
|
|
|
|
response = self.client_get("/login/")
|
|
|
|
self.assertEqual(response["Location"], "http://zulip.testserver")
|
|
|
|
|
|
|
|
def test_start_two_factor_auth(self) -> None:
|
|
|
|
request = MagicMock(POST=dict())
|
|
|
|
with patch('zerver.views.auth.TwoFactorLoginView') as mock_view:
|
|
|
|
mock_view.as_view.return_value = lambda *a, **k: HttpResponse()
|
|
|
|
response = start_two_factor_auth(request)
|
|
|
|
self.assertTrue(isinstance(response, HttpResponse))
|
|
|
|
|
|
|
|
def test_do_two_factor_login(self) -> None:
|
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
self.create_default_device(user_profile)
|
|
|
|
request = MagicMock()
|
|
|
|
with patch('zerver.decorator.django_otp.login') as mock_login:
|
|
|
|
do_two_factor_login(request, user_profile)
|
|
|
|
mock_login.assert_called_once()
|
|
|
|
|
2019-03-15 09:54:25 +01:00
|
|
|
def test_zulip_default_context_does_not_load_inline_previews(self) -> None:
|
|
|
|
realm = get_realm("zulip")
|
|
|
|
description = "https://www.google.com/images/srpr/logo4w.png"
|
|
|
|
realm.description = description
|
|
|
|
realm.save(update_fields=["description"])
|
|
|
|
response = self.client_get("/login/")
|
|
|
|
expected_response = """<p><a href="https://www.google.com/images/srpr/logo4w.png" \
|
2020-02-29 01:37:33 +01:00
|
|
|
title="https://www.google.com/images/srpr/logo4w.png">\
|
2019-03-15 09:54:25 +01:00
|
|
|
https://www.google.com/images/srpr/logo4w.png</a></p>"""
|
|
|
|
self.assertEqual(response.context_data["realm_description"], expected_response)
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
2017-10-21 03:14:21 +02:00
|
|
|
class InviteUserBase(ZulipTestCase):
|
2018-05-11 01:39:38 +02:00
|
|
|
def check_sent_emails(self, correct_recipients: List[str],
|
2017-11-05 10:51:25 +01:00
|
|
|
custom_from_name: Optional[str]=None) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), len(correct_recipients))
|
|
|
|
email_recipients = [email.recipients()[0] for email in outbox]
|
2016-07-10 20:43:58 +02:00
|
|
|
self.assertEqual(sorted(email_recipients), sorted(correct_recipients))
|
2017-02-12 21:21:31 +01:00
|
|
|
if len(outbox) == 0:
|
|
|
|
return
|
|
|
|
|
2017-07-11 20:25:50 +02:00
|
|
|
if custom_from_name is not None:
|
|
|
|
self.assertIn(custom_from_name, outbox[0].from_email)
|
|
|
|
|
2018-06-11 11:26:14 +02:00
|
|
|
tokenized_no_reply_email = parseaddr(outbox[0].from_email)[1]
|
|
|
|
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, tokenized_no_reply_email))
|
2017-07-05 21:29:27 +02:00
|
|
|
|
2018-12-22 05:41:54 +01:00
|
|
|
def invite(self, invitee_emails: str, stream_names: List[str], body: str='',
|
2018-12-30 11:06:12 +01:00
|
|
|
invite_as: int=1) -> HttpResponse:
|
2017-10-21 03:14:21 +02:00
|
|
|
"""
|
|
|
|
Invites the specified users to Zulip with the specified streams.
|
|
|
|
|
|
|
|
users should be a string containing the users to invite, comma or
|
|
|
|
newline separated.
|
|
|
|
|
|
|
|
streams should be a list of strings.
|
|
|
|
"""
|
2018-12-22 05:41:54 +01:00
|
|
|
stream_ids = []
|
|
|
|
for stream_name in stream_names:
|
|
|
|
stream_ids.append(self.get_stream_id(stream_name))
|
2017-10-21 03:14:21 +02:00
|
|
|
return self.client_post("/json/invites",
|
2018-12-22 05:41:54 +01:00
|
|
|
{"invitee_emails": invitee_emails,
|
|
|
|
"stream_ids": ujson.dumps(stream_ids),
|
2018-12-30 11:06:12 +01:00
|
|
|
"invite_as": invite_as})
|
2017-10-21 03:14:21 +02:00
|
|
|
|
2017-10-21 03:15:12 +02:00
|
|
|
class InviteUserTest(InviteUserBase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_successful_invite_user(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
2017-07-31 20:55:57 +02:00
|
|
|
A call to /json/invites with valid parameters causes an invitation
|
2014-01-31 21:08:40 +01:00
|
|
|
email to be sent.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
invitee = "alice-test@zulip.com"
|
|
|
|
self.assert_json_success(self.invite(invitee, ["Denmark"]))
|
|
|
|
self.assertTrue(find_key_by_email(invitee))
|
2017-07-11 20:25:50 +02:00
|
|
|
self.check_sent_emails([invitee], custom_from_name="Hamlet")
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2018-08-16 21:17:40 +02:00
|
|
|
def test_newbie_restrictions(self) -> None:
|
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
invitee = "alice-test@zulip.com"
|
|
|
|
stream_name = 'Denmark'
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user_profile)
|
2018-08-16 21:17:40 +02:00
|
|
|
|
|
|
|
result = self.invite(invitee, [stream_name])
|
|
|
|
self.assert_json_success(result)
|
|
|
|
|
|
|
|
user_profile.date_joined = timezone_now() - datetime.timedelta(days=10)
|
|
|
|
user_profile.save()
|
|
|
|
|
|
|
|
with self.settings(INVITES_MIN_USER_AGE_DAYS=5):
|
|
|
|
result = self.invite(invitee, [stream_name])
|
|
|
|
self.assert_json_success(result)
|
|
|
|
|
|
|
|
with self.settings(INVITES_MIN_USER_AGE_DAYS=15):
|
|
|
|
result = self.invite(invitee, [stream_name])
|
|
|
|
self.assert_json_error_contains(result, "Your account is too new")
|
|
|
|
|
2018-08-21 21:40:53 +02:00
|
|
|
def test_invite_limits(self) -> None:
|
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
realm = user_profile.realm
|
|
|
|
stream_name = 'Denmark'
|
|
|
|
|
|
|
|
# These constants only need to be in descending order
|
|
|
|
# for this test to trigger an InvitationError based
|
|
|
|
# on max daily counts.
|
|
|
|
site_max = 50
|
|
|
|
realm_max = 40
|
|
|
|
num_invitees = 30
|
|
|
|
max_daily_count = 20
|
|
|
|
|
|
|
|
daily_counts = [(1, max_daily_count)]
|
|
|
|
|
|
|
|
invite_emails = [
|
|
|
|
'foo-%02d@zulip.com' % (i,)
|
|
|
|
for i in range(num_invitees)
|
|
|
|
]
|
|
|
|
invitees = ','.join(invite_emails)
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user_profile)
|
2018-08-21 21:40:53 +02:00
|
|
|
|
|
|
|
realm.max_invites = realm_max
|
|
|
|
realm.date_created = timezone_now()
|
|
|
|
realm.save()
|
|
|
|
|
|
|
|
def try_invite() -> HttpResponse:
|
|
|
|
with self.settings(OPEN_REALM_CREATION=True,
|
|
|
|
INVITES_DEFAULT_REALM_DAILY_MAX=site_max,
|
|
|
|
INVITES_NEW_REALM_LIMIT_DAYS=daily_counts):
|
|
|
|
result = self.invite(invitees, [stream_name])
|
|
|
|
return result
|
|
|
|
|
|
|
|
result = try_invite()
|
|
|
|
self.assert_json_error_contains(result, 'enough remaining invites')
|
|
|
|
|
|
|
|
# Next show that aggregate limits expire once the realm is old
|
|
|
|
# enough.
|
|
|
|
|
|
|
|
realm.date_created = timezone_now() - datetime.timedelta(days=8)
|
|
|
|
realm.save()
|
|
|
|
|
2020-03-02 12:16:54 +01:00
|
|
|
with queries_captured() as queries:
|
|
|
|
result = try_invite()
|
|
|
|
|
|
|
|
# TODO: Fix large query count here.
|
|
|
|
#
|
|
|
|
# TODO: There is some test OTHER than this one
|
|
|
|
# that is leaking some kind of state change
|
|
|
|
# that throws off the query count here. It
|
|
|
|
# is hard to investigate currently (due to
|
|
|
|
# the large number of queries), so I just
|
|
|
|
# use an approximate equality check.
|
|
|
|
actual_count = len(queries)
|
2020-03-06 16:22:23 +01:00
|
|
|
expected_count = 312
|
2020-03-02 12:16:54 +01:00
|
|
|
if abs(actual_count - expected_count) > 1:
|
|
|
|
raise AssertionError('''
|
|
|
|
Unexpected number of queries:
|
|
|
|
|
|
|
|
expected query count: {}
|
|
|
|
actual: {}
|
|
|
|
'''.format(expected_count, actual_count))
|
|
|
|
|
2018-08-21 21:40:53 +02:00
|
|
|
self.assert_json_success(result)
|
|
|
|
|
|
|
|
# Next get line coverage on bumping a realm's max_invites.
|
|
|
|
realm.date_created = timezone_now()
|
|
|
|
realm.max_invites = site_max + 10
|
|
|
|
realm.save()
|
|
|
|
|
|
|
|
result = try_invite()
|
|
|
|
self.assert_json_success(result)
|
|
|
|
|
|
|
|
# Finally get coverage on the case that OPEN_REALM_CREATION is False.
|
|
|
|
|
|
|
|
with self.settings(OPEN_REALM_CREATION=False):
|
|
|
|
result = self.invite(invitees, [stream_name])
|
|
|
|
|
|
|
|
self.assert_json_success(result)
|
|
|
|
|
invites: Fix bug with inviting cross realm bots.
Without the fix here, you will get an exception
similar to below if you try to invite one of the
cross realm bots. (The actual exception is
a bit different due to some rebasing on my branch.)
File "/home/zulipdev/zulip/zerver/lib/request.py", line 368, in _wrapped_view_func
return view_func(request, *args, **kwargs)
File "/home/zulipdev/zulip/zerver/views/invite.py", line 49, in invite_users_backend
do_invite_users(user_profile, invitee_emails, streams, invite_as)
File "/home/zulipdev/zulip/zerver/lib/actions.py", line 5153, in do_invite_users
email_error, email_skipped, deactivated = validate_email(user_profile, email)
File "/home/zulipdev/zulip/zerver/lib/actions.py", line 5069, in validate_email
return None, (error.code), (error.params['deactivated'])
TypeError: 'NoneType' object is not subscriptable
Obviously, you shouldn't try to invite a cross
realm bot to your realm, but we want a reasonable
error message.
RESOLUTION:
Populate the `code` parameter for `ValidationError`.
BACKGROUND:
Most callers to `validate_email_for_realm` simply catch
the `ValidationError` and then report a more generic error.
That's also what `do_invite_users` does, but it has the
somewhat convoluted codepath through `validate_email`
that triggers this code:
try:
validate_email_for_realm(user_profile.realm, email)
except ValidationError as error:
return None, (error.code), (error.params['deactivated'])
The way that we're using the `code` parameter for
`ValidationError` feels hacky to me. The intention
behind `code` is to provide a descriptive error to
calling code, and it's not intended for humans, and
it feels strange that we actually translate this in
other places. Here are the Django docs:
https://docs.djangoproject.com/en/3.0/ref/forms/validation/
And then here's an example of us actually translating
a code (not part of this commit, just providing context):
raise ValidationError(_('%s already has an account') %
(email,), code = _("Already has an account."),
params={'deactivated': False})
Those codes eventually get put into InvitationError, which
inherits from JsonableError, and we do actually display
these errors in the webapp:
if skipped and len(skipped) == len(invitee_emails):
# All e-mails were skipped, so we didn't actually invite anyone.
raise InvitationError(_("We weren't able to invite anyone."),
skipped, sent_invitations=False)
I will try to untangle this somewhat in upcoming commits.
2020-03-03 15:13:01 +01:00
|
|
|
def test_cross_realm_bot(self) -> None:
|
|
|
|
inviter = self.example_user('hamlet')
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(inviter)
|
invites: Fix bug with inviting cross realm bots.
Without the fix here, you will get an exception
similar to below if you try to invite one of the
cross realm bots. (The actual exception is
a bit different due to some rebasing on my branch.)
File "/home/zulipdev/zulip/zerver/lib/request.py", line 368, in _wrapped_view_func
return view_func(request, *args, **kwargs)
File "/home/zulipdev/zulip/zerver/views/invite.py", line 49, in invite_users_backend
do_invite_users(user_profile, invitee_emails, streams, invite_as)
File "/home/zulipdev/zulip/zerver/lib/actions.py", line 5153, in do_invite_users
email_error, email_skipped, deactivated = validate_email(user_profile, email)
File "/home/zulipdev/zulip/zerver/lib/actions.py", line 5069, in validate_email
return None, (error.code), (error.params['deactivated'])
TypeError: 'NoneType' object is not subscriptable
Obviously, you shouldn't try to invite a cross
realm bot to your realm, but we want a reasonable
error message.
RESOLUTION:
Populate the `code` parameter for `ValidationError`.
BACKGROUND:
Most callers to `validate_email_for_realm` simply catch
the `ValidationError` and then report a more generic error.
That's also what `do_invite_users` does, but it has the
somewhat convoluted codepath through `validate_email`
that triggers this code:
try:
validate_email_for_realm(user_profile.realm, email)
except ValidationError as error:
return None, (error.code), (error.params['deactivated'])
The way that we're using the `code` parameter for
`ValidationError` feels hacky to me. The intention
behind `code` is to provide a descriptive error to
calling code, and it's not intended for humans, and
it feels strange that we actually translate this in
other places. Here are the Django docs:
https://docs.djangoproject.com/en/3.0/ref/forms/validation/
And then here's an example of us actually translating
a code (not part of this commit, just providing context):
raise ValidationError(_('%s already has an account') %
(email,), code = _("Already has an account."),
params={'deactivated': False})
Those codes eventually get put into InvitationError, which
inherits from JsonableError, and we do actually display
these errors in the webapp:
if skipped and len(skipped) == len(invitee_emails):
# All e-mails were skipped, so we didn't actually invite anyone.
raise InvitationError(_("We weren't able to invite anyone."),
skipped, sent_invitations=False)
I will try to untangle this somewhat in upcoming commits.
2020-03-03 15:13:01 +01:00
|
|
|
|
|
|
|
cross_realm_bot_email = 'emailgateway@zulip.com'
|
|
|
|
legit_new_email = 'fred@zulip.com'
|
|
|
|
invitee_emails = ','.join([cross_realm_bot_email, legit_new_email])
|
|
|
|
|
|
|
|
result = self.invite(invitee_emails, ['Denmark'])
|
|
|
|
self.assert_json_error(
|
|
|
|
result,
|
|
|
|
"Some of those addresses are already using Zulip," +
|
|
|
|
" so we didn't send them an invitation." +
|
|
|
|
" We did send invitations to everyone else!")
|
|
|
|
|
2020-03-03 14:41:24 +01:00
|
|
|
def test_invite_mirror_dummy_user(self) -> None:
|
|
|
|
'''
|
|
|
|
A mirror dummy account is a temporary account
|
|
|
|
that we keep in our system if we are mirroring
|
|
|
|
data from something like Zephyr or IRC.
|
|
|
|
|
|
|
|
We want users to eventually just sign up or
|
|
|
|
register for Zulip, in which case we will just
|
|
|
|
fully "activate" the account.
|
|
|
|
|
|
|
|
Here we test that you can invite a person who
|
|
|
|
has a mirror dummy account.
|
|
|
|
'''
|
|
|
|
inviter = self.example_user('hamlet')
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(inviter)
|
2020-03-03 14:41:24 +01:00
|
|
|
|
|
|
|
mirror_user = self.example_user('cordelia')
|
|
|
|
mirror_user.is_mirror_dummy = True
|
|
|
|
mirror_user.is_active = False
|
|
|
|
mirror_user.save()
|
|
|
|
|
|
|
|
self.assertEqual(
|
|
|
|
PreregistrationUser.objects.filter(email=mirror_user.email).count(),
|
|
|
|
0,
|
|
|
|
)
|
|
|
|
|
|
|
|
result = self.invite(mirror_user.email, ['Denmark'])
|
|
|
|
self.assert_json_success(result)
|
|
|
|
|
|
|
|
prereg_user = PreregistrationUser.objects.get(email=mirror_user.email)
|
|
|
|
self.assertEqual(
|
|
|
|
prereg_user.referred_by.email,
|
|
|
|
inviter.email,
|
|
|
|
)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_successful_invite_user_as_admin_from_admin_account(self) -> None:
|
2017-10-15 18:34:47 +02:00
|
|
|
"""
|
|
|
|
Test that a new user invited to a stream receives some initial
|
|
|
|
history but only from public streams.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2017-10-15 18:34:47 +02:00
|
|
|
invitee = self.nonreg_email('alice')
|
2018-12-30 11:06:12 +01:00
|
|
|
result = self.invite(invitee, ["Denmark"],
|
|
|
|
invite_as=PreregistrationUser.INVITE_AS['REALM_ADMIN'])
|
|
|
|
self.assert_json_success(result)
|
2017-10-15 18:34:47 +02:00
|
|
|
self.assertTrue(find_key_by_email(invitee))
|
|
|
|
|
|
|
|
self.submit_reg_form_for_user(invitee, "password")
|
|
|
|
invitee_profile = self.nonreg_user('alice')
|
|
|
|
self.assertTrue(invitee_profile.is_realm_admin)
|
2018-12-30 11:08:07 +01:00
|
|
|
self.assertFalse(invitee_profile.is_guest)
|
2017-10-15 18:34:47 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invite_user_as_admin_from_normal_account(self) -> None:
|
2017-10-15 18:34:47 +02:00
|
|
|
"""
|
|
|
|
Test that a new user invited to a stream receives some initial
|
|
|
|
history but only from public streams.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2017-10-15 18:34:47 +02:00
|
|
|
invitee = self.nonreg_email('alice')
|
2018-12-30 11:06:12 +01:00
|
|
|
response = self.invite(invitee, ["Denmark"],
|
|
|
|
invite_as=PreregistrationUser.INVITE_AS['REALM_ADMIN'])
|
2018-03-08 01:47:17 +01:00
|
|
|
self.assert_json_error(response, "Must be an organization administrator")
|
2017-10-15 18:34:47 +02:00
|
|
|
|
2018-12-30 11:06:12 +01:00
|
|
|
def test_invite_user_as_invalid_type(self) -> None:
|
|
|
|
"""
|
|
|
|
Test inviting a user as invalid type of user i.e. type of invite_as
|
|
|
|
is not in PreregistrationUser.INVITE_AS
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2018-12-30 11:06:12 +01:00
|
|
|
invitee = self.nonreg_email('alice')
|
|
|
|
response = self.invite(invitee, ["Denmark"], invite_as=100)
|
|
|
|
self.assert_json_error(response, "Must be invited as an valid type of user")
|
|
|
|
|
2018-12-30 11:08:07 +01:00
|
|
|
def test_successful_invite_user_as_guest_from_normal_account(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2018-12-30 11:08:07 +01:00
|
|
|
invitee = self.nonreg_email('alice')
|
|
|
|
self.assert_json_success(self.invite(invitee, ["Denmark"],
|
|
|
|
invite_as=PreregistrationUser.INVITE_AS['GUEST_USER']))
|
|
|
|
self.assertTrue(find_key_by_email(invitee))
|
|
|
|
|
|
|
|
self.submit_reg_form_for_user(invitee, "password")
|
|
|
|
invitee_profile = self.nonreg_user('alice')
|
|
|
|
self.assertFalse(invitee_profile.is_realm_admin)
|
|
|
|
self.assertTrue(invitee_profile.is_guest)
|
|
|
|
|
|
|
|
def test_successful_invite_user_as_guest_from_admin_account(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2018-12-30 11:08:07 +01:00
|
|
|
invitee = self.nonreg_email('alice')
|
|
|
|
self.assert_json_success(self.invite(invitee, ["Denmark"],
|
|
|
|
invite_as=PreregistrationUser.INVITE_AS['GUEST_USER']))
|
|
|
|
self.assertTrue(find_key_by_email(invitee))
|
|
|
|
|
|
|
|
self.submit_reg_form_for_user(invitee, "password")
|
|
|
|
invitee_profile = self.nonreg_user('alice')
|
|
|
|
self.assertFalse(invitee_profile.is_realm_admin)
|
|
|
|
self.assertTrue(invitee_profile.is_guest)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_successful_invite_user_with_name(self) -> None:
|
2016-07-29 18:16:54 +02:00
|
|
|
"""
|
2017-07-31 20:55:57 +02:00
|
|
|
A call to /json/invites with valid parameters causes an invitation
|
2016-07-29 18:16:54 +02:00
|
|
|
email to be sent.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2016-07-29 18:16:54 +02:00
|
|
|
email = "alice-test@zulip.com"
|
|
|
|
invitee = "Alice Test <{}>".format(email)
|
|
|
|
self.assert_json_success(self.invite(invitee, ["Denmark"]))
|
|
|
|
self.assertTrue(find_key_by_email(email))
|
2017-07-11 20:25:50 +02:00
|
|
|
self.check_sent_emails([email], custom_from_name="Hamlet")
|
2016-07-29 18:16:54 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_successful_invite_user_with_name_and_normal_one(self) -> None:
|
2016-07-29 18:16:54 +02:00
|
|
|
"""
|
2017-07-31 20:55:57 +02:00
|
|
|
A call to /json/invites with valid parameters causes an invitation
|
2016-07-29 18:16:54 +02:00
|
|
|
email to be sent.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2016-07-29 18:16:54 +02:00
|
|
|
email = "alice-test@zulip.com"
|
|
|
|
email2 = "bob-test@zulip.com"
|
|
|
|
invitee = "Alice Test <{}>, {}".format(email, email2)
|
|
|
|
self.assert_json_success(self.invite(invitee, ["Denmark"]))
|
|
|
|
self.assertTrue(find_key_by_email(email))
|
|
|
|
self.assertTrue(find_key_by_email(email2))
|
2017-07-11 20:25:50 +02:00
|
|
|
self.check_sent_emails([email, email2], custom_from_name="Hamlet")
|
2016-07-29 18:16:54 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_require_realm_admin(self) -> None:
|
2017-05-18 02:45:20 +02:00
|
|
|
"""
|
|
|
|
The invite_by_admins_only realm setting works properly.
