Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver/tests/test_email_change.py

299 lines
12 KiB
Python
Raw Normal View History

change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
import datetime
css: Fix spilling out of long email on email change confirmation. In the email change confirmation page, now long emails break to multiple lines instead of spilling out. Fixes #23654.
2022-11-27 23:09:11 +01:00
from email.headerregistry import Address
test_email_change: User create_confirmation_link for url. This is a prep refactor, instead of creating Confirmation object and using `confirmation_url` for generating confirmation link/url, using `create_confirmation_link` would be a cleaner approach, also this can help us avoid failing test in case Confirmation model is changed. Part of #16359.
2021-04-05 18:41:59 +02:00
from unittest import mock
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
email: Set an envelope-from which may be different from the From: field. The envelope-from is used by the MTA if the destination address is not deliverable. Route all such mail to the noreply address.
2021-01-26 04:20:36 +01:00
from django.conf import settings
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
from django.core import mail
css: Fix spilling out of long email on email change confirmation. In the email change confirmation page, now long emails break to multiple lines instead of spilling out. Fixes #23654.
2022-11-27 23:09:11 +01:00
from django.utils.html import escape
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
from django.utils.timezone import now
test_email_change: User create_confirmation_link for url. This is a prep refactor, instead of creating Confirmation object and using `confirmation_url` for generating confirmation link/url, using `create_confirmation_link` would be a cleaner approach, also this can help us avoid failing test in case Confirmation model is changed. Part of #16359.
2021-04-05 18:41:59 +02:00
from confirmation.models import (
Confirmation,
confirmation_url,
create_confirmation_link,
generate_key,
)
confirmation: Prevent re-use of email change links. The .status value of EmailChangeStatus was not being looked at anywhere to prevent re-use of email change confirmation links. This is not a security issue, since the EmailChangeStatus object has a fixed value for the new_email, while the confirmation link has expiry time of 1 day, which prevents any reasonable malicious scenarios. We fix this by making get_object_from_key look at confirmation.content_object.status - which applies generally to all confirmations where the attached object has the .status attribute. This is desired, because we never want to successfully get_object_from_key an object that has already been used or reused. This makes the prereg_user.status check in check_prereg_key redundant so it can be deleted.
2022-07-25 19:55:35 +02:00
from zerver.actions.create_user import do_reactivate_user
actions: Split out zerver.actions.realm_settings. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:57:15 +02:00
from zerver.actions.realm_settings import do_deactivate_realm, do_set_realm_property
settings: Add backend code for using user email_address_visibility setting. This commits update the code to use user-level email_address_visibility setting instead of realm-level to set or update the value of UserProfile.email field and to send the emails to clients. Major changes are - - UserProfile.email field is set while creating the user according to RealmUserDefault.email_address_visbility. - UserProfile.email field is updated according to change in the setting. - 'email_address_visibility' is added to person objects in user add event and in avatar change event. - client_gravatar can be different for different users when computing avatar_url for messages and user objects since email available to clients is dependent on user-level setting. - For bots, email_address_visibility is set to EVERYONE while creating them irrespective of realm-default value. - Test changes are basically setting user-level setting instead of realm setting and modifying the checks accordingly.
2021-10-26 09:15:16 +02:00
from zerver.actions.user_settings import do_change_user_setting, do_start_email_change_process
actions: Split out zerver.actions.users. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-14 23:48:28 +02:00
from zerver.actions.users import do_deactivate_user
python: Sort imports with isort. Fixes #2665. Regenerated by tabbott with `lint --fix` after a rebase and change in parameters. Note from tabbott: In a few cases, this converts technical debt in the form of unsorted imports into different technical debt in the form of our largest files having very long, ugly import sequences at the start. I expect this change will increase pressure for us to split those files, which isn't a bad thing. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-11 00:54:34 +02:00
from zerver.lib.test_classes import ZulipTestCase
from zerver.models import (
EmailChangeStatus,
UserProfile,
get_realm,
get_user,
get_user_by_delivery_email,
get_user_profile_by_id,
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
)
class EmailChangeTestCase(ZulipTestCase):
test_email_change: Extract generate_email_change_link helper.
