FIX: ensure inactive users can't email in

2015-12-21 17:54:02 +01:00 · 2015-12-21 17:54:02 +01:00 · 3e923c7a41
parent b3198d7a6a
commit 3e923c7a41
2 changed files with 34 additions and 1 deletions
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@ -20,6 +20,7 @@ module Email
    class InvalidPost < ProcessingError; end
    class ReplyUserNotFoundError < ProcessingError; end
    class ReplyUserNotMatchingError < ProcessingError; end
+    class InactiveUserError < ProcessingError; end

    attr_reader :body, :email_log

@ -58,8 +59,8 @@ module Email
      user_email = from.address
      user_name  = from.display_name

-      # TODO: deal with suspended/inactive users
      user = User.find_by_email(user_email)
+      raise InactiveUserError if user.present? && !user.active && !user.staged

      # TODO: take advantage of all the "TO"s
      dest_info = dest_infos[0]
--- a/spec/components/email/receiver_spec.rb
+++ b/spec/components/email/receiver_spec.rb
@ -447,6 +447,38 @@ This is a link http://example.com"
    end
  end

+  describe "posting reply as a inactive user" do
+    let(:reply_key) { raise "Override this in a lower describe block" }
+    let(:email_raw) { raise "Override this in a lower describe block" }
+    let(:to) { SiteSetting.reply_by_email_address.gsub("%{reply_key}", reply_key) }
+    let(:receiver) { Email::Receiver.new(email_raw) }
+    let(:topic) { Fabricate(:topic) }
+    let(:post) { Fabricate(:post, topic: topic, post_number: 1) }
+    let(:replying_user_email) { 'jake@adventuretime.ooo' }
+    let(:replying_user) { Fabricate(:user, email: replying_user_email, trust_level: 2, active: false) }
+    let(:email_log) { EmailLog.new(reply_key: reply_key,
+                                   post: post,
+                                   post_id: post.id,
+                                   topic_id: topic.id,
+                                   email_type: 'user_posted',
+                                   user: replying_user,
+                                   user_id: replying_user.id,
+                                   to_address: replying_user_email
+    ) }
+
+    before do
+      email_log.save
+    end
+
+    describe "should not create post" do
+      let!(:reply_key) { '59d8df8370b7e95c5a49fbf86aeb2c93' }
+      let!(:email_raw) { fill_email(fixture_file("emails/valid_reply.eml"), replying_user_email, to) }
+      it "raises a InactiveUserError" do
+        expect { receiver.process }.to raise_error(Email::Receiver::InactiveUserError)
+      end
+    end
+  end
+
  describe "posting a new topic in a category" do
    let(:category_destination) { raise "Override this in a lower describe block" }
    let(:email_raw) { raise "Override this in a lower describe block" }