Stricter whitelist rules (#2213)
* Stricter whitelist rules * Linting * Added spec for blacklisting * Test subdomain blacklist on domain whitelist * No need to split * Change spec name
This commit is contained in:
parent
fbc5099402
commit
7177e37b99
2 changed files with 33 additions and 2 deletions
|
@ -15,7 +15,7 @@ class EmailValidator < ActiveModel::EachValidator
|
||||||
return false if Rails.configuration.x.email_domains_blacklist.blank?
|
return false if Rails.configuration.x.email_domains_blacklist.blank?
|
||||||
|
|
||||||
domains = Rails.configuration.x.email_domains_blacklist.gsub('.', '\.')
|
domains = Rails.configuration.x.email_domains_blacklist.gsub('.', '\.')
|
||||||
regexp = Regexp.new("@(.+\\.)?(#{domains})", true)
|
regexp = Regexp.new("@(.+\\.)?(#{domains})", true)
|
||||||
|
|
||||||
value =~ regexp
|
value =~ regexp
|
||||||
end
|
end
|
||||||
|
@ -24,7 +24,7 @@ class EmailValidator < ActiveModel::EachValidator
|
||||||
return false if Rails.configuration.x.email_domains_whitelist.blank?
|
return false if Rails.configuration.x.email_domains_whitelist.blank?
|
||||||
|
|
||||||
domains = Rails.configuration.x.email_domains_whitelist.gsub('.', '\.')
|
domains = Rails.configuration.x.email_domains_whitelist.gsub('.', '\.')
|
||||||
regexp = Regexp.new("@(.+\\.)?(#{domains})", true)
|
regexp = Regexp.new("@(.+\\.)?(#{domains})$", true)
|
||||||
|
|
||||||
value !~ regexp
|
value !~ regexp
|
||||||
end
|
end
|
||||||
|
|
|
@ -85,6 +85,16 @@ RSpec.describe User, type: :model do
|
||||||
let(:password) { 'abcd1234' }
|
let(:password) { 'abcd1234' }
|
||||||
|
|
||||||
describe 'blacklist' do
|
describe 'blacklist' do
|
||||||
|
around(:each) do |example|
|
||||||
|
old_blacklist = Rails.configuration.x.email_blacklist
|
||||||
|
|
||||||
|
Rails.configuration.x.email_domains_blacklist = 'mvrht.com'
|
||||||
|
|
||||||
|
example.run
|
||||||
|
|
||||||
|
Rails.configuration.x.email_domains_blacklist = old_blacklist
|
||||||
|
end
|
||||||
|
|
||||||
it 'should allow a non-blacklisted user to be created' do
|
it 'should allow a non-blacklisted user to be created' do
|
||||||
user = User.new(email: 'foo@example.com', account: account, password: password)
|
user = User.new(email: 'foo@example.com', account: account, password: password)
|
||||||
|
|
||||||
|
@ -96,6 +106,12 @@ RSpec.describe User, type: :model do
|
||||||
|
|
||||||
expect(user.valid?).to be_falsey
|
expect(user.valid?).to be_falsey
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'should not allow a subdomain blacklisted user to be created' do
|
||||||
|
user = User.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password)
|
||||||
|
|
||||||
|
expect(user.valid?).to be_falsey
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '#confirmed?' do
|
describe '#confirmed?' do
|
||||||
|
@ -130,5 +146,20 @@ RSpec.describe User, type: :model do
|
||||||
user = User.new(email: 'foo@mastodon.space', account: account, password: password)
|
user = User.new(email: 'foo@mastodon.space', account: account, password: password)
|
||||||
expect(user.valid?).to be_truthy
|
expect(user.valid?).to be_truthy
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'should not allow a user with a whitelisted top domain as subdomain in their email address to be created' do
|
||||||
|
user = User.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password)
|
||||||
|
expect(user.valid?).to be_falsey
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do
|
||||||
|
old_blacklist = Rails.configuration.x.email_blacklist
|
||||||
|
Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space'
|
||||||
|
|
||||||
|
user = User.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password)
|
||||||
|
expect(user.valid?).to be_falsey
|
||||||
|
|
||||||
|
Rails.configuration.x.email_domains_blacklist = old_blacklist
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue