requests: Add SELF_HOSTING_MANAGEMENT_SUBDOMAIN.

2023-11-20 20:16:03 +01:00 · 2023-11-20 20:16:03 +01:00 · 1ec0d5bd9d
parent 2149cd236f
commit 1ec0d5bd9d
7 changed files with 27 additions and 5 deletions
--- a/zerver/actions/create_realm.py
+++ b/zerver/actions/create_realm.py
@ -166,8 +166,10 @@ def do_create_realm(
    enable_spectator_access: Optional[bool] = None,
    prereg_realm: Optional[PreregistrationRealm] = None,
 ) -> Realm:
-    if string_id == settings.SOCIAL_AUTH_SUBDOMAIN:
-        raise AssertionError("Creating a realm on SOCIAL_AUTH_SUBDOMAIN is not allowed!")
+    if string_id in [settings.SOCIAL_AUTH_SUBDOMAIN, settings.SELF_HOSTING_MANAGEMENT_SUBDOMAIN]:
+        raise AssertionError(
+            "Creating a realm on SOCIAL_AUTH_SUBDOMAIN or SOCIAL_AUTH_SUBDOMAIN is not allowed!"
+        )
    if Realm.objects.filter(string_id=string_id).exists():
        raise AssertionError(f"Realm {string_id} already exists!")
    if not server_initialized():
--- a/zerver/lib/name_restrictions.py
+++ b/zerver/lib/name_restrictions.py
@ -5,6 +5,8 @@ from django.conf import settings
 def is_reserved_subdomain(subdomain: str) -> bool:
    if subdomain == settings.SOCIAL_AUTH_SUBDOMAIN:
        return True
+    if subdomain == settings.SELF_HOSTING_MANAGEMENT_SUBDOMAIN:
+        return True
    if subdomain in ZULIP_RESERVED_SUBDOMAINS:
        return True
    if subdomain[-1] == "s" and subdomain[:-1] in ZULIP_RESERVED_SUBDOMAINS:
--- a/zerver/middleware.py
+++ b/zerver/middleware.py
@ -549,8 +549,11 @@ class HostDomainMiddleware(MiddlewareMixin):
            return None

        subdomain = get_subdomain(request)
-        if subdomain == settings.SOCIAL_AUTH_SUBDOMAIN:
-            # Realms are not supposed to exist on SOCIAL_AUTH_SUBDOMAIN.
+        if subdomain in [
+            settings.SOCIAL_AUTH_SUBDOMAIN,
+            settings.SELF_HOSTING_MANAGEMENT_SUBDOMAIN,
+        ]:
+            # Realms are not supposed to exist on these subdomains.
            return None

        request_notes = RequestNotes.get_notes(request)
--- a/zerver/tests/test_realm.py
+++ b/zerver/tests/test_realm.py
@ -75,11 +75,15 @@ class RealmTest(ZulipTestCase):
                ["INFO:root:Server not yet initialized. Creating the internal realm first."],
            )

-    def test_realm_creation_on_social_auth_subdomain_disallowed(self) -> None:
+    def test_realm_creation_on_special_subdomains_disallowed(self) -> None:
        with self.settings(SOCIAL_AUTH_SUBDOMAIN="zulipauth"):
            with self.assertRaises(AssertionError):
                do_create_realm("zulipauth", "Test Realm")

+        with self.settings(SELF_HOSTING_MANAGEMENT_SUBDOMAIN="zulipselfhosting"):
+            with self.assertRaises(AssertionError):
+                do_create_realm("zulipselfhosting", "Test Realm")
+
    def test_permission_for_education_non_profit_organization(self) -> None:
        realm = do_create_realm(
            "test_education_non_profit",
--- a/zerver/tests/test_signup.py
+++ b/zerver/tests/test_signup.py
@ -2042,6 +2042,12 @@ class RealmCreationTest(ZulipTestCase):
                ["Subdomain reserved. Please choose a different one."], result
            )

+        with self.settings(SELF_HOSTING_MANAGEMENT_SUBDOMAIN="zulipselfhosting"):
+            result = self.client_get("/json/realm/subdomain/zulipselfhosting")
+            self.assert_in_success_response(
+                ["Subdomain reserved. Please choose a different one."], result
+            )
+
        result = self.client_get("/json/realm/subdomain/hufflepuff")
        self.assert_in_success_response(["available"], result)
        self.assert_not_in_success_response(["already in use"], result)
--- a/zproject/default_settings.py
+++ b/zproject/default_settings.py
@ -444,6 +444,9 @@ ROOT_SUBDOMAIN_ALIASES = ["www"]
 # Whether the root domain is a landing page or can host a realm.
 ROOT_DOMAIN_LANDING_PAGE = False

+# Subdomain for serving endpoints to users from self-hosted deployments.
+SELF_HOSTING_MANAGEMENT_SUBDOMAIN: Optional[str] = None
+
 # If using the Zephyr mirroring supervisord configuration, the
 # hostname to connect to in order to transfer credentials from webathena.
 PERSONAL_ZMIRROR_SERVER: Optional[str] = None
--- a/zproject/dev_settings.py
+++ b/zproject/dev_settings.py
@ -204,6 +204,8 @@ SCIM_CONFIG: Dict[str, SCIMConfigDict] = {
    }
 }

+SELF_HOSTING_MANAGEMENT_SUBDOMAIN = "selfhosting"
+
 # You can uncomment these lines to use the development environment
 # server as a dummy push bouncer for itself, to test functionalities
 # such as register_server or update_analytics_counts management commands