2017-01-20 12:27:38 +01:00
|
|
|
import datetime
|
2022-11-27 23:09:11 +01:00
|
|
|
from email.headerregistry import Address
|
2017-01-20 12:27:38 +01:00
|
|
|
|
2023-11-28 19:16:58 +01:00
|
|
|
import time_machine
|
2021-01-26 04:20:36 +01:00
|
|
|
from django.conf import settings
|
2017-01-20 12:27:38 +01:00
|
|
|
from django.core import mail
|
2022-11-27 23:09:11 +01:00
|
|
|
from django.utils.html import escape
|
2017-01-20 12:27:38 +01:00
|
|
|
from django.utils.timezone import now
|
|
|
|
|
2021-04-05 18:41:59 +02:00
|
|
|
from confirmation.models import (
|
|
|
|
Confirmation,
|
|
|
|
confirmation_url,
|
|
|
|
create_confirmation_link,
|
|
|
|
generate_key,
|
|
|
|
)
|
2022-07-25 19:55:35 +02:00
|
|
|
from zerver.actions.create_user import do_reactivate_user
|
2022-04-14 23:57:15 +02:00
|
|
|
from zerver.actions.realm_settings import do_deactivate_realm, do_set_realm_property
|
2021-10-26 09:15:16 +02:00
|
|
|
from zerver.actions.user_settings import do_change_user_setting, do_start_email_change_process
|
2022-04-14 23:48:28 +02:00
|
|
|
from zerver.actions.users import do_deactivate_user
|
2020-06-11 00:54:34 +02:00
|
|
|
from zerver.lib.test_classes import ZulipTestCase
|
|
|
|
from zerver.models import (
|
|
|
|
EmailChangeStatus,
|
|
|
|
UserProfile,
|
|
|
|
get_realm,
|
|
|
|
get_user,
|
|
|
|
get_user_by_delivery_email,
|
|
|
|
get_user_profile_by_id,
|
2017-01-20 12:27:38 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
class EmailChangeTestCase(ZulipTestCase):
|
2022-07-25 19:22:41 +02:00
|
|
|
def generate_email_change_link(self, new_email: str) -> str:
|
|
|
|
data = {"email": new_email}
|
|
|
|
url = "/json/settings"
|
|
|
|
self.assert_length(mail.outbox, 0)
|
|
|
|
result = self.client_patch(url, data)
|
|
|
|
self.assert_length(mail.outbox, 1)
|
|
|
|
self.assert_json_success(result)
|
|
|
|
email_message = mail.outbox[0]
|
|
|
|
self.assertEqual(
|
|
|
|
email_message.subject,
|
2023-07-25 15:26:02 +02:00
|
|
|
"Verify your new email address for zulip.testserver",
|
2022-07-25 19:22:41 +02:00
|
|
|
)
|
|
|
|
body = email_message.body
|
|
|
|
self.assertIn("We received a request to change the email", body)
|
|
|
|
|
|
|
|
mail.outbox.pop()
|
|
|
|
|
|
|
|
activation_url = [s for s in body.split("\n") if s][2]
|
|
|
|
return activation_url
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_confirm_email_change_with_non_existent_key(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
self.login("hamlet")
|
2017-01-20 12:27:38 +01:00
|
|
|
key = generate_key()
|
2020-06-14 01:36:12 +02:00
|
|
|
url = confirmation_url(key, None, Confirmation.EMAIL_CHANGE)
|
2017-01-20 12:27:38 +01:00
|
|
|
response = self.client_get(url)
|
2021-11-30 12:51:22 +01:00
|
|
|
self.assertEqual(response.status_code, 404)
|
|
|
|
self.assert_in_response(
|
|
|
|
"Whoops. We couldn't find your confirmation link in the system.", response
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2017-01-20 12:27:38 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_confirm_email_change_with_invalid_key(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
self.login("hamlet")
|
|
|
|
key = "invalid_key"
|
2020-06-14 01:36:12 +02:00
|
|
|
url = confirmation_url(key, None, Confirmation.EMAIL_CHANGE)
|
2017-01-20 12:27:38 +01:00
|
|
|
response = self.client_get(url)
|
2021-11-30 12:51:22 +01:00
|
|
|
self.assertEqual(response.status_code, 404)
|
|
|
|
self.assert_in_response("Whoops. The confirmation link is malformed.", response)
|
2017-01-20 12:27:38 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_confirm_email_change_when_time_exceeded(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
user_profile = self.example_user("hamlet")
|
