modoboa 2.4.11__py3-none-any.whl → 2.5.1__py3-none-any.whl

modoboa/amavis/viewsets.py

@@ -0,0 +1,265 @@
+"""Amavis viewsets."""
+
+from django.http import Http404
+from django.shortcuts import get_object_or_404
+from django.utils.translation import gettext as _
+
+import django_rq
+from rest_framework import filters, mixins, permissions, response, viewsets
+from rest_framework.decorators import action
+
+from modoboa.amavis.sql_connector import SQLconnector
+from modoboa.lib.paginator import Paginator
+from modoboa.lib.permissions import CanViewDomain
+
+from modoboa.admin import models as admin_models
+from modoboa.amavis import models, serializers, tasks
+from modoboa.amavis.lib import (
+    AMrelease,
+    manual_learning_enabled,
+    SelfServiceAuthentication,
+)
+from modoboa.amavis.sql_email import SQLemail
+from modoboa.amavis.utils import smart_str
+from modoboa.parameters import tools as param_tools
+
+
+SELFSERVICE_ACTIONS = ["retrieve", "headers", "delete", "release"]
+
+
+def get_user_valid_addresses(user):
+    """Retrieve all valid addresses of a user."""
+    valid_addresses = []
+    if user.role == "SimpleUsers":
+        valid_addresses.append(user.email)
+        try:
+            mb = admin_models.Mailbox.objects.get(user=user)
+        except admin_models.Mailbox.DoesNotExist:
+            pass
+        else:
+            valid_addresses += mb.alias_addresses
+    return valid_addresses
+
+
+class QuarantineViewSet(viewsets.GenericViewSet):
+
+    filter_backends = (filters.OrderingFilter,)
+    ordering_fields = [
+        "datetime",
+        "from_address",
+        "score",
+        "subject",
+        "to_address",
+        "type",
+    ]
+    permission_classes = (permissions.IsAuthenticated,)
+
+    def get_serializer_class(self):
+        if self.action == "retrieve":
+            return serializers.MessageSerializer
+        if self.action == "headers":
+            return serializers.MessageHeadersSerializer
+        if self.action == "mark_selection":
+            return serializers.MarkMessageSelectionSerializer
+        if self.action in ["release_selection", "delete_selection"]:
+            return serializers.MessageSelectionSerializer
+        if self.action in ["delete", "release"]:
+            return serializers.MessageIdentifierSerializer
+        return serializers.PaginatedMessageListSerializer
+
+    def get_authenticators(self):
+        result = [auth() for auth in self.authentication_classes]
+        if self.request:
+            action = self.action_map.get(self.request.method.lower())
+            if action in SELFSERVICE_ACTIONS:
+                result = [SelfServiceAuthentication()] + result
+        return result
+
+    def get_permissions(self):
+        if self.request.auth == "selfservice" and self.action in SELFSERVICE_ACTIONS:
+            return []
+        return super().get_permissions()
+
+    def list(self, request):
+        ordering = request.GET.get("ordering")
+        connector = SQLconnector(user=request.user, ordering=ordering)
+        try:
+            page_size = int(request.GET.get("page_size"))
+        except (TypeError, ValueError):
+            page_size = request.user.parameters.get_value("messages_per_page")
+        total = connector.messages_count(request)
+        paginator = Paginator(total, page_size)
+        page_num = int(request.GET.get("page", 1))
+        page = paginator.getpage(page_num)
+        if not page:
+            serializer = self.get_serializer(
+                {
+                    "count": 0,
+                    "first_index": 0,
+                    "last_index": 0,
+                    "prev_page": None,
+                    "next_page": None,
+                    "results": [],
+                }
+            )
+            return response.Response(serializer.data)
+        email_list = connector.fetch(page.id_start, page.id_stop)
+        serializer = self.get_serializer(
+            {
+                "count": total,
+                "first_index": page_num * page_size,
+                "last_index": (page_num * page_size) + len(email_list),
+                "prev_page": page.previous_page_number if page.has_previous else None,
+                "next_page": page.next_page_number if page.has_next else None,
+                "results": email_list,
+            }
+        )
+        return response.Response(serializer.data)
+
+    def retrieve(self, request, pk):
+        rcpt = request.GET.get("rcpt")
+        if rcpt is None:
+            return response.Response({"error": _("Invalid request")}, status=400)
+        if request.user:
+            if request.user.email == rcpt:
+                SQLconnector().set_msgrcpt_status(rcpt, pk, "V")
+            elif hasattr(request.user, "mailbox"):
+                mb = request.user.mailbox
+                if rcpt == mb.full_address or rcpt in mb.alias_addresses:
+                    SQLconnector().set_msgrcpt_status(rcpt, pk, "V")
+        mail = SQLemail(pk.encode("ascii"), dformat="plain")
+        serializer = self.get_serializer(mail)
+        return response.Response(serializer.data)
+
