Merge commit from fork

Author: stsewd

readthedocs/projects/forms.py

@@ -1012,20 +1012,11 @@ def clean_domain(self):
         if not parsed.scheme:
             parsed = self._safe_urlparse(f"https://{domain}")
 
-        if not parsed.netloc:
+        domain_string = parsed.netloc.strip()
+        if not domain_string:
             raise forms.ValidationError(f"{domain} is not a valid domain.")
 
-        domain_string = parsed.netloc
-
-        # Don't allow internal domains to be added, we have:
-        # - Dashboard domain
-        # - Public domain (from where documentation pages are served)
-        # - External version domain (from where PR previews are served)
-        for invalid_domain in [
-            settings.PRODUCTION_DOMAIN,
-            settings.PUBLIC_DOMAIN,
-            settings.RTD_EXTERNAL_VERSION_DOMAIN,
-        ]:
+        for invalid_domain in settings.RTD_RESTRICTED_DOMAINS:
             if invalid_domain and domain_string.endswith(invalid_domain):
                 raise forms.ValidationError(f"{invalid_domain} is not a valid domain.")
 

readthedocs/rtd_tests/tests/test_domains.py

@@ -81,39 +81,39 @@ def test_production_domain_not_allowed(self):
             f"{settings.PRODUCTION_DOMAIN} is not a valid domain.",
         )
 
-    @override_settings(PUBLIC_DOMAIN="readthedocs.io")
-    def test_public_domain_not_allowed(self):
+    @override_settings(
+        RTD_RESTRICTED_DOMAINS=[
+            "readthedocs.org",
+            "readthedocs.io",
+            "readthedocs.build",
+        ],
+    )
+    def test_restricted_domains_not_allowed(self):
         """Make sure user can not enter public domain name."""
-        form = DomainForm(
-            {"domain": settings.PUBLIC_DOMAIN},
-            project=self.project,
-        )
-        self.assertFalse(form.is_valid())
-        self.assertEqual(
-            form.errors["domain"][0], f"{settings.PUBLIC_DOMAIN} is not a valid domain."
-        )
-
-        form2 = DomainForm(
-            {"domain": "docs." + settings.PUBLIC_DOMAIN},
-            project=self.project,
-        )
-        self.assertFalse(form2.is_valid())
-        self.assertEqual(
-            form2.errors["domain"][0],
-            f"{settings.PUBLIC_DOMAIN} is not a valid domain.",
-        )
+        invalid_domains = [
+            "readthedocs.org",
+            "test.readthedocs.org",
+            "app.readthedocs.org",
+            "test.app.readthedocs.org",
+            "readthedocs.io",
+            "test.readthedocs.io",
+            "docs.readthedocs.io",
+            "test.docs.readthedocs.io",
+            "readthedocs.build",
+            "test.readthedocs.build",
+            "docs.readthedocs.build",
+            "test.docs.readthedocs.build",
+            # Trailing white spaces, sneaky.
+            "https:// readthedocs.org /",
+        ]
 
-    @override_settings(RTD_EXTERNAL_VERSION_DOMAIN="readthedocs.build")
-    def test_external_domain_not_allowed(self):
-        for domain in ["readthedocs.build", "test.readthedocs.build"]:
+        for domain in invalid_domains:
             form = DomainForm(
                 {"domain": domain},
                 project=self.project,
             )
-            self.assertFalse(form.is_valid())
-            self.assertEqual(
-                form.errors["domain"][0], "readthedocs.build is not a valid domain."
-            )
+            assert not form.is_valid(), domain
+            assert "is not a valid domain." in form.errors["domain"][0]
 
     def test_domain_with_path(self):
         form = DomainForm(

readthedocs/settings/base.py

@@ -98,6 +98,36 @@ def SHOW_DEBUG_TOOLBAR(self):
     RTD_INTERSPHINX_URL = "https://{}".format(PRODUCTION_DOMAIN)
     RTD_EXTERNAL_VERSION_DOMAIN = "external-builds.readthedocs.io"
 
+    @property
+    def RTD_RESTRICTED_DOMAINS(self):
+        """
+        Domains that are restricted for users to use as custom domains.
+
+        This is to avoid users hijacking our domains.
+        We return the last two parts of our public domains to cover all subdomains,
+        e.g, if our domain is "app.readthedocs.org", we restrict all subdomains from "readthedocs.org".
+
+        If your domain is like "readthedocs.co.uk", you might want to override this property.
+
+        We recommend disallowing:
+
+        - Dashboard domain
+        - Public domain (from where documentation pages are served)
+        - External version domain (from where PR previews are served)
+        - Any public domains that point to the validation record (e.g., CNAME to readthedocs.io)
+        """
+        domains = [
+            self.PRODUCTION_DOMAIN,
+            self.PUBLIC_DOMAIN,
+            self.RTD_EXTERNAL_VERSION_DOMAIN,
+            "rtfd.io",
+            "rtfd.org",
+        ]
+        return [
+            ".".join(domain.split(".")[-2:])
+            for domain in domains
+        ]
+
     # Doc Builder Backends
     MKDOCS_BACKEND = "readthedocs.doc_builder.backends.mkdocs"
     SPHINX_BACKEND = "readthedocs.doc_builder.backends.sphinx"