FIX: allow developer emails to bypass email blacklist/whitelist restriction

2015-01-29 23:22:59 +05:30 · 2015-01-29 23:22:59 +05:30 · 58f46137d6
parent 4fd0200df8
commit 58f46137d6
2 changed files with 18 additions and 2 deletions
--- a/lib/validators/email_validator.rb
+++ b/lib/validators/email_validator.rb
@ -2,11 +2,11 @@ class EmailValidator < ActiveModel::EachValidator

  def validate_each(record, attribute, value)
    if (setting = SiteSetting.email_domains_whitelist).present?
-      unless email_in_restriction_setting?(setting, value)
+      unless email_in_restriction_setting?(setting, value) || is_developer?(value)
        record.errors.add(attribute, I18n.t(:'user.email.not_allowed'))
      end
    elsif (setting = SiteSetting.email_domains_blacklist).present?
-      if email_in_restriction_setting?(setting, value)
+      if email_in_restriction_setting?(setting, value) && !is_developer?(value)
        record.errors.add(attribute, I18n.t(:'user.email.not_allowed'))
      end
    end
@ -21,6 +21,10 @@ class EmailValidator < ActiveModel::EachValidator
    value =~ regexp
  end

+  def is_developer?(value)
+    Rails.configuration.respond_to?(:developer_emails) && Rails.configuration.developer_emails.include?(value)
+  end
+
  def self.email_regex
    /^[a-zA-Z0-9!#\$%&'*+\/=?\^_`{|}~\-]+(?:\.[a-zA-Z0-9!#\$%&'\*+\/=?\^_`{|}~\-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?$/
  end
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -534,6 +534,12 @@ describe User do
      expect(Fabricate.build(:user, email: 'notgood@TRASHMAIL.NET')).not_to be_valid
    end

+    it 'blacklist should not reject developer emails' do
+      Rails.configuration.stubs(:developer_emails).returns('developer@discourse.org')
+      SiteSetting.stubs(:email_domains_blacklist).returns('discourse.org')
+      expect(Fabricate.build(:user, email: 'developer@discourse.org')).to be_valid
+    end
+
    it 'should not interpret a period as a wildcard' do
      SiteSetting.stubs(:email_domains_blacklist).returns('trashmail.net')
      expect(Fabricate.build(:user, email: 'good@trashmailinet.com')).to be_valid
@ -571,6 +577,12 @@ describe User do
      expect(Fabricate.build(:user, email: 'good@VAYNERMEDIA.COM')).to be_valid
    end

+    it 'whitelist should accept developer emails' do
+      Rails.configuration.stubs(:developer_emails).returns('developer@discourse.org')
+      SiteSetting.stubs(:email_domains_whitelist).returns('awesome.org')
+      expect(Fabricate.build(:user, email: 'developer@discourse.org')).to be_valid
+    end
+
    it 'email whitelist should not be used to validate existing records' do
      u = Fabricate(:user, email: 'in_before_whitelisted@fakemail.com')
      SiteSetting.stubs(:email_domains_blacklist).returns('vaynermedia.com')