+    @action(methods=["get"], detail=True)
+    def headers(self, request, pk):
+        email = SQLemail(pk.encode("ascii"))
+        headers = []
+        for name in email.msg.keys():
+            headers.append({"name": name, "value": email.get_header(email.msg, name)})
+        serializer = self.get_serializer({"headers": headers})
+        return response.Response(serializer.data)
+
+    def _release_selection(self, request, selection):
+        connector = SQLconnector()
+        valid_addresses = None
+        if request.user:
+            valid_addresses = get_user_valid_addresses(request.user)
+        msgrcpts = []
+        for item in selection:
+            if valid_addresses and item["rcpt"] not in valid_addresses:
+                continue
+            msgrcpts += [
+                (
+                    item["mailid"],
+                    connector.get_recipient_message(item["rcpt"], item["mailid"]),
+                )
+            ]
+        if (
+            not request.user or request.user.role == "SimpleUsers"
+        ) and not param_tools.get_global_parameter("user_can_release"):
+            for i, msgrcpt in msgrcpts:
+                connector.set_msgrcpt_status(smart_str(msgrcpt.rid.email), i, "p")
+            return response.Response({"status": "pending"})
+
+        amr = AMrelease()
+        error = None
+        for mid, rcpt in msgrcpts:
+            # we can't use the .mail relation on rcpt because it leads to
+            # an error on Postgres (memoryview pickle error).
+            mail = models.Msgs.objects.get(pk=mid.encode("ascii"))
+            result = amr.sendreq(mid, mail.secret_id, rcpt.rid.email)
+            if result:
+                connector.set_msgrcpt_status(smart_str(rcpt.rid.email), mid, "R")
+            else:
+                error = result
+                break
+
+        if error:
+            return response.Response({"status": error})
+
+        return response.Response({"status": "released"})
+
+    @action(methods=["post"], detail=False)
+    def release_selection(self, request):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        return self._release_selection(request, serializer.validated_data["selection"])
+
+    @action(methods=["post"], detail=True)
+    def release(self, request, pk):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        return self._release_selection(request, [serializer.validated_data])
+
+    def _delete_selection(self, request, selection):
+        connector = SQLconnector()
+        valid_addresses = None
+        if request.user:
+            valid_addresses = get_user_valid_addresses(request.user)
+        for item in selection:
+            if valid_addresses and item["rcpt"] not in valid_addresses:
+                continue
+            connector.set_msgrcpt_status(item["rcpt"], item["mailid"], "D")
+        return response.Response(status=204)
+
+    @action(methods=["post"], detail=False)
+    def delete_selection(self, request):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        return self._delete_selection(request, serializer.validated_data["selection"])
+
+    @action(methods=["post"], detail=True)
+    def delete(self, request, pk):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        return self._delete_selection(request, [serializer.validated_data])
+
+    @action(methods=["post"], detail=False)
+    def mark_selection(self, request):
+        serializer = self.get_serializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        if not manual_learning_enabled(request.user):
+            return response.Response({"status": "ok"})
+        recipient_db = serializer.validated_data.get("database")
+        if not recipient_db:
+            recipient_db = "user" if request.user.role == "SimpleUsers" else "global"
+        queue = django_rq.get_queue("modoboa")
+        queue.enqueue(
+            tasks.manual_learning,
+            request.user.pk,
+            serializer.validated_data["type"],
+            serializer.validated_data["selection"],
+            recipient_db,
+        )
+        return response.Response(status=204)
+
+
+class PolicyViewSet(
+    mixins.RetrieveModelMixin, mixins.UpdateModelMixin, viewsets.GenericViewSet
+):
+
+    permission_classes = (permissions.IsAuthenticated, CanViewDomain)
+    serializer_class = serializers.PolicySerializer
+
+    def get_queryset(self):
+        domains = [
+            f"@{name}"
+            for name in admin_models.Domain.objects.get_for_admin(
+                self.request.user
+            ).values_list("name", flat=True)
+        ]
+        return models.Policy.objects.filter(users__email__in=domains)
+
+    def get_object(self):
+        """Return the object the view is displaying."""
+        domain = get_object_or_404(admin_models.Domain, pk=self.kwargs["pk"])
+        queryset = self.filter_queryset(self.get_queryset())
+        obj = queryset.filter(users__email=f"@{domain.name}").first()
+        if obj is None:
+            raise Http404
+
+        # May raise a permission denied
+        self.check_object_permissions(self.request, obj)
+
+        return obj