2022-07-25 19:22:41 +02:00
def generate_email_change_link(self, new_email: str) -> str:
data = {"email": new_email}
url = "/json/settings"
self.assert_length(mail.outbox, 0)
result = self.client_patch(url, data)
self.assert_length(mail.outbox, 1)
self.assert_json_success(result)
email_message = mail.outbox[0]
self.assertEqual(
email_message.subject,
"Verify your new email address",
)
body = email_message.body
self.assertIn("We received a request to change the email", body)
mail.outbox.pop()
activation_url = [s for s in body.split("\n") if s][2]
return activation_url
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_confirm_email_change_with_non_existent_key(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
key = generate_key()
confirmation: Pass realm rather than host to confirmation_url. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-14 01:36:12 +02:00
url = confirmation_url(key, None, Confirmation.EMAIL_CHANGE)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
response = self.client_get(url)
confirmation: Use error status codes for confirmation link error pages.
2021-11-30 12:51:22 +01:00
self.assertEqual(response.status_code, 404)
self.assert_in_response(
"Whoops. We couldn't find your confirmation link in the system.", response
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_confirm_email_change_with_invalid_key(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.login("hamlet")
key = "invalid_key"
confirmation: Pass realm rather than host to confirmation_url. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-14 01:36:12 +02:00
url = confirmation_url(key, None, Confirmation.EMAIL_CHANGE)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
response = self.client_get(url)
confirmation: Use error status codes for confirmation link error pages.
2021-11-30 12:51:22 +01:00
self.assertEqual(response.status_code, 404)
self.assert_in_response("Whoops. The confirmation link is malformed.", response)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_confirm_email_change_when_time_exceeded(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
tests: Use example_user() in more places.
2017-05-07 21:25:59 +02:00
old_email = user_profile.email
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
new_email = "hamlet-new@zulip.com"
self.login("hamlet")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
obj = EmailChangeStatus.objects.create(
new_email=new_email,
old_email=old_email,
user_profile=user_profile,
realm=user_profile.realm,
)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
date_sent = now() - datetime.timedelta(days=2)
test_email_change: User create_confirmation_link for url. This is a prep refactor, instead of creating Confirmation object and using `confirmation_url` for generating confirmation link/url, using `create_confirmation_link` would be a cleaner approach, also this can help us avoid failing test in case Confirmation model is changed. Part of #16359.
2021-04-05 18:41:59 +02:00
with mock.patch("confirmation.models.timezone_now", return_value=date_sent):
url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
response = self.client_get(url)
confirmation: Use error status codes for confirmation link error pages.
2021-11-30 12:51:22 +01:00
self.assertEqual(response.status_code, 404)
self.assert_in_response("The confirmation link has expired or been deactivated.", response)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_confirm_email_change(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
populate_db, tests: Restrict emails in zulip realm. We now restrict emails on the zulip realm, and now `email` and `delivery_email` will be different for users. This change should make it more likely to catch errors where we leak delivery emails or use the wrong field for lookups.
2020-03-12 13:51:54 +01:00
old_email = user_profile.delivery_email
css: Fix spilling out of long email on email change confirmation. In the email change confirmation page, now long emails break to multiple lines instead of spilling out. Fixes #23654.
2022-11-27 23:09:11 +01:00
new_email = '"<li>hamlet-new<li>"@zulip.com'
new_email_address = Address(addr_spec=new_email)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
new_realm = get_realm("zulip")
self.login("hamlet")
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
obj = EmailChangeStatus.objects.create(
new_email=new_email,
old_email=old_email,
user_profile=user_profile,
realm=user_profile.realm,
)
test_email_change: User create_confirmation_link for url. This is a prep refactor, instead of creating Confirmation object and using `confirmation_url` for generating confirmation link/url, using `create_confirmation_link` would be a cleaner approach, also this can help us avoid failing test in case Confirmation model is changed. Part of #16359.
