4.21.3

app/tests/dashboard/test_alias_contact_manager.py

@@ -0,0 +1,59 @@
+from flask import url_for
+
+from app.models import (
+    Alias,
+    Contact,
+)
+from tests.utils import login
+
+
+def test_add_contact_success(flask_client):
+    user = login(flask_client)
+    alias = Alias.filter(Alias.user_id == user.id).first()
+
+    assert Contact.filter_by(user_id=user.id).count() == 0
+
+    # <<< Create a new contact >>>
+    flask_client.post(
+        url_for("dashboard.alias_contact_manager", alias_id=alias.id),
+        data={
+            "form-name": "create",
+            "email": "abcd@gmail.com",
+        },
+        follow_redirects=True,
+    )
+    # a new contact is added
+    assert Contact.filter_by(user_id=user.id).count() == 1
+    contact = Contact.filter_by(user_id=user.id).first()
+    assert contact.website_email == "abcd@gmail.com"
+
+    # <<< Create a new contact using a full email format >>>
+    flask_client.post(
+        url_for("dashboard.alias_contact_manager", alias_id=alias.id),
+        data={
+            "form-name": "create",
+            "email": "First Last <another@gmail.com>",
+        },
+        follow_redirects=True,
+    )
+    # a new contact is added
+    assert Contact.filter_by(user_id=user.id).count() == 2
+    contact = (
+        Contact.filter_by(user_id=user.id).filter(Contact.id != contact.id).first()
+    )
+    assert contact.website_email == "another@gmail.com"
+    assert contact.name == "First Last"
+
+    # <<< Create a new contact with invalid email address >>>
+    r = flask_client.post(
+        url_for("dashboard.alias_contact_manager", alias_id=alias.id),
+        data={
+            "form-name": "create",
+            "email": "with space@gmail.com",
+        },
+        follow_redirects=True,
+    )
+
+    # no new contact is added
+    assert Contact.filter_by(user_id=user.id).count() == 2
+    assert "Invalid email format. Email must be either email@example.com" in str(r.data)

app/tests/dashboard/test_alias_csv_export.py

@@ -0,0 +1,5 @@
+from tests.utils_test_alias import alias_export
+
+
+def test_alias_export(flask_client):
+    alias_export(flask_client, "dashboard.alias_export_route")

app/tests/dashboard/test_alias_transfer.py

@@ -0,0 +1,38 @@
+from app.dashboard.views import alias_transfer
+from app.db import Session
+from app.models import (
+    Alias,
+    Mailbox,
+    User,
+    AliasMailbox,
+)
+from tests.utils import login
+
+
+def test_alias_transfer(flask_client):
+    user = login(flask_client)
+    mb = Mailbox.create(user_id=user.id, email="mb@gmail.com", commit=True)
+
+    alias = Alias.create_new_random(user)
+    Session.commit()
+
+    AliasMailbox.create(alias_id=alias.id, mailbox_id=mb.id, commit=True)
+
+    new_user = User.create(
+        email="hey@example.com",
+        password="password",
+        activated=True,
+        commit=True,
+    )
+
+    Mailbox.create(
+        user_id=new_user.id, email="hey2@example.com", verified=True, commit=True
+    )
+
+    alias_transfer.transfer(alias, new_user, new_user.mailboxes())
+
+    # refresh from db
+    alias = Alias.get(alias.id)
+    assert alias.user == new_user
+    assert set(alias.mailboxes) == set(new_user.mailboxes())
+    assert len(alias.mailboxes) == 2