modoboa/core/api/v1/serializers.py

@@ -83,10 +83,12 @@ class CheckPasswordTFASerializer(serializers.Serializer):
     def validate_password(self, value):
         user = self.context["user"]
         if not user.check_password(value):
-            logger.warning(
-                _("Failed TFA settings editing attempt from '%s' as user '%s'"),
-                self.context["remote_addr"],
-                escape(user.username),
-            )
+            msg = _(
+                "Failed TFA settings editing attempt from '%(addr)s' as user '%(user)s'"
+            ) % {
+                "addr": self.context["remote_addr"],
+                "user": escape(user.username),
+            }
+            logger.warning(msg)
             raise serializers.ValidationError(_("Invalid password"))
         return value

modoboa/core/api/v2/serializers.py

@@ -664,9 +664,11 @@ class NotificationSerializer(serializers.Serializer):
     """Serializer used to render a notification."""
 
     id = serializers.CharField()
-    url = serializers.CharField(required=False)
     text = serializers.CharField()
-    level = serializers.CharField()
+    color = serializers.CharField()
+    target = serializers.CharField()
+    url = serializers.CharField(required=False)
+    counter = serializers.IntegerField(required=False)
 
 
 class ModoboaApplicationSerializer(serializers.Serializer):

modoboa/core/api/v2/tests.py

@@ -196,6 +196,18 @@ class AccountViewSetTestCase(ModoAPITestCase):
         me = resp.json()
         self.assertEqual(me["username"], "admin")
 
+    def test_update_me(self):
+        url = reverse("v2:account-me")
+        data = {
+            "first_name": "First name",
+            "secondary_email": "toto@iti.com",
+            "language": "fr",
+        }
+        resp = self.client.put(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        me = resp.json()
+        self.assertEqual(me["secondary_email"], data["secondary_email"])
+
     def test_me_password(self, password_ko="Toto1234", password_ok="password"):
         url = reverse("v2:account-check-me-password")
         resp = self.client.post(url, {"password": password_ko}, format="json")
@@ -271,22 +283,22 @@ class AccountViewSetTestCase(ModoAPITestCase):
         url = reverse("v2:account-available-applications")
         resp = self.client.get(url)
         self.assertEqual(resp.status_code, 200)
-        # admin -> only 1 app.
-        self.assertEqual(len(resp.json()), 1)
+        # admin -> only 2 apps.
+        self.assertEqual(len(resp.json()), 2)
 
         # Domain admin with mailbox
         dadmin = models.User.objects.get(username="admin@test.com")
         self.authenticate_user(dadmin)
         resp = self.client.get(url)
         self.assertEqual(resp.status_code, 200)
-        self.assertEqual(len(resp.json()), 4)
+        self.assertEqual(len(resp.json()), 5)
 
         # Simple user
         user = models.User.objects.get(username="user@test.com")
         self.authenticate_user(user)
         resp = self.client.get(url)
         self.assertEqual(resp.status_code, 200)
-        self.assertEqual(len(resp.json()), 3)
+        self.assertEqual(len(resp.json()), 4)
 