2021-04-05 18:41:59 +02:00
url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
response = self.client_get(url)
admin: Added realm option to prevent users from changing their email. A realm option to prevent users from changing their email address is added. Fixes #3777.
2017-03-04 06:39:45 +01:00
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
self.assertEqual(response.status_code, 200)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assert_in_success_response(
css: Fix spilling out of long email on email change confirmation. In the email change confirmation page, now long emails break to multiple lines instead of spilling out. Fixes #23654.
2022-11-27 23:09:11 +01:00
[
"This confirms that the email address for your Zulip",
f'<a href="mailto:{escape(new_email)}">{escape(new_email_address.username)}@<wbr>{escape(new_email_address.domain)}</wbr></a>',
],
response,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
email: Support delivery email in email change system.
2018-08-02 08:47:13 +02:00
user_profile = get_user_by_delivery_email(new_email, new_realm)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
self.assertTrue(bool(user_profile))
obj.refresh_from_db()
self.assertEqual(obj.status, 1)
confirmation: Prevent re-use of email change links. The .status value of EmailChangeStatus was not being looked at anywhere to prevent re-use of email change confirmation links. This is not a security issue, since the EmailChangeStatus object has a fixed value for the new_email, while the confirmation link has expiry time of 1 day, which prevents any reasonable malicious scenarios. We fix this by making get_object_from_key look at confirmation.content_object.status - which applies generally to all confirmations where the attached object has the .status attribute. This is desired, because we never want to successfully get_object_from_key an object that has already been used or reused. This makes the prereg_user.status check in check_prereg_key redundant so it can be deleted.
2022-07-25 19:55:35 +02:00
def test_change_email_link_cant_be_reused(self) -> None:
new_email = "hamlet-new@zulip.com"
user_profile = self.example_user("hamlet")
self.login_user(user_profile)
activation_url = self.generate_email_change_link(new_email)
response = self.client_get(activation_url)
self.assertEqual(response.status_code, 200)
user_profile.refresh_from_db()
self.assertEqual(user_profile.delivery_email, new_email)
response = self.client_get(activation_url)
self.assertEqual(response.status_code, 404)
email_change: Show deactivated page if realm is now deactivated. We also catch if the user is now deactivated.
2021-11-04 00:18:32 +01:00
def test_change_email_deactivated_user_realm(self) -> None:
test_email_change: Extract generate_email_change_link helper.
2022-07-25 19:22:41 +02:00
new_email = "hamlet-new@zulip.com"
email_change: Show deactivated page if realm is now deactivated. We also catch if the user is now deactivated.
2021-11-04 00:18:32 +01:00
user_profile = self.example_user("hamlet")
self.login_user(user_profile)
test_email_change: Extract generate_email_change_link helper.
2022-07-25 19:22:41 +02:00
activation_url = self.generate_email_change_link(new_email)
email_change: Show deactivated page if realm is now deactivated. We also catch if the user is now deactivated.
2021-11-04 00:18:32 +01:00
do_deactivate_user(user_profile, acting_user=None)
response = self.client_get(activation_url)
self.assertEqual(response.status_code, 401)
confirmation: Prevent re-use of email change links. The .status value of EmailChangeStatus was not being looked at anywhere to prevent re-use of email change confirmation links. This is not a security issue, since the EmailChangeStatus object has a fixed value for the new_email, while the confirmation link has expiry time of 1 day, which prevents any reasonable malicious scenarios. We fix this by making get_object_from_key look at confirmation.content_object.status - which applies generally to all confirmations where the attached object has the .status attribute. This is desired, because we never want to successfully get_object_from_key an object that has already been used or reused. This makes the prereg_user.status check in check_prereg_key redundant so it can be deleted.
