Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Check if invite domain is valid (#15238) 

* FIX: Check if invite domain is valid

Previous regex checked for generic hostname, which is too generic for
this case.
This commit is contained in:
Dan Ungureanu 2021-12-13 07:39:14 +02:00 committed by GitHub
parent 3d4aee1487
commit adb6202c94
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/discourse/app/lib/utilities.js
View File

@ -145,7 +145,7 @@ export function emailValid(email) {
export function hostnameValid(hostname) {
// see: https://stackoverflow.com/questions/106179/regular-expression-to-match-dns-hostname-or-ip-address
const re = /^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/;
const re = /^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)+([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$/;
return hostname && re.test(hostname);
}

2
app/assets/javascripts/discourse/app/templates/modal/create-invite.hbs
View File

@ -44,7 +44,7 @@
{{else if isDomain}}
{{i18n "user.invited.invite.restrict_domain"}}
{{else}}
{{i18n "user.invited.invite.restrict_email_or_domain"}}
{{i18n "user.invited.invite.restrict"}}
{{/if}}
</label>
<div class="invite-email-container">

4
app/models/invite.rb
View File

@ -15,7 +15,7 @@ class Invite < ActiveRecord::Base
}
BULK_INVITE_EMAIL_LIMIT = 200
HOSTNAME_REGEX = /\A(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])\z/
DOMAIN_REGEX = /\A(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)+([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])\z/
rate_limit :limit_invites_per_day
@ -292,7 +292,7 @@ class Invite < ActiveRecord::Base
self.domain.downcase!
if self.domain !~ Invite::HOSTNAME_REGEX
if self.domain !~ Invite::DOMAIN_REGEX
self.errors.add(:base, I18n.t('invite.domain_not_allowed', domain: self.domain))
end
end

4
config/locales/client.en.yml
View File

@ -1621,10 +1621,10 @@ en:
show_advanced: "Show Advanced Options"
hide_advanced: "Hide Advanced Options"
restrict_email_or_domain: "Restrict to email or domain"
email_or_domain_placeholder: "name@example.com or example.com"
restrict: "Restrict to"
restrict_email: "Restrict to email"
restrict_domain: "Restrict to domain"
email_or_domain_placeholder: "name@example.com or example.com"
max_redemptions_allowed: "Max uses"

8
spec/models/invite_spec.rb
View File

@ -38,6 +38,14 @@ describe Invite do
expect(invite.valid?).to eq(false)
expect(invite.errors.full_messages).to include(I18n.t('invite.invalid_email', email: invite.email))
end
it 'allows only valid domains' do
invite = Fabricate.build(:invite, domain: 'example', invited_by: user)
expect(invite).not_to be_valid
invite = Fabricate.build(:invite, domain: 'example.com', invited_by: user)
expect(invite).to be_valid
end
end
context 'before_save' do