diff --git a/api/authentication.py b/api/authentication.py
index 203ef7660c..b8e4971a14 100644
--- a/api/authentication.py
+++ b/api/authentication.py
@@ -148,6 +148,12 @@ def authenticate(self, request):
)
user = sa.user
+ if not user.is_active:
+ raise PermissionDenied(
+ "Authenticated user does not have an active Relay account."
+ " Have they been deactivated?"
+ )
+
if user:
return (user, token)
else:
diff --git a/api/tests/authentication_tests.py b/api/tests/authentication_tests.py
index 90a86aa63a..3cf22a76d6 100644
--- a/api/tests/authentication_tests.py
+++ b/api/tests/authentication_tests.py
@@ -351,6 +351,27 @@ def test_200_resp_from_fxa_no_matching_user_raises_APIException(self) -> None:
response = client.get("/api/v1/relayaddresses/")
assert responses.assert_call_count(self.fxa_verify_path, 1) is True
+ @responses.activate
+ def test_200_resp_from_fxa_inactive_Relay_user_raises_APIException(self) -> None:
+ sa: SocialAccount = baker.make(SocialAccount, uid=self.uid, provider="fxa")
+ sa.user.is_active = False
+ sa.user.save()
+ now_time = int(datetime.now().timestamp())
+ # Note: FXA iat and exp are timestamps in *milliseconds*
+ exp_time = (now_time + 60 * 60) * 1000
+ _setup_fxa_response(200, {"active": True, "sub": self.uid, "exp": exp_time})
+ inactive_user_token = "inactive-user-123"
+ client = APIClient()
+ client.credentials(HTTP_AUTHORIZATION=f"Bearer {inactive_user_token}")
+
+ response = client.get("/api/v1/relayaddresses/")
+ assert response.status_code == 403
+ expected_detail = (
+ "Authenticated user does not have an active Relay account."
+ " Have they been deactivated?"
+ )
+ assert response.json()["detail"] == expected_detail
+
@responses.activate
def test_200_resp_from_fxa_for_user_returns_user_and_caches(self) -> None:
sa: SocialAccount = baker.make(SocialAccount, uid=self.uid, provider="fxa")
diff --git a/api/tests/emails_views_tests.py b/api/tests/emails_views_tests.py
index da3256acf7..1bad574963 100644
--- a/api/tests/emails_views_tests.py
+++ b/api/tests/emails_views_tests.py
@@ -517,6 +517,24 @@ def test_post_relayaddress_flagged_error(
assert get_glean_event(caplog) is None
+def test_post_relayaddress_inactive_user_error(
+ free_user: User, free_api_client: APIClient, caplog: pytest.LogCaptureFixture
+) -> None:
+ """An inactive user is unable to create a random mask."""
+ free_user.is_active = False
+ free_user.save()
+
+ response = free_api_client.post(reverse("relayaddress-list"), {}, format="json")
+
+ assert response.status_code == 403
+ ret_data = response.json()
+ assert ret_data == {
+ "detail": "Your account is not active.",
+ "error_code": "account_is_inactive",
+ }
+ assert get_glean_event(caplog) is None
+
+
@pytest.mark.parametrize(
"key,value",
[
diff --git a/api/tests/phones_views_tests.py b/api/tests/phones_views_tests.py
index bdfa36d2ef..226185d7f2 100644
--- a/api/tests/phones_views_tests.py
+++ b/api/tests/phones_views_tests.py
@@ -847,6 +847,28 @@ def test_inbound_sms_valid_twilio_signature_unknown_number(
assert "Could Not Find Relay Number." in response.data[0].title()
+def test_inbound_sms_valid_twilio_signature_good_data_deactivated_user(
+ phone_user, mocked_twilio_client
+):
+ phone_user.is_active = False
+ phone_user.save()
+ _make_real_phone(phone_user, verified=True)
+ relay_number = _make_relay_number(phone_user)
+ pre_inbound_remaining_texts = relay_number.remaining_texts
+ mocked_twilio_client.reset_mock()
+
+ client = APIClient()
+ path = "/api/v1/inbound_sms"
+ data = {"From": "+15556660000", "To": relay_number.number, "Body": "test body"}
+ response = client.post(path, data, HTTP_X_TWILIO_SIGNATURE="valid")
+
+ assert response.status_code == 200
+ mocked_twilio_client.messages.create.assert_not_called()
+ relay_number.refresh_from_db()
+ assert relay_number.texts_forwarded == 0