|
|
|
|
"""
|
|
|
|
realm = get_realm('zulip')
|
|
|
|
realm.invite_by_admins_only = True
|
|
|
|
realm.save()
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2017-05-18 02:45:20 +02:00
|
|
|
email = "alice-test@zulip.com"
|
|
|
|
email2 = "bob-test@zulip.com"
|
|
|
|
invitee = "Alice Test <{}>, {}".format(email, email2)
|
|
|
|
self.assert_json_error(self.invite(invitee, ["Denmark"]),
|
2018-03-08 01:47:17 +01:00
|
|
|
"Must be an organization administrator")
|
2017-05-18 02:45:20 +02:00
|
|
|
|
|
|
|
# Now verify an administrator can do it
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2017-05-18 02:45:20 +02:00
|
|
|
self.assert_json_success(self.invite(invitee, ["Denmark"]))
|
|
|
|
self.assertTrue(find_key_by_email(email))
|
|
|
|
self.assertTrue(find_key_by_email(email2))
|
|
|
|
self.check_sent_emails([email, email2])
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invite_user_signup_initial_history(self) -> None:
|
2015-10-26 16:49:22 +01:00
|
|
|
"""
|
|
|
|
Test that a new user invited to a stream receives some initial
|
|
|
|
history but only from public streams.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2017-05-07 17:21:26 +02:00
|
|
|
user_profile = self.example_user('hamlet')
|
2015-10-26 16:49:22 +01:00
|
|
|
private_stream_name = "Secret"
|
2016-10-21 23:08:52 +02:00
|
|
|
self.make_stream(private_stream_name, invite_only=True)
|
2017-08-25 06:01:29 +02:00
|
|
|
self.subscribe(user_profile, private_stream_name)
|
2017-10-28 18:10:38 +02:00
|
|
|
public_msg_id = self.send_stream_message(
|
2020-03-07 11:43:05 +01:00
|
|
|
self.example_user("hamlet"),
|
2017-10-28 18:10:38 +02:00
|
|
|
"Denmark",
|
|
|
|
topic_name="Public topic",
|
|
|
|
content="Public message",
|
|
|
|
)
|
|
|
|
secret_msg_id = self.send_stream_message(
|
2020-03-07 11:43:05 +01:00
|
|
|
self.example_user("hamlet"),
|
2017-10-28 18:10:38 +02:00
|
|
|
private_stream_name,
|
|
|
|
topic_name="Secret topic",
|
|
|
|
content="Secret message",
|
|
|
|
)
|
2017-05-24 02:42:31 +02:00
|
|
|
invitee = self.nonreg_email('alice')
|
2015-10-26 16:49:22 +01:00
|
|
|
self.assert_json_success(self.invite(invitee, [private_stream_name, "Denmark"]))
|
|
|
|
self.assertTrue(find_key_by_email(invitee))
|
|
|
|
|
2017-05-24 02:42:31 +02:00
|
|
|
self.submit_reg_form_for_user(invitee, "password")
|
|
|
|
invitee_profile = self.nonreg_user('alice')
|
2015-10-26 16:49:22 +01:00
|
|
|
invitee_msg_ids = [um.message_id for um in
|
|
|
|
UserMessage.objects.filter(user_profile=invitee_profile)]
|
|
|
|
self.assertTrue(public_msg_id in invitee_msg_ids)
|
|
|
|
self.assertFalse(secret_msg_id in invitee_msg_ids)
|
2017-10-15 18:34:47 +02:00
|
|
|
self.assertFalse(invitee_profile.is_realm_admin)
|
2017-09-25 22:53:07 +02:00
|
|
|
# Test that exactly 2 new Zulip messages were sent, both notifications.
|
|
|
|
last_3_messages = list(reversed(list(Message.objects.all().order_by("-id")[0:3])))
|
|
|
|
first_msg = last_3_messages[0]
|
|
|
|
self.assertEqual(first_msg.id, secret_msg_id)
|
|
|
|
|
|
|
|
# The first, from notification-bot to the user who invited the new user.
|
|
|
|
second_msg = last_3_messages[1]
|
|
|
|
self.assertEqual(second_msg.sender.email, "notification-bot@zulip.com")
|
2020-03-12 14:17:25 +01:00
|
|
|
self.assertTrue(second_msg.content.startswith(
|
|
|
|
"alice_zulip.com <`{}`> accepted your".format(invitee_profile.email)
|
|
|
|
))
|
2017-09-25 22:53:07 +02:00
|
|
|
|
|
|
|
# The second, from welcome-bot to the user who was invited.
|
|
|
|
third_msg = last_3_messages[2]
|
|
|
|
self.assertEqual(third_msg.sender.email, "welcome-bot@zulip.com")
|
|
|
|
self.assertTrue(third_msg.content.startswith("Hello, and welcome to Zulip!"))
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_multi_user_invite(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
Invites multiple users with a variety of delimiters.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
# Intentionally use a weird string.
|
|
|
|
self.assert_json_success(self.invite(
|
2016-12-02 08:15:16 +01:00
|
|
|
"""bob-test@zulip.com, carol-test@zulip.com,
|
|
|
|
dave-test@zulip.com
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
|
|
|
|
earl-test@zulip.com""", ["Denmark"]))
|
|
|
|
for user in ("bob", "carol", "dave", "earl"):
|
2015-12-01 17:11:16 +01:00
|
|
|
self.assertTrue(find_key_by_email("%s-test@zulip.com" % (user,)))
|
2014-01-31 21:08:40 +01:00
|
|
|
self.check_sent_emails(["bob-test@zulip.com", "carol-test@zulip.com",
|
|
|
|
"dave-test@zulip.com", "earl-test@zulip.com"])
|
|
|
|
|
2017-12-07 06:24:40 +01:00
|
|
|
def test_max_invites_model(self) -> None:
|
|
|
|
realm = get_realm("zulip")
|
|
|
|
self.assertEqual(realm.max_invites, settings.INVITES_DEFAULT_REALM_DAILY_MAX)
|
|
|
|
realm.max_invites = 3
|
|
|
|
realm.save()
|
|
|
|
self.assertEqual(get_realm("zulip").max_invites, 3)
|
|
|
|
realm.max_invites = settings.INVITES_DEFAULT_REALM_DAILY_MAX
|
|
|
|
realm.save()
|
|
|
|
|
2017-11-30 01:53:09 +01:00
|
|
|
def test_invite_too_many_users(self) -> None:
|
|
|
|
# Only a light test of this pathway; e.g. doesn't test that
|
|
|
|
# the limit gets reset after 24 hours
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2018-12-22 05:41:54 +01:00
|
|
|
invitee_emails = "1@zulip.com, 2@zulip.com"
|
|
|
|
self.invite(invitee_emails, ["Denmark"])
|
|
|
|
invitee_emails = ", ".join([str(i) for i in range(get_realm("zulip").max_invites - 1)])
|
|
|
|
self.assert_json_error(self.invite(invitee_emails, ["Denmark"]),
|
|
|
|
"You do not have enough remaining invites. "
|
|
|
|
"Please contact zulip-admin@example.com to have your limit raised. "
|
|
|
|
"No invitations were sent.")
|
2017-11-30 01:53:09 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_missing_or_invalid_params(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
Tests inviting with various missing or invalid parameters.
|
|
|
|
"""
|
2020-03-06 16:22:23 +01:00
|
|
|
realm = get_realm('zulip')
|
|
|
|
do_set_realm_property(realm, 'emails_restricted_to_domains', True)
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2018-12-22 05:41:54 +01:00
|
|
|
invitee_emails = "foo@zulip.com"
|
|
|
|
self.assert_json_error(self.invite(invitee_emails, []),
|
|
|
|
"You must specify at least one stream for invitees to join.")
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
for address in ("noatsign.com", "outsideyourdomain@example.net"):
|
|
|
|
self.assert_json_error(
|
|
|
|
self.invite(address, ["Denmark"]),
|
|
|
|
"Some emails did not validate, so we didn't send any invitations.")
|
|
|
|
self.check_sent_emails([])
|
|
|
|
|
2017-02-27 00:29:33 +01:00
|
|
|
self.assert_json_error(
|
|
|
|
self.invite("", ["Denmark"]),
|
|
|
|
"You must specify at least one email address.")
|
|
|
|
self.check_sent_emails([])
|
|
|
|
|
2018-06-08 14:43:27 +02:00
|
|
|
def test_guest_user_invitation(self) -> None:
|
|
|
|
"""
|
|
|
|
Guest user can't invite new users
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('polonius')
|
2018-06-08 14:43:27 +02:00
|
|
|
invitee = "alice-test@zulip.com"
|
|
|
|
self.assert_json_error(self.invite(invitee, ["Denmark"]), "Not allowed for guest users")
|
|
|
|
self.assertEqual(find_key_by_email(invitee), None)
|
|
|
|
self.check_sent_emails([])
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invalid_stream(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
Tests inviting to a non-existent stream.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
self.assert_json_error(self.invite("iago-test@zulip.com", ["NotARealStream"]),
|
2018-12-22 05:41:54 +01:00
|
|
|
"Stream does not exist with id: {}. No invites were sent.".format(self.INVALID_STREAM_ID))
|
2014-01-31 21:08:40 +01:00
|
|
|
self.check_sent_emails([])
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invite_existing_user(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
If you invite an address already using Zulip, no invitation is sent.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2020-03-06 11:33:29 +01:00
|
|
|
|
|
|
|
hamlet_email = 'hAmLeT@zUlIp.com'
|
|
|
|
result = self.invite(hamlet_email, ["Denmark"])
|
|
|
|
self.assert_json_error(result, "We weren't able to invite anyone.")
|
|
|
|
|
|
|
|
self.assertFalse(
|
|
|
|
PreregistrationUser.objects.filter(email__iexact=hamlet_email).exists()
|
|
|
|
)
|
2014-01-31 21:08:40 +01:00
|
|
|
self.check_sent_emails([])
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invite_some_existing_some_new(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
If you invite a mix of already existing and new users, invitations are
|
|
|
|
only sent to the new users.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2020-04-09 21:51:58 +02:00
|
|
|
existing = [self.example_email("hamlet"), "othello@zulip.com"]
|
|
|
|
new = ["foo-test@zulip.com", "bar-test@zulip.com"]
|
2018-12-22 05:41:54 +01:00
|
|
|
invitee_emails = "\n".join(existing + new)
|
|
|
|
self.assert_json_error(self.invite(invitee_emails, ["Denmark"]),
|
2014-01-31 21:08:40 +01:00
|
|
|
"Some of those addresses are already using Zulip, \
|
|
|
|
so we didn't send them an invitation. We did send invitations to everyone else!")
|
|
|
|
|
|
|
|
# We only created accounts for the new users.
|
|
|
|
for email in existing:
|
|
|
|
self.assertRaises(PreregistrationUser.DoesNotExist,
|
|
|
|
lambda: PreregistrationUser.objects.get(
|
2017-01-24 06:02:39 +01:00
|
|
|
email=email))
|
2014-01-31 21:08:40 +01:00
|
|
|
for email in new:
|
|
|
|
self.assertTrue(PreregistrationUser.objects.get(email=email))
|
|
|
|
|
|
|
|
# We only sent emails to the new users.
|
|
|
|
self.check_sent_emails(new)
|
|
|
|
|
2017-12-05 09:01:41 +01:00
|
|
|
prereg_user = PreregistrationUser.objects.get(email='foo-test@zulip.com')
|
2016-10-04 01:15:24 +02:00
|
|
|
self.assertEqual(prereg_user.email, 'foo-test@zulip.com')
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invite_outside_domain_in_closed_realm(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
2018-07-27 23:26:29 +02:00
|
|
|
In a realm with `emails_restricted_to_domains = True`, you can't invite people
|
2014-01-31 21:08:40 +01:00
|
|
|
with a different domain from that of the realm or your e-mail address.
|
|
|
|
"""
|
2017-01-04 05:30:48 +01:00
|
|
|
zulip_realm = get_realm("zulip")
|
2018-07-27 23:26:29 +02:00
|
|
|
zulip_realm.emails_restricted_to_domains = True
|
2014-01-31 21:08:40 +01:00
|
|
|
zulip_realm.save()
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
external_address = "foo@example.com"
|
|
|
|
|
|
|
|
self.assert_json_error(
|
|
|
|
self.invite(external_address, ["Denmark"]),
|
|
|
|
"Some emails did not validate, so we didn't send any invitations.")
|
|
|
|
|
2018-05-04 18:15:54 +02:00
|
|
|
def test_invite_using_disposable_email(self) -> None:
|
|
|
|
"""
|
2018-08-12 03:37:04 +02:00
|
|
|
In a realm with `disallow_disposable_email_addresses = True`, you can't invite
|
|
|
|
people with a disposable domain.
|
2018-05-04 18:15:54 +02:00
|
|
|
"""
|
|
|
|
zulip_realm = get_realm("zulip")
|
2018-07-27 23:26:29 +02:00
|
|
|
zulip_realm.emails_restricted_to_domains = False
|
2018-05-04 18:15:54 +02:00
|
|
|
zulip_realm.disallow_disposable_email_addresses = True
|
|
|
|
zulip_realm.save()
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2018-05-04 18:15:54 +02:00
|
|
|
external_address = "foo@mailnator.com"
|
|
|
|
|
|
|
|
self.assert_json_error(
|
|
|
|
self.invite(external_address, ["Denmark"]),
|
|
|
|
"Some emails did not validate, so we didn't send any invitations.")
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invite_outside_domain_in_open_realm(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
2018-07-27 23:26:29 +02:00
|
|
|
In a realm with `emails_restricted_to_domains = False`, you can invite people
|
2014-01-31 21:08:40 +01:00
|
|
|
with a different domain from that of the realm or your e-mail address.
|
|
|
|
"""
|
2017-01-04 05:30:48 +01:00
|
|
|
zulip_realm = get_realm("zulip")
|
2018-07-27 23:26:29 +02:00
|
|
|
zulip_realm.emails_restricted_to_domains = False
|
2014-01-31 21:08:40 +01:00
|
|
|
zulip_realm.save()
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
external_address = "foo@example.com"
|
|
|
|
|
|
|
|
self.assert_json_success(self.invite(external_address, ["Denmark"]))
|
|
|
|
self.check_sent_emails([external_address])
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invite_outside_domain_before_closing(self) -> None:
|
2017-03-18 20:36:40 +01:00
|
|
|
"""
|
|
|
|
If you invite someone with a different domain from that of the realm
|
2018-07-27 23:26:29 +02:00
|
|
|
when `emails_restricted_to_domains = False`, but `emails_restricted_to_domains` later
|
2017-03-18 20:36:40 +01:00
|
|
|
changes to true, the invitation should succeed but the invitee's signup
|
|
|
|
attempt should fail.
|
|
|
|
"""
|
|
|
|
zulip_realm = get_realm("zulip")
|
2018-07-27 23:26:29 +02:00
|
|
|
zulip_realm.emails_restricted_to_domains = False
|
2017-03-18 20:36:40 +01:00
|
|
|
zulip_realm.save()
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2017-03-18 20:36:40 +01:00
|
|
|
external_address = "foo@example.com"
|
|
|
|
|
|
|
|
self.assert_json_success(self.invite(external_address, ["Denmark"]))
|
|
|
|
self.check_sent_emails([external_address])
|
|
|
|
|
2018-07-27 23:26:29 +02:00
|
|
|
zulip_realm.emails_restricted_to_domains = True
|
2017-03-18 20:36:40 +01:00
|
|
|
zulip_realm.save()
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user("foo@example.com", "password")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2018-03-05 20:19:07 +01:00
|
|
|
self.assert_in_response("only allows users with email addresses", result)
|
|
|
|
|
|
|
|
def test_disposable_emails_before_closing(self) -> None:
|
|
|
|
"""
|
|
|
|
If you invite someone with a disposable email when
|
|
|
|
`disallow_disposable_email_addresses = False`, but
|
|
|
|
later changes to true, the invitation should succeed
|
|
|
|
but the invitee's signup attempt should fail.
|
|
|
|
"""
|
|
|
|
zulip_realm = get_realm("zulip")
|
2018-07-27 23:26:29 +02:00
|
|
|
zulip_realm.emails_restricted_to_domains = False
|
2018-03-05 20:19:07 +01:00
|
|
|
zulip_realm.disallow_disposable_email_addresses = False
|
|
|
|
zulip_realm.save()
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2018-03-05 20:19:07 +01:00
|
|
|
external_address = "foo@mailnator.com"
|
|
|
|
|
|
|
|
self.assert_json_success(self.invite(external_address, ["Denmark"]))
|
|
|
|
self.check_sent_emails([external_address])
|
|
|
|
|
|
|
|
zulip_realm.disallow_disposable_email_addresses = True
|
|
|
|
zulip_realm.save()
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user("foo@mailnator.com", "password")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assert_in_response("Please sign up using a real email address.", result)
|
2017-03-18 20:36:40 +01:00
|
|
|
|
2018-06-20 13:08:07 +02:00
|
|
|
def test_invite_with_email_containing_plus_before_closing(self) -> None:
|
|
|
|
"""
|
|
|
|
If you invite someone with an email containing plus when
|
2018-07-27 23:26:29 +02:00
|
|
|
`emails_restricted_to_domains = False`, but later change
|
|
|
|
`emails_restricted_to_domains = True`, the invitation should
|
2018-06-20 13:08:07 +02:00
|
|
|
succeed but the invitee's signup attempt should fail as
|
|
|
|
users are not allowed to signup using email containing +
|
|
|
|
when the realm is restricted to domain.
