mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-24 21:45:06 +01:00
Bypass MX validation for explicitly allowed domains (#15930)
* Bypass MX validation for explicitly allowed domains This spares some lookups and prevent issues in some edge cases with local domains. * Add tests * Fix test
This commit is contained in:
parent
d023eefbcc
commit
051efed5ed
@ -10,7 +10,7 @@ class EmailMxValidator < ActiveModel::Validator
|
|||||||
|
|
||||||
if domain.blank?
|
if domain.blank?
|
||||||
user.errors.add(:email, :invalid)
|
user.errors.add(:email, :invalid)
|
||||||
else
|
elsif !on_allowlist?(domain)
|
||||||
ips, hostnames = resolve_mx(domain)
|
ips, hostnames = resolve_mx(domain)
|
||||||
|
|
||||||
if ips.empty?
|
if ips.empty?
|
||||||
@ -33,6 +33,12 @@ class EmailMxValidator < ActiveModel::Validator
|
|||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def on_allowlist?(domain)
|
||||||
|
return false if Rails.configuration.x.email_domains_whitelist.blank?
|
||||||
|
|
||||||
|
Rails.configuration.x.email_domains_whitelist.include?(domain)
|
||||||
|
end
|
||||||
|
|
||||||
def resolve_mx(domain)
|
def resolve_mx(domain)
|
||||||
hostnames = []
|
hostnames = []
|
||||||
ips = []
|
ips = []
|
||||||
|
@ -206,7 +206,7 @@ RSpec.describe User, type: :model do
|
|||||||
|
|
||||||
describe 'whitelist' do
|
describe 'whitelist' do
|
||||||
around(:each) do |example|
|
around(:each) do |example|
|
||||||
old_whitelist = Rails.configuration.x.email_whitelist
|
old_whitelist = Rails.configuration.x.email_domains_whitelist
|
||||||
|
|
||||||
Rails.configuration.x.email_domains_whitelist = 'mastodon.space'
|
Rails.configuration.x.email_domains_whitelist = 'mastodon.space'
|
||||||
|
|
||||||
|
@ -6,6 +6,24 @@ describe EmailMxValidator do
|
|||||||
describe '#validate' do
|
describe '#validate' do
|
||||||
let(:user) { double(email: 'foo@example.com', errors: double(add: nil)) }
|
let(:user) { double(email: 'foo@example.com', errors: double(add: nil)) }
|
||||||
|
|
||||||
|
it 'does not add errors if there are no DNS records for an e-mail domain that is explicitly allowed' do
|
||||||
|
old_whitelist = Rails.configuration.x.email_domains_whitelist
|
||||||
|
Rails.configuration.x.email_domains_whitelist = 'example.com'
|
||||||
|
|
||||||
|
resolver = double
|
||||||
|
|
||||||
|
allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::MX).and_return([])
|
||||||
|
allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::A).and_return([])
|
||||||
|
allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::AAAA).and_return([])
|
||||||
|
allow(resolver).to receive(:timeouts=).and_return(nil)
|
||||||
|
allow(Resolv::DNS).to receive(:open).and_yield(resolver)
|
||||||
|
|
||||||
|
subject.validate(user)
|
||||||
|
expect(user.errors).to_not have_received(:add)
|
||||||
|
|
||||||
|
Rails.configuration.x.email_domains_whitelist = old_whitelist
|
||||||
|
end
|
||||||
|
|
||||||
it 'adds an error if there are no DNS records for the e-mail domain' do
|
it 'adds an error if there are no DNS records for the e-mail domain' do
|
||||||
resolver = double
|
resolver = double
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user