     @override_settings(
         MODOBOA_APPS=[

modoboa/core/api/v2/urls.py

@@ -32,11 +32,6 @@ urlpatterns += [
         views.ComponentsInformationAPIView.as_view(),
         name="components_information",
     ),
-    path(
-        "admin/notifications/",
-        views.NotificationsAPIView.as_view(),
-        name="notifications",
-    ),
     path(
         "admin/news_feed/",
         views.NewsFeedAPIView.as_view(),
@@ -48,5 +43,10 @@ urlpatterns += [
         name="statistics",
     ),
     path("capabilities/", views.CapabilitiesAPIView.as_view(), name="capabilities"),
+    path(
+        "notifications/",
+        views.NotificationsAPIView.as_view(),
+        name="notifications",
+    ),
     path("theme/", views.ThemeAPIView.as_view(), name="theme"),
 ]

modoboa/core/api/v2/views.py

@@ -142,7 +142,9 @@ class PasswordResetConfirmView(APIView):
 class ComponentsInformationAPIView(APIView):
     """Retrieve information about installed components."""
 
-    permission_classes = [permissions.IsAuthenticated, IsSuperUser]
+    permission_classes = [
+        permissions.IsAuthenticated,
+    ]
     throttle_classes = [UserLesserDdosUser]
 
     @extend_schema(responses=serializers.ModoboaComponentSerializer(many=True))
@@ -155,7 +157,9 @@ class ComponentsInformationAPIView(APIView):
 class NotificationsAPIView(APIView):
     """Return list of active notifications."""
 
-    permission_classes = [permissions.IsAuthenticated, IsSuperUser]
+    permission_classes = [
+        permissions.IsAuthenticated,
+    ]
     throttle_classes = [UserLesserDdosUser]
 
     @extend_schema(responses=serializers.NotificationSerializer(many=True))

modoboa/core/api/v2/viewsets.py

@@ -48,11 +48,22 @@ def create_static_tokens(request):
 class AccountViewSet(core_v1_viewsets.AccountViewSet):
     """Account viewset."""
 
-    @extend_schema(responses=admin_v2_serializers.AccountMeSerializer)
-    @action(methods=["get"], detail=False)
+    @extend_schema(
+        responses=admin_v2_serializers.AccountMeSerializer,
+        request=admin_v2_serializers.AccountMeUpdateSerializer,
+    )
+    @action(methods=["get", "put"], detail=False)
     def me(self, request):
         """Return information about connected user."""
-        serializer = admin_v1_serializers.AccountSerializer(request.user)
+        if request.method == "PUT":
+            serializer = admin_v2_serializers.AccountMeUpdateSerializer(
+                data=request.data, instance=request.user
+            )
+            serializer.is_valid(raise_exception=True)
+            instance = serializer.save()
+            serializer = admin_v1_serializers.AccountSerializer(instance)
+        else:
+            serializer = admin_v1_serializers.AccountSerializer(request.user)
         return response.Response(serializer.data)
 
     @action(
@@ -166,6 +177,16 @@ class AccountViewSet(core_v1_viewsets.AccountViewSet):
                     "url": "/admin",
                 }
             )
+        if "modoboa.amavis" in settings.MODOBOA_APPS:
+            apps.append(
+                {
+                    "name": "amavis",
+                    "label": _("Quarantine"),
+                    "icon": "mdi-server-security",
+                    "description": _("Amavis quarantine"),
+                    "url": "/user/quarantine",
+                }
+            )
         if hasattr(request.user, "mailbox"):
             if "modoboa.contacts" in settings.MODOBOA_APPS:
                 apps += [

modoboa/core/commands/deploy.py

@@ -218,6 +218,7 @@ class DeployCommand(Command):
                 allowed_host = "localhost"
         extra_settings = []
         extensions = parsed_args.extensions
+        amavis_enabled = False
         if extensions:
             if "all" in extensions:
                 extensions = self._get_extension_list()
@@ -233,6 +234,7 @@ class DeployCommand(Command):
                 exec_cmd(cmd, capture_output=False)
             extra_settings = self.find_extra_settings(extensions)
             extensions = [extension[1] for extension in extensions]
+            amavis_enabled = "modoboa.amavis" in extensions
 
         mod = __import__(parsed_args.name, globals(), locals(), [smart_str("settings")])
         tpl = self._render_template(
@@ -247,6 +249,7 @@ class DeployCommand(Command):
                 "devmode": parsed_args.devel,
                 "extensions": extensions,
                 "extra_settings": extra_settings,
+                "amavis_enabled": amavis_enabled,
             },
         )
         with open(f"{path}/settings.py", "w") as fp:

modoboa/core/commands/templates/settings.py.tpl

@@ -2,10 +2,10 @@
 Django settings for {{ name }} project.
 
