From 6354324f2f4335c60526af3dfa03a01865b23f07 Mon Sep 17 00:00:00 2001 From: Arpit Jalan Date: Fri, 27 Nov 2015 11:05:16 +0530 Subject: [PATCH] FIX: validate automatic membership email domains --- app/models/group.rb | 13 +++++++++++++ config/locales/server.en.yml | 1 + spec/models/group_spec.rb | 10 ++++++++++ 3 files changed, 24 insertions(+) diff --git a/app/models/group.rb b/app/models/group.rb index d43704bf699..ed6371f64ad 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -21,6 +21,7 @@ class Group < ActiveRecord::Base validate :name_format_validator validates_uniqueness_of :name, case_sensitive: false + validate :automatic_membership_email_domains_format_validator AUTO_GROUPS = { :everyone => 0, @@ -290,6 +291,18 @@ class Group < ActiveRecord::Base UsernameValidator.perform_validation(self, 'name') end + def automatic_membership_email_domains_format_validator + return if self.automatic_membership_email_domains.blank? + + domains = self.automatic_membership_email_domains.split("|") + domains.each do |domain| + domain.sub!(/^https?:\/\//, '') + domain.sub!(/\/.*$/, '') + self.errors.add :base, (I18n.t('groups.errors.invalid_domain', domain: domain)) unless domain =~ /\A[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*)?\Z/i + end + self.automatic_membership_email_domains = domains.join("|") + end + # hack around AR def destroy_deletions if @deletions diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index 5a84fe6ca68..8fec99b07a9 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -196,6 +196,7 @@ en: errors: can_not_modify_automatic: "You can not modify an automatic group" member_already_exist: "'%{username}' is already a member of this group." + invalid_domain: "'%{domain}' is not a valid domain." default_names: everyone: "everyone" admins: "admins" diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb index 1e51bcb7dff..095296ab0a0 100644 --- a/spec/models/group_spec.rb +++ b/spec/models/group_spec.rb @@ -33,6 +33,16 @@ describe Group do group.name = 'This_Is_A_Name' expect(group.valid?).to eq false end + + it "is invalid for poorly formatted domains" do + group.automatic_membership_email_domains = "wikipedia.org|*@example.com" + expect(group.valid?).to eq false + end + + it "is valid for proper domains" do + group.automatic_membership_email_domains = "discourse.org|wikipedia.org" + expect(group.valid?).to eq true + end end def real_admins