Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

legacy_server_login: Do better error handling. 

Show better error messages and validate zulip_org_id in JS before
sending it to the server and give an appropriate error message.
This commit is contained in:
Aman Agrawal 2023-12-12 12:43:55 +05:30 committed by Tim Abbott
parent 449714245e
commit ab1a8a0151
5 changed files with 51 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
corporate/tests/test_remote_billing.py
View File

@ -576,7 +576,8 @@ class LegacyServerLoginTest(BouncerTestCase):
)
self.assertEqual(result.status_code, 200)
self.assert_in_success_response(
["Did not find a server registration for this server_org_id."], result
["This zulip_org_id is not registered with Zulip's billing management system."],
result,
)
def test_server_login_invalid_server_org_secret(self) -> None:
@ -586,7 +587,7 @@ class LegacyServerLoginTest(BouncerTestCase):
subdomain="selfhosting",
)
self.assertEqual(result.status_code, 200)
self.assert_in_success_response(["Invalid server_org_secret."], result)
self.assert_in_success_response(["Invalid zulip_org_key for this zulip_org_id."], result)
def test_server_login_deactivated_server(self) -> None:
self.server.deactivated = True
@ -681,7 +682,7 @@ class LegacyServerLoginTest(BouncerTestCase):
subdomain="selfhosting",
)
self.assertEqual(result.status_code, 200)
self.assert_in_success_response(["Invalid server_org_secret."], result)
self.assert_in_success_response(["Invalid zulip_org_key for this zulip_org_id."], result)
# The next_page param should be preserved in the form.
self.assert_in_success_response(
['<input type="hidden" name="next_page" value="billing" />'], result

8
corporate/views/remote_billing_page.py
View File

@ -442,12 +442,16 @@ def remote_billing_legacy_server_login(
remote_server = get_remote_server_by_uuid(server_org_id)
except RemoteZulipServer.DoesNotExist:
context.update(
{"error_message": _("Did not find a server registration for this server_org_id.")}
{
"error_message": _(
"This zulip_org_id is not registered with Zulip's billing management system."
)
}
)
return render(request, "corporate/legacy_server_login.html", context)
if not constant_time_compare(server_org_secret, remote_server.api_key):
context.update({"error_message": _("Invalid server_org_secret.")})
context.update({"error_message": _("Invalid zulip_org_key for this zulip_org_id.")})
return render(request, "corporate/legacy_server_login.html", context)
if remote_server.deactivated:

7
templates/corporate/legacy_server_login.html
View File

@ -27,17 +27,19 @@
</div>
</div>
<div class="input-box server-login-form-field">
<label for="username" class="inline-block label-title">
<label for="server-org-id" class="inline-block label-title">
server_org_id
<a href="https://zulip.readthedocs.io/en/stable/production/mobile-push-notifications.html" target="_blank">
<i class="fa fa-question-circle-o" aria-hidden="true"></i>
</a>
</label>
<input id="username" name="server_org_id" class="required" type="text"/>
<input id="server-org-id" name="server_org_id" class="required" type="text"/>
<div class="alert alert-danger server-login-form-field-error server_org_id-error"></div>
</div>
<div class="input-box server-login-form-field">
<label for="password" class="inline-block label-title">server_org_key</label>
<input id="password" name="server_org_secret" class="required" type="password"/>
<div class="alert alert-danger server-login-form-field-error server_org_secret-error"></div>
</div>
<div id="server-login-page-button-container">
<button type="submit" id="server-login-button" class="stripe-button-el invoice-button">
@ -53,3 +55,4 @@
</div>
{% endblock %}

32
web/src/billing/remote_billing_auth.ts
View File

@ -1,5 +1,32 @@
import $ from "jquery";
function handle_submit_for_server_login_form(form: HTMLFormElement): void {
// Get value of server_org_id.
const server_org_id = $<HTMLInputElement>("#server-org-id").val();
const $error_field = $(".server_org_id-error");
if (server_org_id === undefined) {
// Already handled by `validate` plugin.
return;
}
// Check if server_org_id is in UUID4 format.
// https://melvingeorge.me/blog/check-if-string-valid-uuid-regex-javascript
// Regex was modified by linter after copying from above link according to this rule:
// https://github.com/sindresorhus/eslint-plugin-unicorn/blob/main/docs/rules/better-regex.md
const is_valid_uuid = /^[\da-f]{8}(?:\b-[\da-f]{4}){3}\b-[\da-f]{12}$/gi;
// Check if server_org_id is in UUID4 format.
if (!is_valid_uuid.test(server_org_id)) {
$error_field.text(
"Wrong zulip_org_id format. Check to make sure zulip_org_id and zulip_org_key are not swapped.",
);
$error_field.show();
return;
}
$("#server-login-form").find(".loader").css("display", "inline-block");
$("#server-login-button .server-login-button-text").hide();
form.submit();
}
export function initialize(): void {
$(
"#server-login-form, #remote-billing-confirm-email-form, #remote-billing-confirm-login-form",
@ -7,6 +34,11 @@ export function initialize(): void {
errorClass: "text-error",
wrapper: "div",
submitHandler(form) {
if (form.id === "server-login-form") {
handle_submit_for_server_login_form(form);
return;
}
$("#server-login-form").find(".loader").css("display", "inline-block");
$("#server-login-button .server-login-button-text").hide();
$("#remote-billing-confirm-email-form").find(".loader").css("display", "inline-block");

5
web/styles/portico/billing.css
View File

@ -686,7 +686,10 @@ input[name="licenses"] {
}
#server-login-error {
text-align: center;
text-align: left;
margin: 0 auto;
max-width: 400px;
padding: 10px 25px;
}
#upgrade-page-details #due-today-for-future-update-wrapper {