|
|
|
|
"""
|
|
|
|
zulip_realm = get_realm("zulip")
|
2018-07-27 23:26:29 +02:00
|
|
|
zulip_realm.emails_restricted_to_domains = False
|
2018-06-20 13:08:07 +02:00
|
|
|
zulip_realm.save()
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2018-06-20 13:08:07 +02:00
|
|
|
external_address = "foo+label@zulip.com"
|
|
|
|
|
|
|
|
self.assert_json_success(self.invite(external_address, ["Denmark"]))
|
|
|
|
self.check_sent_emails([external_address])
|
|
|
|
|
2018-07-27 23:26:29 +02:00
|
|
|
zulip_realm.emails_restricted_to_domains = True
|
2018-06-20 13:08:07 +02:00
|
|
|
zulip_realm.save()
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(external_address, "password")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assert_in_response("Zulip Dev, does not allow signups using emails\n that contains +", result)
|
|
|
|
|
2018-04-06 19:33:02 +02:00
|
|
|
def test_invalid_email_check_after_confirming_email(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2018-04-06 19:33:02 +02:00
|
|
|
email = "test@zulip.com"
|
|
|
|
|
|
|
|
self.assert_json_success(self.invite(email, ["Denmark"]))
|
|
|
|
|
|
|
|
obj = Confirmation.objects.get(confirmation_key=find_key_by_email(email))
|
|
|
|
prereg_user = obj.content_object
|
|
|
|
prereg_user.email = "invalid.email"
|
|
|
|
prereg_user.save()
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email, "password")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assert_in_response("The email address you are trying to sign up with is not valid", result)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invite_with_non_ascii_streams(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
Inviting someone to streams with non-ASCII characters succeeds.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
invitee = "alice-test@zulip.com"
|
|
|
|
|
2020-04-09 21:51:58 +02:00
|
|
|
stream_name = "hümbüǵ"
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
# Make sure we're subscribed before inviting someone.
|
2017-08-25 06:01:29 +02:00
|
|
|
self.subscribe(self.example_user("hamlet"), stream_name)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
self.assert_json_success(self.invite(invitee, [stream_name]))
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invitation_reminder_email(self) -> None:
|
2016-12-01 08:54:21 +01:00
|
|
|
from django.core.mail import outbox
|
2017-05-24 02:42:31 +02:00
|
|
|
|
|
|
|
# All users belong to zulip realm
|
2020-03-06 18:40:46 +01:00
|
|
|
referrer_name = 'hamlet'
|
|
|
|
current_user = self.example_user(referrer_name)
|
|
|
|
self.login_user(current_user)
|
2017-09-21 15:11:20 +02:00
|
|
|
invitee_email = self.nonreg_email('alice')
|
|
|
|
self.assert_json_success(self.invite(invitee_email, ["Denmark"]))
|
|
|
|
self.assertTrue(find_key_by_email(invitee_email))
|
|
|
|
self.check_sent_emails([invitee_email])
|
2016-12-01 08:54:21 +01:00
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
data = {"email": invitee_email, "referrer_email": current_user.email}
|
2017-12-05 09:01:41 +01:00
|
|
|
invitee = PreregistrationUser.objects.get(email=data["email"])
|
2020-03-06 18:40:46 +01:00
|
|
|
referrer = self.example_user(referrer_name)
|
2017-07-08 04:38:13 +02:00
|
|
|
link = create_confirmation_link(invitee, referrer.realm.host, Confirmation.INVITATION)
|
2016-12-01 08:54:21 +01:00
|
|
|
context = common_context(referrer)
|
|
|
|
context.update({
|
|
|
|
'activate_url': link,
|
2017-05-04 06:34:30 +02:00
|
|
|
'referrer_name': referrer.full_name,
|
|
|
|
'referrer_email': referrer.email,
|
|
|
|
'referrer_realm_name': referrer.realm.name,
|
2016-12-01 08:54:21 +01:00
|
|
|
})
|
|
|
|
with self.settings(EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend'):
|
2018-12-03 23:26:51 +01:00
|
|
|
email = data["email"]
|
2017-05-03 18:20:16 +02:00
|
|
|
send_future_email(
|
2018-12-03 23:26:51 +01:00
|
|
|
"zerver/emails/invitation_reminder", referrer.realm, to_emails=[email],
|
2020-03-12 20:28:05 +01:00
|
|
|
from_address=FromAddress.no_reply_placeholder, context=context)
|
2017-07-02 21:10:41 +02:00
|
|
|
email_jobs_to_deliver = ScheduledEmail.objects.filter(
|
2017-04-15 04:03:56 +02:00
|
|
|
scheduled_timestamp__lte=timezone_now())
|
2016-12-01 08:54:21 +01:00
|
|
|
self.assertEqual(len(email_jobs_to_deliver), 1)
|
|
|
|
email_count = len(outbox)
|
|
|
|
for job in email_jobs_to_deliver:
|
2019-03-16 02:32:43 +01:00
|
|
|
deliver_email(job)
|
2016-12-01 08:54:21 +01:00
|
|
|
self.assertEqual(len(outbox), email_count + 1)
|
2017-07-05 21:29:27 +02:00
|
|
|
self.assertIn(FromAddress.NOREPLY, outbox[-1].from_email)
|
2016-12-01 08:54:21 +01:00
|
|
|
|
2017-09-21 15:11:20 +02:00
|
|
|
# Now verify that signing up clears invite_reminder emails
|
2019-03-16 02:32:43 +01:00
|
|
|
with self.settings(EMAIL_BACKEND='django.core.mail.backends.console.EmailBackend'):
|
|
|
|
email = data["email"]
|
|
|
|
send_future_email(
|
|
|
|
"zerver/emails/invitation_reminder", referrer.realm, to_emails=[email],
|
2020-03-12 20:28:05 +01:00
|
|
|
from_address=FromAddress.no_reply_placeholder, context=context)
|
2019-03-16 02:32:43 +01:00
|
|
|
|
2017-09-21 15:11:20 +02:00
|
|
|
email_jobs_to_deliver = ScheduledEmail.objects.filter(
|
2017-10-19 04:41:28 +02:00
|
|
|
scheduled_timestamp__lte=timezone_now(), type=ScheduledEmail.INVITATION_REMINDER)
|
2017-09-21 15:11:20 +02:00
|
|
|
self.assertEqual(len(email_jobs_to_deliver), 1)
|
|
|
|
|
|
|
|
self.register(invitee_email, "test")
|
|
|
|
email_jobs_to_deliver = ScheduledEmail.objects.filter(
|
2017-10-19 04:41:28 +02:00
|
|
|
scheduled_timestamp__lte=timezone_now(), type=ScheduledEmail.INVITATION_REMINDER)
|
2017-09-21 15:11:20 +02:00
|
|
|
self.assertEqual(len(email_jobs_to_deliver), 0)
|
|
|
|
|
2019-08-23 03:32:22 +02:00
|
|
|
def test_no_invitation_reminder_when_link_expires_quickly(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2019-08-23 03:32:22 +02:00
|
|
|
# Check invitation reminder email is scheduled with 4 day link expiry
|
|
|
|
with self.settings(INVITATION_LINK_VALIDITY_DAYS=4):
|
|
|
|
self.invite('alice@zulip.com', ['Denmark'])
|
|
|
|
self.assertEqual(ScheduledEmail.objects.filter(type=ScheduledEmail.INVITATION_REMINDER).count(), 1)
|
|
|
|
# Check invitation reminder email is not scheduled with 3 day link expiry
|
|
|
|
with self.settings(INVITATION_LINK_VALIDITY_DAYS=3):
|
|
|
|
self.invite('bob@zulip.com', ['Denmark'])
|
|
|
|
self.assertEqual(ScheduledEmail.objects.filter(type=ScheduledEmail.INVITATION_REMINDER).count(), 1)
|
|
|
|
|
2017-11-01 21:07:39 +01:00
|
|
|
# make sure users can't take a valid confirmation key from another
|
|
|
|
# pathway and use it with the invitation url route
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_confirmation_key_of_wrong_type(self) -> None:
|
2017-11-01 21:07:39 +01:00
|
|
|
user = self.example_user('hamlet')
|
2017-11-30 07:17:06 +01:00
|
|
|
url = create_confirmation_link(user, 'host', Confirmation.USER_REGISTRATION)
|
|
|
|
registration_key = url.split('/')[-1]
|
|
|
|
|
|
|
|
# Mainly a test of get_object_from_key, rather than of the invitation pathway
|
2017-11-01 21:16:23 +01:00
|
|
|
with self.assertRaises(ConfirmationKeyException) as cm:
|
2017-11-01 21:07:39 +01:00
|
|
|
get_object_from_key(registration_key, Confirmation.INVITATION)
|
2017-11-01 21:16:23 +01:00
|
|
|
self.assertEqual(cm.exception.error_type, ConfirmationKeyException.DOES_NOT_EXIST)
|
2017-11-01 21:07:39 +01:00
|
|
|
|
2017-11-30 07:17:06 +01:00
|
|
|
# Verify that using the wrong type doesn't work in the main confirm code path
|
|
|
|
email_change_url = create_confirmation_link(user, 'host', Confirmation.EMAIL_CHANGE)
|
|
|
|
email_change_key = email_change_url.split('/')[-1]
|
|
|
|
url = '/accounts/do_confirm/' + email_change_key
|
|
|
|
result = self.client_get(url)
|
|
|
|
self.assert_in_success_response(["Whoops. We couldn't find your "
|
|
|
|
"confirmation link in the system."], result)
|
|
|
|
|
|
|
|
def test_confirmation_expired(self) -> None:
|
|
|
|
user = self.example_user('hamlet')
|
|
|
|
url = create_confirmation_link(user, 'host', Confirmation.USER_REGISTRATION)
|
|
|
|
registration_key = url.split('/')[-1]
|
|
|
|
|
|
|
|
conf = Confirmation.objects.filter(confirmation_key=registration_key).first()
|
|
|
|
conf.date_sent -= datetime.timedelta(weeks=3)
|
|
|
|
conf.save()
|
|
|
|
|
|
|
|
target_url = '/' + url.split('/', 3)[3]
|
|
|
|
result = self.client_get(target_url)
|
|
|
|
self.assert_in_success_response(["Whoops. The confirmation link has expired "
|
|
|
|
"or been deactivated."], result)
|
|
|
|
|
2017-10-21 03:15:12 +02:00
|
|
|
class InvitationsTestCase(InviteUserBase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_successful_get_open_invitations(self) -> None:
|
2017-10-21 03:15:12 +02:00
|
|
|
"""
|
|
|
|
A GET call to /json/invites returns all unexpired invitations.
|
|
|
|
"""
|
2019-02-15 19:09:25 +01:00
|
|
|
realm = get_realm("zulip")
|
2018-02-21 18:21:50 +01:00
|
|
|
days_to_activate = getattr(settings, 'INVITATION_LINK_VALIDITY_DAYS', "Wrong")
|
2017-10-21 03:15:12 +02:00
|
|
|
active_value = getattr(confirmation_settings, 'STATUS_ACTIVE', "Wrong")
|
|
|
|
self.assertNotEqual(days_to_activate, "Wrong")
|
|
|
|
self.assertNotEqual(active_value, "Wrong")
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2017-10-21 03:15:12 +02:00
|
|
|
user_profile = self.example_user("iago")
|
|
|
|
|
|
|
|
prereg_user_one = PreregistrationUser(email="TestOne@zulip.com", referred_by=user_profile)
|
|
|
|
prereg_user_one.save()
|
|
|
|
expired_datetime = timezone_now() - datetime.timedelta(days=(days_to_activate+1))
|
|
|
|
prereg_user_two = PreregistrationUser(email="TestTwo@zulip.com", referred_by=user_profile)
|
|
|
|
prereg_user_two.save()
|
|
|
|
PreregistrationUser.objects.filter(id=prereg_user_two.id).update(invited_at=expired_datetime)
|
|
|
|
prereg_user_three = PreregistrationUser(email="TestThree@zulip.com",
|
|
|
|
referred_by=user_profile, status=active_value)
|
|
|
|
prereg_user_three.save()
|
|
|
|
|
2020-03-12 14:17:25 +01:00
|
|
|
hamlet = self.example_user('hamlet')
|
|
|
|
othello = self.example_user('othello')
|
|
|
|
|
|
|
|
multiuse_invite_one = MultiuseInvite.objects.create(referred_by=hamlet, realm=realm)
|
2019-02-15 19:09:25 +01:00
|
|
|
create_confirmation_link(multiuse_invite_one, realm.host, Confirmation.MULTIUSE_INVITE)
|
|
|
|
|
2020-03-12 14:17:25 +01:00
|
|
|
multiuse_invite_two = MultiuseInvite.objects.create(referred_by=othello, realm=realm)
|
2019-02-15 19:09:25 +01:00
|
|
|
create_confirmation_link(multiuse_invite_two, realm.host, Confirmation.MULTIUSE_INVITE)
|
|
|
|
confirmation = Confirmation.objects.last()
|
|
|
|
confirmation.date_sent = expired_datetime
|
|
|
|
confirmation.save()
|
|
|
|
|
2017-10-21 03:15:12 +02:00
|
|
|
result = self.client_get("/json/invites")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2020-03-12 14:17:25 +01:00
|
|
|
self.assert_in_success_response(
|
|
|
|
["TestOne@zulip.com", hamlet.email],
|
|
|
|
result)
|
|
|
|
self.assert_not_in_success_response(
|
|
|
|
["TestTwo@zulip.com", "TestThree@zulip.com", "othello@zulip.com", othello.email],
|
|
|
|
result)
|
2017-10-21 03:15:12 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_successful_delete_invitation(self) -> None:
|
2017-10-21 03:15:12 +02:00
|
|
|
"""
|
|
|
|
A DELETE call to /json/invites/<ID> should delete the invite and
|
|
|
|
any scheduled invitation reminder emails.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2017-10-21 03:15:12 +02:00
|
|
|
|
|
|
|
invitee = "DeleteMe@zulip.com"
|
|
|
|
self.assert_json_success(self.invite(invitee, ['Denmark']))
|
|
|
|
prereg_user = PreregistrationUser.objects.get(email=invitee)
|
|
|
|
|
|
|
|
# Verify that the scheduled email exists.
|
|
|
|
ScheduledEmail.objects.get(address__iexact=invitee,
|
|
|
|
type=ScheduledEmail.INVITATION_REMINDER)
|
|
|
|
|
|
|
|
result = self.client_delete('/json/invites/' + str(prereg_user.id))
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
error_result = self.client_delete('/json/invites/' + str(prereg_user.id))
|
2017-12-05 20:05:17 +01:00
|
|
|
self.assert_json_error(error_result, "No such invitation")
|
2017-10-21 03:15:12 +02:00
|
|
|
|
|
|
|
self.assertRaises(ScheduledEmail.DoesNotExist,
|
|
|
|
lambda: ScheduledEmail.objects.get(address__iexact=invitee,
|
|
|
|
type=ScheduledEmail.INVITATION_REMINDER))
|
|
|
|
|
2019-02-15 19:09:25 +01:00
|
|
|
def test_delete_multiuse_invite(self) -> None:
|
|
|
|
"""
|
|
|
|
A DELETE call to /json/invites/multiuse<ID> should delete the
|
|
|
|
multiuse_invite.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2019-02-15 19:09:25 +01:00
|
|
|
|
|
|
|
zulip_realm = get_realm("zulip")
|
|
|
|
multiuse_invite = MultiuseInvite.objects.create(referred_by=self.example_user("hamlet"), realm=zulip_realm)
|
|
|
|
create_confirmation_link(multiuse_invite, zulip_realm.host, Confirmation.MULTIUSE_INVITE)
|
|
|
|
result = self.client_delete('/json/invites/multiuse/' + str(multiuse_invite.id))
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assertIsNone(MultiuseInvite.objects.filter(id=multiuse_invite.id).first())
|
|
|
|
# Test that trying to double-delete fails
|
|
|
|
error_result = self.client_delete('/json/invites/multiuse/' + str(multiuse_invite.id))
|
|
|
|
self.assert_json_error(error_result, "No such invitation")
|
|
|
|
|
|
|
|
# Test deleting multiuse invite from another realm
|
|
|
|
mit_realm = get_realm("zephyr")
|
|
|
|
multiuse_invite_in_mit = MultiuseInvite.objects.create(referred_by=self.mit_user("sipbtest"), realm=mit_realm)
|
|
|
|
create_confirmation_link(multiuse_invite_in_mit, mit_realm.host, Confirmation.MULTIUSE_INVITE)
|
|
|
|
error_result = self.client_delete('/json/invites/multiuse/' + str(multiuse_invite_in_mit.id))
|
|
|
|
self.assert_json_error(error_result, "No such invitation")
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_successful_resend_invitation(self) -> None:
|
2017-10-21 03:15:12 +02:00
|
|
|
"""
|
|
|
|
A POST call to /json/invites/<ID>/resend should send an invitation reminder email
|
|
|
|
and delete any scheduled invitation reminder email.
|
|
|
|
"""
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2017-12-05 07:51:25 +01:00
|
|
|
invitee = "resend_me@zulip.com"
|
2017-10-21 03:15:12 +02:00
|
|
|
|
|
|
|
self.assert_json_success(self.invite(invitee, ['Denmark']))
|
|
|
|
prereg_user = PreregistrationUser.objects.get(email=invitee)
|
|
|
|
|
|
|
|
# Verify and then clear from the outbox the original invite email
|
|
|
|
self.check_sent_emails([invitee], custom_from_name="Zulip")
|
|
|
|
from django.core.mail import outbox
|
|
|
|
outbox.pop()
|
|
|
|
|
|
|
|
# Verify that the scheduled email exists.
|
2017-12-05 07:51:25 +01:00
|
|
|
scheduledemail_filter = ScheduledEmail.objects.filter(
|
2019-01-04 01:50:21 +01:00
|
|
|
address__iexact=invitee, type=ScheduledEmail.INVITATION_REMINDER)
|
2017-12-05 07:51:25 +01:00
|
|
|
self.assertEqual(scheduledemail_filter.count(), 1)
|
|
|
|
original_timestamp = scheduledemail_filter.values_list('scheduled_timestamp', flat=True)
|
|
|
|
|
|
|
|
# Resend invite
|
2017-10-21 03:15:12 +02:00
|
|
|
result = self.client_post('/json/invites/' + str(prereg_user.id) + '/resend')
|
2017-12-05 07:51:25 +01:00
|
|
|
self.assertEqual(ScheduledEmail.objects.filter(
|
2019-01-04 01:50:21 +01:00
|
|
|
address__iexact=invitee, type=ScheduledEmail.INVITATION_REMINDER).count(), 1)
|
2017-12-05 07:51:25 +01:00
|
|
|
|
|
|
|
# Check that we have exactly one scheduled email, and that it is different
|
|
|
|
self.assertEqual(scheduledemail_filter.count(), 1)
|
|
|
|
self.assertNotEqual(original_timestamp,
|
|
|
|
scheduledemail_filter.values_list('scheduled_timestamp', flat=True))
|
2017-10-21 03:15:12 +02:00
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
error_result = self.client_post('/json/invites/' + str(9999) + '/resend')
|
2017-12-05 20:05:17 +01:00
|
|
|
self.assert_json_error(error_result, "No such invitation")
|
2017-10-21 03:15:12 +02:00
|
|
|
|
|
|
|
self.check_sent_emails([invitee], custom_from_name="Zulip")
|
|
|
|
|
2017-12-05 20:01:55 +01:00
|
|
|
def test_accessing_invites_in_another_realm(self) -> None:
|
2019-12-02 15:28:32 +01:00
|
|
|
inviter = UserProfile.objects.exclude(realm=get_realm('zulip')).first()
|
2017-12-05 20:01:55 +01:00
|
|
|
prereg_user = PreregistrationUser.objects.create(
|
2019-12-02 15:28:32 +01:00
|
|
|
email='email', referred_by=inviter, realm=inviter.realm)
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2017-12-05 20:01:55 +01:00
|
|
|
error_result = self.client_post('/json/invites/' + str(prereg_user.id) + '/resend')
|
2017-12-05 20:05:17 +01:00
|
|
|
self.assert_json_error(error_result, "No such invitation")
|
2017-12-05 20:01:55 +01:00
|
|
|
error_result = self.client_delete('/json/invites/' + str(prereg_user.id))
|
2017-12-05 20:05:17 +01:00
|
|
|
self.assert_json_error(error_result, "No such invitation")
|
2017-12-05 20:01:55 +01:00
|
|
|
|
2016-07-29 18:16:54 +02:00
|
|
|
class InviteeEmailsParserTests(TestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def setUp(self) -> None:
|
2019-10-19 20:47:00 +02:00
|
|
|
super().setUp()
|
2016-07-29 18:16:54 +02:00
|
|
|
self.email1 = "email1@zulip.com"
|
|
|
|
self.email2 = "email2@zulip.com"
|
|
|
|
self.email3 = "email3@zulip.com"
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_if_emails_separated_by_commas_are_parsed_and_striped_correctly(self) -> None:
|
2016-07-29 18:16:54 +02:00
|
|
|
emails_raw = "{} ,{}, {}".format(self.email1, self.email2, self.email3)
|
|
|
|
expected_set = {self.email1, self.email2, self.email3}
|
|
|
|
self.assertEqual(get_invitee_emails_set(emails_raw), expected_set)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_if_emails_separated_by_newlines_are_parsed_and_striped_correctly(self) -> None:
|
2016-07-29 18:16:54 +02:00
|
|
|
emails_raw = "{}\n {}\n {} ".format(self.email1, self.email2, self.email3)
|
|
|
|
expected_set = {self.email1, self.email2, self.email3}
|
|
|
|
self.assertEqual(get_invitee_emails_set(emails_raw), expected_set)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_if_emails_from_email_client_separated_by_newlines_are_parsed_correctly(self) -> None:
|
2016-07-29 18:16:54 +02:00
|
|
|
emails_raw = "Email One <{}>\nEmailTwo<{}>\nEmail Three<{}>".format(self.email1, self.email2, self.email3)
|
|
|
|
expected_set = {self.email1, self.email2, self.email3}
|
|
|
|
self.assertEqual(get_invitee_emails_set(emails_raw), expected_set)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_if_emails_in_mixed_style_are_parsed_correctly(self) -> None:
|
2016-07-29 18:16:54 +02:00
|
|
|
emails_raw = "Email One <{}>,EmailTwo<{}>\n{}".format(self.email1, self.email2, self.email3)
|
|
|
|
expected_set = {self.email1, self.email2, self.email3}
|
|
|
|
self.assertEqual(get_invitee_emails_set(emails_raw), expected_set)
|
|
|
|
|
2017-08-10 22:34:17 +02:00
|
|
|
class MultiuseInviteTest(ZulipTestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def setUp(self) -> None:
|
2019-10-19 20:47:00 +02:00
|
|
|
super().setUp()
|
2017-08-10 22:34:17 +02:00
|
|
|
self.realm = get_realm('zulip')
|
|
|
|
self.realm.invite_required = True
|
|
|
|
self.realm.save()
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def generate_multiuse_invite_link(self, streams: List[Stream]=None,
|
2018-05-11 01:39:38 +02:00
|
|
|
date_sent: Optional[datetime.datetime]=None) -> str:
|
2017-08-10 22:34:17 +02:00
|
|
|
invite = MultiuseInvite(realm=self.realm, referred_by=self.example_user("iago"))
|
|
|
|
invite.save()
|
|
|
|
|
|
|
|
if streams is not None:
|
2018-01-31 08:22:07 +01:00
|
|
|
invite.streams.set(streams)
|
2017-08-10 22:34:17 +02:00
|
|
|
|
|
|
|
if date_sent is None:
|
|
|
|
date_sent = timezone_now()
|
|
|
|
key = generate_key()
|
|
|
|
Confirmation.objects.create(content_object=invite, date_sent=date_sent,
|
|
|
|
confirmation_key=key, type=Confirmation.MULTIUSE_INVITE)
|
|
|
|
|
|
|
|
return confirmation_url(key, self.realm.host, Confirmation.MULTIUSE_INVITE)
|
|
|
|
|
2018-05-11 01:39:38 +02:00
|
|
|
def check_user_able_to_register(self, email: str, invite_link: str) -> None:
|
2017-08-10 22:34:17 +02:00
|
|
|
password = "password"
|
|
|
|
|
|
|
|
result = self.client_post(invite_link, {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email, password)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
from django.core.mail import outbox
|
|
|
|
outbox.pop()
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_valid_multiuse_link(self) -> None:
|
2017-08-10 22:34:17 +02:00
|
|
|
email1 = self.nonreg_email("test")
|
|
|
|
email2 = self.nonreg_email("test1")
|
|
|
|
email3 = self.nonreg_email("alice")
|
|
|
|
|
|
|
|
date_sent = timezone_now() - datetime.timedelta(days=settings.INVITATION_LINK_VALIDITY_DAYS - 1)
|
|
|
|
invite_link = self.generate_multiuse_invite_link(date_sent=date_sent)
|
|
|
|
|
|
|
|
self.check_user_able_to_register(email1, invite_link)
|
|
|
|
self.check_user_able_to_register(email2, invite_link)
|
|
|
|
self.check_user_able_to_register(email3, invite_link)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_expired_multiuse_link(self) -> None:
|
2017-08-10 22:34:17 +02:00
|
|
|
email = self.nonreg_email('newuser')
|
|
|
|
date_sent = timezone_now() - datetime.timedelta(days=settings.INVITATION_LINK_VALIDITY_DAYS)
|
|
|
|
invite_link = self.generate_multiuse_invite_link(date_sent=date_sent)
|
|
|
|
result = self.client_post(invite_link, {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2017-11-08 23:02:50 +01:00
|
|
|
self.assert_in_response("The confirmation link has expired or been deactivated.", result)
|
2017-08-10 22:34:17 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invalid_multiuse_link(self) -> None:
|
2017-08-10 22:34:17 +02:00
|
|
|
email = self.nonreg_email('newuser')
|
|
|
|
invite_link = "/join/invalid_key/"
|
|
|
|
result = self.client_post(invite_link, {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assert_in_response("Whoops. The confirmation link is malformed.", result)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_invalid_multiuse_link_in_open_realm(self) -> None:
|
2017-08-10 22:34:17 +02:00
|
|
|
self.realm.invite_required = False
|
|
|
|
self.realm.save()
|
|
|
|
|
|
|
|
email = self.nonreg_email('newuser')
|
|
|
|
invite_link = "/join/invalid_key/"
|
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
with patch('zerver.views.registration.get_realm_from_request', return_value=self.realm):
|
|
|
|
with patch('zerver.views.registration.get_realm', return_value=self.realm):
|
|
|
|
self.check_user_able_to_register(email, invite_link)
|
2017-08-10 22:34:17 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_multiuse_link_with_specified_streams(self) -> None:
|
2017-08-10 22:34:17 +02:00
|
|
|
name1 = "newuser"
|
|
|
|
name2 = "bob"
|
|
|
|
email1 = self.nonreg_email(name1)
|
|
|
|
email2 = self.nonreg_email(name2)
|
|
|
|
|
|
|
|
stream_names = ["Rome", "Scotland", "Venice"]
|
|
|
|
streams = [get_stream(stream_name, self.realm) for stream_name in stream_names]
|
|
|
|
invite_link = self.generate_multiuse_invite_link(streams=streams)
|
|
|
|
self.check_user_able_to_register(email1, invite_link)
|
|
|
|
self.check_user_subscribed_only_to_streams(name1, streams)
|
|
|
|
|
|
|
|
stream_names = ["Rome", "Verona"]
|
|
|
|
streams = [get_stream(stream_name, self.realm) for stream_name in stream_names]
|
|
|
|
invite_link = self.generate_multiuse_invite_link(streams=streams)
|
|
|
|
self.check_user_able_to_register(email2, invite_link)
|
|
|
|
self.check_user_subscribed_only_to_streams(name2, streams)
|
2016-07-29 18:16:54 +02:00
|
|
|
|
2018-03-02 12:27:57 +01:00
|
|
|
def test_create_multiuse_link_api_call(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2018-03-02 12:27:57 +01:00
|
|
|
|
|
|
|
result = self.client_post('/json/invites/multiuse')
|
|
|
|
self.assert_json_success(result)
|
|
|
|
|
|
|
|
invite_link = result.json()["invite_link"]
|
|
|
|
self.check_user_able_to_register(self.nonreg_email("test"), invite_link)
|
|
|
|
|
|
|
|
def test_create_multiuse_link_with_specified_streams_api_call(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2018-03-02 12:27:57 +01:00
|
|
|
stream_names = ["Rome", "Scotland", "Venice"]
|
|
|
|
streams = [get_stream(stream_name, self.realm) for stream_name in stream_names]
|
|
|
|
stream_ids = [stream.id for stream in streams]
|
|
|
|
|
|
|
|
result = self.client_post('/json/invites/multiuse',
|
|
|
|
{"stream_ids": ujson.dumps(stream_ids)})
|
|
|
|
self.assert_json_success(result)
|
|
|
|
|
|
|
|
invite_link = result.json()["invite_link"]
|
|
|
|
self.check_user_able_to_register(self.nonreg_email("test"), invite_link)
|
|
|
|
self.check_user_subscribed_only_to_streams("test", streams)
|
|
|
|
|
|
|
|
def test_only_admin_can_create_multiuse_link_api_call(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2018-03-02 18:16:08 +01:00
