find_account: Remove emails as URL parameters.

Earlier, after a successful POST request on find accounts page
users were redirected to a URL with the emails (submitted via form)
as URL parameters. Those raw emails in the URL were used to
display on a template.

We no longer redirect to such a URL; instead, we directly render
a template with emails passed as a context variable.

Fixes part of #3128

zerver/tests/test_signup.py

@@ -4251,11 +4251,7 @@ class TestFindMyTeam(ZulipTestCase):
         result = self.client_post(
             "/accounts/find/", dict(emails="iago@zulip.com,cordeliA@zulip.com")
         )
-        self.assertEqual(result.status_code, 302)
-        self.assertEqual(
-            result["Location"], "/accounts/find/?emails=iago%40zulip.com%2CcordeliA%40zulip.com"
-        )
-        result = self.client_get(result["Location"])
+        self.assertEqual(result.status_code, 200)
         content = result.content.decode()
         self.assertIn("Emails sent! You will only receive emails", content)
         self.assertIn("iago@zulip.com", content)
@@ -4274,12 +4270,7 @@ class TestFindMyTeam(ZulipTestCase):
         result = self.client_post(
             "/accounts/find/", dict(emails="iago@zulip.com,invalid_email@zulip.com")
         )
-        self.assertEqual(result.status_code, 302)
-        self.assertEqual(
-            result["Location"],
-            "/accounts/find/?emails=iago%40zulip.com%2Cinvalid_email%40zulip.com",
-        )
-        result = self.client_get(result["Location"])
+        self.assertEqual(result.status_code, 200)
         content = result.content.decode()
         self.assertIn("Emails sent! You will only receive emails", content)
         self.assertIn(self.example_email("iago"), content)
@@ -4312,8 +4303,7 @@ class TestFindMyTeam(ZulipTestCase):
     def test_find_team_one_email(self) -> None:
         data = {"emails": self.example_email("hamlet")}
         result = self.client_post("/accounts/find/", data)
-        self.assertEqual(result.status_code, 302)
-        self.assertEqual(result["Location"], "/accounts/find/?emails=hamlet%40zulip.com")
+        self.assertEqual(result.status_code, 200)
         from django.core.mail import outbox
 
         self.assert_length(outbox, 1)
@@ -4322,8 +4312,7 @@ class TestFindMyTeam(ZulipTestCase):
         do_deactivate_user(self.example_user("hamlet"), acting_user=None)
         data = {"emails": self.example_email("hamlet")}
         result = self.client_post("/accounts/find/", data)
-        self.assertEqual(result.status_code, 302)
-        self.assertEqual(result["Location"], "/accounts/find/?emails=hamlet%40zulip.com")
+        self.assertEqual(result.status_code, 200)
         from django.core.mail import outbox
 
         self.assert_length(outbox, 0)
@@ -4332,8 +4321,7 @@ class TestFindMyTeam(ZulipTestCase):
         do_deactivate_realm(get_realm("zulip"), acting_user=None)
         data = {"emails": self.example_email("hamlet")}
         result = self.client_post("/accounts/find/", data)
-        self.assertEqual(result.status_code, 302)
-        self.assertEqual(result["Location"], "/accounts/find/?emails=hamlet%40zulip.com")
+        self.assertEqual(result.status_code, 200)
         from django.core.mail import outbox
 
         self.assert_length(outbox, 0)
@@ -4341,8 +4329,7 @@ class TestFindMyTeam(ZulipTestCase):
     def test_find_team_bot_email(self) -> None:
         data = {"emails": self.example_email("webhook_bot")}
         result = self.client_post("/accounts/find/", data)
-        self.assertEqual(result.status_code, 302)
-        self.assertEqual(result["Location"], "/accounts/find/?emails=webhook-bot%40zulip.com")
+        self.assertEqual(result.status_code, 200)
         from django.core.mail import outbox
 
         self.assert_length(outbox, 0)

zerver/views/development/email_log.py

@@ -102,7 +102,7 @@ def generate_all_emails(request: HttpRequest) -> HttpResponse:
 
     # Find account email
     result = client.post("/accounts/find/", {"emails": registered_email}, HTTP_HOST=realm.host)
-    assert result.status_code == 302
+    assert result.status_code == 200
 
     # New login email
     logged_in = client.login(dev_auth_username=registered_email, realm=realm)

zerver/views/registration.py

@@ -1067,15 +1067,16 @@ def accounts_home_from_multiuse_invite(request: HttpRequest, confirmation_key: s
 
 
 @has_request_variables
-def find_account(
-    request: HttpRequest, raw_emails: Optional[str] = REQ("emails", default=None)
-) -> HttpResponse:
+def find_account(request: HttpRequest) -> HttpResponse:
     url = reverse("find_account")
-
+    form = FindMyTeamForm()
     emails: List[str] = []
     if request.method == "POST":
         form = FindMyTeamForm(request.POST)
         if form.is_valid():
+            # Note: Show all the emails in the POST request response
+            # otherwise this feature can be used to ascertain which
+            # email addresses are associated with Zulip.
             emails = form.cleaned_data["emails"]
             for i in range(len(emails)):
                 try:
@@ -1124,25 +1125,6 @@ def find_account(
                     from_address=FromAddress.SUPPORT,
                     request=request,
                 )
-
-            # Note: Show all the emails in the result otherwise this
-            # feature can be used to ascertain which email addresses
-            # are associated with Zulip.
-            data = urlencode({"emails": ",".join(emails)})
-            return redirect(append_url_query_string(url, data))
-    else:
-        form = FindMyTeamForm()
-        # The below validation is perhaps unnecessary, in that we
-        # shouldn't get able to get here with an invalid email unless
-        # the user hand-edits the URLs.
-        if raw_emails:
-            for email in raw_emails.split(","):
-                try:
-                    validators.validate_email(email)
-                    emails.append(email)
-                except ValidationError:
-                    pass
-
     return render(
         request,
         "zerver/find_account.html",