Handle excessively long email addresses in the team member invite form.

2020-08-17 12:05:19 +03:00 · 2020-08-17 12:05:19 +03:00 · 697cb19bde
commit 697cb19bde
parent ffafc16fe5
5 changed files with 28 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@ All notable changes to this project will be documented in this file.
 ## Bug Fixes
 - Handle excessively long email addresses in the signup form.
 - Handle excessively long email addresses in the team member invite form.
 ## v1.16.0 - 2020-08-04
--- a/hc/accounts/forms.py
+++ b/hc/accounts/forms.py
@ -98,7 +98,7 @@ class ChangeEmailForm(forms.Form):
 class InviteTeamMemberForm(forms.Form):
-    email = LowercaseEmailField()
+    email = LowercaseEmailField(max_length=254)
 class RemoveTeamMemberForm(forms.Form):
--- a/hc/accounts/tests/test_project.py
+++ b/hc/accounts/tests/test_project.py
@ -108,6 +108,17 @@ class ProjectTestCase(BaseTestCase):
        q = TokenBucket.objects.filter(value="invite-%d" % self.alice.id)
        self.assertFalse(q.exists())
    def test_it_rejects_too_long_email_addresses(self):
        self.client.login(username="alice@example.org", password="password")
        aaa = "a" * 300
        form = {"invite_team_member": "1", "email": f"frank+{aaa}@example.org"}
        r = self.client.post(self.url, form)
        self.assertEqual(r.status_code, 200)
        # No email should have been sent
        self.assertEqual(len(mail.outbox), 0)
    @override_settings(SECRET_KEY="test-secret")
    def test_it_rate_limits_invites(self):
        obj = TokenBucket(value="invite-%d" % self.alice.id)
--- a/static/css/settings.css
+++ b/static/css/settings.css
@ -61,6 +61,17 @@
    border-top: 0;
 }
 #team-table .email {
    max-width: 340px;
    word-wrap: break-word;
 }
 .page-project .panel-footer {
    max-width: 100%;
    word-wrap: break-word;
 }
 #transfer-request {
    border: 5px solid #ffdc3e;
 }
--- a/templates/accounts/project.html
+++ b/templates/accounts/project.html
@ -147,13 +147,13 @@
                            <th></th>
                        </tr>
                        <tr>
-                            <td>{{ project.owner.email }}</td>
+                            <td class="email">{{ project.owner.email }}</td>
                            <td>Owner</td>
                            <td></td>
                        </tr>
                        {% for user in project.team %}
                        <tr>
-                            <td>{{ user.email }} </td>
+                            <td class="email">{{ user.email }}</td>
                            <td>Member</td>
                            <td>
                                {% if is_owner %}
@ -369,6 +369,7 @@
                                class="form-control"
                                id="itm-email"
                                name="email"
                                maxlength="254"
                                placeholder="friend@example.org">
                        </div>
                    </div>