app/tests/dashboard/test_api_keys.py

@@ -0,0 +1,89 @@
+from time import time
+
+from flask import url_for
+
+from app.db import Session
+from app.models import User, ApiKey
+from tests.utils import login
+
+
+def test_api_key_page_requires_password(flask_client):
+    r = flask_client.get(
+        url_for("dashboard.api_key"),
+    )
+
+    assert r.status_code == 302
+
+
+def test_create_delete_api_key(flask_client):
+    user = login(flask_client)
+    nb_api_key = ApiKey.count()
+
+    # to bypass sudo mode
+    with flask_client.session_transaction() as session:
+        session["sudo_time"] = int(time())
+
+    # create api_key
+    create_r = flask_client.post(
+        url_for("dashboard.api_key"),
+        data={"form-name": "create", "name": "for test"},
+        follow_redirects=True,
+    )
+    assert create_r.status_code == 200
+    api_key = ApiKey.get_by(user_id=user.id)
+    assert ApiKey.filter(ApiKey.user_id == user.id).count() == 1
+    assert api_key.name == "for test"
+
+    # delete api_key
+    delete_r = flask_client.post(
+        url_for("dashboard.api_key"),
+        data={"form-name": "delete", "api-key-id": api_key.id},
+        follow_redirects=True,
+    )
+    assert delete_r.status_code == 200
+    assert ApiKey.count() == nb_api_key
+
+
+def test_delete_all_api_keys(flask_client):
+    nb_api_keys = ApiKey.count()
+
+    # create two test users
+    user_1 = login(flask_client)
+    user_2 = User.create(
+        email="a2@b.c", password="password", name="Test User 2", activated=True
+    )
+    Session.commit()
+
+    # create api_key for both users
+    ApiKey.create(user_1.id, "for test")
+    ApiKey.create(user_1.id, "for test 2")
+    ApiKey.create(user_2.id, "for test")
+    Session.commit()
+
+    assert (
+        ApiKey.count() == nb_api_keys + 3
+    )  # assert that the total number of API keys for all users is 3.
+    # assert that each user has the API keys created
+    assert ApiKey.filter(ApiKey.user_id == user_1.id).count() == 2
+    assert ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
+
+    # to bypass sudo mode
+    with flask_client.session_transaction() as session:
+        session["sudo_time"] = int(time())
+
+    # delete all of user 1's API keys
+    r = flask_client.post(
+        url_for("dashboard.api_key"),
+        data={"form-name": "delete-all"},
+        follow_redirects=True,
+    )
+    assert r.status_code == 200
+    assert (
+        ApiKey.count() == nb_api_keys + 1
+    )  # assert that the total number of API keys for all users is now 1.
+    assert (
+        ApiKey.filter(ApiKey.user_id == user_1.id).count() == 0
+    )  # assert that user 1 now has 0 API keys
+    assert (
+        ApiKey.filter(ApiKey.user_id == user_2.id).count() == 1
+    )  # assert that user 2 still has 1 API key

