Commit Graph

13 Commits

Author SHA1 Message Date
Tim Abbott 3bfb19b5f3 Convert EmailAuthBackend and LDAPAuthBackend to accept a realm. 2017-11-21 18:23:50 -08:00
rht 33b1a541d7 zerver/lib: Use python 3 syntax for typing.
With tweaks by tabbott to fix line spacing.
2017-11-18 16:09:04 -08:00
Greg Price 119bc14182 alias domains: Add a v1 of this feature.
The main limitation of this version is that it's controlled entirely
from settings, with nothing in the database and no web UI or even
management command to control it.  That makes it a bit more of a
burden for the server admins than it'd ideally be, but that's fine
for now.

Relatedly, the web flow for realm creation still requires choosing a
subdomain even if the realm is destined to live at an alias domain.

Specific to the dev environment, there is an annoying quirk: the
special dev login flow doesn't work on a REALM_HOSTS realm.  Also,
in this version the `add_new_realm` and `add_new_user` management
commands, which are intended for use in development environments only,
don't support this feature.

In manual testing, I've confirmed that a REALM_HOSTS realm works for
signup and login, with email/password, Google SSO, or GitHub SSO.
Most of that was in dev; I used zulipstaging.com to also test
 * logging in with email and password;
 * logging in with Google SSO... far enough to correctly determine
   that my email address is associated with some other realm.
2017-11-03 13:38:59 -07:00
Greg Price e4b4f67b44 subdomains: Tighten search for EXTERNAL_HOST in get_subdomain.
If a Zulip install at example.org got a request at an HTTP `Host`
like foo.example.org.evil.com (or even foo.example.orgevil.com),
we would accept it as subdomain foo.  This isn't likely to happen
in practice because it shouldn't pass ALLOWED_HOSTS, and it's not
obvious to me that anything untoward could be done with it even
if ALLOWED_HOSTS were set wide open, but if nothing else it
multiplies the cases in analyzing this logic.

The reason we had a loose match like this, I assume, is to allow
the user to come from arbitrary ports -- especially in development.
So tighten the pattern to allow just that, and add some tests for
that behavior and a comment explaining why this complication is
needed.
2017-10-27 14:42:24 -07:00
Greg Price 66ebe9720f subdomains: Refactor get_subdomain a bit.
The helper _extract_subdomain doesn't have a super meaningful
interface, and this is its one callsite.  So just inline it.
2017-10-26 10:29:17 -07:00
Greg Price cc32634439 subdomains: Simplify is_subdomain_root_or_alias.
This logic is equivalent, though it takes a couple of readings
to convince oneself of that.  This version should then be
easier to reason about.
2017-10-26 10:29:17 -07:00
Greg Price 093bae4bc5 subdomains: Fix some implicit uses of "" for the root subdomain.
These are just instances that jumped out at me while working on the
subdomains code, mostly while grepping for get_subdomain call sites.
I haven't attempted a comprehensive search, and there are likely
still others left.
2017-10-26 10:29:17 -07:00
Greg Price be309bc8b1 subdomains: Complete the refactor to user_matches_subdomain.
Now that the old `check_subdomain` has no callers except in
implementing the new, improved interface `user_matches_subdomain`,
inline it into that.  Also simplify the Boolean logic a bit.
2017-10-26 10:29:17 -07:00
Greg Price c9457d4af0 subdomains: Refactor check_subdomain to a clearer interface.
Now that every call site of check_subdomain produces its second
argument in exactly the same way, push that shared bit of logic
into a new wrapper for check_subdomain.

Also give that new function a name that says more specifically what
it's checking -- which I think is easier to articulate for this
interface than for that of check_subdomain.
2017-10-26 10:29:17 -07:00
Tim Abbott 642086ff65 subdomains: Pass whether root domain is available to registration.
This data is necessary to determine whether to offer the root domain
in the realm creation form.
2017-10-18 22:53:10 -07:00
Tim Abbott 0884588a5e subdomains: Add a variable for how root domain is represented.
We use Realm.SUBDOMAIN_FOR_ROOT_DOMAIN as the special name for how the
root domain is referred to as a subdomain in the code.
2017-10-18 22:47:31 -07:00
Tim Abbott 4ddb812354 check_subdomain: Remove case for user_subdomain being None.
With REALMS_HAVE_SUBDOMAINS always on, user_subdomain is never None,
so this was just dead code.
2017-10-18 22:35:07 -07:00
Tim Abbott 1ab2ca5986 subdomains: Extract zerver.lib.subdomains library.
These never really belonged with the rest of zerver.lib.utils.py, and
having a separate library makes it easier to enforce full test
coverage.
2017-10-18 22:27:48 -07:00