2022-07-25 19:55:35 +02:00
do_reactivate_user(user_profile, acting_user=None)
self.login_user(user_profile)
activation_url = self.generate_email_change_link(new_email)
email_change: Show deactivated page if realm is now deactivated. We also catch if the user is now deactivated.
2021-11-04 00:18:32 +01:00
do_deactivate_realm(user_profile.realm, acting_user=None)
response = self.client_get(activation_url)
self.assertEqual(response.status_code, 302)
self.assertTrue(response["Location"].endswith("/accounts/deactivated/"))
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_start_email_change_process(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
do_start_email_change_process(user_profile, "hamlet-new@zulip.com")
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
self.assertEqual(EmailChangeStatus.objects.count(), 1)
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_end_to_end_flow(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
data = {"email": "hamlet-new@zulip.com"}
self.login("hamlet")
url = "/json/settings"
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(mail.outbox, 0)
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
result = self.client_patch(url, data)
api: Remove "full_name" and "account_email" from response of '/settings'. We remove the "full_name" and "account_email" fields from the response of 'PATCH /settings' endpoint. These fields were part of the response to make sure that we tell that the parameters not present in response were ignored. We can remove these fields as 'ignored_parameters_unsupported' now specifies which parameters were ignored and not supported by the endpoint.
2021-07-15 18:31:34 +02:00
self.assert_json_success(result)
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(mail.outbox, 1)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
email_message = mail.outbox[0]
self.assertEqual(
email_message.subject,
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
"Verify your new email address",
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
)
body = email_message.body
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
self.assertIn("We received a request to change the email", body)
email: Set an envelope-from which may be different from the From: field. The envelope-from is used by the MTA if the destination address is not deliverable. Route all such mail to the noreply address.
2021-01-26 04:20:36 +01:00
self.assertEqual(self.email_envelope_from(email_message), settings.NOREPLY_EMAIL_ADDRESS)
email: Migrate to new Python ≥ 3.3 email API. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-05 23:26:35 +02:00
self.assertRegex(
email: Set an envelope-from which may be different from the From: field. The envelope-from is used by the MTA if the destination address is not deliverable. Route all such mail to the noreply address.
2021-01-26 04:20:36 +01:00
self.email_display_from(email_message),
python: Reformat with Black 22 (stable). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-02-15 23:45:41 +01:00
rf"^Zulip Account Security <{self.TOKENIZED_NOREPLY_REGEX}>\Z",
email: Migrate to new Python ≥ 3.3 email API. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-05 23:26:35 +02:00
)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
emails: Add a custom header specifying the organization when possible. Closes #15135.
2020-06-14 13:32:38 +02:00
self.assertEqual(email_message.extra_headers["List-Id"], "Zulip Dev <zulip.testserver>")
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
activation_url = [s for s in body.split("\n") if s][2]
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
response = self.client_get(activation_url)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assert_in_success_response(["This confirms that the email address"], response)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
Fix changing email addresses back after email change. We apparently were not correctly clearing the user_profile's email address from caches when changing email addresses, which meant that trying to look up the old email in the user_profile caches would still work. Fixes #6035.
2017-08-05 19:42:59 +02:00
# Now confirm trying to change your email back doesn't throw an immediate error
result = self.client_patch(url, {"email": "hamlet@zulip.com"})
api: Remove "full_name" and "account_email" from response of '/settings'. We remove the "full_name" and "account_email" fields from the response of 'PATCH /settings' endpoint. These fields were part of the response to make sure that we tell that the parameters not present in response were ignored. We can remove these fields as 'ignored_parameters_unsupported' now specifies which parameters were ignored and not supported by the endpoint.
2021-07-15 18:31:34 +02:00
self.assert_json_success(result)
Fix changing email addresses back after email change. We apparently were not correctly clearing the user_profile's email address from caches when changing email addresses, which meant that trying to look up the old email in the user_profile caches would still work. Fixes #6035.
