From fc22593bf6eeead2b82e026786df72b10f31d48f Mon Sep 17 00:00:00 2001
From: Son NK <nguyenkims@hotmail.com>
Date: Tue, 28 Jan 2020 15:16:26 +0700
Subject: [PATCH] avoid email loop

Prevent user from adding a domain that they are using for their personal email.
---
 app/dashboard/views/custom_domain.py  |  9 ++++++++-
 tests/dashboard/test_custom_domain.py | 19 +++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/app/dashboard/views/custom_domain.py b/app/dashboard/views/custom_domain.py
index c28cfb84..1511898a 100644
--- a/app/dashboard/views/custom_domain.py
+++ b/app/dashboard/views/custom_domain.py
@@ -5,6 +5,7 @@ from wtforms import StringField, validators
 
 from app.config import EMAIL_SERVERS_WITH_PRIORITY
 from app.dashboard.base import dashboard_bp
+from app.email_utils import get_email_domain_part
 from app.extensions import db
 from app.models import CustomDomain
 
@@ -30,9 +31,15 @@ def custom_domain():
                 return redirect(url_for("dashboard.custom_domain"))
 
             if new_custom_domain_form.validate():
-                new_domain = new_custom_domain_form.domain.data.strip()
+                new_domain = new_custom_domain_form.domain.data.lower().strip()
                 if CustomDomain.get_by(domain=new_domain):
                     flash(f"{new_domain} already added", "warning")
+                elif get_email_domain_part(current_user.email) == new_domain:
+                    flash(
+                        "You cannot add a domain that you are currently using for your personal email. "
+                        "Please change your personal email to your real email",
+                        "error",
+                    )
                 else:
                     new_custom_domain = CustomDomain.create(
                         domain=new_domain, user_id=current_user.id
diff --git a/tests/dashboard/test_custom_domain.py b/tests/dashboard/test_custom_domain.py
index af14a952..30306b28 100644
--- a/tests/dashboard/test_custom_domain.py
+++ b/tests/dashboard/test_custom_domain.py
@@ -17,3 +17,22 @@ def test_add_domain_success(flask_client):
 
     assert r.status_code == 200
     assert b"New domain ab.cd is created" in r.data
+
+
+def test_add_domain_same_as_user_email(flask_client):
+    """cannot add domain if user personal email uses this domain"""
+    user = login(flask_client)
+    user.lifetime = True
+    db.session.commit()
+
+    r = flask_client.post(
+        url_for("dashboard.custom_domain"),
+        data={"form-name": "create", "domain": "b.c"},  # user email is a@b.c
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert (
+        b"You cannot add a domain that you are currently using for your personal email"
+        in r.data
+    )