 For more information on this file, see
-https://docs.djangoproject.com/en/4.2/topics/settings/
+https://docs.djangoproject.com/en/dev/topics/settings/
 
 For the full list of settings and their values, see
-https://docs.djangoproject.com/en/2.2/ref/settings/
+https://docs.djangoproject.com/en/dev/ref/settings/
 """
 
 from logging.handlers import SysLogHandler
@@ -17,9 +17,6 @@ env = environ.Env()
 BASE_DIR = os.path.realpath(os.path.dirname(os.path.dirname(__file__)))
 environ.Env.read_env(os.path.join(BASE_DIR, '.env'))
 
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/
-
 # SECURITY WARNING: keep the secret key used in production secret!
 SECRET_KEY = '{{ secret_key }}'
 
@@ -157,14 +154,14 @@ WSGI_APPLICATION = '{{ name }}.wsgi.application'
 
 
 # Database
-# https://docs.djangoproject.com/en/4.2/ref/settings/#databases
+# https://docs.djangoproject.com/en/dev/ref/settings/#databases
 
 DATABASES = {
     {% for conn in db_connections.values %}{{ conn|safe }}{% endfor %}
 }
 
 # Internationalization
-# https://docs.djangoproject.com/en/4.2/topics/i18n/
+# https://docs.djangoproject.com/en/dev/topics/i18n/
 
 LANGUAGE_CODE = '{{ lang }}'
 
@@ -177,12 +174,12 @@ USE_L10N = True
 USE_TZ = True
 
 # Default primary key field type
-# https://docs.djangoproject.com/en/3.2/ref/settings/#default-auto-field
+# https://docs.djangoproject.com/en/dev/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 
 # Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/2.2/howto/static-files/
+# https://docs.djangoproject.com/en/dev/howto/static-files/
 
 STATIC_URL = '/sitestatic/'
 STATIC_ROOT = os.path.join(BASE_DIR, 'sitestatic')
@@ -295,7 +292,7 @@ CACHES = {
 
 
 # Password validation
-# https://docs.djangoproject.com/en/4.2/ref/settings/#auth-password-validators
+# https://docs.djangoproject.com/en/dev/ref/settings/#auth-password-validators
 
 AUTH_PASSWORD_VALIDATORS = [
     {
@@ -384,7 +381,11 @@ SILENCED_SYSTEM_CHECKS = [
 ]
 
 PHONENUMBER_DB_FORMAT = 'INTERNATIONAL'
-
+{% if amavis_enabled %}
+# Amavis settings
+DATABASE_ROUTERS = ["modoboa.amavis.dbrouter.AmavisRouter"]
+AMAVIS_DEFAULT_DATABASE_ENCODING = "LATIN1"  # or any value matching your database config
+{% endif %}
 # Load settings from extensions
 {% for extension in extra_settings %}
 try:

modoboa/core/handlers.py

@@ -125,7 +125,9 @@ def check_for_new_versions(sender, include_all: bool, **kwargs) -> list:
             {
                 "id": "newversionavailable",
                 "text": _("One or more updates are available"),
-                "level": "info",
+                "color": "info",
+                "url": "/admin/information",
+                "target": "admin",
             }
         ]
     elif include_all:
@@ -137,7 +139,9 @@ def check_for_new_versions(sender, include_all: bool, **kwargs) -> list:
                 "id": "deprecatedpasswordscheme",
                 "text": _("You are still using a deprecated password scheme (%s)")
                 % hasher.name,
-                "level": "warning",
+                "color": "warning",
+                "url": "/admin/information",
+                "target": "admin",
             }
         ]
     return result

