about summary refs log tree commit diff
path: root/spec/models
diff options
context:
space:
mode:
authorGuillaume Lo Re <lowreg@gmail.com>2017-04-26 01:22:51 +0200
committerEugen Rochko <eugen@zeonfederated.com>2017-04-26 01:22:51 +0200
commit7177e37b999d0a8b4e0382c193bcb973443a756f (patch)
tree04ca32a0a03dd30acc4e56bb63e826bded04d9e5 /spec/models
parentfbc509940266dc9de1a197e2261608257396b5a7 (diff)
Stricter whitelist rules (#2213)
* Stricter whitelist rules

* Linting

* Added spec for blacklisting

* Test subdomain blacklist on domain whitelist

* No need to split

* Change spec name
Diffstat (limited to 'spec/models')
-rw-r--r--spec/models/user_spec.rb31
1 files changed, 31 insertions, 0 deletions
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 3dd50a701..a86bf4ece 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -85,6 +85,16 @@ RSpec.describe User, type: :model do
   let(:password) { 'abcd1234' }
 
   describe 'blacklist' do
+    around(:each) do |example|
+      old_blacklist = Rails.configuration.x.email_blacklist
+
+      Rails.configuration.x.email_domains_blacklist = 'mvrht.com'
+
+      example.run
+
+      Rails.configuration.x.email_domains_blacklist = old_blacklist
+    end
+
     it 'should allow a non-blacklisted user to be created' do
       user = User.new(email: 'foo@example.com', account: account, password: password)
 
@@ -96,6 +106,12 @@ RSpec.describe User, type: :model do
 
       expect(user.valid?).to be_falsey
     end
+
+    it 'should not allow a subdomain blacklisted user to be created' do
+      user = User.new(email: 'foo@mvrht.com.topdomain.tld', account: account, password: password)
+
+      expect(user.valid?).to be_falsey
+    end
   end
 
   describe '#confirmed?' do
@@ -130,5 +146,20 @@ RSpec.describe User, type: :model do
       user = User.new(email: 'foo@mastodon.space', account: account, password: password)
       expect(user.valid?).to be_truthy
     end
+
+    it 'should not allow a user with a whitelisted top domain as subdomain in their email address to be created' do
+      user = User.new(email: 'foo@mastodon.space.userdomain.com', account: account, password: password)
+      expect(user.valid?).to be_falsey
+    end
+
+    it 'should not allow a user to be created with a specific blacklisted subdomain even if the top domain is whitelisted' do
+      old_blacklist = Rails.configuration.x.email_blacklist
+      Rails.configuration.x.email_domains_blacklist = 'blacklisted.mastodon.space'
+
+      user = User.new(email: 'foo@blacklisted.mastodon.space', account: account, password: password)
+      expect(user.valid?).to be_falsey
+
+      Rails.configuration.x.email_domains_blacklist = old_blacklist
+    end
   end
 end