avoid email loop

Prevent user from adding a domain that they are using for their personal email.
2020-01-28 15:16:26 +07:00 · 2020-01-28 15:16:26 +07:00 · fc22593bf6
parent f93e40c6ae
commit fc22593bf6
2 changed files with 27 additions and 1 deletions
--- a/app/dashboard/views/custom_domain.py
+++ b/app/dashboard/views/custom_domain.py
@ -5,6 +5,7 @@ from wtforms import StringField, validators

 from app.config import EMAIL_SERVERS_WITH_PRIORITY
 from app.dashboard.base import dashboard_bp
+from app.email_utils import get_email_domain_part
 from app.extensions import db
 from app.models import CustomDomain

@ -30,9 +31,15 @@ def custom_domain():
                return redirect(url_for("dashboard.custom_domain"))

            if new_custom_domain_form.validate():
-                new_domain = new_custom_domain_form.domain.data.strip()
+                new_domain = new_custom_domain_form.domain.data.lower().strip()
                if CustomDomain.get_by(domain=new_domain):
                    flash(f"{new_domain} already added", "warning")
+                elif get_email_domain_part(current_user.email) == new_domain:
+                    flash(
+                        "You cannot add a domain that you are currently using for your personal email. "
+                        "Please change your personal email to your real email",
+                        "error",
+                    )
                else:
                    new_custom_domain = CustomDomain.create(
                        domain=new_domain, user_id=current_user.id
--- a/tests/dashboard/test_custom_domain.py
+++ b/tests/dashboard/test_custom_domain.py
@ -17,3 +17,22 @@ def test_add_domain_success(flask_client):

    assert r.status_code == 200
    assert b"New domain ab.cd is created" in r.data
+
+
+def test_add_domain_same_as_user_email(flask_client):
+    """cannot add domain if user personal email uses this domain"""
+    user = login(flask_client)
+    user.lifetime = True
+    db.session.commit()
+
+    r = flask_client.post(
+        url_for("dashboard.custom_domain"),
+        data={"form-name": "create", "domain": "b.c"},  # user email is a@b.c
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert (
+        b"You cannot add a domain that you are currently using for your personal email"
+        in r.data
+    )