2017-08-05 19:42:59 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_unauthorized_email_change(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
data = {"email": "hamlet-new@zulip.com"}
user_profile = self.example_user("hamlet")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_profile)
refactor: Make acting_user a mandatory kwarg for do_set_realm_property.
2021-03-01 11:33:24 +01:00
do_set_realm_property(
user_profile.realm,
"email_changes_disabled",
True,
acting_user=None,
)
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
url = "/json/settings"
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
result = self.client_patch(url, data)
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(mail.outbox, 0)
admin: Added realm option to prevent users from changing their email. A realm option to prevent users from changing their email address is added. Fixes #3777.
2017-03-04 06:39:45 +01:00
self.assertEqual(result.status_code, 400)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assert_in_response("Email address changes are disabled in this organization.", result)
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
# Realm admins can change their email address even setting is disabled.
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
data = {"email": "iago-new@zulip.com"}
self.login("iago")
url = "/json/settings"
settings: Allow admin to change email/name even if it is disabled in realm. Allow realm admin users to change their email or name even, changing name or email is disabled in realm.
2018-02-02 16:54:26 +01:00
result = self.client_patch(url, data)
api: Remove "full_name" and "account_email" from response of '/settings'. We remove the "full_name" and "account_email" fields from the response of 'PATCH /settings' endpoint. These fields were part of the response to make sure that we tell that the parameters not present in response were ignored. We can remove these fields as 'ignored_parameters_unsupported' now specifies which parameters were ignored and not supported by the endpoint.
2021-07-15 18:31:34 +02:00
self.assert_json_success(result)
admin: Added realm option to prevent users from changing their email. A realm option to prevent users from changing their email address is added. Fixes #3777.
2017-03-04 06:39:45 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_email_change_already_taken(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
data = {"email": "cordelia@zulip.com"}
user_profile = self.example_user("hamlet")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_profile)
test_email_change: Cover the case of email already existing. This fixes master failing tests.
2017-09-26 20:15:37 +02:00
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
url = "/json/settings"
test_email_change: Cover the case of email already existing. This fixes master failing tests.
2017-09-26 20:15:37 +02:00
result = self.client_patch(url, data)
tests: Consistently use assert_length helper. This helper does some nice things like printing out the data structure incase of failure.
2021-05-17 05:41:32 +02:00
self.assert_length(mail.outbox, 0)
test_email_change: Cover the case of email already existing. This fixes master failing tests.
2017-09-26 20:15:37 +02:00
self.assertEqual(result.status_code, 400)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assert_in_response("Already has an account", result)
test_email_change: Cover the case of email already existing. This fixes master failing tests.
2017-09-26 20:15:37 +02:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_unauthorized_email_change_from_email_confirmation_link(self) -> None:
test_email_change: Extract generate_email_change_link helper.
2022-07-25 19:22:41 +02:00
new_email = "hamlet-new@zulip.com"
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_profile)
test_email_change: Extract generate_email_change_link helper.
2022-07-25 19:22:41 +02:00
activation_url = self.generate_email_change_link(new_email)
admin: Added realm option to prevent users from changing their email. A realm option to prevent users from changing their email address is added. Fixes #3777.
2017-03-04 06:39:45 +01:00
refactor: Make acting_user a mandatory kwarg for do_set_realm_property.
2021-03-01 11:33:24 +01:00
do_set_realm_property(
user_profile.realm,
"email_changes_disabled",
True,
acting_user=None,
)
admin: Added realm option to prevent users from changing their email. A realm option to prevent users from changing their email address is added. Fixes #3777.
2017-03-04 06:39:45 +01:00
response = self.client_get(activation_url)
self.assertEqual(response.status_code, 400)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assert_in_response(
"Email address changes are disabled in this organization.", response
)
admin: Added realm option to prevent users from changing their email. A realm option to prevent users from changing their email address is added. Fixes #3777.
