diff options
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/user.rb | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 9d1af7db6..b996c9dbe 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -40,6 +40,8 @@ # approved :boolean default(TRUE), not null # sign_in_token :string # sign_in_token_sent_at :datetime +# username :string +# kobold :string # class User < ApplicationRecord @@ -87,7 +89,7 @@ class User < ApplicationRecord validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create scope :recent, -> { order(id: :desc) } - scope :pending, -> { where(approved: false) } + scope :pending, -> { where(approved: false).where.not(kobold: '') } scope :approved, -> { where(approved: true) } scope :confirmed, -> { where.not(confirmed_at: nil) } scope :enabled, -> { where(disabled: false) } @@ -153,7 +155,7 @@ class User < ApplicationRecord if new_user && approved? prepare_new_user! - elsif new_user + elsif new_user && user_might_not_be_a_spam_bot notify_staff_about_pending_account! end end @@ -295,6 +297,17 @@ class User < ApplicationRecord super end + def send_confirmation_instructions + unless user_might_not_be_a_spam_bot + invite_request&.destroy + account&.destroy + destroy + return false + end + + super + end + def reset_password!(new_password, new_password_confirmation) return false if encrypted_password.blank? @@ -421,4 +434,17 @@ class User < ApplicationRecord def validate_email_dns? email_changed? && !(Rails.env.test? || Rails.env.development?) end + + def user_might_not_be_a_spam_bot + username == account.username && invite_request&.text.present? && kobold_hash_matches? + end + + def kobold_hash_matches? + kobold.present? && kobold == kobold_hash + end + + def kobold_hash + value = [account.username, username.downcase, email, invite_request.text].compact.map(&:downcase).join("\u{F0666}") + Digest::SHA512.hexdigest(value).upcase + end end |