app/tests/dashboard/test_custom_alias.py

@@ -0,0 +1,391 @@
+from random import random
+
+from flask import url_for, g
+
+from app import config
+from app.alias_suffix import (
+    get_alias_suffixes,
+    AliasSuffix,
+    signer,
+    verify_prefix_suffix,
+)
+from app.alias_utils import delete_alias
+from app.config import EMAIL_DOMAIN
+from app.db import Session
+from app.models import (
+    Mailbox,
+    CustomDomain,
+    Alias,
+    DomainDeletedAlias,
+    DeletedAlias,
+    SLDomain,
+    DailyMetric,
+)
+from app.utils import random_word
+from tests.utils import login, random_domain, create_new_user
+
+
+def test_add_alias_success(flask_client):
+    user = login(flask_client)
+
+    suffix = f".{int(random() * 100000)}@{EMAIL_DOMAIN}"
+    alias_suffix = AliasSuffix(
+        is_custom=False,
+        suffix=suffix,
+        signed_suffix=signer.sign(suffix).decode(),
+        is_premium=False,
+        domain=EMAIL_DOMAIN,
+    )
+
+    # create with a single mailbox
+    r = flask_client.post(
+        url_for("dashboard.custom_alias"),
+        data={
+            "prefix": "prefix",
+            "signed-alias-suffix": alias_suffix.signed_suffix,
+            "mailboxes": [user.default_mailbox_id],
+        },
+        follow_redirects=True,
+    )
+    assert r.status_code == 200
+    assert f"Alias prefix{alias_suffix.suffix} has been created" in str(r.data)
+
+    alias = Alias.order_by(Alias.created_at.desc()).first()
+    assert not alias._mailboxes
+
+
+def test_add_alias_increment_nb_daily_metric_alias(flask_client):
+    user = login(flask_client)
+
+    daily_metric = DailyMetric.get_or_create_today_metric()
+    Session.commit()
+    nb_alias = daily_metric.nb_alias
+
+    suffix = f".{int(random() * 100000)}@{EMAIL_DOMAIN}"
+    alias_suffix = AliasSuffix(
+        is_custom=False,
+        suffix=suffix,
+        signed_suffix=signer.sign(suffix).decode(),
+        is_premium=False,
+        domain=EMAIL_DOMAIN,
+    )
+
+    # create with a single mailbox
+    r = flask_client.post(
+        url_for("dashboard.custom_alias"),
+        data={
+            "prefix": "prefix",
+            "signed-alias-suffix": alias_suffix.signed_suffix,
+            "mailboxes": [user.default_mailbox_id],
+        },
+        follow_redirects=True,
+    )
+    assert r.status_code == 200
+    new_daily_metric = DailyMetric.get_or_create_today_metric()
+    assert new_daily_metric.nb_alias == nb_alias + 1
+
+
+def test_add_alias_multiple_mailboxes(flask_client):
+    user = login(flask_client)
+    Session.commit()
+
+    suffix = f".{int(random() * 100000)}@{EMAIL_DOMAIN}"
+    alias_suffix = AliasSuffix(
+        is_custom=False,
+        suffix=suffix,
+        signed_suffix=signer.sign(suffix).decode(),
+        is_premium=False,
+        domain=EMAIL_DOMAIN,
+    )
+
+    # create with a multiple mailboxes
+    mb1 = Mailbox.create(user_id=user.id, email="m1@example.com", verified=True)
+    Session.commit()
+
+    r = flask_client.post(
+        url_for("dashboard.custom_alias"),
+        data={
+            "prefix": "prefix",
+            "signed-alias-suffix": alias_suffix.signed_suffix,
+            "mailboxes": [user.default_mailbox_id, mb1.id],
+        },
+        follow_redirects=True,
+    )
+    assert r.status_code == 200
+    assert f"Alias prefix{alias_suffix.suffix} has been created" in str(r.data)
+
+    alias = Alias.order_by(Alias.created_at.desc()).first()
+    assert alias._mailboxes
+
+
+def test_not_show_unverified_mailbox(flask_client):
+    """make sure user unverified mailbox is not shown to user"""
+    user = login(flask_client)
+    Session.commit()
+
+    Mailbox.create(user_id=user.id, email="m1@example.com", verified=True)
+    Mailbox.create(user_id=user.id, email="m2@example.com", verified=False)
+    Session.commit()
+
+    r = flask_client.get(url_for("dashboard.custom_alias"))
+
+    assert "m1@example.com" in str(r.data)