2017-05-07 21:25:59 +02:00
|
|
|
old_email = user_profile.email
|
2021-02-12 08:20:45 +01:00
|
|
|
new_email = "hamlet-new@zulip.com"
|
|
|
|
self.login("hamlet")
|
2021-02-12 08:19:30 +01:00
|
|
|
obj = EmailChangeStatus.objects.create(
|
|
|
|
new_email=new_email,
|
|
|
|
old_email=old_email,
|
|
|
|
user_profile=user_profile,
|
|
|
|
realm=user_profile.realm,
|
|
|
|
)
|
2017-01-20 12:27:38 +01:00
|
|
|
date_sent = now() - datetime.timedelta(days=2)
|
2023-11-28 19:16:58 +01:00
|
|
|
with time_machine.travel(date_sent, tick=False):
|
2021-04-05 18:41:59 +02:00
|
|
|
url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE)
|
|
|
|
|
2017-01-20 12:27:38 +01:00
|
|
|
response = self.client_get(url)
|
2021-11-30 12:51:22 +01:00
|
|
|
self.assertEqual(response.status_code, 404)
|
|
|
|
self.assert_in_response("The confirmation link has expired or been deactivated.", response)
|
2017-01-20 12:27:38 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_confirm_email_change(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-12 13:51:54 +01:00
|
|
|
|
|
|
|
old_email = user_profile.delivery_email
|
2022-11-27 23:09:11 +01:00
|
|
|
new_email = '"<li>hamlet-new<li>"@zulip.com'
|
|
|
|
new_email_address = Address(addr_spec=new_email)
|
2021-02-12 08:20:45 +01:00
|
|
|
new_realm = get_realm("zulip")
|
|
|
|
self.login("hamlet")
|
2021-02-12 08:19:30 +01:00
|
|
|
obj = EmailChangeStatus.objects.create(
|
|
|
|
new_email=new_email,
|
|
|
|
old_email=old_email,
|
|
|
|
user_profile=user_profile,
|
|
|
|
realm=user_profile.realm,
|
|
|
|
)
|
2021-04-05 18:41:59 +02:00
|
|
|
url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE)
|
2017-01-20 12:27:38 +01:00
|
|
|
response = self.client_get(url)
|
2017-03-04 06:39:45 +01:00
|
|
|
|
2017-01-20 12:27:38 +01:00
|
|
|
self.assertEqual(response.status_code, 200)
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assert_in_success_response(
|
2022-11-27 23:09:11 +01:00
|
|
|
[
|
|
|
|
"This confirms that the email address for your Zulip",
|
|
|
|
f'<a href="mailto:{escape(new_email)}">{escape(new_email_address.username)}@<wbr>{escape(new_email_address.domain)}</wbr></a>',
|
|
|
|
],
|
|
|
|
response,
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2018-08-02 08:47:13 +02:00
|
|
|
user_profile = get_user_by_delivery_email(new_email, new_realm)
|
2017-01-20 12:27:38 +01:00
|
|
|
self.assertTrue(bool(user_profile))
|
|
|
|
obj.refresh_from_db()
|
|
|
|
self.assertEqual(obj.status, 1)
|
|
|
|
|
2022-07-25 19:55:35 +02:00
|
|
|
def test_change_email_link_cant_be_reused(self) -> None:
|
|
|
|
new_email = "hamlet-new@zulip.com"
|
|
|
|
user_profile = self.example_user("hamlet")
|
|
|
|
self.login_user(user_profile)
|
|
|
|
|
|
|
|
activation_url = self.generate_email_change_link(new_email)
|
|
|
|
response = self.client_get(activation_url)
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
|
|
user_profile.refresh_from_db()
|
|
|
|
self.assertEqual(user_profile.delivery_email, new_email)
|
|
|
|
|
|
|
|
response = self.client_get(activation_url)
|
|
|
|
self.assertEqual(response.status_code, 404)
|
|
|
|
|
2021-11-04 00:18:32 +01:00
|
|
|
def test_change_email_deactivated_user_realm(self) -> None:
|
2022-07-25 19:22:41 +02:00
|
|
|
new_email = "hamlet-new@zulip.com"
|
2021-11-04 00:18:32 +01:00
|
|
|
user_profile = self.example_user("hamlet")
|
|
|
|
self.login_user(user_profile)
|
|
|
|
|
2022-07-25 19:22:41 +02:00
|
|
|
activation_url = self.generate_email_change_link(new_email)
|
2021-11-04 00:18:32 +01:00
|
|
|
|
|
|
|
do_deactivate_user(user_profile, acting_user=None)
|
|
|
|
response = self.client_get(activation_url)
|
|
|
|
self.assertEqual(response.status_code, 401)
|
|
|
|
|
2022-07-25 19:55:35 +02:00