+ assert relay_number.remaining_texts == pre_inbound_remaining_texts
+
+
def test_inbound_sms_valid_twilio_signature_good_data(phone_user, mocked_twilio_client):
real_phone = _make_real_phone(phone_user, verified=True)
relay_number = _make_relay_number(phone_user)
@@ -1854,6 +1876,33 @@ def test_inbound_call_valid_twilio_signature_unknown_number(
assert "Could Not Find Relay Number." in response.data[0].title()
+def test_inbound_call_valid_twilio_signature_good_data_deactivated_user(
+ phone_user, mocked_twilio_client
+):
+ _make_real_phone(phone_user, verified=True)
+ relay_number = _make_relay_number(phone_user, enabled=True)
+ phone_user.is_active = False
+ phone_user.save()
+ pre_call_calls_forwarded = relay_number.calls_forwarded
+ caller_number = "+15556660000"
+ mocked_twilio_client.reset_mock()
+
+ client = APIClient()
+ path = "/api/v1/inbound_call"
+ data = {"Caller": caller_number, "Called": relay_number.number}
+ response = client.post(path, data, HTTP_X_TWILIO_SIGNATURE="valid")
+
+ assert response.status_code == 200
+ decoded_content = response.content.decode()
+ assert "" in decoded_content
+ relay_number.refresh_from_db()
+ assert relay_number.calls_forwarded == pre_call_calls_forwarded
+ with pytest.raises(InboundContact.DoesNotExist):
+ InboundContact.objects.get(
+ relay_number=relay_number, inbound_number=caller_number
+ )
+
+
def test_inbound_call_valid_twilio_signature_good_data(
phone_user, mocked_twilio_client
):
diff --git a/api/views/phones.py b/api/views/phones.py
index 9b5cb3376c..bb0856d8ed 100644
--- a/api/views/phones.py
+++ b/api/views/phones.py
@@ -693,6 +693,12 @@ def inbound_sms(request):
raise exceptions.ValidationError("Request missing From, To, Or Body.")
relay_number, real_phone = _get_phone_objects(inbound_to)
+ if not real_phone.user.is_active:
+ return response.Response(
+ status=200,
+ template_name="twiml_empty_response.xml",
+ )
+
_check_remaining(relay_number, "texts")
if inbound_from == real_phone.number:
@@ -939,6 +945,11 @@ def inbound_call(request):
raise exceptions.ValidationError("Call data missing Caller or Called.")
relay_number, real_phone = _get_phone_objects(inbound_to)
+ if not real_phone.user.is_active:
+ return response.Response(
+ status=200,
+ template_name="twiml_empty_response.xml",
+ )
number_disabled = _check_disabled(relay_number, "calls")
if number_disabled:
diff --git a/emails/management/commands/deactivate_user_by_token.py b/emails/management/commands/deactivate_user_by_token.py
deleted file mode 100644
index 04df05b9f6..0000000000
--- a/emails/management/commands/deactivate_user_by_token.py
+++ /dev/null
@@ -1,19 +0,0 @@
-from django.core.management.base import BaseCommand
-
-from ...models import Profile
-
-
-class Command(BaseCommand):
- help = "Removes an API token to effectively block access."
-
- def add_arguments(self, parser):
- parser.add_argument("api_token", nargs=1)
-
- def handle(self, *args, **options):
- try:
- profile = Profile.objects.get(api_token=options["api_token"][0])
- profile.user.is_active = False
- profile.user.save()
- self.stdout.write("SUCCESS: deactivated user.")
- except Profile.DoesNotExist:
- self.stdout.write("ERROR: Could not find user with that token.")
diff --git a/emails/models.py b/emails/models.py
index 40b9d5fcf3..8e95fcc687 100644
--- a/emails/models.py
+++ b/emails/models.py
@@ -320,6 +320,9 @@ def custom_domain(self) -> str:
@property
def has_premium(self) -> bool:
+ if not self.user.is_active:
+ return False
+
# FIXME: as we don't have all the tiers defined we are over-defining
# this to mark the user as a premium user as well
if not self.fxa:
@@ -664,6 +667,12 @@ class AccountIsPausedException(CannotMakeAddressException):
status_code = 403
+class AccountIsInactiveException(CannotMakeAddressException):
+ default_code = "account_is_inactive"
+ default_detail = "Your account is not active."
