瀏覽代碼

fix(api): don't accept POST requests for already registered domains

We return 409 CONFLICT when someone trys to register a domain that is already
registered.

Closes #6
Nils Wisiol 8 年之前
父節點
當前提交
67f02b3f13
共有 2 個文件被更改,包括 16 次插入2 次删除
  1. 8 0
      api/desecapi/tests/testdomains.py
  2. 8 2
      api/desecapi/views.py

+ 8 - 0
api/desecapi/tests/testdomains.py

@@ -106,6 +106,14 @@ class AuthenticatedDomainTests(APITestCase):
         self.assertTrue(self.token in email)
         self.assertTrue(self.token in email)
         self.assertEqual(response.data['dyn'], True)
         self.assertEqual(response.data['dyn'], True)
 
 
+    def testCantPostSameDomainTwice(self):
+        url = reverse('domain-list')
+        data = {'name': utils.generateDomainname(), 'dyn': True}
+        response = self.client.post(url, data)
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        response = self.client.post(url, data)
+        self.assertEqual(response.status_code, status.HTTP_409_CONFLICT)
+
     def testCanUpdateARecord(self):
     def testCanUpdateARecord(self):
         url = reverse('domain-detail', args=(self.ownedDomains[1].pk,))
         url = reverse('domain-detail', args=(self.ownedDomains[1].pk,))
         response = self.client.get(url)
         response = self.client.get(url)

+ 8 - 2
api/desecapi/views.py

@@ -12,13 +12,13 @@ from rest_framework.reverse import reverse
 from rest_framework.authentication import TokenAuthentication, get_authorization_header
 from rest_framework.authentication import TokenAuthentication, get_authorization_header
 from rest_framework.renderers import StaticHTMLRenderer
 from rest_framework.renderers import StaticHTMLRenderer
 from dns import resolver
 from dns import resolver
-import subprocess
-import re
 from django.template.loader import get_template
 from django.template.loader import get_template
 from django.template import Context
 from django.template import Context
 from desecapi.authentication import BasicTokenAuthentication, URLParamAuthentication
 from desecapi.authentication import BasicTokenAuthentication, URLParamAuthentication
 import base64
 import base64
 from desecapi import settings
 from desecapi import settings
+from rest_framework.exceptions import ValidationError
+
 
 
 class DomainList(generics.ListCreateAPIView):
 class DomainList(generics.ListCreateAPIView):
     serializer_class = DomainSerializer
     serializer_class = DomainSerializer
@@ -28,6 +28,12 @@ class DomainList(generics.ListCreateAPIView):
         return Domain.objects.filter(owner=self.request.user.pk)
         return Domain.objects.filter(owner=self.request.user.pk)
 
 
     def perform_create(self, serializer):
     def perform_create(self, serializer):
+        queryset = Domain.objects.filter(name=serializer.validated_data['name'])
+        if queryset.exists():
+            ex = ValidationError(detail={"detail": "This domain name is already registered.", "code": "domain-taken"})
+            ex.status_code = 409
+            raise ex
+
         obj = serializer.save(owner=self.request.user)
         obj = serializer.save(owner=self.request.user)
 
 
         def sendDynDnsEmail(domain):
         def sendDynDnsEmail(domain):