|
|
|
do_reactivate_user(user_profile, acting_user=None)
|
|
|
|
self.login_user(user_profile)
|
|
|
|
activation_url = self.generate_email_change_link(new_email)
|
|
|
|
|
2021-11-04 00:18:32 +01:00
|
|
|
do_deactivate_realm(user_profile.realm, acting_user=None)
|
|
|
|
|
|
|
|
response = self.client_get(activation_url)
|
|
|
|
self.assertEqual(response.status_code, 302)
|
|
|
|
self.assertTrue(response["Location"].endswith("/accounts/deactivated/"))
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_start_email_change_process(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
user_profile = self.example_user("hamlet")
|
|
|
|
do_start_email_change_process(user_profile, "hamlet-new@zulip.com")
|
2017-01-20 12:27:38 +01:00
|
|
|
self.assertEqual(EmailChangeStatus.objects.count(), 1)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_end_to_end_flow(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
data = {"email": "hamlet-new@zulip.com"}
|
|
|
|
self.login("hamlet")
|
|
|
|
url = "/json/settings"
|
2021-05-17 05:41:32 +02:00
|
|
|
self.assert_length(mail.outbox, 0)
|
2017-07-31 20:44:52 +02:00
|
|
|
result = self.client_patch(url, data)
|
2021-07-15 18:31:34 +02:00
|
|
|
self.assert_json_success(result)
|
2021-05-17 05:41:32 +02:00
|
|
|
self.assert_length(mail.outbox, 1)
|
2017-01-20 12:27:38 +01:00
|
|
|
email_message = mail.outbox[0]
|
|
|
|
self.assertEqual(
|
|
|
|
email_message.subject,
|
2023-07-25 15:26:02 +02:00
|
|
|
"Verify your new email address for zulip.testserver",
|
2017-01-20 12:27:38 +01:00
|
|
|
)
|
|
|
|
body = email_message.body
|
2021-02-12 08:20:45 +01:00
|
|
|
self.assertIn("We received a request to change the email", body)
|
2021-01-26 04:20:36 +01:00
|
|
|
self.assertEqual(self.email_envelope_from(email_message), settings.NOREPLY_EMAIL_ADDRESS)
|
2020-06-05 23:26:35 +02:00
|
|
|
self.assertRegex(
|
2021-01-26 04:20:36 +01:00
|
|
|
self.email_display_from(email_message),
|
2022-02-15 23:45:41 +01:00
|
|
|
rf"^Zulip Account Security <{self.TOKENIZED_NOREPLY_REGEX}>\Z",
|
2020-06-05 23:26:35 +02:00
|
|
|
)
|
2017-01-20 12:27:38 +01:00
|
|
|
|
2020-06-14 13:32:38 +02:00
|
|
|
self.assertEqual(email_message.extra_headers["List-Id"], "Zulip Dev <zulip.testserver>")
|
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
activation_url = [s for s in body.split("\n") if s][2]
|
2017-01-20 12:27:38 +01:00
|
|
|
response = self.client_get(activation_url)
|
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assert_in_success_response(["This confirms that the email address"], response)
|
2017-01-20 12:27:38 +01:00
|
|
|
|
2017-08-05 19:42:59 +02:00
|
|
|
# Now confirm trying to change your email back doesn't throw an immediate error
|
|
|
|
result = self.client_patch(url, {"email": "hamlet@zulip.com"})
|
2021-07-15 18:31:34 +02:00
|
|
|
self.assert_json_success(result)
|
2017-08-05 19:42:59 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_unauthorized_email_change(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
data = {"email": "hamlet-new@zulip.com"}
|
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user_profile)
|
2021-03-01 11:33:24 +01:00
|
|
|
do_set_realm_property(
|
|
|
|
user_profile.realm,
|
|
|
|
"email_changes_disabled",
|
|
|
|
True,
|
|
|
|
acting_user=None,
|
|
|
|
)
|
2021-02-12 08:20:45 +01:00
|
|
|
url = "/json/settings"
|
2017-07-31 20:44:52 +02:00
|
|
|
result = self.client_patch(url, data)
|
2021-05-17 05:41:32 +02:00
|
|
|
self.assert_length(mail.outbox, 0)
|
2017-03-04 06:39:45 +01:00
|
|
|
self.assertEqual(result.status_code, 400)
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assert_in_response("Email address changes are disabled in this organization.", result)