+ status_code = 403
+
+
class RelayAddrFreeTierLimitException(CannotMakeAddressException):
default_code = "free_tier_limit"
default_detail_template = (
@@ -857,6 +866,9 @@ def metrics_id(self) -> str:
def check_user_can_make_another_address(profile: Profile) -> None:
+ if not profile.user.is_active:
+ raise AccountIsInactiveException()
+
if profile.is_flagged:
raise AccountIsPausedException()
# MPP-3021: return early for premium users to avoid at_max_free_aliases DB query
@@ -910,6 +922,9 @@ def check_user_can_make_domain_address(user_profile: Profile) -> None:
if not user_profile.subdomain:
raise DomainAddrNeedSubdomainException()
+ if not user_profile.user.is_active:
+ raise AccountIsInactiveException()
+
if user_profile.is_flagged:
raise AccountIsPausedException()
diff --git a/emails/tests/views_tests.py b/emails/tests/views_tests.py
index 9529a4493f..4360d7eb68 100644
--- a/emails/tests/views_tests.py
+++ b/emails/tests/views_tests.py
@@ -1424,6 +1424,17 @@ def test_user_bounce_hard_paused_email_in_s3_deleted(self) -> None:
self.assert_log_incoming_email_dropped(caplog, "hard_bounce_pause")
mm.assert_incr_once("fx.private.relay.email_suppressed_for_hard_bounce")
+ def test_user_deactivated_email_in_s3_deleted(self) -> None:
+ self.profile.user.is_active = False
+ self.profile.user.save()
+
+ with self.assertLogs(INFO_LOG) as caplog:
+ response = _sns_notification(EMAIL_SNS_BODIES["s3_stored"])
+ self.mock_remove_message_from_s3.assert_called_once_with(self.bucket, self.key)
+ assert response.status_code == 200
+ assert response.content == b"Account is deactivated."
+ self.assert_log_incoming_email_dropped(caplog, "user_deactivated")
+
@patch("emails.views._reply_allowed")
@patch("emails.views._get_reply_record_from_lookup_key")
def test_reply_not_allowed_email_in_s3_deleted(
diff --git a/emails/views.py b/emails/views.py
index c8672ac50b..e7117f81d7 100644
--- a/emails/views.py
+++ b/emails/views.py
@@ -512,6 +512,7 @@ def _sns_message(message_json: AWS_SNSMessageJSON) -> HttpResponse:
"hard_bounce_pause", # The user recently had a hard bounce
"soft_bounce_pause", # The user recently has a soft bounce
"abuse_flag", # The user exceeded an abuse limit, like mails forwarded
+ "user_deactivated", # The user account is deactivated
"reply_requires_premium", # The email is a reply from a free user
"content_missing", # Could not load the email from storage
"error_from_header", # Error generating the From: header, retryable
@@ -678,6 +679,10 @@ def _handle_received(message_json: AWS_SNSMessageJSON) -> HttpResponse:
log_email_dropped(reason="abuse_flag", mask=address)
return HttpResponse("Address is temporarily disabled.")
+ if not user_profile.user.is_active:
+ log_email_dropped(reason="user_deactivated", mask=address)
+ return HttpResponse("Account is deactivated.")
+
# if address is set to block, early return
if not address.enabled:
incr_if_enabled("email_for_disabled_address", 1)
@@ -1218,6 +1223,9 @@ def _reply_allowed(
):
# This is a Relay user replying to an external sender;
+ if not reply_record.profile.user.is_active:
+ return False
+
if reply_record.profile.is_flagged:
return False
diff --git a/frontend/pendingTranslations.ftl b/frontend/pendingTranslations.ftl
index 4121243877..2f220679b4 100644
--- a/frontend/pendingTranslations.ftl
+++ b/frontend/pendingTranslations.ftl
@@ -124,3 +124,5 @@ upsell-banner-4-masks-us-cta = Upgrade to { -brand-name-relay-premium }
-brand-name-mozilla-monitor = Mozilla Monitor
moz-monitor = { -brand-name-mozilla-monitor }
+
+api-error-account-is-inactive = Your account is not active.
