remove /alias/custom/new, /v2/alias/custom/new, refactor test

2024-09-20 15:05:59 +08:00 · 2021-03-24 16:39:49 +01:00 · 2021-03-24 16:39:49 +01:00 · acc285abf0
parent 0c62ac4b1f
commit acc285abf0
2 changed files with 94 additions and 314 deletions
--- a/app/api/views/new_custom_alias.py
+++ b/app/api/views/new_custom_alias.py
@ -5,8 +5,6 @@ from itsdangerous import SignatureExpired
 from app.alias_utils import check_alias_prefix
 from app.api.base import api_bp, require_api_auth
 from app.api.serializer import (
-    serialize_alias_info,
-    get_alias_info,
    serialize_alias_info_v2,
    get_alias_info_v2,
 )
@ -27,172 +25,6 @@ from app.models import (
 from app.utils import convert_to_id


-@api_bp.route("/alias/custom/new", methods=["POST"])
-@limiter.limit(ALIAS_LIMIT)
-@require_api_auth
-def new_custom_alias():
-    """
-    Create a new custom alias
-    Input:
-        alias_prefix, for ex "www_groupon_com"
-        alias_suffix, either .random_letters@simplelogin.co or @my-domain.com
-        optional "hostname" in args
-        optional "note"
-    Output:
-        201 if success
-        409 if the alias already exists
-
-    """
-    LOG.warning("/alias/custom/new is obsolete")
-    user: User = g.user
-    if not user.can_create_new_alias():
-        LOG.d("user %s cannot create any custom alias", user)
-        return (
-            jsonify(
-                error="You have reached the limitation of a free account with the maximum of "
-                f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases"
-            ),
-            400,
-        )
-
-    hostname = request.args.get("hostname")
-
-    data = request.get_json()
-    if not data:
-        return jsonify(error="request body cannot be empty"), 400
-
-    alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
-    alias_suffix = data.get("alias_suffix", "").strip().lower().replace(" ", "")
-    note = data.get("note")
-    alias_prefix = convert_to_id(alias_prefix)
-
-    if not verify_prefix_suffix(user, alias_prefix, alias_suffix):
-        return jsonify(error="wrong alias prefix or suffix"), 400
-
-    full_alias = alias_prefix + alias_suffix
-    if (
-        Alias.get_by(email=full_alias)
-        or DeletedAlias.get_by(email=full_alias)
-        or DomainDeletedAlias.get_by(email=full_alias)
-    ):
-        LOG.d("full alias already used %s", full_alias)
-        return jsonify(error=f"alias {full_alias} already exists"), 409
-
-    alias = Alias.create(
-        user_id=user.id, email=full_alias, mailbox_id=user.default_mailbox_id, note=note
-    )
-
-    if alias_suffix.startswith("@"):
-        alias_domain = alias_suffix[1:]
-        domain = CustomDomain.get_by(domain=alias_domain)
-        if domain:
-            LOG.d("set alias %s to domain %s", full_alias, domain)
-            alias.custom_domain_id = domain.id
-
-    db.session.commit()
-
-    if hostname:
-        AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id)
-        db.session.commit()
-
-    return jsonify(alias=full_alias, **serialize_alias_info(get_alias_info(alias))), 201
-
-
-@api_bp.route("/v2/alias/custom/new", methods=["POST"])
-@limiter.limit(ALIAS_LIMIT)
-@require_api_auth
-def new_custom_alias_v2():
-    """
-    Create a new custom alias
-    Same as v1 but signed_suffix is actually the suffix with signature, e.g.
-    .random_word@SL.co.Xq19rQ.s99uWQ7jD1s5JZDZqczYI5TbNNU
-    Input:
-        alias_prefix, for ex "www_groupon_com"
-        signed_suffix, either .random_letters@simplelogin.co or @my-domain.com
-        optional "hostname" in args
-        optional "note"
-    Output:
-        201 if success
-        409 if the alias already exists
-
-    """
-    user: User = g.user
-    if not user.can_create_new_alias():
-        LOG.d("user %s cannot create any custom alias", user)
-        return (
-            jsonify(
-                error="You have reached the limitation of a free account with the maximum of "
-                f"{MAX_NB_EMAIL_FREE_PLAN} aliases, please upgrade your plan to create more aliases"
-            ),
-            400,
-        )
-
-    hostname = request.args.get("hostname")
-
-    data = request.get_json()
-    if not data:
-        return jsonify(error="request body cannot be empty"), 400
-
-    alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
-    signed_suffix = data.get("signed_suffix", "").strip()
-    note = data.get("note")
-    alias_prefix = convert_to_id(alias_prefix)
-
-    # hypothesis: user will click on the button in the 600 secs
-    try:
-        alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
-    except SignatureExpired:
-        LOG.warning("Alias creation time expired for %s", user)
-        return jsonify(error="Alias creation time is expired, please retry"), 412
-    except Exception:
-        LOG.warning("Alias suffix is tampered, user %s", user)
-        return jsonify(error="Tampered suffix"), 400
-
-    if not verify_prefix_suffix(user, alias_prefix, alias_suffix):
-        return jsonify(error="wrong alias prefix or suffix"), 400
-
-    full_alias = alias_prefix + alias_suffix
-    if (
-        Alias.get_by(email=full_alias)
-        or DeletedAlias.get_by(email=full_alias)
-        or DomainDeletedAlias.get_by(email=full_alias)
-    ):
-        LOG.d("full alias already used %s", full_alias)
-        return jsonify(error=f"alias {full_alias} already exists"), 409
-
-    custom_domain_id = None
-    if alias_suffix.startswith("@"):
-        alias_domain = alias_suffix[1:]
-        domain = CustomDomain.get_by(domain=alias_domain)
-
-        # check if the alias is currently in the domain trash
-        if domain and DomainDeletedAlias.get_by(domain_id=domain.id, email=full_alias):
-            LOG.d(f"Alias {full_alias} is currently in the {domain.domain} trash. ")
-            return jsonify(error=f"alias {full_alias} in domain trash"), 409
-
-        if domain:
-            custom_domain_id = domain.id
-
-    alias = Alias.create(
-        user_id=user.id,
-        email=full_alias,
-        mailbox_id=user.default_mailbox_id,
-        note=note,
-        custom_domain_id=custom_domain_id,
-    )
-
-    db.session.commit()
-
-    if hostname:
-        AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id)
-        db.session.commit()
-
-    return (
-        jsonify(alias=full_alias, **serialize_alias_info_v2(get_alias_info_v2(alias))),
-        201,
-    )
-
-
@api_bp.route("/v3/alias/custom/new", methods=["POST"])
@limiter.limit(ALIAS_LIMIT)
@require_api_auth
--- a/tests/api/test_new_custom_alias.py
+++ b/tests/api/test_new_custom_alias.py
@ -1,115 +1,33 @@
-from flask import url_for, g
+from flask import g

