2 files changed, 44 insertions(+), 6 deletions(-)

M main/tests/test_users.py
M main/views/general.py

@@ 1,3 1,4 @@
+from django.conf import settings
 from django.test import TestCase
 from django.urls import reverse
 


@@ 282,7 283,7 @@ class UserDomainCheckTestCase(TestCase):
             username="alice", custom_domain="example.com"
         )
 
-    def test_domain_exists(self):
+    def test_custom_domain_exists(self):
         response = self.client.get(reverse("domain_check") + "?domain=example.com")
         self.assertEqual(response.status_code, 200)
 


@@ 290,6 291,24 @@ class UserDomainCheckTestCase(TestCase):
         response = self.client.get(reverse("domain_check") + "?domain=randomdomain.com")
         self.assertEqual(response.status_code, 403)
 
+    def test_canonical_host(self):
+        response = self.client.get(
+            reverse("domain_check") + "?domain=" + settings.CANONICAL_HOST
+        )
+        self.assertEqual(response.status_code, 200)
+
+    def test_subdomain_with_existing_user(self):
+        response = self.client.get(
+            reverse("domain_check") + f"?domain=alice.{settings.CANONICAL_HOST}"
+        )
+        self.assertEqual(response.status_code, 200)
+
+    def test_subdomain_with_nonexistent_user(self):
+        response = self.client.get(
+            reverse("domain_check") + f"?domain=bob.{settings.CANONICAL_HOST}"
+        )
+        self.assertEqual(response.status_code, 403)
+
 class UserMarkdownLinkOnPaste(TestCase):
     def setUp(self):
         self.user = models.User.objects.create(username="alice")

@@ 280,15 280,34 @@ class PostList(LoginRequiredMixin, ListView):
 
 def domain_check(request):
     """
-    This view returns 200 if domain given exists as custom domain in any
-    user account.
+    This view returns 200 if the domain given exists as:
+    * canonical host (main domain)
+    * subdomain of canonical host of existing user/blog
+    * custom domain of existing user/blog
     """
     url = request.GET.get("domain")
     if not url:
         raise PermissionDenied()
-    if not models.User.objects.filter(custom_domain=url).exists():
-        raise PermissionDenied()
-    return HttpResponse()
+    
+    # allow canonical host
+    if url == settings.CANONICAL_HOST:
+        return HttpResponse()
+
+    # allow user blog subdomains
+    host_parts = url.split(".")
+    canonical_parts = settings.CANONICAL_HOST.split(".")
+    if (
+        len(host_parts) == len(canonical_parts) + 1
+        and ".".join(host_parts[1:]) == settings.CANONICAL_HOST
+    ):
+        subdomain = host_parts[0]
+        if models.User.objects.filter(username=subdomain).exists():
+            return HttpResponse()
+
+    # allow custom domains
+    if models.User.objects.filter(custom_domain=url).exists():
+        return HttpResponse()
+    raise PermissionDenied()
 
 
 class Logout(DjLogoutView):