Prevent mailboxes that have been disabled from being used again (#2016)

* Prevent mailboxes that have been disabled from being used again * Improve test * Get one user since it will be unique
2024-01-23 14:57:40 +01:00 · 2024-01-23 14:57:40 +01:00 · 761420ece9
parent c3848862c3
commit 761420ece9
2 changed files with 57 additions and 5 deletions
--- a/app/email_utils.py
+++ b/app/email_utils.py
@ -583,6 +583,26 @@ def email_can_be_used_as_mailbox(email_address: str) -> bool:
            LOG.d("MX Domain %s %s is invalid mailbox domain", mx_domain, domain)
            return False

+    existing_user = User.get_by(email=email_address)
+    if existing_user and existing_user.disabled:
+        LOG.d(
+            f"User {existing_user} is disabled. {email_address} cannot be used for other mailbox"
+        )
+        return False
+
+    for existing_user in (
+        User.query()
+        .join(Mailbox, User.id == Mailbox.user_id)
+        .filter(Mailbox.email == email_address)
+        .group_by(User.id)
+        .all()
+    ):
+        if existing_user.disabled:
+            LOG.d(
+                f"User {existing_user} is disabled and has a mailbox with {email_address}. Id cannot be used for other mailbox"
+            )
+            return False
+
    return True


--- a/tests/test_email_utils.py
+++ b/tests/test_email_utils.py
@ -49,10 +49,25 @@ from app.models import (
    VerpType,
    AliasGeneratorEnum,
    SLDomain,
+    Mailbox,
 )

 # flake8: noqa: E101, W191
-from tests.utils import login, load_eml_file, create_new_user, random_domain
+from tests.utils import (
+    login,
+    load_eml_file,
+    create_new_user,
+    random_domain,
+    random_token,
+)
+
+
+def setup_module(module):
+    config.SKIP_MX_LOOKUP_ON_CHECK = True
+
+
+def teardown_module(module):
+    config.SKIP_MX_LOOKUP_ON_CHECK = False


 def test_get_email_domain_part():
@ -68,10 +83,6 @@ def test_email_belongs_to_alias_domains():
    assert not can_create_directory_for_address("hey@d3.test")


-@pytest.mark.skipif(
-    "GITHUB_ACTIONS_TEST" in os.environ,
-    reason="this test requires DNS lookup that does not work on Github CI",
-)
 def test_can_be_used_as_personal_email(flask_client):
    # default alias domain
    assert not email_can_be_used_as_mailbox("ab@sl.local")
@ -94,6 +105,27 @@ def test_can_be_used_as_personal_email(flask_client):
    assert email_can_be_used_as_mailbox("abcd@gmail.com")


+def test_disabled_user_prevents_email_from_being_used_as_mailbox():
+    email = f"user_{random_token(10)}@mailbox.test"
+    assert email_can_be_used_as_mailbox(email)
+    user = create_new_user(email)
+    user.disabled = True
+    Session.flush()
+    assert not email_can_be_used_as_mailbox(email)
+
+
+def test_disabled_user_with_secondary_mailbox_prevents_email_from_being_used_as_mailbox():
+    email = f"user_{random_token(10)}@mailbox.test"
+    assert email_can_be_used_as_mailbox(email)
+    user = create_new_user()
+    Mailbox.create(user_id=user.id, email=email)
+    Session.flush()
+    assert email_can_be_used_as_mailbox(email)
+    user.disabled = True
+    Session.flush()
+    assert not email_can_be_used_as_mailbox(email)
+
+
 def test_delete_header():
    msg = EmailMessage()
    assert msg._headers == []