 from app.alias_utils import delete_alias
 from app.config import EMAIL_DOMAIN, MAX_NB_EMAIL_FREE_PLAN
 from app.dashboard.views.custom_alias import signer
 from app.extensions import db
-from app.models import User, ApiKey, Alias, CustomDomain, Mailbox
+from app.models import Alias, CustomDomain, Mailbox, AliasUsedOn
 from app.utils import random_word
 from tests.utils import login


-def test_success(flask_client):
-    login(flask_client)
-
-    # create new alias with note
-    word = random_word()
-    r = flask_client.post(
-        url_for("api.new_custom_alias", hostname="www.test.com"),
-        json={
-            "alias_prefix": "prefix",
-            "alias_suffix": f".{word}@{EMAIL_DOMAIN}",
-            "note": "test note",
-        },
-    )
-
-    assert r.status_code == 201
-    assert r.json["alias"] == f"prefix.{word}@{EMAIL_DOMAIN}"
-
-    # assert returned field
-    res = r.json
-    assert "id" in res
-    assert "email" in res
-    assert "creation_date" in res
-    assert "creation_timestamp" in res
-    assert "nb_forward" in res
-    assert "nb_block" in res
-    assert "nb_reply" in res
-    assert "enabled" in res
-    assert "note" in res
-
-    new_ge = Alias.get_by(email=r.json["alias"])
-    assert new_ge.note == "test note"
-
-
-def test_create_custom_alias_without_note(flask_client):
-    login(flask_client)
-
-    # create alias without note
-    word = random_word()
-    r = flask_client.post(
-        url_for("api.new_custom_alias", hostname="www.test.com"),
-        json={"alias_prefix": "prefix", "alias_suffix": f".{word}@{EMAIL_DOMAIN}"},
-    )
-
-    assert r.status_code == 201
-    assert r.json["alias"] == f"prefix.{word}@{EMAIL_DOMAIN}"
-
-    new_ge = Alias.get_by(email=r.json["alias"])
-    assert new_ge.note is None
-
-
-def test_out_of_quota(flask_client):
+def test_minimal_payload(flask_client):
    user = login(flask_client)
-    user.trial_end = None
-    db.session.commit()

