emails: do not check SPF if ALLOWED_SPF_RECORDS is empty (#32712)

hobo/emails/validators.py

@@ -48,6 +48,8 @@ def validate_email_address(value):
 
 def validate_email_spf(value, strict=False):
     allowed_records = settings.ALLOWED_SPF_RECORDS
+    if not allowed_records:
+        return
     email_domain = value.split('@')[-1]
     txt_records = sum([r.strings for r in dns.resolver.query(email_domain, 'TXT')], [])
     spf_records = [x for x in txt_records if x.startswith('v=spf1 ')]

tests/test_emails.py

@@ -130,7 +130,8 @@ def test_invalid_spf(client, admin_user, dns_resolver, smtp_server, settings):
     assert 'No suitable SPF record found' in response.content
 
 
-def test_strict_nospf(client, admin_user, dns_resolver, smtp_server, monkeypatch):
+def test_strict_nospf(client, admin_user, dns_resolver, smtp_server, monkeypatch, settings):
+    settings.ALLOWED_SPF_RECORDS = ['include:allowed_mx.com']
     monkeypatch.setattr('hobo.emails.validators.validate_email_spf.__defaults__', (True,))
     client.post('/login/', {'username': 'admin', 'password': 'password'})
     response = client.post('/emails/', {'default_from_email': 'john.doe@example.com'}, follow=True)
@@ -144,3 +145,11 @@ def test_valid_spf(client, admin_user, dns_resolver, smtp_server, settings):
     response = client.post('/emails/', {'default_from_email': 'john.doe@example-spf.com'}, follow=True)
     assert response.status_code == 200
     assert 'Emails settings have been updated. It will take a few seconds to be effective.' in response.content
+
+
+def test_no_spf_validation(client, admin_user, dns_resolver, smtp_server, settings):
+    settings.ALLOWED_SPF_RECORDS = []
+    client.post('/login/', {'username': 'admin', 'password': 'password'})
+    response = client.post('/emails/', {'default_from_email': 'john.doe@example-invalid-spf.com'}, follow=True)
+    assert response.status_code == 200
+    assert 'Emails settings have been updated. It will take a few seconds to be effective.' in response.content