-
-
Notifications
You must be signed in to change notification settings - Fork 7.8k
/
test_realm_domains.py
171 lines (147 loc) · 7.11 KB
/
test_realm_domains.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
import orjson
from django.core.exceptions import ValidationError
from django.db.utils import IntegrityError
from zerver.actions.create_realm import do_create_realm
from zerver.actions.realm_domains import do_change_realm_domain, do_remove_realm_domain
from zerver.actions.realm_settings import do_set_realm_property
from zerver.actions.users import do_change_user_role
from zerver.lib.domains import validate_domain
from zerver.lib.email_validation import email_allowed_for_realm
from zerver.lib.test_classes import ZulipTestCase
from zerver.models import DomainNotAllowedForRealmError, RealmDomain, UserProfile, get_realm
class RealmDomainTest(ZulipTestCase):
def setUp(self) -> None:
realm = get_realm("zulip")
do_set_realm_property(realm, "emails_restricted_to_domains", True, acting_user=None)
def test_list_realm_domains(self) -> None:
self.login("iago")
realm = get_realm("zulip")
RealmDomain.objects.create(realm=realm, domain="acme.com", allow_subdomains=True)
result = self.client_get("/json/realm/domains")
received = self.assert_json_success(result)["domains"]
expected = [
{"domain": "zulip.com", "allow_subdomains": False},
{"domain": "acme.com", "allow_subdomains": True},
]
self.assertEqual(received, expected)
def test_not_realm_owner(self) -> None:
self.login("iago")
result = self.client_post("/json/realm/domains")
self.assert_json_error(result, "Must be an organization owner")
result = self.client_patch("/json/realm/domains/15")
self.assert_json_error(result, "Must be an organization owner")
result = self.client_delete("/json/realm/domains/15")
self.assert_json_error(result, "Must be an organization owner")
def test_create_realm_domain(self) -> None:
self.login("desdemona")
data = {
"domain": "",
"allow_subdomains": orjson.dumps(True).decode(),
}
result = self.client_post("/json/realm/domains", info=data)
self.assert_json_error(result, "Invalid domain: Domain can't be empty.")
data["domain"] = "acme.com"
result = self.client_post("/json/realm/domains", info=data)
self.assert_json_success(result)
realm = get_realm("zulip")
self.assertTrue(
RealmDomain.objects.filter(
realm=realm, domain="acme.com", allow_subdomains=True
).exists()
)
result = self.client_post("/json/realm/domains", info=data)
self.assert_json_error(
result, "The domain acme.com is already a part of your organization."
)
mit_user_profile = self.mit_user("sipbtest")
self.login_user(mit_user_profile)
do_change_user_role(mit_user_profile, UserProfile.ROLE_REALM_OWNER, acting_user=None)
result = self.client_post(
"/json/realm/domains", info=data, HTTP_HOST=mit_user_profile.realm.host
)
self.assert_json_success(result)
def test_patch_realm_domain(self) -> None:
self.login("desdemona")
realm = get_realm("zulip")
RealmDomain.objects.create(realm=realm, domain="acme.com", allow_subdomains=False)
data = {
"allow_subdomains": orjson.dumps(True).decode(),
}
url = "/json/realm/domains/acme.com"
result = self.client_patch(url, data)
self.assert_json_success(result)
self.assertTrue(
RealmDomain.objects.filter(
realm=realm, domain="acme.com", allow_subdomains=True
).exists()
)
url = "/json/realm/domains/non-existent.com"
result = self.client_patch(url, data)
self.assertEqual(result.status_code, 400)
self.assert_json_error(result, "No entry found for domain non-existent.com.")
def test_delete_realm_domain(self) -> None:
self.login("desdemona")
realm = get_realm("zulip")
RealmDomain.objects.create(realm=realm, domain="acme.com")
result = self.client_delete("/json/realm/domains/non-existent.com")
self.assertEqual(result.status_code, 400)
self.assert_json_error(result, "No entry found for domain non-existent.com.")
result = self.client_delete("/json/realm/domains/acme.com")
self.assert_json_success(result)
self.assertFalse(RealmDomain.objects.filter(domain="acme.com").exists())
self.assertTrue(realm.emails_restricted_to_domains)
def test_delete_all_realm_domains(self) -> None:
self.login("iago")
realm = get_realm("zulip")
query = RealmDomain.objects.filter(realm=realm)
self.assertTrue(realm.emails_restricted_to_domains)
for realm_domain in query.all():
do_remove_realm_domain(realm_domain, acting_user=None)
self.assertEqual(query.count(), 0)
# Deleting last realm_domain should set `emails_restricted_to_domains` to False.
# This should be tested on a fresh instance, since the cached objects
# would not be updated.
self.assertFalse(get_realm("zulip").emails_restricted_to_domains)
def test_email_allowed_for_realm(self) -> None:
realm1 = do_create_realm("testrealm1", "Test Realm 1", emails_restricted_to_domains=True)
realm2 = do_create_realm("testrealm2", "Test Realm 2", emails_restricted_to_domains=True)
realm_domain = RealmDomain.objects.create(
realm=realm1, domain="test1.com", allow_subdomains=False
)
RealmDomain.objects.create(realm=realm2, domain="test2.test1.com", allow_subdomains=True)
email_allowed_for_realm("user@test1.com", realm1)
with self.assertRaises(DomainNotAllowedForRealmError):
email_allowed_for_realm("user@test2.test1.com", realm1)
email_allowed_for_realm("user@test2.test1.com", realm2)
email_allowed_for_realm("user@test3.test2.test1.com", realm2)
with self.assertRaises(DomainNotAllowedForRealmError):
email_allowed_for_realm("user@test3.test1.com", realm2)
do_change_realm_domain(realm_domain, True, acting_user=None)
email_allowed_for_realm("user@test1.com", realm1)
email_allowed_for_realm("user@test2.test1.com", realm1)
with self.assertRaises(DomainNotAllowedForRealmError):
email_allowed_for_realm("user@test2.com", realm1)
def test_realm_realm_domains_uniqueness(self) -> None:
realm = get_realm("zulip")
with self.assertRaises(IntegrityError):
RealmDomain.objects.create(realm=realm, domain="zulip.com", allow_subdomains=True)
def test_validate_domain(self) -> None:
invalid_domains = [
"",
"test",
"t.",
"test.",
".com",
"-test",
"test...com",
"test-",
"test_domain.com",
"test.-domain.com",
"a" * 255 + ".com",
]
for domain in invalid_domains:
with self.assertRaises(ValidationError):
validate_domain(domain)
valid_domains = ["acme.com", "x-x.y.3.z"]
for domain in valid_domains:
validate_domain(domain)