diff --git a/frontend/src/pages/accounts/account_inactive.module.scss b/frontend/src/pages/accounts/account_inactive.module.scss
new file mode 100644
index 0000000000..4346c56bed
--- /dev/null
+++ b/frontend/src/pages/accounts/account_inactive.module.scss
@@ -0,0 +1,6 @@
+@import "~@mozilla-protocol/core/protocol/css/includes/lib";
+
+.error {
+ background-color: $color-red-60;
+ color: $color-white;
+}
diff --git a/frontend/src/pages/accounts/account_inactive.page.tsx b/frontend/src/pages/accounts/account_inactive.page.tsx
new file mode 100644
index 0000000000..40c003a1a6
--- /dev/null
+++ b/frontend/src/pages/accounts/account_inactive.page.tsx
@@ -0,0 +1,18 @@
+import type { NextPage } from "next";
+
+import { Layout } from "../../components/layout/Layout";
+import { useL10n } from "../../hooks/l10n";
+import styles from "./account_inactive.module.scss";
+
+const AccountInactive: NextPage = () => {
+ const l10n = useL10n();
+ return (
+
+
+ {l10n.getString("api-error-account-is-inactive")}
+
+
+ );
+};
+
+export default AccountInactive;
diff --git a/privaterelay/allauth.py b/privaterelay/allauth.py
index 0d72246bcc..2db0478cac 100644
--- a/privaterelay/allauth.py
+++ b/privaterelay/allauth.py
@@ -2,7 +2,7 @@
from urllib.parse import urlencode, urlparse
from django.http import Http404
-from django.shortcuts import resolve_url
+from django.shortcuts import redirect, resolve_url
from django.urls import resolve
from allauth.account.adapter import DefaultAccountAdapter
@@ -54,3 +54,6 @@ def is_safe_url(self, url: str | None) -> bool:
# The path is invalid
logger.error("No matching URL for '%s'", url)
return False
+
+ def respond_user_inactive(self, request, user):
+ return redirect("/accounts/account_inactive/")
diff --git a/privaterelay/management/commands/deactivate_user.py b/privaterelay/management/commands/deactivate_user.py
new file mode 100644
index 0000000000..9334dcb7fc
--- /dev/null
+++ b/privaterelay/management/commands/deactivate_user.py
@@ -0,0 +1,60 @@
+from argparse import ArgumentParser
+from typing import Any
+
+from django.contrib.auth.models import User
+from django.core.management.base import BaseCommand
+
+from allauth.socialaccount.models import SocialAccount
+
+from emails.models import Profile
+
+
+class Command(BaseCommand):
+ help = "Deactivates a user to effectively block all usage of Relay."
+
+ def add_arguments(self, parser: ArgumentParser) -> None:
+ parser.add_argument("--key", type=str, help="User API key")
+ parser.add_argument("--email", type=str, help="User email address")
+ parser.add_argument("--uid", type=str, help="User FXA UID")
+
+ def handle(self, *args: Any, **options: Any) -> str:
+ api_key: str | None = options.get("key")
+ email: str | None = options.get("email")
+ uid: str | None = options.get("uid")
+
+ user: User
+
+ if api_key:
+ try:
+ profile = Profile.objects.get(api_token=api_key)
+ user = profile.user
+ user.is_active = False
+ user.save()
+ msg = f"SUCCESS: deactivated user with api_token: {api_key}"
+ except Profile.DoesNotExist:
+ msg = "ERROR: Could not find user with that API key."
+ self.stderr.write(msg)
+ return msg
+
+ if email:
+ try:
+ user = User.objects.get(email=email)
+ user.is_active = False
+ user.save()
+ msg = f"SUCCESS: deactivated user with email: {email}"
+ except User.DoesNotExist:
+ msg = "ERROR: Could not find user with that email address."
