FEATURE: new setting to validate user website

2024-11-23 02:19:27 +08:00 · 2016-12-26 20:54:54 +05:30 · 2016-12-26 20:54:54 +05:30 · d72cbcb2a4
commit d72cbcb2a4
parent d46b0a7251
4 changed files with 29 additions and 9 deletions
--- a/app/models/user_profile.rb
+++ b/app/models/user_profile.rb
@ -12,6 +12,8 @@ class UserProfile < ActiveRecord::Base
  validates :profile_background, upload_url: true, if: :profile_background_changed?
  validates :card_background, upload_url: true, if: :card_background_changed?

+  validate :website_domain_validator, if: Proc.new { |c| c.new_record? || c.website_changed? }
+
  belongs_to :card_image_badge, class_name: 'Badge'
  has_many :user_profile_views, dependent: :destroy

@ -102,6 +104,14 @@ class UserProfile < ActiveRecord::Base
    end
  end

+  def website_domain_validator
+    allowed_domains = SiteSetting.user_website_domains_whitelist
+    return if (allowed_domains.blank? || self.website.blank?)
+
+    domain = URI.parse(self.website).host
+    self.errors.add :base, (I18n.t('user.website.domain_not_allowed', domains: allowed_domains.split('|').join(", "))) unless allowed_domains.split('|').include?(domain)
+  end
+
 end

 # == Schema Information
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -1322,6 +1322,8 @@ en:

    hide_user_profiles_from_public: "Disable user cards, user profiles and user directory for anonymous users."

+    user_website_domains_whitelist: "User website will be verified against these domains. Pipe-delimited list." 
+
    allow_profile_backgrounds: "Allow users to upload profile backgrounds."

    sequential_replies_threshold: "Number of posts a user has to make in a row in a topic before being reminded about too many sequential replies."
@ -1606,6 +1608,8 @@ en:
    ip_address:
      blocked: "New registrations are not allowed from your IP address."
      max_new_accounts_per_registration_ip: "New registrations are not allowed from your IP address (maximum limit reached). Contact a staff member."
+    website:
+      domain_not_allowed: "Website is invalid. Allowed domains are: %{domains}"

  flags_reminder:
    flags_were_submitted:
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@ -410,6 +410,9 @@ users:
  hide_user_profiles_from_public:
    default: false
    client: true
+  user_website_domains_whitelist:
+    default: ''
+    type: list

 groups:
  enable_group_directory:
--- a/spec/models/user_profile_spec.rb
+++ b/spec/models/user_profile_spec.rb
@ -54,16 +54,19 @@ describe UserProfile do
      expect(user_profile).not_to be_valid
    end

-    it "doesn't support invalid website" do
-      user_profile = Fabricate.build(:user_profile, website: "http://https://google.com")
-      user_profile.user = Fabricate.build(:user)
-      expect(user_profile).not_to be_valid
-    end
+    context "website validation" do
+      let(:user) { Fabricate(:user) }

-    it "supports valid website" do
-      user_profile = Fabricate.build(:user_profile, website: "https://google.com")
-      user_profile.user = Fabricate.build(:user)
-      expect(user_profile.valid?).to be true
+      it "ensures website is valid" do
+        expect(Fabricate.build(:user_profile, user: user, website: "http://https://google.com")).not_to be_valid
+        expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).to be_valid
+      end
+
+      it "validates website domain if user_website_domains_whitelist setting is present" do
+        SiteSetting.user_website_domains_whitelist = "discourse.org"
+        expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).not_to be_valid
+        expect(Fabricate.build(:user_profile, user: user, website: "http://discourse.org")).to be_valid
+      end
    end

    describe 'after save' do