mirror of
https://github.com/simple-login/app.git
synced 2024-09-27 20:31:30 +02:00
avoid email loop
Prevent user from adding a domain that they are using for their personal email.
This commit is contained in:
parent
f93e40c6ae
commit
fc22593bf6
@ -5,6 +5,7 @@ from wtforms import StringField, validators
|
||||
|
||||
from app.config import EMAIL_SERVERS_WITH_PRIORITY
|
||||
from app.dashboard.base import dashboard_bp
|
||||
from app.email_utils import get_email_domain_part
|
||||
from app.extensions import db
|
||||
from app.models import CustomDomain
|
||||
|
||||
@ -30,9 +31,15 @@ def custom_domain():
|
||||
return redirect(url_for("dashboard.custom_domain"))
|
||||
|
||||
if new_custom_domain_form.validate():
|
||||
new_domain = new_custom_domain_form.domain.data.strip()
|
||||
new_domain = new_custom_domain_form.domain.data.lower().strip()
|
||||
if CustomDomain.get_by(domain=new_domain):
|
||||
flash(f"{new_domain} already added", "warning")
|
||||
elif get_email_domain_part(current_user.email) == new_domain:
|
||||
flash(
|
||||
"You cannot add a domain that you are currently using for your personal email. "
|
||||
"Please change your personal email to your real email",
|
||||
"error",
|
||||
)
|
||||
else:
|
||||
new_custom_domain = CustomDomain.create(
|
||||
domain=new_domain, user_id=current_user.id
|
||||
|
@ -17,3 +17,22 @@ def test_add_domain_success(flask_client):
|
||||
|
||||
assert r.status_code == 200
|
||||
assert b"New domain ab.cd is created" in r.data
|
||||
|
||||
|
||||
def test_add_domain_same_as_user_email(flask_client):
|
||||
"""cannot add domain if user personal email uses this domain"""
|
||||
user = login(flask_client)
|
||||
user.lifetime = True
|
||||
db.session.commit()
|
||||
|
||||
r = flask_client.post(
|
||||
url_for("dashboard.custom_domain"),
|
||||
data={"form-name": "create", "domain": "b.c"}, # user email is a@b.c
|
||||
follow_redirects=True,
|
||||
)
|
||||
|
||||
assert r.status_code == 200
|
||||
assert (
|
||||
b"You cannot add a domain that you are currently using for your personal email"
|
||||
in r.data
|
||||
)
|
||||
|
Loading…
Reference in New Issue
Block a user