+    assert "m2@example.com" not in str(r.data)
+
+
+def test_verify_prefix_suffix(flask_client):
+    user = login(flask_client)
+    Session.commit()
+
+    CustomDomain.create(user_id=user.id, domain="test.com", ownership_verified=True)
+
+    assert verify_prefix_suffix(user, "prefix", "@test.com")
+    assert not verify_prefix_suffix(user, "prefix", "@abcd.com")
+
+    word = random_word()
+    suffix = f".{word}@{EMAIL_DOMAIN}"
+    assert verify_prefix_suffix(user, "prefix", suffix)
+
+
+def test_available_suffixes(flask_client):
+    user = login(flask_client)
+
+    CustomDomain.create(user_id=user.id, domain="test.com", ownership_verified=True)
+
+    assert len(get_alias_suffixes(user)) > 0
+
+    # first suffix is custom domain
+    first_suffix = get_alias_suffixes(user)[0]
+    assert first_suffix.is_custom
+    assert first_suffix.suffix == "@test.com"
+    assert first_suffix.signed_suffix.startswith("@test.com")
+
+
+def test_available_suffixes_default_domain(flask_client):
+    user = login(flask_client)
+
+    sl_domain = SLDomain.first()
+    CustomDomain.create(
+        user_id=user.id, domain="test.com", ownership_verified=True, commit=True
+    )
+
+    user.default_alias_public_domain_id = sl_domain.id
+
+    # first suffix is SL Domain
+    first_suffix = get_alias_suffixes(user)[0]
+    assert first_suffix.suffix.endswith(f"@{sl_domain.domain}")
+
+    user.default_alias_public_domain_id = None
+    # first suffix is custom domain
+    first_suffix = get_alias_suffixes(user)[0]
+    assert first_suffix.suffix == "@test.com"
+
+
+def test_available_suffixes_random_prefix_generation(flask_client):
+    user = login(flask_client)
+
+    CustomDomain.create(
+        user_id=user.id, domain="test.com", ownership_verified=True, commit=True
+    )
+    cd2 = CustomDomain.create(
+        user_id=user.id, domain="test2.com", ownership_verified=True, commit=True
+    )
+
+    user.default_alias_custom_domain_id = cd2.id
+
+    # first suffix is test2.com
+    first_suffix = get_alias_suffixes(user)[0]
+    assert first_suffix.suffix == "@test2.com"
+
+    cd2.random_prefix_generation = True
+    # e.g. .meo@test2.com
+    first_suffix = get_alias_suffixes(user)[0]
+    assert first_suffix.suffix.endswith("@test2.com")
+    assert first_suffix.suffix.startswith(".")
+
+
+def test_available_suffixes_hidden_domain(flask_client):
+    user = login(flask_client)
+    nb_suffix = len(get_alias_suffixes(user))
+
+    sl_domain = SLDomain.create(domain=random_domain(), commit=True)
+    assert len(get_alias_suffixes(user)) == nb_suffix + 1
+
+    sl_domain.hidden = True
+    Session.commit()
+    assert len(get_alias_suffixes(user)) == nb_suffix
+
+
+def test_available_suffixes_domain_order(flask_client):
+    user = login(flask_client)
+
+    domain = random_domain()
+    # will be the last domain as other domains have order=0
+    sl_domain = SLDomain.create(domain=domain, order=1, commit=True)
+    last_suffix_info = get_alias_suffixes(user)[-1]
+    assert last_suffix_info.suffix.endswith(domain)
+
+    # now will be the first domain
+    sl_domain.order = -1
+    Session.commit()
+    first_suffix_info = get_alias_suffixes(user)[0]
+    assert first_suffix_info.suffix.endswith(domain)
+
+
+def test_add_already_existed_alias(flask_client):
+    user = login(flask_client)
+    Session.commit()
+
+    another_user = create_new_user()
+
+    word = random_word()
+    suffix = f".{word}@{EMAIL_DOMAIN}"
+
+    alias_suffix = AliasSuffix(
+        is_custom=False,
+        suffix=suffix,
+        signed_suffix=signer.sign(suffix).decode(),
+        is_premium=False,
+        domain=EMAIL_DOMAIN,
+    )
+
+    # alias already exist
+    Alias.create(
+        user_id=another_user.id,
+        email=f"prefix{suffix}",
+        mailbox_id=another_user.default_mailbox_id,
+        commit=True,
+    )
+
+    # create the same alias, should return error
+    r = flask_client.post(
+        url_for("dashboard.custom_alias"),