-    # create MAX_NB_EMAIL_FREE_PLAN custom alias to run out of quota
-    for _ in range(MAX_NB_EMAIL_FREE_PLAN):
-        Alias.create_new(user, prefix="test")
-
-    word = random_word()
-    r = flask_client.post(
-        url_for("api.new_custom_alias", hostname="www.test.com"),
-        json={"alias_prefix": "prefix", "alias_suffix": f".{word}@{EMAIL_DOMAIN}"},
-    )
-
-    assert r.status_code == 400
-    assert r.json == {
-        "error": "You have reached the limitation of a "
-        "free account with the maximum of 3 aliases, please upgrade your plan to create more aliases"
-    }
-
-
-def test_success_v2(flask_client):
-    user = User.create(
-        email="a@b.c", password="password", name="Test User", activated=True
-    )
-    db.session.commit()
-
-    # create api_key
-    api_key = ApiKey.create(user.id, "for test")
-    db.session.commit()
-
-    # create new alias with note
    word = random_word()
    suffix = f".{word}@{EMAIL_DOMAIN}"
-    suffix = signer.sign(suffix).decode()
+    signed_suffix = signer.sign(suffix).decode()

    r = flask_client.post(
-        url_for("api.new_custom_alias_v2", hostname="www.test.com"),
-        headers={"Authentication": api_key.code},
+        "/api/v3/alias/custom/new",
        json={
            "alias_prefix": "prefix",
-            "signed_suffix": suffix,
-            "note": "test note",
+            "signed_suffix": signed_suffix,
+            "mailbox_ids": [user.default_mailbox_id],
        },
    )

    assert r.status_code == 201
    assert r.json["alias"] == f"prefix.{word}@{EMAIL_DOMAIN}"

-    # assert returned field
    res = r.json
    assert "id" in res
    assert "email" in res
@ -119,70 +37,36 @@ def test_success_v2(flask_client):
    assert "nb_block" in res
    assert "nb_reply" in res
    assert "enabled" in res
-    assert "note" in res

-    new_ge = Alias.get_by(email=r.json["alias"])
-    assert new_ge.note == "test note"
+    new_alias: Alias = Alias.get_by(email=r.json["alias"])
+    assert len(new_alias.mailboxes) == 1


-def test_cannot_create_alias_in_trash(flask_client):
-    user = login(flask_client)
+def test_full_payload(flask_client):
+    """Create alias with:
+    - additional mailbox
+    - note
+    - name
+    - hostname (in URL)
+    """

-    # create a custom domain
-    CustomDomain.create(user_id=user.id, domain="ab.cd", verified=True)
-    db.session.commit()
-
-    # create new alias with note
-    suffix = "@ab.cd"
-    suffix = signer.sign(suffix).decode()
-
-    r = flask_client.post(
-        url_for("api.new_custom_alias_v2", hostname="www.test.com"),
-        json={
-            "alias_prefix": "prefix",
-            "signed_suffix": suffix,
-            "note": "test note",
-        },
-    )
-
-    # assert alias creation is successful
-    assert r.status_code == 201
-    assert r.json["alias"] == "prefix@ab.cd"
-
-    # delete alias: it's going to be moved to ab.cd trash
-    alias = Alias.get_by(email="prefix@ab.cd")
-    assert alias.custom_domain_id
-    delete_alias(alias, user)
-
-    # try to create the same alias, will fail as the alias is in trash
-    r = flask_client.post(
-        url_for("api.new_custom_alias_v2", hostname="www.test.com"),
-        json={
-            "alias_prefix": "prefix",
-            "signed_suffix": suffix,
-            "note": "test note",
-        },
-    )
-    assert r.status_code == 409
-
-
-def test_success_v3(flask_client):
    user = login(flask_client)