|
|
|
# Only admins should be able to create multiuse invites even if
|
|
|
|
# invite_by_admins_only is set to False.
|
|
|
|
self.realm.invite_by_admins_only = False
|
2018-03-02 12:27:57 +01:00
|
|
|
self.realm.save()
|
|
|
|
|
|
|
|
result = self.client_post('/json/invites/multiuse')
|
|
|
|
self.assert_json_success(result)
|
|
|
|
|
|
|
|
invite_link = result.json()["invite_link"]
|
|
|
|
self.check_user_able_to_register(self.nonreg_email("test"), invite_link)
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2018-03-02 12:27:57 +01:00
|
|
|
result = self.client_post('/json/invites/multiuse')
|
2018-03-08 01:47:17 +01:00
|
|
|
self.assert_json_error(result, "Must be an organization administrator")
|
2018-03-02 12:27:57 +01:00
|
|
|
|
|
|
|
def test_create_multiuse_link_invalid_stream_api_call(self) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2018-03-02 12:27:57 +01:00
|
|
|
result = self.client_post('/json/invites/multiuse',
|
|
|
|
{"stream_ids": ujson.dumps([54321])})
|
|
|
|
self.assert_json_error(result, "Invalid stream id 54321. No invites were sent.")
|
|
|
|
|
2016-08-23 02:08:42 +02:00
|
|
|
class EmailUnsubscribeTests(ZulipTestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_error_unsubscribe(self) -> None:
|
2017-02-26 21:48:38 +01:00
|
|
|
|
2017-11-07 20:29:37 +01:00
|
|
|
# An invalid unsubscribe token "test123" produces an error.
|
2016-12-01 08:54:21 +01:00
|
|
|
result = self.client_get('/accounts/unsubscribe/missed_messages/test123')
|
2017-11-07 20:29:37 +01:00
|
|
|
self.assert_in_response('Unknown email unsubscribe request', result)
|
2016-12-01 08:54:21 +01:00
|
|
|
|
2017-02-26 21:48:38 +01:00
|
|
|
# An unknown message type "fake" produces an error.
|
2017-05-07 17:21:26 +02:00
|
|
|
user_profile = self.example_user('hamlet')
|
2017-02-26 21:48:38 +01:00
|
|
|
unsubscribe_link = one_click_unsubscribe_link(user_profile, "fake")
|
|
|
|
result = self.client_get(urllib.parse.urlparse(unsubscribe_link).path)
|
|
|
|
self.assert_in_response('Unknown email unsubscribe request', result)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_missedmessage_unsubscribe(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
We provide one-click unsubscribe links in missed message
|
|
|
|
e-mails that you can click even when logged out to update your
|
|
|
|
email notification settings.
|
|
|
|
"""
|
2017-05-07 17:21:26 +02:00
|
|
|
user_profile = self.example_user('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
user_profile.enable_offline_email_notifications = True
|
|
|
|
user_profile.save()
|
|
|
|
|
|
|
|
unsubscribe_link = one_click_unsubscribe_link(user_profile,
|
|
|
|
"missed_messages")
|
2016-07-28 00:38:45 +02:00
|
|
|
result = self.client_get(urllib.parse.urlparse(unsubscribe_link).path)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2017-08-15 21:52:23 +02:00
|
|
|
|
|
|
|
user_profile.refresh_from_db()
|
2014-01-31 21:08:40 +01:00
|
|
|
self.assertFalse(user_profile.enable_offline_email_notifications)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_welcome_unsubscribe(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
We provide one-click unsubscribe links in welcome e-mails that you can
|
|
|
|
click even when logged out to stop receiving them.
|
|
|
|
"""
|
2017-05-07 17:21:26 +02:00
|
|
|
user_profile = self.example_user('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
# Simulate a new user signing up, which enqueues 2 welcome e-mails.
|
2017-09-22 04:29:01 +02:00
|
|
|
enqueue_welcome_emails(user_profile)
|
2019-01-04 01:50:21 +01:00
|
|
|
self.assertEqual(2, ScheduledEmail.objects.filter(users=user_profile).count())
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
# Simulate unsubscribing from the welcome e-mails.
|
|
|
|
unsubscribe_link = one_click_unsubscribe_link(user_profile, "welcome")
|
2016-07-28 00:38:45 +02:00
|
|
|
result = self.client_get(urllib.parse.urlparse(unsubscribe_link).path)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
# The welcome email jobs are no longer scheduled.
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2019-01-04 01:50:21 +01:00
|
|
|
self.assertEqual(0, ScheduledEmail.objects.filter(users=user_profile).count())
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_digest_unsubscribe(self) -> None:
|
2014-01-31 21:08:40 +01:00
|
|
|
"""
|
|
|
|
We provide one-click unsubscribe links in digest e-mails that you can
|
|
|
|
click even when logged out to stop receiving them.
|
|
|
|
|
|
|
|
Unsubscribing from these emails also dequeues any digest email jobs that
|
|
|
|
have been queued.
|
|
|
|
"""
|
2017-05-07 17:21:26 +02:00
|
|
|
user_profile = self.example_user('hamlet')
|
2014-01-31 21:08:40 +01:00
|
|
|
self.assertTrue(user_profile.enable_digest_emails)
|
|
|
|
|
|
|
|
# Enqueue a fake digest email.
|
2017-05-04 06:42:23 +02:00
|
|
|
context = {'name': '', 'realm_uri': '', 'unread_pms': [], 'hot_conversations': [],
|
|
|
|
'new_users': [], 'new_streams': {'plain': []}, 'unsubscribe_link': ''}
|
2017-12-05 03:19:48 +01:00
|
|
|
send_future_email('zerver/emails/digest', user_profile.realm,
|
2018-12-03 23:26:51 +01:00
|
|
|
to_user_ids=[user_profile.id], context=context)
|
2017-05-02 02:07:01 +02:00
|
|
|
|
2019-01-04 01:50:21 +01:00
|
|
|
self.assertEqual(1, ScheduledEmail.objects.filter(users=user_profile).count())
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
# Simulate unsubscribing from digest e-mails.
|
|
|
|
unsubscribe_link = one_click_unsubscribe_link(user_profile, "digest")
|
2016-07-28 00:38:45 +02:00
|
|
|
result = self.client_get(urllib.parse.urlparse(unsubscribe_link).path)
|
2014-01-31 21:08:40 +01:00
|
|
|
|
|
|
|
# The setting is toggled off, and scheduled jobs have been removed.
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
# Circumvent user_profile caching.
|
2017-08-15 21:52:23 +02:00
|
|
|
|
|
|
|
user_profile.refresh_from_db()
|
2014-01-31 21:08:40 +01:00
|
|
|
self.assertFalse(user_profile.enable_digest_emails)
|
2019-01-04 01:50:21 +01:00
|
|
|
self.assertEqual(0, ScheduledEmail.objects.filter(users=user_profile).count())
|
2014-01-31 21:08:40 +01:00
|
|
|
|
2018-11-07 16:54:23 +01:00
|
|
|
def test_login_unsubscribe(self) -> None:
|
|
|
|
"""
|
|
|
|
We provide one-click unsubscribe links in login
|
|
|
|
e-mails that you can click even when logged out to update your
|
|
|
|
email notification settings.
|
|
|
|
"""
|
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
user_profile.enable_login_emails = True
|
|
|
|
user_profile.save()
|
|
|
|
|
|
|
|
unsubscribe_link = one_click_unsubscribe_link(user_profile, "login")
|
|
|
|
result = self.client_get(urllib.parse.urlparse(unsubscribe_link).path)
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
user_profile.refresh_from_db()
|
|
|
|
self.assertFalse(user_profile.enable_login_emails)
|
|
|
|
|
2016-08-23 02:08:42 +02:00
|
|
|
class RealmCreationTest(ZulipTestCase):
|
2017-11-25 00:00:26 +01:00
|
|
|
@override_settings(OPEN_REALM_CREATION=True)
|
2019-11-07 05:13:08 +01:00
|
|
|
def check_able_to_create_realm(self, email: str, password: str="test") -> None:
|
2020-02-10 17:37:57 +01:00
|
|
|
notification_bot = get_system_bot(settings.NOTIFICATION_BOT)
|
|
|
|
signups_stream, _ = create_stream_if_needed(notification_bot.realm, 'signups')
|
|
|
|
|
2016-10-31 23:28:20 +01:00
|
|
|
string_id = "zuliptest"
|
2016-06-03 01:02:58 +02:00
|
|
|
# Make sure the realm does not exist
|
2019-05-04 04:47:44 +02:00
|
|
|
with self.assertRaises(Realm.DoesNotExist):
|
|
|
|
get_realm(string_id)
|
2016-06-03 01:02:58 +02:00
|
|
|
|
2017-11-25 00:00:26 +01:00
|
|
|
# Create new realm with the email
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': email})
|
2017-11-25 00:00:26 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
2018-08-24 10:01:42 +02:00
|
|
|
"/accounts/new/send_confirm/%s" % (email,)))
|
2017-11-25 00:00:26 +01:00
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
2016-06-03 01:02:58 +02:00
|
|
|
|
2017-11-25 00:00:26 +01:00
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email, password, realm_subdomain=string_id)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].startswith('http://zuliptest.testserver/accounts/login/subdomain/'))
|
|
|
|
|
|
|
|
# Make sure the realm is created
|
|
|
|
realm = get_realm(string_id)
|
|
|
|
self.assertEqual(realm.string_id, string_id)
|
2019-11-07 05:11:51 +01:00
|
|
|
user = get_user(email, realm)
|
|
|
|
self.assertEqual(user.realm, realm)
|
|
|
|
|
|
|
|
# Check that user is the administrator.
|
|
|
|
self.assertEqual(user.role, UserProfile.ROLE_REALM_ADMINISTRATOR)
|
2017-11-25 00:00:26 +01:00
|
|
|
|
|
|
|
# Check defaults
|
|
|
|
self.assertEqual(realm.org_type, Realm.CORPORATE)
|
2018-07-27 23:26:29 +02:00
|
|
|
self.assertEqual(realm.emails_restricted_to_domains, False)
|
2017-11-25 00:00:26 +01:00
|
|
|
self.assertEqual(realm.invite_required, True)
|
|
|
|
|
|
|
|
# Check welcome messages
|
|
|
|
for stream_name, text, message_count in [
|
2019-02-24 08:14:13 +01:00
|
|
|
(Realm.DEFAULT_NOTIFICATION_STREAM_NAME, 'with the topic', 3),
|
2019-02-23 23:38:54 +01:00
|
|
|
(Realm.INITIAL_PRIVATE_STREAM_NAME, 'private stream', 1)]:
|
2017-11-25 00:00:26 +01:00
|
|
|
stream = get_stream(stream_name, realm)
|
2020-02-18 17:25:43 +01:00
|
|
|
recipient = stream.recipient
|
2019-08-28 02:43:19 +02:00
|
|
|
messages = Message.objects.filter(recipient=recipient).order_by('date_sent')
|
2017-11-25 00:00:26 +01:00
|
|
|
self.assertEqual(len(messages), message_count)
|
|
|
|
self.assertIn(text, messages[0].content)
|
|
|
|
|
2020-02-10 17:37:57 +01:00
|
|
|
# Check signup messages
|
2020-02-18 17:25:43 +01:00
|
|
|
recipient = signups_stream.recipient
|
2020-02-10 17:37:57 +01:00
|
|
|
messages = Message.objects.filter(recipient=recipient).order_by('id')
|
|
|
|
self.assertEqual(len(messages), 2)
|
|
|
|
self.assertIn('Signups enabled', messages[0].content)
|
|
|
|
self.assertIn('signed up', messages[1].content)
|
|
|
|
self.assertEqual('zuliptest', messages[1].topic_name())
|
|
|
|
|
|
|
|
# Piggyback a little check for how we handle
|
|
|
|
# empty string_ids.
|
|
|
|
realm.string_id = ''
|
|
|
|
self.assertEqual(realm.display_subdomain, '.')
|
|
|
|
|
2017-11-25 00:00:26 +01:00
|
|
|
def test_create_realm_non_existing_email(self) -> None:
|
|
|
|
self.check_able_to_create_realm("user1@test.com")
|
2017-05-08 20:25:03 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_create_realm_existing_email(self) -> None:
|
2017-11-22 20:22:11 +01:00
|
|
|
self.check_able_to_create_realm("hamlet@zulip.com")
|
2017-11-22 20:05:53 +01:00
|
|
|
|
2019-11-07 05:13:08 +01:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
|
|
|
|
def test_create_realm_ldap_email(self) -> None:
|
|
|
|
self.init_default_ldap_database()
|
|
|
|
|
|
|
|
with self.settings(LDAP_EMAIL_ATTR="mail"):
|
2020-02-19 19:40:49 +01:00
|
|
|
self.check_able_to_create_realm("newuser_email@zulip.com",
|
|
|
|
self.ldap_password("newuser_with_email"))
|
2019-11-07 05:13:08 +01:00
|
|
|
|
2017-11-22 20:05:53 +01:00
|
|
|
def test_create_realm_as_system_bot(self) -> None:
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': 'notification-bot@zulip.com'})
|
2017-11-22 20:05:53 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
2019-08-22 02:51:56 +02:00
|
|
|
self.assert_in_response('notification-bot@zulip.com is reserved for system bots', result)
|
2017-03-11 20:12:01 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_create_realm_no_creation_key(self) -> None:
|
2017-03-11 20:12:01 +01:00
|
|
|
"""
|
|
|
|
Trying to create a realm without a creation_key should fail when
|
|
|
|
OPEN_REALM_CREATION is false.
|
|
|
|
"""
|
|
|
|
email = "user1@test.com"
|
|
|
|
|
|
|
|
with self.settings(OPEN_REALM_CREATION=False):