+        data={
+            "prefix": "prefix",
+            "signed-alias-suffix": alias_suffix.signed_suffix,
+            "mailboxes": [user.default_mailbox_id],
+        },
+        follow_redirects=True,
+    )
+    assert r.status_code == 200
+    assert f"prefix{suffix} cannot be used" in r.get_data(True)
+
+
+def test_add_alias_in_global_trash(flask_client):
+    user = login(flask_client)
+    Session.commit()
+
+    another_user = create_new_user()
+
+    word = random_word()
+    suffix = f".{word}@{EMAIL_DOMAIN}"
+    alias_suffix = AliasSuffix(
+        is_custom=False,
+        suffix=suffix,
+        signed_suffix=signer.sign(suffix).decode(),
+        is_premium=False,
+        domain=EMAIL_DOMAIN,
+    )
+
+    # delete an alias: alias should go the DeletedAlias
+    alias = Alias.create(
+        user_id=another_user.id,
+        email=f"prefix{suffix}",
+        mailbox_id=another_user.default_mailbox_id,
+        commit=True,
+    )
+
+    prev_deleted = DeletedAlias.count()
+    delete_alias(alias, another_user)
+    assert prev_deleted + 1 == DeletedAlias.count()
+
+    # create the same alias, should return error
+    r = flask_client.post(
+        url_for("dashboard.custom_alias"),
+        data={
+            "prefix": "prefix",
+            "signed-alias-suffix": alias_suffix.signed_suffix,
+            "mailboxes": [user.default_mailbox_id],
+        },
+        follow_redirects=True,
+    )
+    assert r.status_code == 200
+    assert f"prefix{suffix} cannot be used" in r.get_data(True)
+
+
+def test_add_alias_in_custom_domain_trash(flask_client):
+    user = login(flask_client)
+
+    domain = random_domain()
+    custom_domain = CustomDomain.create(
+        user_id=user.id, domain=domain, ownership_verified=True, commit=True
+    )
+
+    # delete a custom-domain alias: alias should go the DomainDeletedAlias
+    alias = Alias.create(
+        user_id=user.id,
+        email=f"prefix@{domain}",
+        custom_domain_id=custom_domain.id,
+        mailbox_id=user.default_mailbox_id,
+        commit=True,
+    )
+
+    assert DomainDeletedAlias.count() == 0
+    delete_alias(alias, user)
+    assert DomainDeletedAlias.count() == 1
+
+    # create the same alias, should return error
+    suffix = f"@{domain}"
+
+    alias_suffix = AliasSuffix(
+        is_custom=False,
+        suffix=suffix,
+        signed_suffix=signer.sign(suffix).decode(),
+        is_premium=False,
+        domain=EMAIL_DOMAIN,
+    )
+
+    r = flask_client.post(
+        url_for("dashboard.custom_alias"),
+        data={
+            "prefix": "prefix",
+            "signed-alias-suffix": alias_suffix.signed_suffix,
+            "mailboxes": [user.default_mailbox_id],
+        },
+        follow_redirects=True,
+    )
+    assert r.status_code == 200
+    assert "You have deleted this alias before. You can restore it on" in r.get_data(
+        True
+    )
+
+
+def test_too_many_requests(flask_client):
+    config.DISABLE_RATE_LIMIT = False
+    user = login(flask_client)
+
+    # create a custom domain
+    domain = random_domain()
+    CustomDomain.create(user_id=user.id, domain=domain, verified=True, commit=True)
+
+    # can't create more than 5 aliases in 1 minute
+    for i in range(7):
+        signed_suffix = signer.sign(f"@{domain}").decode()
+
+        r = flask_client.post(
+            url_for("dashboard.custom_alias"),
+            data={
+                "prefix": f"prefix{i}",
+                "suffix": signed_suffix,
+                "mailboxes": [user.default_mailbox_id],
+            },
+            follow_redirects=True,
+        )
+
+        # to make flask-limiter work with unit test
+        # https://github.com/alisaifee/flask-limiter/issues/147#issuecomment-642683820
+        g._rate_limiting_complete = False
+    else:
+        # last request
+        assert r.status_code == 429
+        assert "Whoa, slow down there, pardner!" in str(r.data)

