FIX: User website allows new TLDs

This commit is contained in:
Rafael dos Santos Silva 2017-04-18 00:30:37 -03:00
parent 1363988cd7
commit 4289dbe3e5
2 changed files with 12 additions and 7 deletions

View File

@ -1,10 +1,7 @@
class UserProfile < ActiveRecord::Base class UserProfile < ActiveRecord::Base
belongs_to :user, inverse_of: :user_profile belongs_to :user, inverse_of: :user_profile
WEBSITE_REGEXP = /(^$)|(^(http|https):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,10}(([0-9]{1,5})?\/.*)?$)/ix
validates :bio_raw, length: { maximum: 3000 } validates :bio_raw, length: { maximum: 3000 }
validates :website, format: { with: WEBSITE_REGEXP }, allow_blank: true, if: Proc.new { |c| c.new_record? || c.website_changed? }
validates :user, presence: true validates :user, presence: true
before_save :cook before_save :cook
after_save :trigger_badges after_save :trigger_badges
@ -105,11 +102,13 @@ class UserProfile < ActiveRecord::Base
end end
def website_domain_validator def website_domain_validator
allowed_domains = SiteSetting.user_website_domains_whitelist return if self.website.blank?
return if (allowed_domains.blank? || self.website.blank?) domain = Addressable::URI.parse(self.website).host
self.errors.add :website, :invalid unless PublicSuffix.valid?(domain, default_rule: nil)
domain = URI.parse(self.website).host allowed_domains = SiteSetting.user_website_domains_whitelist.split('|')
self.errors.add :base, (I18n.t('user.website.domain_not_allowed', domains: allowed_domains.split('|').join(", "))) unless allowed_domains.split('|').include?(domain) return if allowed_domains.empty?
self.errors.add :base, (I18n.t('user.website.domain_not_allowed', domains: allowed_domains.join(", "))) unless allowed_domains.include?(domain)
end end
end end

View File

@ -62,6 +62,12 @@ describe UserProfile do
expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).to be_valid expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).to be_valid
end end
it "recognizes new TLDs" do
expect(Fabricate.build(:user_profile, user: user, website: "http://discourse.productions")).to be_valid
expect(Fabricate.build(:user_profile, user: user, website: "https://website.vermögensberatung")).to be_valid
expect(Fabricate.build(:user_profile, user: user, website: "http://site.notavalidtld")).not_to be_valid
end
it "validates website domain if user_website_domains_whitelist setting is present" do it "validates website domain if user_website_domains_whitelist setting is present" do
SiteSetting.user_website_domains_whitelist = "discourse.org" SiteSetting.user_website_domains_whitelist = "discourse.org"
expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).not_to be_valid expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).not_to be_valid