+ self.stderr.write(msg)
+ return msg
+
+ if uid:
+ try:
+ user = SocialAccount.objects.get(uid=uid).user
+ user.is_active = False
+ user.save()
+ msg = f"SUCCESS: deactivated user with FXA UID: {uid}"
+ except SocialAccount.DoesNotExist:
+ msg = "ERROR: Could not find user with that FXA UID."
+ self.stderr.write(msg)
+ return msg
+ return msg
diff --git a/privaterelay/pending_locales/en/pending.ftl b/privaterelay/pending_locales/en/pending.ftl
index 5f35a2cc62..2f5e117871 100644
--- a/privaterelay/pending_locales/en/pending.ftl
+++ b/privaterelay/pending_locales/en/pending.ftl
@@ -3,3 +3,4 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# This is the Django equivalent of frontend/pendingTranslations.ftl
+api-error-account-is-inactive = Your account is not active.
diff --git a/privaterelay/tests/mgmt_deactivate_user_tests.py b/privaterelay/tests/mgmt_deactivate_user_tests.py
new file mode 100644
index 0000000000..523ba7d48e
--- /dev/null
+++ b/privaterelay/tests/mgmt_deactivate_user_tests.py
@@ -0,0 +1,91 @@
+import os
+import random
+import string
+import uuid
+from io import StringIO
+
+from django.core.management import call_command
+
+import pytest
+from allauth.socialaccount.models import SocialAccount
+from model_bakery import baker
+
+COMMAND_NAME = "deactivate_user"
+
+
+@pytest.mark.django_db
+def test_deactivate_by_api_key() -> None:
+ sa: SocialAccount = baker.make(SocialAccount, provider="fxa")
+ api_token = sa.user.profile.api_token
+ out = StringIO()
+
+ call_command(COMMAND_NAME, key=f"{api_token}", stdout=out)
+
+ output = out.getvalue()
+ assert f"SUCCESS: deactivated user with api_token: {api_token}\n" == output
+ sa.user.refresh_from_db()
+ assert sa.user.is_active is False
+
+
+@pytest.mark.django_db
+def test_deactivate_by_api_key_does_not_exist() -> None:
+ out = StringIO()
+ api_token = uuid.uuid4()
+
+ call_command(COMMAND_NAME, key=f"{api_token}", stdout=out)
+
+ output = out.getvalue()
+ assert "ERROR: Could not find user with that API key.\n" == output
+
+
+@pytest.mark.django_db
+def test_deactivate_by_email() -> None:
+ localpart = "".join(random.choice(string.ascii_lowercase) for i in range(9))
+ email = f"{localpart}@test.com"
+ sa: SocialAccount = baker.make(SocialAccount, provider="fxa")
+ sa.user.email = email
+ sa.user.save()
+ out = StringIO()
+
+ call_command(COMMAND_NAME, email=f"{email}", stdout=out)
+
+ output = out.getvalue()
+ assert f"SUCCESS: deactivated user with email: {email}\n" == output
+ sa.user.refresh_from_db()
+ assert sa.user.is_active is False
+
+
+@pytest.mark.django_db
+def test_deactivate_by_email_does_not_exist() -> None:
+ out = StringIO()
+ localpart = "".join(random.choice(string.ascii_lowercase) for i in range(9))
+ email = f"{localpart}@test.com"
+
+ call_command(COMMAND_NAME, email=f"{email}", stdout=out)
+
+ output = out.getvalue()
+ assert "ERROR: Could not find user with that email address.\n" == output
+
+
+@pytest.mark.django_db
+def test_deactivate_by_fxa_uid() -> None:
+ sa: SocialAccount = baker.make(SocialAccount, provider="fxa")
+ out = StringIO()
+
+ call_command(COMMAND_NAME, uid=f"{sa.uid}", stdout=out)
+
+ output = out.getvalue()
+ assert f"SUCCESS: deactivated user with FXA UID: {sa.uid}\n" == output
+ sa.user.refresh_from_db()
+ assert sa.user.is_active is False
+
+
+@pytest.mark.django_db
+def test_deactivate_by_fxa_uid_does_not_exist() -> None:
+ out = StringIO()
+ uid = os.urandom(16).hex()
+
+ call_command(COMMAND_NAME, uid=f"{uid}", stdout=out)
+
+ output = out.getvalue()
+ assert "ERROR: Could not find user with that FXA UID.\n" == output