Bypass MX validation for explicitly allowed domains (#15930)

* Bypass MX validation for explicitly allowed domains

This spares some lookups and prevent issues in some edge cases with
local domains.

* Add tests

* Fix test
This commit is contained in:
Claire 2021-03-19 23:48:47 +01:00 committed by GitHub
parent d023eefbcc
commit 051efed5ed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 2 deletions

View File

@ -10,7 +10,7 @@ class EmailMxValidator < ActiveModel::Validator
if domain.blank? if domain.blank?
user.errors.add(:email, :invalid) user.errors.add(:email, :invalid)
else elsif !on_allowlist?(domain)
ips, hostnames = resolve_mx(domain) ips, hostnames = resolve_mx(domain)
if ips.empty? if ips.empty?
@ -33,6 +33,12 @@ class EmailMxValidator < ActiveModel::Validator
nil nil
end end
def on_allowlist?(domain)
return false if Rails.configuration.x.email_domains_whitelist.blank?
Rails.configuration.x.email_domains_whitelist.include?(domain)
end
def resolve_mx(domain) def resolve_mx(domain)
hostnames = [] hostnames = []
ips = [] ips = []

View File

@ -206,7 +206,7 @@ RSpec.describe User, type: :model do
describe 'whitelist' do describe 'whitelist' do
around(:each) do |example| around(:each) do |example|
old_whitelist = Rails.configuration.x.email_whitelist old_whitelist = Rails.configuration.x.email_domains_whitelist
Rails.configuration.x.email_domains_whitelist = 'mastodon.space' Rails.configuration.x.email_domains_whitelist = 'mastodon.space'

View File

@ -6,6 +6,24 @@ describe EmailMxValidator do
describe '#validate' do describe '#validate' do
let(:user) { double(email: 'foo@example.com', errors: double(add: nil)) } let(:user) { double(email: 'foo@example.com', errors: double(add: nil)) }
it 'does not add errors if there are no DNS records for an e-mail domain that is explicitly allowed' do
old_whitelist = Rails.configuration.x.email_domains_whitelist
Rails.configuration.x.email_domains_whitelist = 'example.com'
resolver = double
allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::MX).and_return([])
allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::A).and_return([])
allow(resolver).to receive(:getresources).with('example.com', Resolv::DNS::Resource::IN::AAAA).and_return([])
allow(resolver).to receive(:timeouts=).and_return(nil)
allow(Resolv::DNS).to receive(:open).and_yield(resolver)
subject.validate(user)
expect(user.errors).to_not have_received(:add)
Rails.configuration.x.email_domains_whitelist = old_whitelist
end
it 'adds an error if there are no DNS records for the e-mail domain' do it 'adds an error if there are no DNS records for the e-mail domain' do
resolver = double resolver = double