modoboa/core/management/commands/add_allowed_hosts.py

@@ -0,0 +1,33 @@
+from django.core.management.base import BaseCommand, CommandError
+
+from oauth2_provider.models import get_application_model
+
+
+class Command(BaseCommand):
+    """Command class."""
+
+    help = "Add new allowed hosts to frontend Oauth2 application."
+
+    def add_arguments(self, parser):
+        parser.add_argument("hostnames", type=str, nargs="+")
+
+    def handle(self, *args, **options):
+        app_model = get_application_model()
+        app = app_model.objects.filter(name="modoboa_frontend").first()
+        if not app:
+            raise CommandError(
+                "Application modoboa_frontend not found. "
+                "Make sure you ran load_initial_data first."
+            )
+        redirect_uris = app.redirect_uris.split(" ")
+        post_logout_redirect_uris = app.post_logout_redirect_uris.split(" ")
+        for hostname in options["hostnames"]:
+            uri = f"https://{hostname}/login/logged"
+            if uri not in redirect_uris:
+                redirect_uris.append(uri)
+            uri = f"https://{hostname}"
+            if uri not in post_logout_redirect_uris:
+                post_logout_redirect_uris.append(uri)
+        app.redirect_uris = " ".join(redirect_uris)
+        app.post_logout_redirect_uris = " ".join(post_logout_redirect_uris)
+        app.save()

modoboa/core/management/commands/load_initial_data.py

@@ -192,3 +192,13 @@ class Command(BaseCommand):
 }}
 """
                 )
+
+
+# ADD SIGNAL FOR THAT
+# def load_initial_data(self):
+#     """Create records for existing domains and co."""
+#     for dom in Domain.objects.all():
+#         policy = create_user_and_policy("@{0}".format(dom.name))
+#         for domalias in dom.domainalias_set.all():
+#             domalias_pattern = "@{0}".format(domalias.name)
+#             create_user_and_use_policy(domalias_pattern, policy)

modoboa/core/migrations/0025_rename_user_email_is_active_core_user_email_c0c03f_idx.py

@@ -3,15 +3,33 @@
 from django.db import migrations
 
 
+class RenameIndexIfExists(migrations.RenameIndex):
+
+    def database_forwards(self, app_label, schema_editor, from_state, to_state):
+        from_model = from_state.apps.get_model(app_label, self.model_name)
+        columns = [
+            from_model._meta.get_field(field).column for field in ["email", "is_active"]
+        ]
+        matching_index_name = schema_editor._constraint_names(
+            from_model,
+            column_names=columns,
+            index=True,
+            unique=False,
+        )
+        if len(matching_index_name) != 1:
+            return
+        super().database_forwards(app_label, schema_editor, from_state, to_state)
+
+
 class Migration(migrations.Migration):
     dependencies = [
         ("core", "0024_alter_user_language"),
     ]
 
     operations = [
-        # migrations.RenameIndex(
-        #     model_name="user",
-        #     new_name="core_user_email_c0c03f_idx",
-        #     old_fields=("email", "is_active"),
-        # ),
+        RenameIndexIfExists(
+            model_name="user",
+            new_name="core_user_email_c0c03f_idx",
+            old_fields=("email", "is_active"),
+        ),
     ]

modoboa/core/tests/test_core.py

@@ -186,6 +186,30 @@ class ManagementCommandsTestCase(SimpleModoTestCase):
         with self.assertRaises(models.User.DoesNotExist):
             account.refresh_from_db()
 
+    def test_add_allowed_hosts(self):
+        with self.assertRaises(management.CommandError):
+            management.call_command(
+                "add_allowed_hosts", "app1.domain.tld", "app2.domain.tld"
+            )
+        management.call_command("load_initial_data")
+        management.call_command(
+            "add_allowed_hosts", "app1.domain.tld", "app2.domain.tld"
+        )
+        app_model = get_application_model()
+        app = app_model.objects.filter(name="modoboa_frontend").first()
+        self.assertIn("app1.domain.tld", app.redirect_uris)
+        self.assertIn("app2.domain.tld", app.redirect_uris)
+        self.assertIn("app1.domain.tld", app.post_logout_redirect_uris)
+        self.assertIn("app2.domain.tld", app.post_logout_redirect_uris)
+
+        # Check if same hostname is not added more than once
+        uri_count = len(app.redirect_uris.split(" "))
+        management.call_command(
+            "add_allowed_hosts", "app1.domain.tld", "app2.domain.tld"
+        )
+        app.refresh_from_db()
+        self.assertEqual(len(app.redirect_uris.split(" ")), uri_count)
+
 
 class APICommunicationTestCase(ModoTestCase):
     """Check communication with the API."""