|
|
|
|
# Create new realm with the email, but no creation key.
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': email})
|
2017-03-11 20:12:01 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
2018-08-10 02:16:49 +02:00
|
|
|
self.assert_in_response('New organization creation disabled', result)
|
2017-03-11 20:12:01 +01:00
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
@override_settings(OPEN_REALM_CREATION=True)
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_create_realm_with_subdomain(self) -> None:
|
2016-07-19 14:35:08 +02:00
|
|
|
password = "test"
|
2016-10-31 23:28:20 +01:00
|
|
|
string_id = "zuliptest"
|
2016-07-19 14:35:08 +02:00
|
|
|
email = "user1@test.com"
|
|
|
|
realm_name = "Test"
|
|
|
|
|
|
|
|
# Make sure the realm does not exist
|
2019-05-04 04:47:44 +02:00
|
|
|
with self.assertRaises(Realm.DoesNotExist):
|
|
|
|
get_realm(string_id)
|
2016-11-04 01:33:46 +01:00
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
# Create new realm with the email
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': email})
|
2017-10-02 22:43:43 +02:00
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
2018-08-24 10:01:42 +02:00
|
|
|
"/accounts/new/send_confirm/%s" % (email,)))
|
2017-10-02 22:43:43 +02:00
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
2016-07-19 14:35:08 +02:00
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2016-07-19 14:35:08 +02:00
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
result = self.submit_reg_form_for_user(email, password,
|
|
|
|
realm_subdomain = string_id,
|
|
|
|
realm_name=realm_name,
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=string_id + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2016-07-19 14:35:08 +02:00
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
# Make sure the realm is created
|
|
|
|
realm = get_realm(string_id)
|
|
|
|
self.assertEqual(realm.string_id, string_id)
|
|
|
|
self.assertEqual(get_user(email, realm).realm, realm)
|
2016-10-13 20:09:32 +02:00
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
self.assertEqual(realm.name, realm_name)
|
|
|
|
self.assertEqual(realm.subdomain, string_id)
|
2016-11-04 01:33:46 +01:00
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
@override_settings(OPEN_REALM_CREATION=True)
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_mailinator_signup(self) -> None:
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': "hi@mailinator.com"})
|
2017-10-02 22:43:43 +02:00
|
|
|
self.assert_in_response('Please use your real email address.', result)
|
2016-11-05 03:26:30 +01:00
|
|
|
|
2017-10-02 22:43:43 +02:00
|
|
|
@override_settings(OPEN_REALM_CREATION=True)
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_subdomain_restrictions(self) -> None:
|
2016-10-31 23:28:20 +01:00
|
|
|
password = "test"
|
|
|
|
email = "user1@test.com"
|
|
|
|
realm_name = "Test"
|
|
|
|
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': email})
|
2017-10-02 22:48:13 +02:00
|
|
|
self.client_get(result["Location"])
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
self.client_get(confirmation_url)
|
|
|
|
|
2017-10-03 00:31:35 +02:00
|
|
|
errors = {'id': "length 3 or greater",
|
2017-10-02 22:48:13 +02:00
|
|
|
'-id': "cannot start or end with a",
|
|
|
|
'string-ID': "lowercase letters",
|
|
|
|
'string_id': "lowercase letters",
|
|
|
|
'stream': "unavailable",
|
|
|
|
'streams': "unavailable",
|
|
|
|
'about': "unavailable",
|
|
|
|
'abouts': "unavailable",
|
|
|
|
'zephyr': "unavailable"}
|
|
|
|
for string_id, error_msg in errors.items():
|
2017-01-04 08:53:56 +01:00
|
|
|
result = self.submit_reg_form_for_user(email, password,
|
2017-10-02 22:48:13 +02:00
|
|
|
realm_subdomain = string_id,
|
2016-10-31 23:28:20 +01:00
|
|
|
realm_name = realm_name)
|
2017-10-02 22:48:13 +02:00
|
|
|
self.assert_in_response(error_msg, result)
|
|
|
|
|
|
|
|
# test valid subdomain
|
|
|
|
result = self.submit_reg_form_for_user(email, password,
|
|
|
|
realm_subdomain = 'a-0',
|
|
|
|
realm_name = realm_name)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-10-27 02:45:38 +02:00
|
|
|
self.assertTrue(result.url.startswith('http://a-0.testserver/accounts/login/subdomain/'))
|
2017-10-19 08:30:40 +02:00
|
|
|
|
|
|
|
@override_settings(OPEN_REALM_CREATION=True)
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_subdomain_restrictions_root_domain(self) -> None:
|
2017-10-19 08:30:40 +02:00
|
|
|
password = "test"
|
|
|
|
email = "user1@test.com"
|
|
|
|
realm_name = "Test"
|
|
|
|
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': email})
|
2017-10-19 08:30:40 +02:00
|
|
|
self.client_get(result["Location"])
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
self.client_get(confirmation_url)
|
|
|
|
|
|
|
|
# test root domain will fail with ROOT_DOMAIN_LANDING_PAGE
|
|
|
|
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True):
|
|
|
|
result = self.submit_reg_form_for_user(email, password,
|
|
|
|
realm_subdomain = '',
|
|
|
|
realm_name = realm_name)
|
|
|
|
self.assert_in_response('unavailable', result)
|
|
|
|
|
|
|
|
# test valid use of root domain
|
|
|
|
result = self.submit_reg_form_for_user(email, password,
|
|
|
|
realm_subdomain = '',
|
|
|
|
realm_name = realm_name)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-10-27 02:45:38 +02:00
|
|
|
self.assertTrue(result.url.startswith('http://testserver/accounts/login/subdomain/'))
|
2017-10-19 08:30:40 +02:00
|
|
|
|
|
|
|
@override_settings(OPEN_REALM_CREATION=True)
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_subdomain_restrictions_root_domain_option(self) -> None:
|
2017-10-19 08:30:40 +02:00
|
|
|
password = "test"
|
|
|
|
email = "user1@test.com"
|
|
|
|
realm_name = "Test"
|
|
|
|
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': email})
|
2017-10-19 08:30:40 +02:00
|
|
|
self.client_get(result["Location"])
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
self.client_get(confirmation_url)
|
|
|
|
|
|
|
|
# test root domain will fail with ROOT_DOMAIN_LANDING_PAGE
|
|
|
|
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True):
|
|
|
|
result = self.submit_reg_form_for_user(email, password,
|
|
|
|
realm_subdomain = 'abcdef',
|
|
|
|
realm_in_root_domain = 'true',
|
|
|
|
realm_name = realm_name)
|
|
|
|
self.assert_in_response('unavailable', result)
|
|
|
|
|
|
|
|
# test valid use of root domain
|
|
|
|
result = self.submit_reg_form_for_user(email, password,
|
|
|
|
realm_subdomain = 'abcdef',
|
|
|
|
realm_in_root_domain = 'true',
|
|
|
|
realm_name = realm_name)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-10-27 02:45:38 +02:00
|
|
|
self.assertTrue(result.url.startswith('http://testserver/accounts/login/subdomain/'))
|
2016-10-31 23:28:20 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_is_root_domain_available(self) -> None:
|
2017-10-19 07:42:03 +02:00
|
|
|
self.assertTrue(is_root_domain_available())
|
|
|
|
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True):
|
|
|
|
self.assertFalse(is_root_domain_available())
|
|
|
|
realm = get_realm("zulip")
|
|
|
|
realm.string_id = Realm.SUBDOMAIN_FOR_ROOT_DOMAIN
|
|
|
|
realm.save()
|
|
|
|
self.assertFalse(is_root_domain_available())
|
|
|
|
|
2018-01-25 19:08:40 +01:00
|
|
|
def test_subdomain_check_api(self) -> None:
|
|
|
|
result = self.client_get("/json/realm/subdomain/zulip")
|
|
|
|
self.assert_in_success_response(["Subdomain unavailable. Please choose a different one."], result)
|
|
|
|
|
|
|
|
result = self.client_get("/json/realm/subdomain/zu_lip")
|
|
|
|
self.assert_in_success_response(["Subdomain can only have lowercase letters, numbers, and \'-\'s."], result)
|
|
|
|
|
|
|
|
result = self.client_get("/json/realm/subdomain/hufflepuff")
|
|
|
|
self.assert_in_success_response(["available"], result)
|
|
|
|
self.assert_not_in_success_response(["unavailable"], result)
|
|
|
|
|
2018-04-23 20:02:45 +02:00
|
|
|
def test_subdomain_check_management_command(self) -> None:
|
|
|
|
# Short names should work
|
|
|
|
check_subdomain_available('aa', from_management_command=True)
|
|
|
|
# So should reserved ones
|
|
|
|
check_subdomain_available('zulip', from_management_command=True)
|
|
|
|
# malformed names should still not
|
|
|
|
with self.assertRaises(ValidationError):
|
|
|
|
check_subdomain_available('-ba_d-', from_management_command=True)
|
|
|
|
|
2018-12-22 05:41:54 +01:00
|
|
|
class UserSignUpTest(InviteUserBase):
|
2016-11-04 01:23:43 +01:00
|
|
|
|
2018-05-11 01:39:38 +02:00
|
|
|
def _assert_redirected_to(self, result: HttpResponse, url: str) -> None:
|
2017-08-17 18:28:21 +02:00
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result['LOCATION'], url)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_bad_email_configuration_for_accounts_home(self) -> None:
|
2017-08-17 18:28:21 +02:00
|
|
|
"""
|
|
|
|
Make sure we redirect for SMTP errors.
|
|
|
|
"""
|
|
|
|
email = self.nonreg_email('newguy')
|
|
|
|
|
|
|
|
smtp_mock = patch(
|
2018-01-26 20:50:22 +01:00
|
|
|
'zerver.views.registration.send_confirm_registration_email',
|
2017-08-17 18:28:21 +02:00
|
|
|
side_effect=smtplib.SMTPException('uh oh')
|
|
|
|
)
|
|
|
|
|
|
|
|
error_mock = patch('logging.error')
|
|
|
|
|
|
|
|
with smtp_mock, error_mock as err:
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
|
|
|
|
self._assert_redirected_to(result, '/config-error/smtp')
|
|
|
|
|
|
|
|
self.assertEqual(
|
|
|
|
err.call_args_list[0][0][0],
|
|
|
|
'Error in accounts_home: uh oh'
|
|
|
|
)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_bad_email_configuration_for_create_realm(self) -> None:
|
2017-08-17 19:59:17 +02:00
|
|
|
"""
|
|
|
|
Make sure we redirect for SMTP errors.
|
|
|
|
"""
|
|
|
|
email = self.nonreg_email('newguy')
|
|
|
|
|
|
|
|
smtp_mock = patch(
|
2018-01-26 20:50:22 +01:00
|
|
|
'zerver.views.registration.send_confirm_registration_email',
|
2017-08-17 19:59:17 +02:00
|
|
|
side_effect=smtplib.SMTPException('uh oh')
|
|
|
|
)
|
|
|
|
|
|
|
|
error_mock = patch('logging.error')
|
|
|
|
|
|
|
|
with smtp_mock, error_mock as err:
|
2018-02-28 16:41:21 +01:00
|
|
|
result = self.client_post('/new/', {'email': email})
|
2017-08-17 19:59:17 +02:00
|
|
|
|
|
|
|
self._assert_redirected_to(result, '/config-error/smtp')
|
|
|
|
|
|
|
|
self.assertEqual(
|
|
|
|
err.call_args_list[0][0][0],
|
|
|
|
'Error in create_realm: uh oh'
|
|
|
|
)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_user_default_language_and_timezone(self) -> None:
|
2016-11-04 01:23:43 +01:00
|
|
|
"""
|
|
|
|
Check if the default language of new user is the default language
|
|
|
|
of the realm.
|
|
|
|
"""
|
2017-05-24 02:42:31 +02:00
|
|
|
email = self.nonreg_email('newguy')
|
2016-11-04 01:23:43 +01:00
|
|
|
password = "newpassword"
|
2017-05-04 15:20:25 +02:00
|
|
|
timezone = "US/Mountain"
|
2017-01-04 05:30:48 +01:00
|
|
|
realm = get_realm('zulip')
|
2020-04-09 21:51:58 +02:00
|
|
|
do_set_realm_property(realm, 'default_language', "de")
|
2016-11-04 01:23:43 +01:00
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2016-11-04 01:23:43 +01:00
|
|
|
self.assertTrue(result["Location"].endswith(
|
2017-01-24 07:06:13 +01:00
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
2016-11-04 01:23:43 +01:00
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
2016-11-04 01:23:43 +01:00
|
|
|
|
|
|
|
# Pick a password and agree to the ToS.
|
2017-05-04 15:20:25 +02:00
|
|
|
result = self.submit_reg_form_for_user(email, password, timezone=timezone)
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2016-11-04 01:23:43 +01:00
|
|
|
|
2017-05-24 02:42:31 +02:00
|
|
|
user_profile = self.nonreg_user('newguy')
|
2016-11-04 01:23:43 +01:00
|
|
|
self.assertEqual(user_profile.default_language, realm.default_language)
|
2017-05-04 15:20:25 +02:00
|
|
|
self.assertEqual(user_profile.timezone, timezone)
|
2016-11-04 01:23:43 +01:00
|
|
|
from django.core.mail import outbox
|
|
|
|
outbox.pop()
|
|
|
|
|
2018-03-30 22:38:16 +02:00
|
|
|
def test_default_twenty_four_hour_time(self) -> None:
|
|
|
|
"""
|
|
|
|
Check if the default twenty_four_hour_time setting of new user
|
|
|
|
is the default twenty_four_hour_time of the realm.
|
|
|
|
"""
|
|
|
|
email = self.nonreg_email('newguy')
|
|
|
|
password = "newpassword"
|
|
|
|
realm = get_realm('zulip')
|
|
|
|
do_set_realm_property(realm, 'default_twenty_four_hour_time', True)
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email, password)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
user_profile = self.nonreg_user('newguy')
|
|
|
|
self.assertEqual(user_profile.twenty_four_hour_time, realm.default_twenty_four_hour_time)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_signup_already_active(self) -> None:
|
2017-03-11 20:12:01 +01:00
|
|
|
"""
|
|
|
|
Check if signing up with an active email redirects to a login page.
|
|
|
|
"""
|
2017-05-25 01:40:26 +02:00
|
|
|
email = self.example_email("hamlet")
|
2017-03-11 20:12:01 +01:00
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertIn('login', result['Location'])
|
2017-08-28 08:13:15 +02:00
|
|
|
result = self.client_get(result.url)
|
|
|
|
self.assert_in_response("You've already registered", result)
|
2017-03-11 20:12:01 +01:00
|
|
|
|
2017-11-28 02:49:50 +01:00
|
|
|
def test_signup_system_bot(self) -> None:
|
|
|
|
email = "notification-bot@zulip.com"
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email}, subdomain="lear")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertIn('login', result['Location'])
|
|
|
|
result = self.client_get(result.url)
|
|
|
|
|
|
|
|
# This is not really the right error message, but at least it's an error.
|
|
|
|
self.assert_in_response("You've already registered", result)
|
|
|
|
|
2017-11-25 23:26:15 +01:00
|
|
|
def test_signup_existing_email(self) -> None:
|
|
|
|
"""
|
|
|
|
Check if signing up with an email used in another realm succeeds.
|
|
|
|
"""
|
|
|
|
email = self.example_email('hamlet')
|
|
|
|
password = "newpassword"
|
|
|
|
realm = get_realm('lear')
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email}, subdomain="lear")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
result = self.client_get(result["Location"], subdomain="lear")
|
|
|
|
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url, subdomain="lear")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email, password, subdomain="lear")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
get_user(email, realm)
|
2020-03-12 14:17:25 +01:00
|
|
|
self.assertEqual(UserProfile.objects.filter(delivery_email=email).count(), 2)
|
2017-11-25 23:26:15 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_signup_invalid_name(self) -> None:
|
2017-02-08 05:04:14 +01:00
|
|
|
"""
|
2017-03-11 20:10:15 +01:00
|
|
|
Check if an invalid name during signup is handled properly.
|
2017-02-08 05:04:14 +01:00
|
|
|
"""
|
|
|
|
email = "newguy@zulip.com"
|
|
|
|
password = "newpassword"
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
# Pick a password and agree to the ToS.
|
|
|
|
result = self.submit_reg_form_for_user(email, password, full_name="<invalid>")
|
2017-03-18 22:48:44 +01:00
|
|
|
self.assert_in_success_response(["Invalid characters in name!"], result)
|
2017-02-08 05:04:14 +01:00
|
|
|
|
2017-08-09 22:09:38 +02:00
|
|
|
# Verify that the user is asked for name and password
|
|
|
|
self.assert_in_success_response(['id_password', 'id_full_name'], result)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_signup_without_password(self) -> None:
|
2017-03-19 01:48:12 +01:00
|
|
|
"""
|
|
|
|
Check if signing up without a password works properly when
|
|
|
|
password_auth_enabled is False.
|
|
|
|
"""
|
|
|
|
|
2017-05-24 02:42:31 +02:00
|
|
|
email = self.nonreg_email('newuser')
|
2017-03-19 01:48:12 +01:00
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
with patch('zerver.views.registration.password_auth_enabled', return_value=False):
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/register/',
|
|
|
|
{'full_name': 'New User',
|
|
|
|
'key': find_key_by_email(email),
|
|
|
|
'terms': True})
|
|
|
|
|
|
|
|
# User should now be logged in.
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-05-24 02:42:31 +02:00
|
|
|
user_profile = self.nonreg_user('newuser')
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2017-03-19 01:48:12 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_signup_without_full_name(self) -> None:
|
2017-03-18 20:36:40 +01:00
|
|
|
"""
|
|
|
|
Check if signing up without a full name redirects to a registration
|
|
|
|
form.
|
|
|
|
"""
|
|
|
|
email = "newguy@zulip.com"
|
|
|
|
password = "newpassword"
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/register/',
|
|
|
|
{'password': password,
|
|
|
|
'key': find_key_by_email(email),
|
|
|
|
'terms': True,
|
|
|
|
'from_confirmation': '1'})
|
2018-06-26 00:33:05 +02:00
|
|
|
self.assert_in_success_response(["We just need you to do one last thing."], result)
|
2017-03-18 20:36:40 +01:00
|
|
|
|
2017-08-09 22:09:38 +02:00
|
|
|
# Verify that the user is asked for name and password
|
|
|
|
self.assert_in_success_response(['id_password', 'id_full_name'], result)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_signup_with_full_name(self) -> None:
|
2017-04-20 08:25:15 +02:00
|
|
|
"""
|
|
|
|
Check if signing up without a full name redirects to a registration
|
|
|
|
form.
|
|
|
|
"""
|
|
|
|
email = "newguy@zulip.com"
|
|
|
|
password = "newpassword"
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/register/',
|
|
|
|
{'password': password,
|
|
|
|
'key': find_key_by_email(email),
|
|
|
|
'terms': True,
|
|
|
|
'full_name': "New Guy",
|
|
|
|
'from_confirmation': '1'})
|
2018-06-26 00:33:05 +02:00
|
|
|
self.assert_in_success_response(["We just need you to do one last thing."], result)
|
2017-04-20 08:25:15 +02:00
|
|
|
|
auth: Use zxcvbn to ensure password strength on server side.
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password. We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.
In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.
Fixes #6880.
2019-11-18 08:11:03 +01:00
|
|
|
def test_signup_with_weak_password(self) -> None:
|
|
|
|
"""
|
|
|
|
Check if signing up without a full name redirects to a registration
|
|
|
|
form.
|
|
|
|
"""
|
|
|
|
email = "newguy@zulip.com"
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
with self.settings(PASSWORD_MIN_LENGTH=6, PASSWORD_MIN_GUESSES=1000):
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/register/',
|
|
|
|
{'password': 'easy',
|
|
|
|
'key': find_key_by_email(email),
|
|
|
|
'terms': True,
|
|
|
|
'full_name': "New Guy",
|
|
|
|
'from_confirmation': '1'})
|
|
|
|
self.assert_in_success_response(["We just need you to do one last thing."], result)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
'easy',
|
|
|
|
full_name="New Guy")
|
|
|
|
self.assert_in_success_response(["The password is too weak."], result)
|
|
|
|
with self.assertRaises(UserProfile.DoesNotExist):
|
|
|
|
# Account wasn't created.
|
|
|
|
get_user(email, get_realm("zulip"))
|
|
|
|
|
2017-11-16 23:00:04 +01:00
|
|
|
def test_signup_with_default_stream_group(self) -> None:
|
|
|
|
# Check if user is subscribed to the streams of default
|
|
|
|
# stream group as well as default streams.
|
|
|
|
email = self.nonreg_email('newguy')
|
|
|
|
password = "newpassword"
|
|
|
|
realm = get_realm("zulip")
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
default_streams = []
|
|
|
|
for stream_name in ["venice", "verona"]:
|
|
|
|
stream = get_stream(stream_name, realm)
|
|
|
|
do_add_default_stream(stream)
|
|
|
|
default_streams.append(stream)
|
|
|
|
|
|
|
|
group1_streams = []
|
|
|
|
for stream_name in ["scotland", "denmark"]:
|
|
|
|
stream = get_stream(stream_name, realm)
|
|
|
|
group1_streams.append(stream)
|
|
|
|
do_create_default_stream_group(realm, "group 1", "group 1 description", group1_streams)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email, password, default_stream_groups=["group 1"])
|
|
|
|
self.check_user_subscribed_only_to_streams("newguy", default_streams + group1_streams)
|
|
|
|
|
2019-11-03 23:02:37 +01:00
|
|
|
def test_signup_two_confirmation_links(self) -> None:
|
|
|
|
email = self.nonreg_email('newguy')
|
|
|
|
password = "newpassword"
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
first_confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
first_confirmation_key = find_key_by_email(email)
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
second_confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
|
|
|
|
# Sanity check:
|
|
|
|
self.assertNotEqual(first_confirmation_url, second_confirmation_url)
|
|
|
|
|
|
|
|
# Register the account (this will use the second confirmation url):
|
|
|
|
result = self.submit_reg_form_for_user(email, password, full_name="New Guy",
|
|
|
|
from_confirmation="1")
|
|
|
|
self.assert_in_success_response(["We just need you to do one last thing.",
|
|
|
|
"New Guy",
|
|
|
|
email],
|
|
|
|
result)
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="New Guy")
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
|
|
|
self.assertEqual(user_profile.delivery_email, email)
|
2019-11-03 23:02:37 +01:00
|
|
|
|
|
|
|
# Now try to to register using the first confirmation url:
|
|
|
|
result = self.client_get(first_confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/register/',
|
|
|
|
{'password': password,
|
|
|
|
'key': first_confirmation_key,
|
|
|
|
'terms': True,
|
|
|
|
'full_name': "New Guy",
|
|
|
|
'from_confirmation': '1'})
|
|
|
|
# We should get redirected back to the login page.
|
|
|
|
expected_url = ('/accounts/login/' + '?email=' +
|
|
|
|
urllib.parse.quote_plus(email))
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result["Location"], expected_url)
|
|
|
|
|
2017-11-16 23:00:04 +01:00
|
|
|
def test_signup_with_multiple_default_stream_groups(self) -> None:
|
|
|
|
# Check if user is subscribed to the streams of default
|
|
|
|
# stream groups as well as default streams.
|
|
|
|
email = self.nonreg_email('newguy')
|
|
|
|
password = "newpassword"
|
|
|
|
realm = get_realm("zulip")
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
default_streams = []
|
|
|
|
for stream_name in ["venice", "verona"]:
|
|
|
|
stream = get_stream(stream_name, realm)
|
|
|
|
do_add_default_stream(stream)
|
|
|
|
default_streams.append(stream)
|
|
|
|
|
|
|
|
group1_streams = []
|
|
|
|
for stream_name in ["scotland", "denmark"]:
|
|
|
|
stream = get_stream(stream_name, realm)
|
|
|
|
group1_streams.append(stream)
|
|
|
|
do_create_default_stream_group(realm, "group 1", "group 1 description", group1_streams)
|
|
|
|
|
|
|
|
group2_streams = []
|
|
|
|
for stream_name in ["scotland", "rome"]:
|
|
|
|
stream = get_stream(stream_name, realm)
|
|
|
|
group2_streams.append(stream)
|
|
|
|
do_create_default_stream_group(realm, "group 2", "group 2 description", group2_streams)
|
|
|
|
|
2017-11-17 07:00:53 +01:00
|
|
|
result = self.submit_reg_form_for_user(email, password,
|
|
|
|
default_stream_groups=["group 1", "group 2"])
|
|
|
|
self.check_user_subscribed_only_to_streams(
|
|
|
|
"newguy", list(set(default_streams + group1_streams + group2_streams)))
|
2017-11-16 23:00:04 +01:00
|
|
|
|
2018-05-22 18:13:51 +02:00
|
|
|
def test_signup_without_user_settings_from_another_realm(self) -> None:
|
2020-03-12 14:17:25 +01:00
|
|
|
hamlet_in_zulip = self.example_user('hamlet')
|
|
|
|
email = hamlet_in_zulip.delivery_email
|
2018-05-22 18:13:51 +02:00
|
|
|
password = "newpassword"
|
|
|
|
subdomain = "lear"
|
|
|
|
realm = get_realm("lear")