2017-03-04 06:39:45 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_post_invalid_email(self) -> None:
user-settings: Make default `None` for name, email and password changes. Updates `json_change_settings` so that the default value for the `email`, `full_name`, `new_password` and `old_password` parameters is `None` instead of an empty string, which also makes the type annotation `Optional[str]`. Also, updates tests for email and full name changes to include an empty string as one of the tested invalid values.
2022-08-08 01:39:32 +02:00
invalid_emails = ["", "hamlet-new"]
for email in invalid_emails:
data = {"email": email}
self.login("hamlet")
url = "/json/settings"
result = self.client_patch(url, data)
self.assert_in_response("Invalid address", result)
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734.
2017-01-20 12:27:38 +01:00
zerver/tests: Use python 3 syntax for typing in most files.
2017-11-05 10:51:25 +01:00
def test_post_same_email(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
data = {"email": self.example_email("hamlet")}
self.login("hamlet")
url = "/json/settings"
settings: Migrate main settings-change code to API. This was one of the few major remaining endpoints that were still on the old-style legacy API.
2017-07-31 20:44:52 +02:00
result = self.client_patch(url, data)
tests: Refactor away result.json() calls with helpers. Signed-off-by: Zixuan James Li <p359101898@gmail.com>
2022-06-07 01:37:01 +02:00
response_dict = self.assert_json_success(result)
self.assertEqual("success", response_dict["result"])
self.assertEqual("", response_dict["msg"])
email: Set email based on realm email_address_visibility. This causes changing the email_address_visibility field to actually modify what user_profile.email values are generated for users, both on user creation and afterwards as email addresses are edited. The overall feature isn't yet complete, but this brings us pretty close.
2018-12-06 23:17:46 +01:00
def test_change_delivery_email_end_to_end_with_admins_visibility(self) -> None:
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
user_profile = self.example_user("hamlet")
settings: Add backend code for using user email_address_visibility setting. This commits update the code to use user-level email_address_visibility setting instead of realm-level to set or update the value of UserProfile.email field and to send the emails to clients. Major changes are - - UserProfile.email field is set while creating the user according to RealmUserDefault.email_address_visbility. - UserProfile.email field is updated according to change in the setting. - 'email_address_visibility' is added to person objects in user add event and in avatar change event. - client_gravatar can be different for different users when computing avatar_url for messages and user objects since email available to clients is dependent on user-level setting. - For bots, email_address_visibility is set to EVERYONE while creating them irrespective of realm-default value. - Test changes are basically setting user-level setting instead of realm setting and modifying the checks accordingly.
2021-10-26 09:15:16 +02:00
do_change_user_setting(
user_profile,
refactor: Make acting_user a mandatory kwarg for do_set_realm_property.
2021-03-01 11:33:24 +01:00
"email_address_visibility",
settings: Add backend code for using user email_address_visibility setting. This commits update the code to use user-level email_address_visibility setting instead of realm-level to set or update the value of UserProfile.email field and to send the emails to clients. Major changes are - - UserProfile.email field is set while creating the user according to RealmUserDefault.email_address_visbility. - UserProfile.email field is updated according to change in the setting. - 'email_address_visibility' is added to person objects in user add event and in avatar change event. - client_gravatar can be different for different users when computing avatar_url for messages and user objects since email available to clients is dependent on user-level setting. - For bots, email_address_visibility is set to EVERYONE while creating them irrespective of realm-default value. - Test changes are basically setting user-level setting instead of realm setting and modifying the checks accordingly.
2021-10-26 09:15:16 +02:00
UserProfile.EMAIL_ADDRESS_VISIBILITY_ADMINS,
refactor: Make acting_user a mandatory kwarg for do_set_realm_property.
2021-03-01 11:33:24 +01:00
acting_user=None,
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
)
email: Set email based on realm email_address_visibility. This causes changing the email_address_visibility field to actually modify what user_profile.email values are generated for users, both on user creation and afterwards as email addresses are edited. The overall feature isn't yet complete, but this brings us pretty close.