    # create another mailbox
    mb = Mailbox.create(user_id=user.id, email="abcd@gmail.com", verified=True)
    db.session.commit()

-    # create new alias with note
    word = random_word()
    suffix = f".{word}@{EMAIL_DOMAIN}"
-    suffix = signer.sign(suffix).decode()
+    signed_suffix = signer.sign(suffix).decode()
+
+    assert AliasUsedOn.query.count() == 0

    r = flask_client.post(
-        url_for("api.new_custom_alias_v3", hostname="www.test.com"),
+        "/api/v3/alias/custom/new?hostname=example.com",
        json={
            "alias_prefix": "prefix",
-            "signed_suffix": suffix,
+            "signed_suffix": signed_suffix,
            "note": "test note",
            "mailbox_ids": [user.default_mailbox_id, mb.id],
            "name": "your name",
@ -194,21 +78,17 @@ def test_success_v3(flask_client):

    # assert returned field
    res = r.json
-    assert "id" in res
-    assert "email" in res
-    assert "creation_date" in res
-    assert "creation_timestamp" in res
-    assert "nb_forward" in res
-    assert "nb_block" in res
-    assert "nb_reply" in res
-    assert "enabled" in res
-    assert "note" in res
+    assert res["note"] == "test note"
    assert res["name"] == "your name"

    new_alias: Alias = Alias.get_by(email=r.json["alias"])
    assert new_alias.note == "test note"
    assert len(new_alias.mailboxes) == 2

+    alias_used_on = AliasUsedOn.first()
+    assert alias_used_on.alias_id == new_alias.id
+    assert alias_used_on.hostname == "example.com"
+

 def test_custom_domain_alias(flask_client):
    user = login(flask_client)
@ -227,9 +107,77 @@ def test_custom_domain_alias(flask_client):
        },
    )

+    assert r.status_code == 201
+    assert r.json["alias"] == "prefix@ab.cd"
+
+
+def test_out_of_quota(flask_client):
+    user = login(flask_client)
+    user.trial_end = None
+    db.session.commit()
+
+    # create MAX_NB_EMAIL_FREE_PLAN custom alias to run out of quota
+    for _ in range(MAX_NB_EMAIL_FREE_PLAN):
+        Alias.create_new(user, prefix="test")
+
+    word = random_word()
+    suffix = f".{word}@{EMAIL_DOMAIN}"
+    signed_suffix = signer.sign(suffix).decode()
+
+    r = flask_client.post(
+        "/api/v3/alias/custom/new",
+        json={
+            "alias_prefix": "prefix",
+            "signed_suffix": signed_suffix,
+            "note": "test note",
+            "mailbox_ids": [user.default_mailbox_id],
+            "name": "your name",
+        },
+    )
+
+    assert r.status_code == 400
+    assert r.json == {
+        "error": "You have reached the limitation of a "
+        "free account with the maximum of 3 aliases, please upgrade your plan to create more aliases"
+    }
+
+
+def test_cannot_create_alias_in_trash(flask_client):
+    user = login(flask_client)
+
+    # create a custom domain
+    CustomDomain.create(user_id=user.id, domain="ab.cd", verified=True, commit=True)
+
+    signed_suffix = signer.sign("@ab.cd").decode()
+
+    r = flask_client.post(
+        "/api/v3/alias/custom/new",
+        json={
+            "alias_prefix": "prefix",
+            "signed_suffix": signed_suffix,
+            "mailbox_ids": [user.default_mailbox_id],
+        },
+    )
+
    assert r.status_code == 201
    assert r.json["alias"] == f"prefix@ab.cd"

+    # delete alias: it's going to be moved to ab.cd trash
+    alias = Alias.get_by(email="prefix@ab.cd")
+    assert alias.custom_domain_id
+    delete_alias(alias, user)
+
+    # try to create the same alias, will fail as the alias is in trash
+    r = flask_client.post(
+        "/api/v3/alias/custom/new",
+        json={
+            "alias_prefix": "prefix",
+            "signed_suffix": signed_suffix,
+            "mailbox_ids": [user.default_mailbox_id],
+        },
+    )
+    assert r.status_code == 409
+

 def test_too_many_requests(flask_client):
    user = login(flask_client)