|
|
|
|
|
|
|
|
# Make an account in the Zulip realm, but we're not copying from there.
|
|
|
|
hamlet_in_zulip.left_side_userlist = True
|
|
|
|
hamlet_in_zulip.default_language = "de"
|
|
|
|
hamlet_in_zulip.emojiset = "twitter"
|
|
|
|
hamlet_in_zulip.high_contrast_mode = True
|
2018-06-13 20:16:51 +02:00
|
|
|
hamlet_in_zulip.enter_sends = True
|
2018-06-13 14:10:53 +02:00
|
|
|
hamlet_in_zulip.tutorial_status = UserProfile.TUTORIAL_FINISHED
|
2018-05-22 18:13:51 +02:00
|
|
|
hamlet_in_zulip.save()
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email}, subdomain=subdomain)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
result = self.client_get(result["Location"], subdomain=subdomain)
|
|
|
|
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url, subdomain=subdomain)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
result = self.submit_reg_form_for_user(email, password, source_realm="on",
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
|
|
|
hamlet = get_user(self.example_email("hamlet"), realm)
|
|
|
|
self.assertEqual(hamlet.left_side_userlist, False)
|
|
|
|
self.assertEqual(hamlet.default_language, "en")
|
2018-08-25 09:18:49 +02:00
|
|
|
self.assertEqual(hamlet.emojiset, "google-blob")
|
2018-05-22 18:13:51 +02:00
|
|
|
self.assertEqual(hamlet.high_contrast_mode, False)
|
2019-06-11 08:47:49 +02:00
|
|
|
self.assertEqual(hamlet.enable_stream_audible_notifications, False)
|
2018-06-13 20:16:51 +02:00
|
|
|
self.assertEqual(hamlet.enter_sends, False)
|
2018-06-13 14:10:53 +02:00
|
|
|
self.assertEqual(hamlet.tutorial_status, UserProfile.TUTORIAL_WAITING)
|
2018-05-22 18:13:51 +02:00
|
|
|
|
|
|
|
def test_signup_with_user_settings_from_another_realm(self) -> None:
|
2020-03-12 14:17:25 +01:00
|
|
|
hamlet_in_zulip = self.example_user('hamlet')
|
|
|
|
email = hamlet_in_zulip.delivery_email
|
2018-05-22 18:13:51 +02:00
|
|
|
password = "newpassword"
|
|
|
|
subdomain = "lear"
|
|
|
|
lear_realm = get_realm("lear")
|
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('hamlet')
|
2018-06-06 14:30:26 +02:00
|
|
|
with get_test_image_file('img.png') as image_file:
|
|
|
|
self.client_post("/json/users/me/avatar", {'file': image_file})
|
2020-03-12 14:17:25 +01:00
|
|
|
hamlet_in_zulip.refresh_from_db()
|
2018-05-22 18:13:51 +02:00
|
|
|
hamlet_in_zulip.left_side_userlist = True
|
|
|
|
hamlet_in_zulip.default_language = "de"
|
|
|
|
hamlet_in_zulip.emojiset = "twitter"
|
|
|
|
hamlet_in_zulip.high_contrast_mode = True
|
2018-06-13 20:16:51 +02:00
|
|
|
hamlet_in_zulip.enter_sends = True
|
2018-06-13 14:10:53 +02:00
|
|
|
hamlet_in_zulip.tutorial_status = UserProfile.TUTORIAL_FINISHED
|
2018-05-22 18:13:51 +02:00
|
|
|
hamlet_in_zulip.save()
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email}, subdomain=subdomain)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
result = self.client_get(result["Location"], subdomain=subdomain)
|
|
|
|
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url, subdomain=subdomain)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2018-12-25 13:45:01 +01:00
|
|
|
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/register/',
|
|
|
|
{'password': password,
|
|
|
|
'key': find_key_by_email(email),
|
|
|
|
'from_confirmation': '1'},
|
|
|
|
subdomain=subdomain)
|
|
|
|
self.assert_in_success_response(["Import settings from existing Zulip account",
|
|
|
|
"selected >\n Zulip Dev",
|
|
|
|
"We just need you to do one last thing."], result)
|
|
|
|
|
2018-05-22 18:13:51 +02:00
|
|
|
result = self.submit_reg_form_for_user(email, password, source_realm="zulip",
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
2020-03-12 14:17:25 +01:00
|
|
|
hamlet_in_lear = get_user(email, lear_realm)
|
2018-05-22 18:13:51 +02:00
|
|
|
self.assertEqual(hamlet_in_lear.left_side_userlist, True)
|
|
|
|
self.assertEqual(hamlet_in_lear.default_language, "de")
|
|
|
|
self.assertEqual(hamlet_in_lear.emojiset, "twitter")
|
|
|
|
self.assertEqual(hamlet_in_lear.high_contrast_mode, True)
|
2018-06-13 20:16:51 +02:00
|
|
|
self.assertEqual(hamlet_in_lear.enter_sends, True)
|
2019-06-11 08:47:49 +02:00
|
|
|
self.assertEqual(hamlet_in_lear.enable_stream_audible_notifications, False)
|
2018-06-13 14:10:53 +02:00
|
|
|
self.assertEqual(hamlet_in_lear.tutorial_status, UserProfile.TUTORIAL_FINISHED)
|
2020-03-12 14:17:25 +01:00
|
|
|
|
2018-06-06 14:30:26 +02:00
|
|
|
zulip_path_id = avatar_disk_path(hamlet_in_zulip)
|
2020-03-12 14:17:25 +01:00
|
|
|
lear_path_id = avatar_disk_path(hamlet_in_lear)
|
|
|
|
zulip_avatar_bits = open(zulip_path_id, 'rb').read()
|
|
|
|
lear_avatar_bits = open(lear_path_id, 'rb').read()
|
|
|
|
|
|
|
|
self.assertTrue(len(zulip_avatar_bits) > 500)
|
|
|
|
self.assertEqual(zulip_avatar_bits, lear_avatar_bits)
|
2018-05-22 18:13:51 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_signup_invalid_subdomain(self) -> None:
|
2017-03-19 01:48:12 +01:00
|
|
|
"""
|
|
|
|
Check if attempting to authenticate to the wrong subdomain logs an
|
|
|
|
error and redirects.
|
|
|
|
"""
|
|
|
|
email = "newuser@zulip.com"
|
|
|
|
password = "newpassword"
|
|
|
|
|
|
|
|
result = self.client_post('/accounts/home/', {'email': email})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
# Visit the confirmation link.
|
|
|
|
confirmation_url = self.get_confirmation_url_from_outbox(email)
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def invalid_subdomain(**kwargs: Any) -> Any:
|
2017-03-19 01:48:12 +01:00
|
|
|
return_data = kwargs.get('return_data', {})
|
|
|
|
return_data['invalid_subdomain'] = True
|
|
|
|
|
|
|
|
with patch('zerver.views.registration.authenticate', side_effect=invalid_subdomain):
|
|
|
|
with patch('logging.error') as mock_error:
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/register/',
|
|
|
|
{'password': password,
|
|
|
|
'full_name': 'New User',
|
|
|
|
'key': find_key_by_email(email),
|
|
|
|
'terms': True})
|
|
|
|
mock_error.assert_called_once()
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
2017-11-08 22:02:59 +01:00
|
|
|
def test_replace_subdomain_in_confirmation_link(self) -> None:
|
|
|
|
"""
|
|
|
|
Check that manually changing the subdomain in a registration
|
|
|
|
confirmation link doesn't allow you to register to a different realm.
|
|
|
|
"""
|
|
|
|
email = "newuser@zulip.com"
|
|
|
|
self.client_post('/accounts/home/', {'email': email})
|
|
|
|
result = self.client_post(
|
|
|
|
'/accounts/register/',
|
|
|
|
{'password': "password",
|
|
|
|
'key': find_key_by_email(email),
|
|
|
|
'terms': True,
|
|
|
|
'full_name': "New User",
|
|
|
|
'from_confirmation': '1'}, subdomain="zephyr")
|
|
|
|
self.assert_in_success_response(["We couldn't find your confirmation link"], result)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_failed_signup_due_to_restricted_domain(self) -> None:
|
2017-01-04 05:30:48 +01:00
|
|
|
realm = get_realm('zulip')
|
2020-03-06 16:22:23 +01:00
|
|
|
do_set_realm_property(realm, 'invite_required', False)
|
|
|
|
do_set_realm_property(realm, 'emails_restricted_to_domains', True)
|
2017-10-02 22:43:43 +02:00
|
|
|
|
|
|
|
request = HostRequestMock(host = realm.host)
|
|
|
|
request.session = {} # type: ignore
|
|
|
|
email = 'user@acme.com'
|
|
|
|
form = HomepageForm({'email': email}, realm=realm)
|
|
|
|
self.assertIn("Your email address, {}, is not in one of the domains".format(email),
|
|
|
|
form.errors['email'][0])
|
2016-11-09 00:47:27 +01:00
|
|
|
|
2018-03-05 20:19:07 +01:00
|
|
|
def test_failed_signup_due_to_disposable_email(self) -> None:
|
|
|
|
realm = get_realm('zulip')
|
2018-07-27 23:26:29 +02:00
|
|
|
realm.emails_restricted_to_domains = False
|
2018-03-05 20:19:07 +01:00
|
|
|
realm.disallow_disposable_email_addresses = True
|
|
|
|
realm.save()
|
|
|
|
|
|
|
|
request = HostRequestMock(host = realm.host)
|
|
|
|
request.session = {} # type: ignore
|
|
|
|
email = 'abc@mailnator.com'
|
|
|
|
form = HomepageForm({'email': email}, realm=realm)
|
|
|
|
self.assertIn("Please use your real email address", form.errors['email'][0])
|
|
|
|
|
2018-06-20 13:08:07 +02:00
|
|
|
def test_failed_signup_due_to_email_containing_plus(self) -> None:
|
|
|
|
realm = get_realm('zulip')
|
2018-07-27 23:26:29 +02:00
|
|
|
realm.emails_restricted_to_domains = True
|
2018-06-20 13:08:07 +02:00
|
|
|
realm.save()
|
|
|
|
|
|
|
|
request = HostRequestMock(host = realm.host)
|
|
|
|
request.session = {} # type: ignore
|
|
|
|
email = 'iago+label@zulip.com'
|
|
|
|
form = HomepageForm({'email': email}, realm=realm)
|
|
|
|
self.assertIn("Email addresses containing + are not allowed in this organization.", form.errors['email'][0])
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_failed_signup_due_to_invite_required(self) -> None:
|
2017-01-04 05:30:48 +01:00
|
|
|
realm = get_realm('zulip')
|
2016-11-09 00:47:27 +01:00
|
|
|
realm.invite_required = True
|
|
|
|
realm.save()
|
|
|
|
request = HostRequestMock(host = realm.host)
|
2017-07-11 21:41:31 +02:00
|
|
|
request.session = {} # type: ignore
|
2017-04-14 11:01:24 +02:00
|
|
|
email = 'user@zulip.com'
|
|
|
|
form = HomepageForm({'email': email}, realm=realm)
|
|
|
|
self.assertIn("Please request an invite for {} from".format(email),
|
|
|
|
form.errors['email'][0])
|
2016-11-09 00:47:27 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_failed_signup_due_to_nonexistent_realm(self) -> None:
|
2017-10-02 22:43:43 +02:00
|
|
|
request = HostRequestMock(host = 'acme.' + settings.EXTERNAL_HOST)
|
|
|
|
request.session = {} # type: ignore
|
|
|
|
email = 'user@acme.com'
|
|
|
|
form = HomepageForm({'email': email}, realm=None)
|
|
|
|
self.assertIn("organization you are trying to join using {} does "
|
|
|
|
"not exist".format(email), form.errors['email'][0])
|
2016-11-09 00:47:27 +01:00
|
|
|
|
2017-11-23 02:59:51 +01:00
|
|
|
def test_access_signup_page_in_root_domain_without_realm(self) -> None:
|
|
|
|
result = self.client_get('/register', subdomain="", follow=True)
|
|
|
|
self.assert_in_success_response(["Find your Zulip accounts"], result)
|
|
|
|
|
2017-10-23 21:12:59 +02:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_ldap_registration_from_confirmation(self) -> None:
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2016-11-02 11:10:21 +01:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
subdomain = "zulip"
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'full_name': 'cn'}
|
2016-11-02 11:10:21 +01:00
|
|
|
|
2017-01-07 21:46:03 +01:00
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
2016-11-02 11:10:21 +01:00
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2016-11-02 11:10:21 +01:00
|
|
|
self.assertTrue(result["Location"].endswith(
|
2017-01-24 07:06:13 +01:00
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
2016-11-02 11:10:21 +01:00
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
# Visit the confirmation link.
|
|
|
|
from django.core.mail import outbox
|
|
|
|
for message in reversed(outbox):
|
|
|
|
if email in message.to:
|
2018-07-02 00:05:24 +02:00
|
|
|
confirmation_link_pattern = re.compile(settings.EXTERNAL_HOST + r"(\S+)>")
|
2016-11-02 11:10:21 +01:00
|
|
|
confirmation_url = confirmation_link_pattern.search(
|
|
|
|
message.body).groups()[0]
|
|
|
|
break
|
|
|
|
else:
|
2017-03-05 08:01:50 +01:00
|
|
|
raise AssertionError("Couldn't find a confirmation email.")
|
2016-11-02 11:10:21 +01:00
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
2016-11-02 11:10:21 +01:00
|
|
|
result = self.client_get(confirmation_url)
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
2017-03-19 01:48:12 +01:00
|
|
|
|
2017-09-28 09:41:19 +02:00
|
|
|
# Full name should be set from LDAP
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Ignore",
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
2018-06-26 00:33:05 +02:00
|
|
|
self.assert_in_success_response(["We just need you to do one last thing.",
|
2017-09-28 09:41:19 +02:00
|
|
|
"New LDAP fullname",
|
2017-03-19 01:48:12 +01:00
|
|
|
"newuser@zulip.com"],
|
|
|
|
result)
|
|
|
|
|
2017-08-09 22:09:38 +02:00
|
|
|
# Verify that the user is asked for name
|
|
|
|
self.assert_in_success_response(['id_full_name'], result)
|
2019-01-16 09:56:17 +01:00
|
|
|
# Verify that user is asked for its LDAP/Active Directory password.
|
|
|
|
self.assert_in_success_response(['Enter your LDAP/Active Directory password.',
|
|
|
|
'ldap-password'], result)
|
|
|
|
self.assert_not_in_success_response(['id_password'], result)
|
2017-08-09 22:09:38 +02:00
|
|
|
|
2016-11-02 11:10:21 +01:00
|
|
|
# Test the TypeError exception handler
|
2019-10-16 18:28:55 +02:00
|
|
|
with patch("zproject.backends.ZulipLDAPAuthBackendBase.get_mapped_name", side_effect=TypeError):
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
from_confirmation='1',
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2019-10-17 23:29:30 +02:00
|
|
|
self.assert_in_success_response(["We just need you to do one last thing.",
|
|
|
|
"newuser@zulip.com"],
|
|
|
|
result)
|
|
|
|
|
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.EmailAuthBackend',
|
|
|
|
'zproject.backends.ZulipLDAPUserPopulator',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
|
|
|
def test_ldap_populate_only_registration_from_confirmation(self) -> None:
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2019-10-17 23:29:30 +02:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
subdomain = "zulip"
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'full_name': 'cn'}
|
2019-10-17 23:29:30 +02:00
|
|
|
|
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
# Visit the confirmation link.
|
|
|
|
from django.core.mail import outbox
|
|
|
|
for message in reversed(outbox):
|
|
|
|
if email in message.to:
|
|
|
|
confirmation_link_pattern = re.compile(settings.EXTERNAL_HOST + r"(\S+)>")
|
|
|
|
confirmation_url = confirmation_link_pattern.search(
|
|
|
|
message.body).groups()[0]
|
|
|
|
break
|
|
|
|
else:
|
|
|
|
raise AssertionError("Couldn't find a confirmation email.")
|
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_BIND_PASSWORD='',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
|
|
|
AUTH_LDAP_USER_DN_TEMPLATE='uid=%(user)s,ou=users,dc=zulip,dc=com'):
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
# Full name should be set from LDAP
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Ignore",
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
|
|
|
self.assert_in_success_response(["We just need you to do one last thing.",
|
|
|
|
"New LDAP fullname",
|
|
|
|
"newuser@zulip.com"],
|
|
|
|
result)
|
|
|
|
|
|
|
|
# Verify that the user is asked for name
|
|
|
|
self.assert_in_success_response(['id_full_name'], result)
|
|
|
|
# Verify that user is NOT asked for its LDAP/Active Directory password.
|
|
|
|
# LDAP is not configured for authentication in this test.
|
|
|
|
self.assert_not_in_success_response(['Enter your LDAP/Active Directory password.',
|
|
|
|
'ldap-password'], result)
|
|
|
|
# If we were using e.g. the SAML auth backend, there
|
|
|
|
# shouldn't be a password prompt, but since it uses the
|
|
|
|
# EmailAuthBackend, there should be password field here.
|
|
|
|
self.assert_in_success_response(['id_password'], result)
|
|
|
|
|
2017-10-23 21:12:59 +02:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_ldap_registration_end_to_end(self) -> None:
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2017-09-29 08:43:18 +02:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
subdomain = "zulip"
|
|
|
|
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'full_name': 'cn', 'short_name': 'sn'}
|
2017-09-29 08:43:18 +02:00
|
|
|
full_name = 'New LDAP fullname'
|
|
|
|
|
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
2017-09-29 08:43:18 +02:00
|
|
|
# Click confirmation link
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Ignore",
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
|
|
|
# Full name should be set from LDAP
|
2018-06-26 00:33:05 +02:00
|
|
|
self.assert_in_success_response(["We just need you to do one last thing.",
|
2017-09-29 08:43:18 +02:00
|
|
|
full_name,
|
|
|
|
"newuser@zulip.com"],
|
|
|
|
result)
|
|
|
|
|
2017-10-24 19:38:31 +02:00
|
|
|
# Submit the final form with the wrong password.
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
'wrongpassword',
|
|
|
|
full_name=full_name,
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
# Didn't create an account
|
|
|
|
with self.assertRaises(UserProfile.DoesNotExist):
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
2017-10-24 19:38:31 +02:00
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result.url, "/accounts/login/?email=newuser%40zulip.com")
|
|
|
|
|
2019-01-16 09:08:52 +01:00
|
|
|
# Submit the final form with the correct password.
|
2017-10-23 21:12:59 +02:00
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name=full_name,
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
2017-10-23 21:12:59 +02:00
|
|
|
# Name comes from form which was set by LDAP.
|
|
|
|
self.assertEqual(user_profile.full_name, full_name)
|
2019-01-16 09:08:52 +01:00
|
|
|
# Short name comes from LDAP.
|
|
|
|
self.assertEqual(user_profile.short_name, "shortname")
|
|
|
|
|
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
|
|
|
def test_ldap_split_full_name_mapping(self) -> None:
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'first_name': 'sn', 'last_name': 'cn'}
|
2019-01-16 09:08:52 +01:00
|
|
|
|
|
|
|
subdomain = 'zulip'
|
2019-10-16 18:28:55 +02:00
|
|
|
email = 'newuser_splitname@zulip.com'
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser_splitname")
|
2019-01-16 09:08:52 +01:00
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
2019-01-16 09:08:52 +01:00
|
|
|
# Click confirmation link
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Ignore",
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
|
|
|
# Test split name mapping.
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Ignore",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
2019-01-16 09:08:52 +01:00
|
|
|
# Name comes from form which was set by LDAP.
|
|
|
|
self.assertEqual(user_profile.full_name, "First Last")
|
|
|
|
# Short name comes from LDAP.
|
|
|
|
self.assertEqual(user_profile.short_name, "First")
|
2017-09-29 08:43:18 +02:00
|
|
|
|
2017-10-23 20:42:37 +02:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_ldap_auto_registration_on_login(self) -> None:
|
2017-10-23 20:42:37 +02:00
|
|
|
"""The most common way for LDAP authentication to be used is with a
|
|
|
|
server that doesn't have a terms-of-service required, in which
|
|
|
|
case we offer a complete single-sign-on experience (where the
|
|
|
|
user just enters their LDAP username and password, and their
|
|
|
|
account is created if it doesn't already exist).
|
|
|
|
|
|
|
|
This test verifies that flow.