app/tests/dashboard/test_custom_domain.py

@@ -0,0 +1,61 @@
+from flask import url_for
+
+from app.db import Session
+from app.email_utils import get_email_domain_part
+from app.models import Mailbox
+from tests.utils import login, random_domain
+
+
+def test_add_domain_success(flask_client):
+    user = login(flask_client)
+    user.lifetime = True
+    Session.commit()
+
+    domain = random_domain()
+    r = flask_client.post(
+        url_for("dashboard.custom_domain"),
+        data={"form-name": "create", "domain": domain},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert f"New domain {domain} is created".encode() in r.data
+
+
+def test_add_domain_same_as_user_email(flask_client):
+    """cannot add domain if user personal email uses this domain"""
+    user = login(flask_client)
+    user.lifetime = True
+    Session.commit()
+
+    r = flask_client.post(
+        url_for("dashboard.custom_domain"),
+        data={"form-name": "create", "domain": get_email_domain_part(user.email)},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert (
+        b"You cannot add a domain that you are currently using for your personal email"
+        in r.data
+    )
+
+
+def test_add_domain_used_in_mailbox(flask_client):
+    """cannot add domain if it has been used in a verified mailbox"""
+    user = login(flask_client)
+    user.lifetime = True
+    Session.commit()
+
+    Mailbox.create(
+        user_id=user.id, email="mailbox@new-domain.com", verified=True, commit=True
+    )
+
+    r = flask_client.post(
+        url_for("dashboard.custom_domain"),
+        data={"form-name": "create", "domain": "new-domain.com"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert b"new-domain.com already used in a SimpleLogin mailbox" in r.data

app/tests/dashboard/test_directory.py

@@ -0,0 +1,84 @@
+from flask import url_for
+
+from app.config import MAX_NB_DIRECTORY
+from app.models import Directory
+from tests.utils import login, random_token
+
+
+def test_create_directory(flask_client):
+    login(flask_client)
+
+    directory_name = random_token()
+    r = flask_client.post(
+        url_for("dashboard.directory"),
+        data={"form-name": "create", "name": directory_name},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert f"Directory {directory_name} is created" in r.data.decode()
+    assert Directory.get_by(name=directory_name) is not None
+
+
+def test_delete_directory(flask_client):
+    """cannot add domain if user personal email uses this domain"""
+    user = login(flask_client)
+    directory_name = random_token()
+    directory = Directory.create(name=directory_name, user_id=user.id, commit=True)
+
+    r = flask_client.post(
+        url_for("dashboard.directory"),
+        data={"form-name": "delete", "directory_id": directory.id},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert f"Directory {directory_name} has been deleted" in r.data.decode()
+    assert Directory.get_by(name=directory_name) is None
+
+
+def test_create_directory_in_trash(flask_client):
+    user = login(flask_client)
+    directory_name = random_token()
+
+    directory = Directory.create(name=directory_name, user_id=user.id, commit=True)
+
+    # delete the directory
+    r = flask_client.post(
+        url_for("dashboard.directory"),
+        data={"form-name": "delete", "directory_id": directory.id},
+        follow_redirects=True,
+    )
+    assert Directory.get_by(name=directory_name) is None
+
+    # try to recreate the directory
+    r = flask_client.post(
+        url_for("dashboard.directory"),
+        data={"form-name": "create", "name": directory_name},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert (
+        f"{directory_name} has been used before and cannot be reused" in r.data.decode()
+    )
+
+
+def test_create_directory_out_of_quota(flask_client):
+    user = login(flask_client)
+
+    for i in range(
+        MAX_NB_DIRECTORY - Directory.filter(Directory.user_id == user.id).count()
+    ):
+        Directory.create(name=f"test{i}", user_id=user.id, commit=True)
+
+    assert Directory.filter(Directory.user_id == user.id).count() == MAX_NB_DIRECTORY
+
+    flask_client.post(
+        url_for("dashboard.directory"),
+        data={"form-name": "create", "name": "test"},
+        follow_redirects=True,
+    )
+
+    # no new directory is created
+    assert Directory.filter(Directory.user_id == user.id).count() == MAX_NB_DIRECTORY

