Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MPP-3657 Fix relay address validation against deleted address check #4253

Merged
merged 4 commits into from
Dec 21, 2023
Merged

MPP-3657 Fix relay address validation against deleted address check #4253

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e2462d0
Test address repeated from deleted RelayAddress fails validation
say-yawn Dec 20, 2023
0a522b3
Use string of the domain to check for previously deleted addresses
say-yawn Dec 21, 2023
05d1be8
Type check arguments in valid_address function
say-yawn Dec 21, 2023
f51a5f4
Add return type on save so types are checked
say-yawn Dec 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions emails/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -659,13 +659,13 @@ def delete(self, *args, **kwargs):
profile.save()
return super(RelayAddress, self).delete(*args, **kwargs)

def save(self, *args, **kwargs):
def save(self, *args, **kwargs) -> None:
if self._state.adding:
with transaction.atomic():
locked_profile = Profile.objects.select_for_update().get(user=self.user)
check_user_can_make_another_address(locked_profile)
while True:
if valid_address(self.address, self.domain):
if valid_address(self.address, self.domain_value):
break
self.address = address_default()
locked_profile.update_abuse_metric(address_created=True)
Expand Down Expand Up @@ -703,7 +703,7 @@ def valid_address_pattern(address):
return valid_address_pattern.match(address) is not None


def valid_address(address, domain):
def valid_address(address: str, domain: str) -> bool:
address_pattern_valid = valid_address_pattern(address)
address_contains_badword = has_bad_words(address)
address_is_blocklisted = is_blocklisted(address)
Expand Down
10 changes: 10 additions & 0 deletions emails/tests/models_tests.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,16 @@ def test_delete_mozmail_deleted_address_object(self):
deleted_count = DeletedAddress.objects.filter(address_hash=address_hash).count()
assert deleted_count == 1

def test_relay_address_create_repeats_deleted_address_invalid(self):
user = baker.make(User)
address = "random-address"
relay_address = RelayAddress.objects.create(user=user, address=address)
relay_address.delete()
repeat_deleted_relay_address = RelayAddress.objects.create(
user=user, address=address
)
assert not repeat_deleted_relay_address.address == address

def test_valid_address_dupe_of_deleted_invalid(self):
relay_address = RelayAddress.objects.create(user=baker.make(User))
relay_address.delete()
Expand Down