FEATURE: new setting to validate user website

app/models/user_profile.rb

@@ -12,6 +12,8 @@ class UserProfile < ActiveRecord::Base
   validates :profile_background, upload_url: true, if: :profile_background_changed?
   validates :card_background, upload_url: true, if: :card_background_changed?
 
+  validate :website_domain_validator, if: Proc.new { |c| c.new_record? || c.website_changed? }
+
   belongs_to :card_image_badge, class_name: 'Badge'
   has_many :user_profile_views, dependent: :destroy
 
@@ -102,6 +104,14 @@ class UserProfile < ActiveRecord::Base
     end
   end
 
+  def website_domain_validator
+    allowed_domains = SiteSetting.user_website_domains_whitelist
+    return if (allowed_domains.blank? || self.website.blank?)
+
+    domain = URI.parse(self.website).host
+    self.errors.add :base, (I18n.t('user.website.domain_not_allowed', domains: allowed_domains.split('|').join(", "))) unless allowed_domains.split('|').include?(domain)
+  end
+
 end
 
 # == Schema Information

config/locales/server.en.yml

@@ -1322,6 +1322,8 @@ en:
 
     hide_user_profiles_from_public: "Disable user cards, user profiles and user directory for anonymous users."
 
+    user_website_domains_whitelist: "User website will be verified against these domains. Pipe-delimited list." 
+
     allow_profile_backgrounds: "Allow users to upload profile backgrounds."
 
     sequential_replies_threshold: "Number of posts a user has to make in a row in a topic before being reminded about too many sequential replies."
@@ -1606,6 +1608,8 @@ en:
     ip_address:
       blocked: "New registrations are not allowed from your IP address."
       max_new_accounts_per_registration_ip: "New registrations are not allowed from your IP address (maximum limit reached). Contact a staff member."
+    website:
+      domain_not_allowed: "Website is invalid. Allowed domains are: %{domains}"
 
   flags_reminder:
     flags_were_submitted:

config/site_settings.yml

@@ -410,6 +410,9 @@ users:
   hide_user_profiles_from_public:
     default: false
     client: true
+  user_website_domains_whitelist:
+    default: ''
+    type: list
 
 groups:
   enable_group_directory:

spec/models/user_profile_spec.rb

@@ -54,16 +54,19 @@ describe UserProfile do
       expect(user_profile).not_to be_valid
     end
 
-    it "doesn't support invalid website" do
+    context "website validation" do
-      user_profile = Fabricate.build(:user_profile, website: "http://https://google.com")
+      let(:user) { Fabricate(:user) }
-      user_profile.user = Fabricate.build(:user)
+
-      expect(user_profile).not_to be_valid
+      it "ensures website is valid" do
+        expect(Fabricate.build(:user_profile, user: user, website: "http://https://google.com")).not_to be_valid
+        expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).to be_valid
       end
 
-    it "supports valid website" do
+      it "validates website domain if user_website_domains_whitelist setting is present" do
-      user_profile = Fabricate.build(:user_profile, website: "https://google.com")
+        SiteSetting.user_website_domains_whitelist = "discourse.org"
-      user_profile.user = Fabricate.build(:user)
+        expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).not_to be_valid
-      expect(user_profile.valid?).to be true
+        expect(Fabricate.build(:user_profile, user: user, website: "http://discourse.org")).to be_valid
+      end
     end
 
     describe 'after save' do