app/tests/dashboard/test_index.py

@@ -0,0 +1,41 @@
+from flask import url_for, g
+
+from app import config
+from app.models import (
+    Alias,
+)
+from tests.utils import login
+
+
+def test_create_random_alias_success(flask_client):
+    user = login(flask_client)
+    assert Alias.filter(Alias.user_id == user.id).count() == 1
+
+    r = flask_client.post(
+        url_for("dashboard.index"),
+        data={"form-name": "create-random-email"},
+        follow_redirects=True,
+    )
+    assert r.status_code == 200
+    assert Alias.filter(Alias.user_id == user.id).count() == 2
+
+
+def test_too_many_requests(flask_client):
+    config.DISABLE_RATE_LIMIT = False
+    login(flask_client)
+
+    # can't create more than 5 aliases in 1 minute
+    for _ in range(7):
+        r = flask_client.post(
+            url_for("dashboard.index"),
+            data={"form-name": "create-random-email"},
+            follow_redirects=True,
+        )
+
+        # to make flask-limiter work with unit test
+        # https://github.com/alisaifee/flask-limiter/issues/147#issuecomment-642683820
+        g._rate_limiting_complete = False
+    else:
+        # last request
+        assert r.status_code == 429
+        assert "Whoa, slow down there, pardner!" in str(r.data)

app/tests/dashboard/test_setting.py

@@ -0,0 +1,28 @@
+from flask import url_for
+
+from app import config
+from app.models import EmailChange
+from app.utils import canonicalize_email
+from tests.utils import login, random_email, create_new_user
+
+
+def test_setup_done(flask_client):
+    config.SKIP_MX_LOOKUP_ON_CHECK = True
+    user = create_new_user()
+    login(flask_client, user)
+    noncanonical_email = f"nonca.{random_email()}"
+
+    r = flask_client.post(
+        url_for("dashboard.setting"),
+        data={
+            "form-name": "update-email",
+            "email": noncanonical_email,
+        },
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    email_change = EmailChange.get_by(user_id=user.id)
+    assert email_change is not None
+    assert email_change.new_email == canonicalize_email(noncanonical_email)
+    config.SKIP_MX_LOOKUP_ON_CHECK = False

app/tests/dashboard/test_setup_done.py

@@ -0,0 +1,16 @@
+from flask import url_for
+
+from tests.utils import login
+
+
+def test_setup_done(flask_client):
+    login(flask_client)
+
+    r = flask_client.get(
+        url_for("dashboard.setup_done"),
+    )
+
+    assert r.status_code == 302
+    # user is redirected to the dashboard page
+    assert r.headers["Location"].endswith("/dashboard/")
+    assert "setup_done=true" in r.headers["Set-Cookie"]