|
|
|
|
"""
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2017-10-23 20:42:37 +02:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
subdomain = "zulip"
|
|
|
|
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
2019-01-29 13:39:21 +01:00
|
|
|
ldap_user_attr_map = {
|
2019-10-16 18:28:55 +02:00
|
|
|
'full_name': 'cn',
|
2019-01-29 13:39:21 +01:00
|
|
|
'short_name': 'sn',
|
2019-10-16 18:28:55 +02:00
|
|
|
'custom_profile_field__phone_number': 'homePhone',
|
2019-01-29 13:39:21 +01:00
|
|
|
}
|
2017-10-23 20:42:37 +02:00
|
|
|
full_name = 'New LDAP fullname'
|
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
2017-10-23 20:42:37 +02:00
|
|
|
self.login_with_return(email, password,
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
2017-10-23 20:42:37 +02:00
|
|
|
# Name comes from form which was set by LDAP.
|
|
|
|
self.assertEqual(user_profile.full_name, full_name)
|
2019-01-29 13:39:21 +01:00
|
|
|
self.assertEqual(user_profile.short_name, 'shortname')
|
|
|
|
|
|
|
|
# Test custom profile fields are properly synced.
|
|
|
|
phone_number_field = CustomProfileField.objects.get(realm=user_profile.realm, name='Phone number')
|
|
|
|
phone_number_field_value = CustomProfileFieldValue.objects.get(user_profile=user_profile,
|
|
|
|
field=phone_number_field)
|
|
|
|
self.assertEqual(phone_number_field_value.value, 'a-new-number')
|
2017-10-23 20:42:37 +02:00
|
|
|
|
2019-03-04 13:16:00 +01:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
|
|
|
|
def test_ldap_registration_multiple_realms(self) -> None:
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2019-03-04 13:16:00 +01:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
2019-03-04 13:16:00 +01:00
|
|
|
ldap_user_attr_map = {
|
2019-10-16 18:28:55 +02:00
|
|
|
'full_name': 'cn',
|
2019-03-04 13:16:00 +01:00
|
|
|
'short_name': 'sn',
|
|
|
|
}
|
|
|
|
do_create_realm('test', 'test', False)
|
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
2019-03-04 13:16:00 +01:00
|
|
|
subdomain = "zulip"
|
|
|
|
self.login_with_return(email, password,
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(
|
|
|
|
delivery_email=email, realm=get_realm('zulip'))
|
2019-03-04 13:16:00 +01:00
|
|
|
self.logout()
|
|
|
|
|
|
|
|
# Test registration in another realm works.
|
|
|
|
subdomain = "test"
|
|
|
|
self.login_with_return(email, password,
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(
|
|
|
|
delivery_email=email, realm=get_realm('test'))
|
|
|
|
self.assertEqual(user_profile.delivery_email, email)
|
2019-03-04 13:16:00 +01:00
|
|
|
|
2017-10-23 21:12:59 +02:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_ldap_registration_when_names_changes_are_disabled(self) -> None:
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2017-09-29 08:43:18 +02:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
subdomain = "zulip"
|
|
|
|
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'full_name': 'cn', 'short_name': 'sn'}
|
2017-09-29 08:43:18 +02:00
|
|
|
|
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
2017-09-29 08:43:18 +02:00
|
|
|
# Click confirmation link. This will 'authenticated_full_name'
|
|
|
|
# session variable which will be used to set the fullname of
|
|
|
|
# the user.
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Ignore",
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
|
2017-10-24 19:38:31 +02:00
|
|
|
with patch('zerver.views.registration.name_changes_disabled', return_value=True):
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
2017-09-29 08:43:18 +02:00
|
|
|
# Name comes from LDAP session.
|
|
|
|
self.assertEqual(user_profile.full_name, 'New LDAP fullname')
|
|
|
|
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.EmailAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
2019-10-25 02:26:05 +02:00
|
|
|
def test_signup_with_ldap_and_email_enabled_using_email_with_ldap_append_domain(self) -> None:
|
2019-10-16 18:28:55 +02:00
|
|
|
password = "nonldappassword"
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
subdomain = "zulip"
|
|
|
|
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'full_name': 'cn', 'short_name': 'sn'}
|
2019-01-16 14:09:30 +01:00
|
|
|
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
2019-10-25 02:26:05 +02:00
|
|
|
# If the user's email is inside the LDAP directory and we just
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
# have a wrong password, then we refuse to create an account
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
result = self.submit_reg_form_for_user(
|
|
|
|
email,
|
|
|
|
password,
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Non-LDAP Full Name",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
# We get redirected back to the login page because password was wrong
|
|
|
|
self.assertEqual(result.url, "/accounts/login/?email=newuser%40zulip.com")
|
2020-03-12 14:17:25 +01:00
|
|
|
self.assertFalse(UserProfile.objects.filter(delivery_email=email).exists())
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
|
2019-11-23 18:17:41 +01:00
|
|
|
# For the rest of the test we delete the user from ldap.
|
|
|
|
del self.mock_ldap.directory["uid=newuser,ou=users,dc=zulip,dc=com"]
|
|
|
|
|
|
|
|
# If the user's email is not in the LDAP directory, but fits LDAP_APPEND_DOMAIN,
|
|
|
|
# we refuse to create the account.
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
|
|
|
):
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Non-LDAP Full Name",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
# We get redirected back to the login page because emails matching LDAP_APPEND_DOMAIN,
|
|
|
|
# aren't allowed to create non-ldap accounts.
|
|
|
|
self.assertEqual(result.url, "/accounts/login/?email=newuser%40zulip.com")
|
2020-03-12 14:17:25 +01:00
|
|
|
self.assertFalse(UserProfile.objects.filter(delivery_email=email).exists())
|
2019-11-23 18:17:41 +01:00
|
|
|
|
2020-03-28 01:25:56 +01:00
|
|
|
# If the email is outside of LDAP_APPEND_DOMAIN, we successfully create a non-ldap account,
|
2019-11-23 18:17:41 +01:00
|
|
|
# with the password managed in the zulip database.
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='example.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
with patch('zerver.views.registration.logging.warning') as mock_warning:
|
|
|
|
result = self.submit_reg_form_for_user(
|
|
|
|
email,
|
|
|
|
password,
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
mock_warning.assert_called_once_with("New account email newuser@zulip.com could not be found in LDAP")
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Non-LDAP Full Name",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result.url, "http://zulip.testserver/")
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
auth: Improve interactions between LDAPAuthBackend and EmailAuthBackend.
Previously, if you had LDAPAuthBackend enabled, we basically blocked
any other auth backends from working at all, by requiring the user's
login flow include verifying the user's LDAP password.
We still want to enforce that in the case that the account email
matches LDAP_APPEND_DOMAIN, but there's a reasonable corner case:
Having effectively guest users from outside the LDAP domain.
We don't want to allow creating a Zulip-level password for a user
inside the LDAP domain, so we still verify the LDAP password in that
flow, but if the email is allowed to register (due to invite or
whatever) but is outside the LDAP domain for the organization, we
allow it to create an account and set a password.
For the moment, this solution only covers EmailAuthBackend. It's
likely that just extending the list of other backends we check for in
the new conditional on `email_auth_backend` would be correct, but we
haven't done any testing for those cases, and with auth code paths,
it's better to disallow than allow untested code paths.
Fixes #9422.
2018-05-29 06:52:06 +02:00
|
|
|
# Name comes from the POST request, not LDAP
|
|
|
|
self.assertEqual(user_profile.full_name, 'Non-LDAP Full Name')
|
|
|
|
|
2019-10-25 02:26:05 +02:00
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.EmailAuthBackend',
|
|
|
|
'zproject.backends.ZulipDummyBackend'))
|
|
|
|
def test_signup_with_ldap_and_email_enabled_using_email_with_ldap_email_search(self) -> None:
|
|
|
|
# If the user's email is inside the LDAP directory and we just
|
|
|
|
# have a wrong password, then we refuse to create an account
|
|
|
|
password = "nonldappassword"
|
|
|
|
email = "newuser_email@zulip.com" # belongs to user uid=newuser_with_email in the test directory
|
|
|
|
subdomain = "zulip"
|
|
|
|
|
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'full_name': 'cn', 'short_name': 'sn'}
|
|
|
|
|
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_EMAIL_ATTR='mail',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
|
|
|
):
|
|
|
|
result = self.submit_reg_form_for_user(
|
|
|
|
email,
|
|
|
|
password,
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Non-LDAP Full Name",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
# We get redirected back to the login page because password was wrong
|
|
|
|
self.assertEqual(result.url, "/accounts/login/?email=newuser_email%40zulip.com")
|
2020-03-12 14:17:25 +01:00
|
|
|
self.assertFalse(UserProfile.objects.filter(delivery_email=email).exists())
|
2019-10-25 02:26:05 +02:00
|
|
|
|
|
|
|
# If the user's email is not in the LDAP directory , though, we
|
|
|
|
# successfully create an account with a password in the Zulip
|
|
|
|
# database.
|
|
|
|
password = "nonldappassword"
|
|
|
|
email = "nonexistent@zulip.com"
|
|
|
|
subdomain = "zulip"
|
|
|
|
|
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_EMAIL_ATTR='mail',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
|
|
|
):
|
|
|
|
with patch('zerver.views.registration.logging.warning') as mock_warning:
|
|
|
|
result = self.submit_reg_form_for_user(
|
|
|
|
email,
|
|
|
|
password,
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
mock_warning.assert_called_once_with("New account email nonexistent@zulip.com could not be found in LDAP")
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Non-LDAP Full Name",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result.url, "http://zulip.testserver/")
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
2019-10-25 02:26:05 +02:00
|
|
|
# Name comes from the POST request, not LDAP
|
|
|
|
self.assertEqual(user_profile.full_name, 'Non-LDAP Full Name')
|
|
|
|
|
2019-01-16 09:59:01 +01:00
|
|
|
def ldap_invite_and_signup_as(self, invite_as: int, streams: List[str]=['Denmark']) -> None:
|
2019-10-16 18:28:55 +02:00
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'full_name': 'cn'}
|
2019-01-16 09:59:01 +01:00
|
|
|
|
|
|
|
subdomain = 'zulip'
|
2019-10-16 18:28:55 +02:00
|
|
|
email = 'newuser@zulip.com'
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2019-01-16 09:59:01 +01:00
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
2019-10-16 18:28:55 +02:00
|
|
|
):
|
|
|
|
# Invite user.
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login('iago')
|
2019-10-16 18:28:55 +02:00
|
|
|
response = self.invite(invitee_emails='newuser@zulip.com',
|
|
|
|
stream_names=streams,
|
|
|
|
invite_as=invite_as)
|
|
|
|
self.assert_json_success(response)
|
|
|
|
self.logout()
|
2019-01-16 09:59:01 +01:00
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Ignore",
|
|
|
|
from_confirmation="1",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="Ignore",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
|
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.EmailAuthBackend'))
|
|
|
|
def test_ldap_invite_user_as_admin(self) -> None:
|
|
|
|
self.ldap_invite_and_signup_as(PreregistrationUser.INVITE_AS['REALM_ADMIN'])
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(
|
|
|
|
delivery_email=self.nonreg_email('newuser'))
|
2019-01-16 09:59:01 +01:00
|
|
|
self.assertTrue(user_profile.is_realm_admin)
|
|
|
|
|
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.EmailAuthBackend'))
|
|
|
|
def test_ldap_invite_user_as_guest(self) -> None:
|
|
|
|
self.ldap_invite_and_signup_as(PreregistrationUser.INVITE_AS['GUEST_USER'])
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(
|
|
|
|
delivery_email=self.nonreg_email('newuser'))
|
2019-01-16 09:59:01 +01:00
|
|
|
self.assertTrue(user_profile.is_guest)
|
|
|
|
|
|
|
|
@override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',
|
|
|
|
'zproject.backends.EmailAuthBackend'))
|
|
|
|
def test_ldap_invite_streams(self) -> None:
|
|
|
|
stream_name = 'Rome'
|
|
|
|
realm = get_realm('zulip')
|
|
|
|
stream = get_stream(stream_name, realm)
|
|
|
|
default_streams = get_default_streams_for_realm(realm)
|
|
|
|
default_streams_name = [stream.name for stream in default_streams]
|
|
|
|
self.assertNotIn(stream_name, default_streams_name)
|
|
|
|
|
|
|
|
# Invite user.
|
|
|
|
self.ldap_invite_and_signup_as(PreregistrationUser.INVITE_AS['REALM_ADMIN'], streams=[stream_name])
|
|
|
|
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=self.nonreg_email('newuser'))
|
2019-01-16 09:59:01 +01:00
|
|
|
self.assertTrue(user_profile.is_realm_admin)
|
|
|
|
sub = get_stream_subscriptions_for_user(user_profile).filter(recipient__type_id=stream.id)
|
|
|
|
self.assertEqual(len(sub), 1)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_registration_when_name_changes_are_disabled(self) -> None:
|
2017-09-29 08:43:18 +02:00
|
|
|
"""
|
|
|
|
Test `name_changes_disabled` when we are not running under LDAP.
|
|
|
|
"""
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2017-09-29 08:43:18 +02:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
subdomain = "zulip"
|
|
|
|
|
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
|
|
|
|
with patch('zerver.views.registration.name_changes_disabled', return_value=True):
|
|
|
|
result = self.submit_reg_form_for_user(email,
|
|
|
|
password,
|
|
|
|
full_name="New Name",
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2020-03-12 14:17:25 +01:00
|
|
|
user_profile = UserProfile.objects.get(delivery_email=email)
|
2017-09-29 08:43:18 +02:00
|
|
|
# 'New Name' comes from POST data; not from LDAP session.
|
|
|
|
self.assertEqual(user_profile.full_name, 'New Name')
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_realm_creation_through_ldap(self) -> None:
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password("newuser")
|
2017-06-15 19:24:46 +02:00
|
|
|
email = "newuser@zulip.com"
|
|
|
|
subdomain = "zulip"
|
|
|
|
realm_name = "Zulip"
|
2019-10-16 18:28:55 +02:00
|
|
|
|
|
|
|
self.init_default_ldap_database()
|
|
|
|
ldap_user_attr_map = {'full_name': 'cn'}
|
2017-06-15 19:24:46 +02:00
|
|
|
|
|
|
|
with patch('zerver.views.registration.get_subdomain', return_value=subdomain):
|
|
|
|
result = self.client_post('/register/', {'email': email})
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].endswith(
|
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
|
|
|
result = self.client_get(result["Location"])
|
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
# Visit the confirmation link.
|
|
|
|
from django.core.mail import outbox
|
|
|
|
for message in reversed(outbox):
|
|
|
|
if email in message.to:
|
2018-07-02 00:05:24 +02:00
|
|
|
confirmation_link_pattern = re.compile(settings.EXTERNAL_HOST + r"(\S+)>")
|
2017-06-15 19:24:46 +02:00
|
|
|
confirmation_url = confirmation_link_pattern.search(
|
|
|
|
message.body).groups()[0]
|
|
|
|
break
|
|
|
|
else:
|
|
|
|
raise AssertionError("Couldn't find a confirmation email.")
|
|
|
|
|
|
|
|
with self.settings(
|
|
|
|
POPULATE_PROFILE_VIA_LDAP=True,
|
|
|
|
LDAP_APPEND_DOMAIN='zulip.com',
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP=ldap_user_attr_map,
|
|
|
|
AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',),
|
|
|
|
TERMS_OF_SERVICE=False,
|
|
|
|
):
|
|
|
|
result = self.client_get(confirmation_url)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
key = find_key_by_email(email),
|
|
|
|
confirmation = Confirmation.objects.get(confirmation_key=key[0])
|
|
|
|
prereg_user = confirmation.content_object
|
|
|
|
prereg_user.realm_creation = True
|
|
|
|
prereg_user.save()
|
|
|
|
|
2017-01-04 08:53:56 +01:00
|
|
|
result = self.submit_reg_form_for_user(email,
|
2016-11-02 11:10:21 +01:00
|
|
|
password,
|
|
|
|
realm_name=realm_name,
|
|
|
|
realm_subdomain=subdomain,
|
|
|
|
from_confirmation='1',
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2018-06-26 00:33:05 +02:00
|
|
|
self.assert_in_success_response(["We just need you to do one last thing.",
|
2016-11-19 21:54:00 +01:00
|
|
|
"newuser@zulip.com"],
|
|
|
|
result)
|
2016-11-02 11:10:21 +01:00
|
|
|
|
2016-11-03 21:24:54 +01:00
|
|
|
@patch('DNS.dnslookup', return_value=[['sipbtest:*:20922:101:Fred Sipb,,,:/mit/sipbtest:/bin/athena/tcsh']])
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_registration_of_mirror_dummy_user(self, ignored: Any) -> None:
|
2016-11-02 17:31:11 +01:00
|
|
|
password = "test"
|
2017-09-16 19:51:26 +02:00
|
|
|
subdomain = "zephyr"
|
2017-05-23 01:27:31 +02:00
|
|
|
user_profile = self.mit_user("sipbtest")
|
2020-03-12 14:17:25 +01:00
|
|
|
email = user_profile.delivery_email
|
2016-11-02 17:31:11 +01:00
|
|
|
user_profile.is_mirror_dummy = True
|
|
|
|
user_profile.is_active = False
|
|
|
|
user_profile.save()
|
|
|
|
|
2017-09-16 19:51:26 +02:00
|
|
|
result = self.client_post('/register/', {'email': email}, subdomain="zephyr")
|
2016-11-02 17:31:11 +01:00
|
|
|
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2016-11-02 17:31:11 +01:00
|
|
|
self.assertTrue(result["Location"].endswith(
|
2017-01-24 07:06:13 +01:00
|
|
|
"/accounts/send_confirm/%s" % (email,)))
|
2017-09-16 19:51:26 +02:00
|
|
|
result = self.client_get(result["Location"], subdomain="zephyr")
|
2016-11-02 17:31:11 +01:00
|
|
|
self.assert_in_response("Check your email so we can get started.", result)
|
|
|
|
# Visit the confirmation link.
|
|
|
|
from django.core.mail import outbox
|
|
|
|
for message in reversed(outbox):
|
|
|
|
if email in message.to:
|
2018-07-02 00:05:24 +02:00
|
|
|
confirmation_link_pattern = re.compile(settings.EXTERNAL_HOST + r"(\S+)>")
|
2016-11-02 17:31:11 +01:00
|
|
|
confirmation_url = confirmation_link_pattern.search(
|
|
|
|
message.body).groups()[0]
|
|
|
|
break
|
|
|
|
else:
|
2017-03-05 08:01:50 +01:00
|
|
|
raise AssertionError("Couldn't find a confirmation email.")
|
2016-11-02 17:31:11 +01:00
|
|
|
|
2017-09-16 19:51:26 +02:00
|
|
|
result = self.client_get(confirmation_url, subdomain="zephyr")
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
2017-03-18 20:36:40 +01:00
|
|
|
|
2017-11-27 00:58:56 +01:00
|
|
|
# If the mirror dummy user is already active, attempting to
|
|
|
|
# submit the registration form should raise an AssertionError
|
|
|
|
# (this is an invalid state, so it's a bug we got here):
|
2017-03-18 20:36:40 +01:00
|
|
|
user_profile.is_active = True
|
|
|
|
user_profile.save()
|
2017-11-27 00:58:56 +01:00
|
|
|
with self.assertRaisesRegex(AssertionError, "Mirror dummy user is already active!"):
|
|
|
|
result = self.submit_reg_form_for_user(
|
|
|
|
email,
|
|
|
|
password,
|
|
|
|
from_confirmation='1',
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2017-09-16 19:51:26 +02:00
|
|
|
|
2017-03-18 20:36:40 +01:00
|
|
|
user_profile.is_active = False
|
|
|
|
user_profile.save()
|
|
|
|
|
2017-01-04 08:53:56 +01:00
|
|
|
result = self.submit_reg_form_for_user(email,
|
2016-11-02 17:31:11 +01:00
|
|
|
password,
|
|
|
|
from_confirmation='1',
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
2017-01-04 08:53:56 +01:00
|
|
|
result = self.submit_reg_form_for_user(email,
|
2016-11-02 17:31:11 +01:00
|
|
|
password,
|
|
|
|
# Pass HTTP_HOST for the target subdomain
|
|
|
|
HTTP_HOST=subdomain + ".testserver")
|
2016-12-16 02:01:34 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2016-11-02 17:31:11 +01:00
|
|
|
|
2017-12-08 17:03:58 +01:00
|
|
|
def test_registration_of_active_mirror_dummy_user(self) -> None:
|
2017-03-18 20:36:40 +01:00
|
|
|
"""
|
2017-11-27 00:58:56 +01:00
|
|
|
Trying to activate an already-active mirror dummy user should
|
|
|
|
raise an AssertionError.
|
2017-03-18 20:36:40 +01:00
|
|
|
"""
|
2017-05-23 01:27:31 +02:00
|
|
|
user_profile = self.mit_user("sipbtest")
|
2020-03-12 14:17:25 +01:00
|
|
|
email = user_profile.delivery_email
|
2017-03-18 20:36:40 +01:00
|
|
|
user_profile.is_mirror_dummy = True
|
|
|
|
user_profile.is_active = True
|
|
|
|
user_profile.save()
|
|
|
|
|
2017-11-27 00:58:56 +01:00
|
|
|
with self.assertRaisesRegex(AssertionError, "Mirror dummy user is already active!"):
|
|
|
|
self.client_post('/register/', {'email': email}, subdomain="zephyr")
|
2017-03-18 20:36:40 +01:00
|
|
|
|
2019-03-13 18:26:01 +01:00
|
|
|
@override_settings(TERMS_OF_SERVICE=False)
|
|
|
|
def test_dev_user_registration(self) -> None:
|
|
|
|
"""Verify that /devtools/register_user creates a new user, logs them
|
|
|
|
in, and redirects to the logged-in app."""