2018-12-06 23:17:46 +01:00
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email)
2020-03-06 18:40:46 +01:00
self.login_user(user_profile)
tests: Use email/delivery_email more explicitly. We try to use the correct variation of `email` or `delivery_email`, even though in some databases they are the same. (To find the differences, I temporarily hacked populate_db to use different values for email and delivery_email, and reduced email visibility in the zulip realm to admins only.) In places where we want the "normal" realm behavior of showing emails (and having `email` be the same as `delivery_email`), we use the new `reset_emails_in_zulip_realm` helper. A couple random things: - I fixed any error messages that were leaking the wrong email - a test that claimed to rely on the order of emails no longer does (we sort user_ids instead) - we now use user_ids in some place where we used to use emails - for IRC mirrors I just punted and used `reset_emails_in_zulip_realm` in most places - for MIT-related tests, I didn't fix email vs. delivery_email unless it was obvious I also explicitly reset the realm to a "normal" realm for a couple tests that I frankly just didn't have the energy to debug. (Also, we do want some coverage on the normal case, even though it is "easier" for tests to pass if you mix up `email` and `delivery_email`.) In particular, I just reset data for the analytics and corporate tests.
2020-03-12 14:17:25 +01:00
old_email = user_profile.delivery_email
python: Normalize quotes with Black. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:20:45 +01:00
new_email = "hamlet-new@zulip.com"
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
obj = EmailChangeStatus.objects.create(
new_email=new_email,
old_email=old_email,
user_profile=user_profile,
realm=user_profile.realm,
)
test_email_change: User create_confirmation_link for url. This is a prep refactor, instead of creating Confirmation object and using `confirmation_url` for generating confirmation link/url, using `create_confirmation_link` would be a cleaner approach, also this can help us avoid failing test in case Confirmation model is changed. Part of #16359.
2021-04-05 18:41:59 +02:00
url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE)
email: Set email based on realm email_address_visibility. This causes changing the email_address_visibility field to actually modify what user_profile.email values are generated for users, both on user creation and afterwards as email addresses are edited. The overall feature isn't yet complete, but this brings us pretty close.
2018-12-06 23:17:46 +01:00
response = self.client_get(url)
self.assertEqual(response.status_code, 200)
python: Reformat with Black, except quotes. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-02-12 08:19:30 +01:00
self.assert_in_success_response(
["This confirms that the email address for your Zulip"], response
)
email: Set email based on realm email_address_visibility. This causes changing the email_address_visibility field to actually modify what user_profile.email values are generated for users, both on user creation and afterwards as email addresses are edited. The overall feature isn't yet complete, but this brings us pretty close.
2018-12-06 23:17:46 +01:00
user_profile = get_user_profile_by_id(user_profile.id)
self.assertEqual(user_profile.delivery_email, new_email)
python: Convert "".format to Python 3.6 f-strings. Generated by pyupgrade --py36-plus --keep-percent-format, but with the NamedTuple changes reverted (see commit ba7906a3c657905fa35bbcfb4e97b053f050272d, #15132). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-06-09 00:25:09 +02:00
self.assertEqual(user_profile.email, f"user{user_profile.id}@zulip.testserver")
email: Set email based on realm email_address_visibility. This causes changing the email_address_visibility field to actually modify what user_profile.email values are generated for users, both on user creation and afterwards as email addresses are edited. The overall feature isn't yet complete, but this brings us pretty close.
2018-12-06 23:17:46 +01:00
obj.refresh_from_db()
self.assertEqual(obj.status, 1)
with self.assertRaises(UserProfile.DoesNotExist):
get_user(old_email, user_profile.realm)
with self.assertRaises(UserProfile.DoesNotExist):
get_user_by_delivery_email(old_email, user_profile.realm)
self.assertEqual(get_user_by_delivery_email(new_email, user_profile.realm), user_profile)