Handle excessively long email addresses in the team member invite form.

2020-08-17 12:05:19 +03:00 · 2020-08-17 12:05:19 +03:00 · 697cb19bde
commit 697cb19bde
parent ffafc16fe5
5 changed files with 28 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.

 ## Bug Fixes
 - Handle excessively long email addresses in the signup form.
+- Handle excessively long email addresses in the team member invite form.

 ## v1.16.0 - 2020-08-04

--- a/hc/accounts/forms.py
+++ b/hc/accounts/forms.py
@ -98,7 +98,7 @@ class ChangeEmailForm(forms.Form):


 class InviteTeamMemberForm(forms.Form):
-    email = LowercaseEmailField()
+    email = LowercaseEmailField(max_length=254)


 class RemoveTeamMemberForm(forms.Form):
--- a/hc/accounts/tests/test_project.py
+++ b/hc/accounts/tests/test_project.py
@ -108,6 +108,17 @@ class ProjectTestCase(BaseTestCase):
        q = TokenBucket.objects.filter(value="invite-%d" % self.alice.id)
        self.assertFalse(q.exists())

+    def test_it_rejects_too_long_email_addresses(self):
+        self.client.login(username="alice@example.org", password="password")
+
+        aaa = "a" * 300
+        form = {"invite_team_member": "1", "email": f"frank+{aaa}@example.org"}
+        r = self.client.post(self.url, form)
+        self.assertEqual(r.status_code, 200)
+
+        # No email should have been sent
+        self.assertEqual(len(mail.outbox), 0)
+
    @override_settings(SECRET_KEY="test-secret")
    def test_it_rate_limits_invites(self):
        obj = TokenBucket(value="invite-%d" % self.alice.id)
--- a/static/css/settings.css
+++ b/static/css/settings.css
@ -61,10 +61,21 @@
    border-top: 0;
 }

+#team-table .email {
+    max-width: 340px;
+    word-wrap: break-word;
+
+}
+
+.page-project .panel-footer {
+    max-width: 100%;
+    word-wrap: break-word;
+}
+
 #transfer-request {
    border: 5px solid #ffdc3e;
 }

 #transfer-request .settings-block {
    padding: 20px;
-}
+}
--- a/templates/accounts/project.html
+++ b/templates/accounts/project.html
@ -147,13 +147,13 @@
                            <th></th>
                        </tr>
                        <tr>
-                            <td>{{ project.owner.email }}</td>
+                            <td class="email">{{ project.owner.email }}</td>
                            <td>Owner</td>
                            <td></td>
                        </tr>
                        {% for user in project.team %}
                        <tr>
-                            <td>{{ user.email }} </td>
+                            <td class="email">{{ user.email }}</td>
                            <td>Member</td>
                            <td>
                                {% if is_owner %}
@ -369,6 +369,7 @@
                                class="form-control"
                                id="itm-email"
                                name="email"
+                                maxlength="254"
                                placeholder="friend@example.org">
                        </div>
                    </div>