|
|
|
|
count = UserProfile.objects.count()
|
|
|
|
email = "user-%d@zulip.com" % (count,)
|
|
|
|
|
|
|
|
result = self.client_post('/devtools/register_user/')
|
|
|
|
user_profile = UserProfile.objects.all().order_by("id").last()
|
|
|
|
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2020-03-12 14:17:25 +01:00
|
|
|
self.assertEqual(user_profile.delivery_email, email)
|
2019-03-13 18:26:01 +01:00
|
|
|
self.assertEqual(result['Location'], "http://zulip.testserver/")
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2019-03-13 18:26:01 +01:00
|
|
|
|
|
|
|
@override_settings(TERMS_OF_SERVICE=False)
|
|
|
|
def test_dev_user_registration_create_realm(self) -> None:
|
|
|
|
count = UserProfile.objects.count()
|
|
|
|
string_id = "realm-%d" % (count,)
|
|
|
|
|
|
|
|
result = self.client_post('/devtools/register_realm/')
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertTrue(result["Location"].startswith(
|
|
|
|
'http://{}.testserver/accounts/login/subdomain'.format(string_id)))
|
|
|
|
result = self.client_get(result["Location"], subdomain=string_id)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result["Location"], 'http://{}.testserver'.format(string_id))
|
|
|
|
|
|
|
|
user_profile = UserProfile.objects.all().order_by("id").last()
|
2019-05-26 22:12:46 +02:00
|
|
|
self.assert_logged_in_user_id(user_profile.id)
|
2019-03-13 18:26:01 +01:00
|
|
|
|
2016-10-13 20:09:32 +02:00
|
|
|
class DeactivateUserTest(ZulipTestCase):
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_deactivate_user(self) -> None:
|
2017-05-07 17:21:26 +02:00
|
|
|
user = self.example_user('hamlet')
|
2020-03-06 18:40:46 +01:00
|
|
|
email = user.email
|
|
|
|
self.login_user(user)
|
2016-10-13 20:09:32 +02:00
|
|
|
self.assertTrue(user.is_active)
|
|
|
|
result = self.client_delete('/json/users/me')
|
|
|
|
self.assert_json_success(result)
|
2017-05-07 17:21:26 +02:00
|
|
|
user = self.example_user('hamlet')
|
2016-10-13 20:09:32 +02:00
|
|
|
self.assertFalse(user.is_active)
|
2020-03-06 18:40:46 +01:00
|
|
|
password = initial_password(email)
|
|
|
|
self.assert_login_failure(email, password=password)
|
2016-10-13 20:09:32 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_do_not_deactivate_final_admin(self) -> None:
|
2017-05-07 17:21:26 +02:00
|
|
|
user = self.example_user('iago')
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user)
|
2016-10-13 20:09:32 +02:00
|
|
|
self.assertTrue(user.is_active)
|
2016-12-05 06:40:00 +01:00
|
|
|
result = self.client_delete('/json/users/me')
|
2018-08-21 08:14:46 +02:00
|
|
|
self.assert_json_error(result, "Cannot deactivate the only organization administrator.")
|
2017-05-07 17:21:26 +02:00
|
|
|
user = self.example_user('iago')
|
2016-10-13 20:09:32 +02:00
|
|
|
self.assertTrue(user.is_active)
|
|
|
|
self.assertTrue(user.is_realm_admin)
|
2017-05-07 17:21:26 +02:00
|
|
|
user_2 = self.example_user('hamlet')
|
2016-10-13 20:09:32 +02:00
|
|
|
do_change_is_admin(user_2, True)
|
|
|
|
self.assertTrue(user_2.is_realm_admin)
|
|
|
|
result = self.client_delete('/json/users/me')
|
|
|
|
self.assert_json_success(result)
|
|
|
|
do_change_is_admin(user, True)
|
2017-03-08 12:38:56 +01:00
|
|
|
|
2018-08-21 08:14:46 +02:00
|
|
|
def test_do_not_deactivate_final_user(self) -> None:
|
|
|
|
realm = get_realm('zulip')
|
2019-10-05 02:35:07 +02:00
|
|
|
UserProfile.objects.filter(realm=realm).exclude(
|
|
|
|
role=UserProfile.ROLE_REALM_ADMINISTRATOR).update(is_active=False)
|
2020-03-06 18:40:46 +01:00
|
|
|
user = self.example_user("iago")
|
|
|
|
self.login_user(user)
|
2018-08-21 08:14:46 +02:00
|
|
|
result = self.client_delete('/json/users/me')
|
|
|
|
self.assert_json_error(result, "Cannot deactivate the only user.")
|
|
|
|
|
2017-03-08 12:38:56 +01:00
|
|
|
class TestLoginPage(ZulipTestCase):
|
|
|
|
@patch('django.http.HttpRequest.get_host')
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login_page_redirects_for_root_alias(self, mock_get_host: MagicMock) -> None:
|
2017-03-08 12:38:56 +01:00
|
|
|
mock_get_host.return_value = 'www.testserver'
|
2017-08-25 05:18:28 +02:00
|
|
|
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True):
|
2017-03-08 12:38:56 +01:00
|
|
|
result = self.client_get("/en/login/")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2018-08-25 16:21:59 +02:00
|
|
|
self.assertEqual(result.url, '/accounts/go/')
|
|
|
|
|
|
|
|
result = self.client_get("/en/login/?next=/upgrade/")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result.url, '/accounts/go/?next=%2Fupgrade%2F')
|
2017-03-08 12:38:56 +01:00
|
|
|
|
|
|
|
@patch('django.http.HttpRequest.get_host')
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login_page_redirects_for_root_domain(self, mock_get_host: MagicMock) -> None:
|
2017-03-08 12:38:56 +01:00
|
|
|
mock_get_host.return_value = 'testserver'
|
2017-08-25 05:18:28 +02:00
|
|
|
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True):
|
2017-03-08 12:38:56 +01:00
|
|
|
result = self.client_get("/en/login/")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2018-08-25 16:21:59 +02:00
|
|
|
self.assertEqual(result.url, '/accounts/go/')
|
|
|
|
|
|
|
|
result = self.client_get("/en/login/?next=/upgrade/")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result.url, '/accounts/go/?next=%2Fupgrade%2F')
|
2017-03-08 12:38:56 +01:00
|
|
|
|
|
|
|
mock_get_host.return_value = 'www.testserver.com'
|
2017-08-25 05:18:28 +02:00
|
|
|
with self.settings(ROOT_DOMAIN_LANDING_PAGE=True,
|
2017-03-08 12:38:56 +01:00
|
|
|
EXTERNAL_HOST='www.testserver.com',
|
|
|
|
ROOT_SUBDOMAIN_ALIASES=['test']):
|
|
|
|
result = self.client_get("/en/login/")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2018-08-25 16:21:59 +02:00
|
|
|
self.assertEqual(result.url, '/accounts/go/')
|
|
|
|
|
|
|
|
result = self.client_get("/en/login/?next=/upgrade/")
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result.url, '/accounts/go/?next=%2Fupgrade%2F')
|
2017-03-08 12:38:56 +01:00
|
|
|
|
|
|
|
@patch('django.http.HttpRequest.get_host')
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_login_page_works_without_subdomains(self, mock_get_host: MagicMock) -> None:
|
2017-03-08 12:38:56 +01:00
|
|
|
mock_get_host.return_value = 'www.testserver'
|
|
|
|
with self.settings(ROOT_SUBDOMAIN_ALIASES=['www']):
|
|
|
|
result = self.client_get("/en/login/")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
mock_get_host.return_value = 'testserver'
|
|
|
|
with self.settings(ROOT_SUBDOMAIN_ALIASES=['www']):
|
|
|
|
result = self.client_get("/en/login/")
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
class TestFindMyTeam(ZulipTestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_template(self) -> None:
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_get('/accounts/find/')
|
2017-08-28 23:27:16 +02:00
|
|
|
self.assertIn("Find your Zulip accounts", result.content.decode('utf8'))
|
2017-03-08 12:38:56 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_result(self) -> None:
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/',
|
2017-08-25 08:10:12 +02:00
|
|
|
dict(emails="iago@zulip.com,cordelia@zulip.com"))
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-08-28 23:36:57 +02:00
|
|
|
self.assertEqual(result.url, "/accounts/find/?emails=iago%40zulip.com%2Ccordelia%40zulip.com")
|
2017-08-25 08:10:12 +02:00
|
|
|
result = self.client_get(result.url)
|
2017-03-08 12:38:56 +01:00
|
|
|
content = result.content.decode('utf8')
|
|
|
|
self.assertIn("Emails sent! You will only receive emails", content)
|
2017-05-25 01:44:04 +02:00
|
|
|
self.assertIn(self.example_email("iago"), content)
|
2017-05-25 01:50:35 +02:00
|
|
|
self.assertIn(self.example_email("cordelia"), content)
|
2017-08-25 08:10:12 +02:00
|
|
|
from django.core.mail import outbox
|
2017-11-28 03:29:56 +01:00
|
|
|
# 3 = 1 + 2 -- Cordelia gets an email each for the "zulip" and "lear" realms.
|
|
|
|
self.assertEqual(len(outbox), 3)
|
2017-03-08 12:38:56 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_find_team_ignore_invalid_email(self) -> None:
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/',
|
2017-08-25 08:10:12 +02:00
|
|
|
dict(emails="iago@zulip.com,invalid_email@zulip.com"))
|
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-08-28 23:36:57 +02:00
|
|
|
self.assertEqual(result.url, "/accounts/find/?emails=iago%40zulip.com%2Cinvalid_email%40zulip.com")
|
2017-08-25 08:10:12 +02:00
|
|
|
result = self.client_get(result.url)
|
2017-03-11 20:12:01 +01:00
|
|
|
content = result.content.decode('utf8')
|
|
|
|
self.assertIn("Emails sent! You will only receive emails", content)
|
2017-05-25 01:44:04 +02:00
|
|
|
self.assertIn(self.example_email("iago"), content)
|
2017-08-25 08:10:12 +02:00
|
|
|
self.assertIn("invalid_email@", content)
|
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 1)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_find_team_reject_invalid_email(self) -> None:
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/',
|
2017-08-25 08:10:12 +02:00
|
|
|
dict(emails="invalid_string"))
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assertIn(b"Enter a valid email", result.content)
|
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
2017-03-11 20:12:01 +01:00
|
|
|
|
2017-08-25 08:30:33 +02:00
|
|
|
# Just for coverage on perhaps-unnecessary validation code.
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_get('/accounts/find/?emails=invalid')
|
2017-08-25 08:30:33 +02:00
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_find_team_zero_emails(self) -> None:
|
2017-03-08 12:38:56 +01:00
|
|
|
data = {'emails': ''}
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/', data)
|
2017-03-08 12:38:56 +01:00
|
|
|
self.assertIn('This field is required', result.content.decode('utf8'))
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2017-08-25 08:10:12 +02:00
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
2017-03-08 12:38:56 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_find_team_one_email(self) -> None:
|
2017-05-25 01:40:26 +02:00
|
|
|
data = {'emails': self.example_email("hamlet")}
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/', data)
|
2017-03-08 12:38:56 +01:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-08-28 23:36:57 +02:00
|
|
|
self.assertEqual(result.url, '/accounts/find/?emails=hamlet%40zulip.com')
|
2017-08-25 08:10:12 +02:00
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 1)
|
2017-03-08 12:38:56 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_find_team_deactivated_user(self) -> None:
|
2017-08-25 08:14:55 +02:00
|
|
|
do_deactivate_user(self.example_user("hamlet"))
|
|
|
|
data = {'emails': self.example_email("hamlet")}
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/', data)
|
2017-08-25 08:14:55 +02:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-08-28 23:36:57 +02:00
|
|
|
self.assertEqual(result.url, '/accounts/find/?emails=hamlet%40zulip.com')
|
2017-08-25 08:14:55 +02:00
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_find_team_deactivated_realm(self) -> None:
|
2017-08-25 08:14:55 +02:00
|
|
|
do_deactivate_realm(get_realm("zulip"))
|
|
|
|
data = {'emails': self.example_email("hamlet")}
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/', data)
|
2017-08-25 08:14:55 +02:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-08-28 23:36:57 +02:00
|
|
|
self.assertEqual(result.url, '/accounts/find/?emails=hamlet%40zulip.com')
|
2017-08-25 08:14:55 +02:00
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_find_team_bot_email(self) -> None:
|
2017-08-25 08:14:55 +02:00
|
|
|
data = {'emails': self.example_email("webhook_bot")}
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/', data)
|
2017-08-25 08:14:55 +02:00
|
|
|
self.assertEqual(result.status_code, 302)
|
2017-08-28 23:36:57 +02:00
|
|
|
self.assertEqual(result.url, '/accounts/find/?emails=webhook-bot%40zulip.com')
|
2017-08-25 08:14:55 +02:00
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_find_team_more_than_ten_emails(self) -> None:
|
2017-03-08 12:38:56 +01:00
|
|
|
data = {'emails': ','.join(['hamlet-{}@zulip.com'.format(i) for i in range(11)])}
|
2017-08-28 23:36:57 +02:00
|
|
|
result = self.client_post('/accounts/find/', data)
|
2017-03-08 12:38:56 +01:00
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assertIn("Please enter at most 10", result.content.decode('utf8'))
|
2017-08-25 08:10:12 +02:00
|
|
|
from django.core.mail import outbox
|
|
|
|
self.assertEqual(len(outbox), 0)
|
2017-03-11 20:12:01 +01:00
|
|
|
|
|
|
|
class ConfirmationKeyTest(ZulipTestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_confirmation_key(self) -> None:
|
2017-03-11 20:12:01 +01:00
|
|
|
request = MagicMock()
|
|
|
|
request.session = {
|
|
|
|
'confirmation_key': {'confirmation_key': 'xyzzy'}
|
|
|
|
}
|
|
|
|
result = confirmation_key(request)
|
|
|
|
self.assert_json_success(result)
|
|
|
|
self.assert_in_response('xyzzy', result)
|
2017-04-27 22:58:53 +02:00
|
|
|
|
|
|
|
class MobileAuthOTPTest(ZulipTestCase):
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_xor_hex_strings(self) -> None:
|
2017-04-27 22:58:53 +02:00
|
|
|
self.assertEqual(xor_hex_strings('1237c81ab', '18989fd12'), '0aaf57cb9')
|
|
|
|
with self.assertRaises(AssertionError):
|
|
|
|
xor_hex_strings('1', '31')
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_is_valid_otp(self) -> None:
|
2017-04-27 22:58:53 +02:00
|
|
|
self.assertEqual(is_valid_otp('1234'), False)
|
|
|
|
self.assertEqual(is_valid_otp('1234abcd' * 8), True)
|
|
|
|
self.assertEqual(is_valid_otp('1234abcZ' * 8), False)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_ascii_to_hex(self) -> None:
|
2017-04-27 22:58:53 +02:00
|
|
|
self.assertEqual(ascii_to_hex('ZcdR1234'), '5a63645231323334')
|
|
|
|
self.assertEqual(hex_to_ascii('5a63645231323334'), 'ZcdR1234')
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_otp_encrypt_api_key(self) -> None:
|
2018-08-01 11:45:52 +02:00
|
|
|
api_key = '12ac' * 8
|
2017-04-27 22:58:53 +02:00
|
|
|
otp = '7be38894' * 8
|
2018-08-01 11:45:52 +02:00
|
|
|
result = otp_encrypt_api_key(api_key, otp)
|
2017-04-27 22:58:53 +02:00
|
|
|
self.assertEqual(result, '4ad1e9f7' * 8)
|
|
|
|
|
|
|
|
decryped = otp_decrypt_api_key(result, otp)
|
2018-08-01 11:45:52 +02:00
|
|
|
self.assertEqual(decryped, api_key)
|
2017-04-20 08:25:15 +02:00
|
|
|
|
2017-11-02 14:11:48 +01:00
|
|
|
class FollowupEmailTest(ZulipTestCase):
|
|
|
|
def test_followup_day2_email(self) -> None:
|
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
# Test date_joined == Sunday
|
|
|
|
user_profile.date_joined = datetime.datetime(2018, 1, 7, 1, 0, 0, 0, pytz.UTC)
|
|
|
|
self.assertEqual(followup_day2_email_delay(user_profile), datetime.timedelta(days=2, hours=-1))
|
|
|
|
# Test date_joined == Tuesday
|
|
|
|
user_profile.date_joined = datetime.datetime(2018, 1, 2, 1, 0, 0, 0, pytz.UTC)
|
|
|
|
self.assertEqual(followup_day2_email_delay(user_profile), datetime.timedelta(days=2, hours=-1))
|
|
|
|
# Test date_joined == Thursday
|
|
|
|
user_profile.date_joined = datetime.datetime(2018, 1, 4, 1, 0, 0, 0, pytz.UTC)
|
|
|
|
self.assertEqual(followup_day2_email_delay(user_profile), datetime.timedelta(days=1, hours=-1))
|
|
|
|
# Test date_joined == Friday
|
|
|
|
user_profile.date_joined = datetime.datetime(2018, 1, 5, 1, 0, 0, 0, pytz.UTC)
|
|
|
|
self.assertEqual(followup_day2_email_delay(user_profile), datetime.timedelta(days=3, hours=-1))
|
|
|
|
|
|
|
|
# Time offset of America/Phoenix is -07:00
|
|
|
|
user_profile.timezone = 'America/Phoenix'
|
|
|
|
# Test date_joined == Friday in UTC, but Thursday in the user's timezone
|
|
|
|
user_profile.date_joined = datetime.datetime(2018, 1, 5, 1, 0, 0, 0, pytz.UTC)
|
|
|
|
self.assertEqual(followup_day2_email_delay(user_profile), datetime.timedelta(days=1, hours=-1))
|
2017-07-13 13:42:57 +02:00
|
|
|
|
2018-06-08 11:06:18 +02:00
|
|
|
class NoReplyEmailTest(ZulipTestCase):
|
|
|
|
def test_noreply_email_address(self) -> None:
|
|
|
|
self.assertTrue(re.search(self.TOKENIZED_NOREPLY_REGEX, FromAddress.tokenized_no_reply_address()))
|
|
|
|
|
|
|
|
with self.settings(ADD_TOKENS_TO_NOREPLY_ADDRESS=False):
|
|
|
|
self.assertEqual(FromAddress.tokenized_no_reply_address(), "noreply@testserver")
|
|
|
|
|
2017-07-13 13:42:57 +02:00
|
|
|
class TwoFactorAuthTest(ZulipTestCase):
|
|
|
|
@patch('two_factor.models.totp')
|
|
|
|
def test_two_factor_login(self, mock_totp):
|
|
|
|
# type: (MagicMock) -> None
|
|
|
|
token = 123456
|
|
|
|
email = self.example_email('hamlet')
|
2020-02-19 19:40:49 +01:00
|
|
|
password = self.ldap_password('hamlet')
|
2017-07-13 13:42:57 +02:00
|
|
|
|
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
user_profile.set_password(password)
|
|
|
|
user_profile.save()
|
|
|
|
self.create_default_device(user_profile)
|
|
|
|
|
|
|
|
def totp(*args, **kwargs):
|
|
|
|
# type: (*Any, **Any) -> int
|
|
|
|
return token
|
|
|
|
|
|
|
|
mock_totp.side_effect = totp
|
|
|
|
|
|
|
|
with self.settings(AUTHENTICATION_BACKENDS=('zproject.backends.EmailAuthBackend',),
|
|
|
|
TWO_FACTOR_CALL_GATEWAY='two_factor.gateways.fake.Fake',
|
|
|
|
TWO_FACTOR_SMS_GATEWAY='two_factor.gateways.fake.Fake',
|
|
|
|
TWO_FACTOR_AUTHENTICATION_ENABLED=True):
|
|
|
|
|
|
|
|
first_step_data = {"username": email,
|
|
|
|
"password": password,
|
|
|
|
"two_factor_login_view-current_step": "auth"}
|
|
|
|
result = self.client_post("/accounts/login/", first_step_data)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
second_step_data = {"token-otp_token": str(token),
|
|
|
|
"two_factor_login_view-current_step": "token"}
|
|
|
|
result = self.client_post("/accounts/login/", second_step_data)
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result["Location"], "http://zulip.testserver")
|
|
|
|
|
|
|
|
# Going to login page should redirect to '/' if user is already
|
|
|
|
# logged in.
|
|
|
|
result = self.client_get('/accounts/login/')
|
|
|
|
self.assertEqual(result["Location"], "http://zulip.testserver")
|
2018-08-12 03:43:31 +02:00
|
|
|
|
|
|
|
class NameRestrictionsTest(ZulipTestCase):
|
|
|
|
def test_whitelisted_disposable_domains(self) -> None:
|
|
|
|
self.assertFalse(is_disposable_domain('OPayQ.com'))
|
2018-08-25 14:06:17 +02:00
|
|
|
|
|
|
|
class RealmRedirectTest(ZulipTestCase):
|
|
|
|
def test_realm_redirect_without_next_param(self) -> None:
|
|
|
|
result = self.client_get("/accounts/go/")
|
2018-12-06 11:38:20 +01:00
|
|
|
self.assert_in_success_response(["Enter your organization's Zulip URL"], result)
|
2018-08-25 14:06:17 +02:00
|
|
|
|
|
|
|
result = self.client_post("/accounts/go/", {"subdomain": "zephyr"})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result["Location"], "http://zephyr.testserver")
|
|
|
|
|
|
|
|
result = self.client_post("/accounts/go/", {"subdomain": "invalid"})
|
|
|
|
self.assert_in_success_response(["We couldn't find that Zulip organization."], result)
|
|
|
|
|
|
|
|
def test_realm_redirect_with_next_param(self) -> None:
|
|
|
|
result = self.client_get("/accounts/go/?next=billing")
|
2018-12-06 11:38:20 +01:00
|
|
|
self.assert_in_success_response(["Enter your organization's Zulip URL", 'action="/accounts/go/?next=billing"'], result)
|
2018-08-25 14:06:17 +02:00
|
|
|
|
|
|
|
result = self.client_post("/accounts/go/?next=billing", {"subdomain": "lear"})
|
|
|
|
self.assertEqual(result.status_code, 302)
|
|
|
|
self.assertEqual(result["Location"], "http://lear.testserver/billing")
|