|
2018-02-02 16:54:26 +01:00
|
|
|
# Realm admins can change their email address even setting is disabled.
|
2021-02-12 08:20:45 +01:00
|
|
|
data = {"email": "iago-new@zulip.com"}
|
|
|
|
self.login("iago")
|
|
|
|
url = "/json/settings"
|
2018-02-02 16:54:26 +01:00
|
|
|
result = self.client_patch(url, data)
|
2021-07-15 18:31:34 +02:00
|
|
|
self.assert_json_success(result)
|
2017-03-04 06:39:45 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_email_change_already_taken(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
data = {"email": "cordelia@zulip.com"}
|
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user_profile)
|
2017-09-26 20:15:37 +02:00
|
|
|
|
2021-02-12 08:20:45 +01:00
|
|
|
url = "/json/settings"
|
2017-09-26 20:15:37 +02:00
|
|
|
result = self.client_patch(url, data)
|
2021-05-17 05:41:32 +02:00
|
|
|
self.assert_length(mail.outbox, 0)
|
2017-09-26 20:15:37 +02:00
|
|
|
self.assertEqual(result.status_code, 400)
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assert_in_response("Already has an account", result)
|
2017-09-26 20:15:37 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_unauthorized_email_change_from_email_confirmation_link(self) -> None:
|
2022-07-25 19:22:41 +02:00
|
|
|
new_email = "hamlet-new@zulip.com"
|
2021-02-12 08:20:45 +01:00
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user_profile)
|
2022-07-25 19:22:41 +02:00
|
|
|
|
|
|
|
activation_url = self.generate_email_change_link(new_email)
|
2017-03-04 06:39:45 +01:00
|
|
|
|
2021-03-01 11:33:24 +01:00
|
|
|
do_set_realm_property(
|
|
|
|
user_profile.realm,
|
|
|
|
"email_changes_disabled",
|
|
|
|
True,
|
|
|
|
acting_user=None,
|
|
|
|
)
|
2017-03-04 06:39:45 +01:00
|
|
|
|
|
|
|
response = self.client_get(activation_url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 400)
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assert_in_response(
|
|
|
|
"Email address changes are disabled in this organization.", response
|
|
|
|
)
|
2017-03-04 06:39:45 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_post_invalid_email(self) -> None:
|
2022-08-08 01:39:32 +02:00
|
|
|
invalid_emails = ["", "hamlet-new"]
|
|
|
|
for email in invalid_emails:
|
|
|
|
data = {"email": email}
|
|
|
|
self.login("hamlet")
|
|
|
|
url = "/json/settings"
|
|
|
|
result = self.client_patch(url, data)
|
|
|
|
self.assert_in_response("Invalid address", result)
|
2017-01-20 12:27:38 +01:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_post_same_email(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
data = {"email": self.example_email("hamlet")}
|
|
|
|
self.login("hamlet")
|
|
|
|
url = "/json/settings"
|
2017-07-31 20:44:52 +02:00
|
|
|
result = self.client_patch(url, data)
|
2022-06-07 01:37:01 +02:00
|
|
|
response_dict = self.assert_json_success(result)
|
|
|
|
self.assertEqual("success", response_dict["result"])
|
|
|
|
self.assertEqual("", response_dict["msg"])
|
2018-12-06 23:17:46 +01:00
|
|
|
|
|
|
|
def test_change_delivery_email_end_to_end_with_admins_visibility(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
user_profile = self.example_user("hamlet")
|
2021-10-26 09:15:16 +02:00
|
|
|
do_change_user_setting(
|
|
|
|
user_profile,
|
2021-03-01 11:33:24 +01:00
|
|
|
"email_address_visibility",
|
2021-10-26 09:15:16 +02:00
|
|
|
UserProfile.EMAIL_ADDRESS_VISIBILITY_ADMINS,
|
2021-03-01 11:33:24 +01:00
|
|
|
acting_user=None,
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2018-12-06 23:17:46 +01:00
