From aeaae9babc4166833600a940fe2fb372cd44fd8d Mon Sep 17 00:00:00 2001 From: Isaac Janzen <50783505+janzenisaac@users.noreply.github.com> Date: Thu, 8 Aug 2024 13:06:08 -0500 Subject: [PATCH] DEV: Add `user` modifier to prevent updating ip_address (#28280) --- app/models/user.rb | 4 ++++ spec/models/user_spec.rb | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/app/models/user.rb b/app/models/user.rb index 9fdd3fcdb93..e8ffd33b44b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1038,6 +1038,10 @@ class User < ActiveRecord::Base end def self.update_ip_address!(user_id, new_ip:, old_ip:) + can_update_ip_address = + DiscoursePluginRegistry.apply_modifier(:user_can_update_ip_address, user_id: user_id) + return if !can_update_ip_address + unless old_ip == new_ip || new_ip.blank? DB.exec(<<~SQL, user_id: user_id, ip_address: new_ip) UPDATE users diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 5ce7f7fe605..817fee20038 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -3165,6 +3165,11 @@ RSpec.describe User do end describe "#update_ip_address!" do + let!(:plugin) { Plugin::Instance.new } + let!(:modifier) { :user_can_update_ip_address } + let!(:deny_block) { Proc.new { false } } + let!(:allow_block) { Proc.new { true } } + it "updates ip_address correctly" do expect do user.update_ip_address!("127.0.0.1") end.to change { user.reload.ip_address.to_s @@ -3173,6 +3178,19 @@ RSpec.describe User do expect do user.update_ip_address!("127.0.0.1") end.to_not change { user.reload.ip_address } end + it "allows plugins to control updating ip_address" do + DiscoursePluginRegistry.register_modifier(plugin, modifier, &deny_block) + expect do user.update_ip_address!("127.0.0.1") end.to_not change { user.reload.ip_address } + + DiscoursePluginRegistry.register_modifier(plugin, modifier, &allow_block) + expect do user.update_ip_address!("127.0.0.1") end.to change { + user.reload.ip_address.to_s + }.to("127.0.0.1") + ensure + DiscoursePluginRegistry.unregister_modifier(plugin, modifier, &deny_block) + DiscoursePluginRegistry.unregister_modifier(plugin, modifier, &allow_block) + end + describe "keeping old ip address" do before { SiteSetting.keep_old_ip_address_count = 2 }