Remove IP matching from e-mail domain blocks (#18190)

Clear out e-mail domain blocks created from automatically resolved DNS records

3 files changed, 15 insertions, 46 deletions

diff --git a/app/models/email_domain_block.rb b/app/models/email_domain_block.rb
index 36e7e62ab..0e1e663c1 100644
--- a/app/models/email_domain_block.rb
+++ b/app/models/email_domain_block.rb
@@ -3,16 +3,19 @@
 #
 # Table name: email_domain_blocks
 #
-#  id              :bigint(8)        not null, primary key
-#  domain          :string           default(""), not null
-#  created_at      :datetime         not null
-#  updated_at      :datetime         not null
-#  parent_id       :bigint(8)
-#  ips             :inet             is an Array
-#  last_refresh_at :datetime
+#  id         :bigint(8)        not null, primary key
+#  domain     :string           default(""), not null
+#  created_at :datetime         not null
+#  updated_at :datetime         not null
+#  parent_id  :bigint(8)
 #
 
 class EmailDomainBlock < ApplicationRecord
+  self.ignored_columns = %w(
+    ips
+    last_refresh_at
+  )
+
   include DomainNormalizable
 
   belongs_to :parent, class_name: 'EmailDomainBlock', optional: true
@@ -27,7 +30,7 @@ class EmailDomainBlock < ApplicationRecord
     @history ||= Trends::History.new('email_domain_blocks', id)
   end
 
-  def self.block?(domain_or_domains, ips: [], attempt_ip: nil)
+  def self.block?(domain_or_domains, attempt_ip: nil)
     domains = Array(domain_or_domains).map do |str|
       domain = begin
         if str.include?('@')
@@ -48,10 +51,7 @@ class EmailDomainBlock < ApplicationRecord
 
     blocked = domains.any?(&:nil?)
 
-    scope = where(domain: domains)
-    scope = scope.or(where('ips && ARRAY[?]::inet[]', ips)) if ips.any?
-
-    scope.find_each do |block|
+    where(domain: domains).find_each do |block|
       blocked = true
       block.history.add(attempt_ip) if attempt_ip.present?
     end
diff --git a/app/validators/email_mx_validator.rb b/app/validators/email_mx_validator.rb
index 237ca4c7b..20f2fd37c 100644
--- a/app/validators/email_mx_validator.rb
+++ b/app/validators/email_mx_validator.rb
@@ -15,7 +15,7 @@ class EmailMxValidator < ActiveModel::Validator
 
       if resolved_ips.empty?
         user.errors.add(:email, :unreachable)
-      elsif on_blacklist?(resolved_domains, resolved_ips, user.sign_up_ip)
+      elsif on_blacklist?(resolved_domains, user.sign_up_ip)
         user.errors.add(:email, :blocked)
       end
     end
@@ -57,7 +57,7 @@ class EmailMxValidator < ActiveModel::Validator
     [ips, records]
   end
 
-  def on_blacklist?(domains, resolved_ips, attempt_ip)
-    EmailDomainBlock.block?(domains, ips: resolved_ips, attempt_ip: attempt_ip)
+  def on_blacklist?(domains, attempt_ip)
+    EmailDomainBlock.block?(domains, attempt_ip: attempt_ip)
   end
 end
diff --git a/app/workers/scheduler/email_domain_block_refresh_scheduler.rb b/app/workers/scheduler/email_domain_block_refresh_scheduler.rb
deleted file mode 100644
index e0ad89866..000000000
--- a/app/workers/scheduler/email_domain_block_refresh_scheduler.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-class Scheduler::EmailDomainBlockRefreshScheduler
-  include Sidekiq::Worker
-  include Redisable
-
-  sidekiq_options retry: 0
-
-  def perform
-    Resolv::DNS.open do |dns|
-      dns.timeouts = 5
-
-      EmailDomainBlock.find_each do |email_domain_block|
-        ips = begin
-          if ip?(email_domain_block.domain)
-            [email_domain_block.domain]
-          else
-            resources = dns.getresources(email_domain_block.domain, Resolv::DNS::Resource::IN::A).to_a + dns.getresources(email_domain_block.domain, Resolv::DNS::Resource::IN::AAAA).to_a
-            resources.map { |resource| resource.address.to_s }
-          end
-        end
-
-        email_domain_block.update(ips: ips, last_refresh_at: Time.now.utc)
-      end
-    end
-  end
-
-  def ip?(str)
-    str =~ Regexp.union([Resolv::IPv4::Regex, Resolv::IPv6::Regex])
-  end
-end