app/tests/dashboard/test_subdomain.py

@@ -0,0 +1,141 @@
+from flask import url_for
+
+from app.config import MAX_NB_SUBDOMAIN
+from app.db import Session
+from app.models import SLDomain, CustomDomain, Job
+from tests.utils import login
+
+
+def setup_sl_domain() -> SLDomain:
+    """Take the first SLDomain and set its can_use_subdomain=True"""
+    sl_domain: SLDomain = SLDomain.first()
+    sl_domain.can_use_subdomain = True
+    Session.commit()
+
+    return sl_domain
+
+
+def test_create_subdomain(flask_client):
+    login(flask_client)
+    sl_domain = setup_sl_domain()
+
+    r = flask_client.post(
+        url_for("dashboard.subdomain_route"),
+        data={"form-name": "create", "subdomain": "test", "domain": sl_domain.domain},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert f"New subdomain test.{sl_domain.domain} is created" in r.data.decode()
+    assert CustomDomain.get_by(domain=f"test.{sl_domain.domain}") is not None
+
+
+def test_delete_subdomain(flask_client):
+    user = login(flask_client)
+    sl_domain = setup_sl_domain()
+
+    subdomain = CustomDomain.create(
+        domain=f"test.{sl_domain.domain}",
+        user_id=user.id,
+        is_sl_subdomain=True,
+        commit=True,
+    )
+
+    nb_job = Job.count()
+
+    r = flask_client.post(
+        url_for("dashboard.domain_detail", custom_domain_id=subdomain.id),
+        data={"form-name": "delete"},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert f"test.{sl_domain.domain} scheduled for deletion." in r.data.decode()
+
+    # a domain deletion job is scheduled
+    assert Job.count() == nb_job + 1
+
+
+def test_create_subdomain_in_trash(flask_client):
+    user = login(flask_client)
+    sl_domain = setup_sl_domain()
+
+    subdomain = CustomDomain.create(
+        domain=f"test.{sl_domain.domain}",
+        user_id=user.id,
+        is_sl_subdomain=True,
+        commit=True,
+    )
+
+    # delete the subdomain
+    CustomDomain.delete(subdomain.id)
+    assert CustomDomain.get_by(domain=f"test.{sl_domain.domain}") is None
+
+    r = flask_client.post(
+        url_for("dashboard.subdomain_route"),
+        data={"form-name": "create", "subdomain": "test", "domain": sl_domain.domain},
+        follow_redirects=True,
+    )
+
+    assert r.status_code == 200
+    assert (
+        f"test.{sl_domain.domain} has been used before and cannot be reused"
+        in r.data.decode()
+    )
+
+
+def test_create_subdomain_out_of_quota(flask_client):
+    user = login(flask_client)
+    sl_domain = setup_sl_domain()
+
+    for i in range(MAX_NB_SUBDOMAIN):
+        CustomDomain.create(
+            domain=f"test{i}.{sl_domain.domain}",
+            user_id=user.id,
+            is_sl_subdomain=True,
+            commit=True,
+        )
+
+    assert CustomDomain.filter_by(user_id=user.id).count() == MAX_NB_SUBDOMAIN
+
+    flask_client.post(
+        url_for("dashboard.subdomain_route"),
+        data={"form-name": "create", "subdomain": "test", "domain": sl_domain.domain},
+        follow_redirects=True,
+    )
+
+    # no new subdomain is created
+    assert CustomDomain.filter_by(user_id=user.id).count() == MAX_NB_SUBDOMAIN
+
+
+def test_create_subdomain_invalid(flask_client):
+    user = login(flask_client)
+    sl_domain = setup_sl_domain()
+
+    # subdomain can't end with dash (-)
+    flask_client.post(
+        url_for("dashboard.subdomain_route"),
+        data={"form-name": "create", "subdomain": "test-", "domain": sl_domain.domain},
+        follow_redirects=True,
+    )
+    assert CustomDomain.filter_by(user_id=user.id).count() == 0
+
+    # subdomain can't contain underscore (_)
+    flask_client.post(
+        url_for("dashboard.subdomain_route"),
+        data={
+            "form-name": "create",
+            "subdomain": "test_test",
+            "domain": sl_domain.domain,
+        },
+        follow_redirects=True,
+    )
+    assert CustomDomain.filter_by(user_id=user.id).count() == 0
+
+    # subdomain must have at least 3 characters
+    flask_client.post(
+        url_for("dashboard.subdomain_route"),
+        data={"form-name": "create", "subdomain": "te", "domain": sl_domain.domain},
+        follow_redirects=True,
+    )
+    assert CustomDomain.filter_by(user_id=user.id).count() == 0

app/tests/dashboard/test_unsubscribe.py

@@ -0,0 +1,35 @@
+from app.db import Session
+from app.models import (
+    Alias,
+    Contact,
+)
+from tests.utils import login
+
+
+def test_disable_alias(flask_client):
+    user = login(flask_client)
+    alias = Alias.create_new_random(user)
+    Session.commit()
+
+    assert alias.enabled
+    flask_client.post(f"/dashboard/unsubscribe/{alias.id}")
+    assert not alias.enabled
+
+
+def test_block_contact(flask_client):
+    user = login(flask_client)
+    alias = Alias.first()
+    contact = Contact.create(
+        user_id=user.id,
+        alias_id=alias.id,
+        website_email="contact@example.com",
+        reply_email="re1@SL",
+        commit=True,
+    )
+
+    assert not contact.block_forward
+    flask_client.post(f"/dashboard/block_contact/{contact.id}")
+    assert contact.block_forward
+
+    # make sure the page loads
+    flask_client.get(f"/dashboard/block_contact/{contact.id}")