|
|
|
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user_profile)
|
2020-03-12 14:17:25 +01:00
|
|
|
old_email = user_profile.delivery_email
|
2021-02-12 08:20:45 +01:00
|
|
|
new_email = "hamlet-new@zulip.com"
|
2021-02-12 08:19:30 +01:00
|
|
|
obj = EmailChangeStatus.objects.create(
|
|
|
|
new_email=new_email,
|
|
|
|
old_email=old_email,
|
|
|
|
user_profile=user_profile,
|
|
|
|
realm=user_profile.realm,
|
|
|
|
)
|
2021-04-05 18:41:59 +02:00
|
|
|
url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE)
|
2018-12-06 23:17:46 +01:00
|
|
|
response = self.client_get(url)
|
|
|
|
|
|
|
|
self.assertEqual(response.status_code, 200)
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assert_in_success_response(
|
|
|
|
["This confirms that the email address for your Zulip"], response
|
|
|
|
)
|
2018-12-06 23:17:46 +01:00
|
|
|
user_profile = get_user_profile_by_id(user_profile.id)
|
|
|
|
self.assertEqual(user_profile.delivery_email, new_email)
|
2020-06-09 00:25:09 +02:00
|
|
|
self.assertEqual(user_profile.email, f"user{user_profile.id}@zulip.testserver")
|
2018-12-06 23:17:46 +01:00
|
|
|
obj.refresh_from_db()
|
|
|
|
self.assertEqual(obj.status, 1)
|
|
|
|
with self.assertRaises(UserProfile.DoesNotExist):
|
|
|
|
get_user(old_email, user_profile.realm)
|
|
|
|
with self.assertRaises(UserProfile.DoesNotExist):
|
|
|
|
get_user_by_delivery_email(old_email, user_profile.realm)
|
|
|
|
self.assertEqual(get_user_by_delivery_email(new_email, user_profile.realm), user_profile)
|
2023-07-20 21:05:37 +02:00
|
|
|
|
|
|
|
def test_configure_demo_organization_owner_email(self) -> None:
|
|
|
|
desdemona = self.example_user("desdemona")
|
|
|
|
desdemona.realm.demo_organization_scheduled_deletion_date = now() + datetime.timedelta(
|
|
|
|
days=30
|
|
|
|
)
|
|
|
|
desdemona.realm.save()
|
|
|
|
assert desdemona.realm.demo_organization_scheduled_deletion_date is not None
|
|
|
|
|
|
|
|
self.login("desdemona")
|
|
|
|
desdemona.delivery_email = ""
|
|
|
|
desdemona.save()
|
|
|
|
self.assertEqual(desdemona.delivery_email, "")
|
|
|
|
|
|
|
|
data = {"email": "desdemona-new@zulip.com"}
|
|
|
|
url = "/json/settings"
|
|
|
|
self.assert_length(mail.outbox, 0)
|
|
|
|
result = self.client_patch(url, data)
|
|
|
|
self.assert_json_success(result)
|
|
|
|
self.assert_length(mail.outbox, 1)
|
|
|
|
|
|
|
|
email_message = mail.outbox[0]
|
|
|
|
self.assertEqual(
|
|
|
|
email_message.subject,
|
|
|
|
"Verify your new email address for your demo Zulip organization",
|
|
|
|
)
|
|
|
|
body = email_message.body
|
|
|
|
self.assertIn(
|
|
|
|
"We received a request to add the email address",
|
|
|
|
body,
|
|
|
|
)
|
|
|
|
self.assertEqual(self.email_envelope_from(email_message), settings.NOREPLY_EMAIL_ADDRESS)
|
|
|
|
self.assertRegex(
|
|
|
|
self.email_display_from(email_message),
|
|
|
|
rf"^Zulip Account Security <{self.TOKENIZED_NOREPLY_REGEX}>\Z",
|
|
|
|
)
|
|
|
|
self.assertEqual(email_message.extra_headers["List-Id"], "Zulip Dev <zulip.testserver>")
|
|
|
|
|
|
|
|
confirmation_url = [s for s in body.split("\n") if s][2]
|
|
|
|
response = self.client_get(confirmation_url, follow=True)
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
self.assert_in_success_response(["Set a new password"], response)
|
|
|
|
|
|
|
|
user_profile = get_user_profile_by_id(desdemona.id)
|
|
|
|
self.assertEqual(user_profile.delivery_email, "desdemona-new@zulip.com")
|