Change e-mail domain blocks to match subdomains of blocked domains (#18979)

rebase/4.0.0rc1
Eugen Rochko 2022-08-24 19:00:55 +02:00 committed by GitHub
parent d83faa1a89
commit 0412a4d03e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 65 additions and 28 deletions

View File

@ -30,8 +30,40 @@ class EmailDomainBlock < ApplicationRecord
@history ||= Trends::History.new('email_domain_blocks', id) @history ||= Trends::History.new('email_domain_blocks', id)
end end
def self.block?(domain_or_domains, attempt_ip: nil) class Matcher
domains = Array(domain_or_domains).map do |str| def initialize(domain_or_domains, attempt_ip: nil)
@uris = extract_uris(domain_or_domains)
@attempt_ip = attempt_ip
end
def match?
blocking? || invalid_uri?
end
private
def invalid_uri?
@uris.any?(&:nil?)
end
def blocking?
blocks = EmailDomainBlock.where(domain: domains_with_variants).order(Arel.sql('char_length(domain) desc'))
blocks.each { |block| block.history.add(@attempt_ip) } if @attempt_ip.present?
blocks.any?
end
def domains_with_variants
@uris.flat_map do |uri|
next if uri.nil?
segments = uri.normalized_host.split('.')
segments.map.with_index { |_, i| segments[i..-1].join('.') }
end
end
def extract_uris(domain_or_domains)
Array(domain_or_domains).map do |str|
domain = begin domain = begin
if str.include?('@') if str.include?('@')
str.split('@', 2).last str.split('@', 2).last
@ -40,22 +72,14 @@ class EmailDomainBlock < ApplicationRecord
end end
end end
TagManager.instance.normalize_domain(domain) if domain.present? Addressable::URI.new.tap { |u| u.host = domain.strip } if domain.present?
rescue Addressable::URI::InvalidURIError rescue Addressable::URI::InvalidURIError, IDN::Idna::IdnaError
nil nil
end end
end
# If some of the inputs passed in are invalid, we definitely want to end
# block the attempt, but we also want to register hits against any
# other valid matches def self.block?(domain_or_domains, attempt_ip: nil)
Matcher.new(domain_or_domains, attempt_ip: attempt_ip).match?
blocked = domains.any?(&:nil?)
where(domain: domains).find_each do |block|
blocked = true
block.history.add(attempt_ip) if attempt_ip.present?
end
blocked
end end
end end

View File

@ -12,7 +12,10 @@ RSpec.describe EmailDomainBlock, type: :model do
let(:input) { nil } let(:input) { nil }
context 'given an e-mail address' do context 'given an e-mail address' do
let(:input) { 'nyarn@example.com' } let(:input) { "foo@#{domain}" }
context do
let(:domain) { 'example.com' }
it 'returns true if the domain is blocked' do it 'returns true if the domain is blocked' do
Fabricate(:email_domain_block, domain: 'example.com') Fabricate(:email_domain_block, domain: 'example.com')
@ -25,6 +28,16 @@ RSpec.describe EmailDomainBlock, type: :model do
end end
end end
context do
let(:domain) { 'mail.example.com' }
it 'returns true if it is a subdomain of a blocked domain' do
Fabricate(:email_domain_block, domain: 'example.com')
expect(described_class.block?(input)).to be true
end
end
end
context 'given an array of domains' do context 'given an array of domains' do
let(:input) { %w(foo.com mail.foo.com) } let(:input) { %w(foo.com mail.foo.com) }