mirror of
https://github.com/simple-login/app.git
synced 2024-09-27 20:31:30 +02:00
avoid email loop
Prevent user from adding a domain that they are using for their personal email.
This commit is contained in:
parent
f93e40c6ae
commit
fc22593bf6
@ -5,6 +5,7 @@ from wtforms import StringField, validators
|
|||||||
|
|
||||||
from app.config import EMAIL_SERVERS_WITH_PRIORITY
|
from app.config import EMAIL_SERVERS_WITH_PRIORITY
|
||||||
from app.dashboard.base import dashboard_bp
|
from app.dashboard.base import dashboard_bp
|
||||||
|
from app.email_utils import get_email_domain_part
|
||||||
from app.extensions import db
|
from app.extensions import db
|
||||||
from app.models import CustomDomain
|
from app.models import CustomDomain
|
||||||
|
|
||||||
@ -30,9 +31,15 @@ def custom_domain():
|
|||||||
return redirect(url_for("dashboard.custom_domain"))
|
return redirect(url_for("dashboard.custom_domain"))
|
||||||
|
|
||||||
if new_custom_domain_form.validate():
|
if new_custom_domain_form.validate():
|
||||||
new_domain = new_custom_domain_form.domain.data.strip()
|
new_domain = new_custom_domain_form.domain.data.lower().strip()
|
||||||
if CustomDomain.get_by(domain=new_domain):
|
if CustomDomain.get_by(domain=new_domain):
|
||||||
flash(f"{new_domain} already added", "warning")
|
flash(f"{new_domain} already added", "warning")
|
||||||
|
elif get_email_domain_part(current_user.email) == new_domain:
|
||||||
|
flash(
|
||||||
|
"You cannot add a domain that you are currently using for your personal email. "
|
||||||
|
"Please change your personal email to your real email",
|
||||||
|
"error",
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
new_custom_domain = CustomDomain.create(
|
new_custom_domain = CustomDomain.create(
|
||||||
domain=new_domain, user_id=current_user.id
|
domain=new_domain, user_id=current_user.id
|
||||||
|
@ -17,3 +17,22 @@ def test_add_domain_success(flask_client):
|
|||||||
|
|
||||||
assert r.status_code == 200
|
assert r.status_code == 200
|
||||||
assert b"New domain ab.cd is created" in r.data
|
assert b"New domain ab.cd is created" in r.data
|
||||||
|
|
||||||
|
|
||||||
|
def test_add_domain_same_as_user_email(flask_client):
|
||||||
|
"""cannot add domain if user personal email uses this domain"""
|
||||||
|
user = login(flask_client)
|
||||||
|
user.lifetime = True
|
||||||
|
db.session.commit()
|
||||||
|
|
||||||
|
r = flask_client.post(
|
||||||
|
url_for("dashboard.custom_domain"),
|
||||||
|
data={"form-name": "create", "domain": "b.c"}, # user email is a@b.c
|
||||||
|
follow_redirects=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
assert r.status_code == 200
|
||||||
|
assert (
|
||||||
|
b"You cannot add a domain that you are currently using for your personal email"
|
||||||
|
in r.data
|
||||||
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user