Merge pull request #1439 from cisagov/dk/763-two-dots-availability

Issue #763 - Subdomain request checking and error presentation

src/api/tests/test_available.py

@@ -15,7 +15,7 @@ from epplibwrapper import (
     commands,
 )
 
-API_BASE_PATH = "/api/v1/available/"
+API_BASE_PATH = "/api/v1/available/?domain="
 
 
 class AvailableViewTest(MockEppLib):

src/api/views.py

@@ -84,6 +84,7 @@ def available(request, domain=""):
     Response is a JSON dictionary with the key "available" and value true or
     false.
     """
+    domain = request.GET.get("domain", "")
     DraftDomain = apps.get_model("registrar.DraftDomain")
     # validate that the given domain could be a domain name and fail early if
     # not.

src/registrar/assets/js/get-gov.js

@@ -142,7 +142,7 @@ function _checkDomainAvailability(el) {
       inlineToast(el.parentElement, el.id, ERROR, response.message);
     }
   }
-  fetchJSON(`available/${el.value}`, callback);
+  fetchJSON(`available/?domain=${el.value}`, callback);
 }
 
 /** Call the API to see if the domain is good. */

src/registrar/config/urls.py

@@ -73,7 +73,7 @@ urlpatterns = [
     path("health/", views.health),
     path("openid/", include("djangooidc.urls")),
     path("register/", include((application_urls, APPLICATION_NAMESPACE))),
-    path("api/v1/available/<domain>", available, name="available"),
+    path("api/v1/available/", available, name="available"),
     path("api/v1/get-report/current-federal", get_current_federal, name="get-current-federal"),
     path("api/v1/get-report/current-full", get_current_full, name="get-current-full"),
     path(

src/registrar/tests/test_forms.py

@@ -74,6 +74,24 @@ class TestFormValidation(MockEppLib):
             ["Enter the .gov domain you want without any periods."],
         )
 
+    def test_requested_domain_two_dots_invalid(self):
+        """don't accept domains that are subdomains"""
+        form = DotGovDomainForm(data={"requested_domain": "sub.top-level-agency.gov"})
+        self.assertEqual(
+            form.errors["requested_domain"],
+            ["Enter the .gov domain you want without any periods."],
+        )
+        form = DotGovDomainForm(data={"requested_domain": ".top-level-agency.gov"})
+        self.assertEqual(
+            form.errors["requested_domain"],
+            ["Enter the .gov domain you want without any periods."],
+        )
+        form = DotGovDomainForm(data={"requested_domain": "..gov"})
+        self.assertEqual(
+            form.errors["requested_domain"],
+            ["Enter the .gov domain you want without any periods."],
+        )
+
     def test_requested_domain_invalid_characters(self):
         """must be a valid .gov domain name."""
         form = DotGovDomainForm(data={"requested_domain": "underscores_forever"})

src/registrar/tests/test_url_auth.py

@@ -110,7 +110,7 @@ class TestURLAuth(TestCase):
         "/openid/callback",
         "/openid/callback/login/",
         "/openid/callback/logout/",
-        "/api/v1/available/whitehouse.gov",
+        "/api/v1/available/",
         "/api/v1/get-report/current-federal",
         "/api/v1/get-report/current-full",
     ]