FEATURE: new setting to validate user website
This commit is contained in:
parent
d46b0a7251
commit
d72cbcb2a4
|
@ -12,6 +12,8 @@ class UserProfile < ActiveRecord::Base
|
|||
validates :profile_background, upload_url: true, if: :profile_background_changed?
|
||||
validates :card_background, upload_url: true, if: :card_background_changed?
|
||||
|
||||
validate :website_domain_validator, if: Proc.new { |c| c.new_record? || c.website_changed? }
|
||||
|
||||
belongs_to :card_image_badge, class_name: 'Badge'
|
||||
has_many :user_profile_views, dependent: :destroy
|
||||
|
||||
|
@ -102,6 +104,14 @@ class UserProfile < ActiveRecord::Base
|
|||
end
|
||||
end
|
||||
|
||||
def website_domain_validator
|
||||
allowed_domains = SiteSetting.user_website_domains_whitelist
|
||||
return if (allowed_domains.blank? || self.website.blank?)
|
||||
|
||||
domain = URI.parse(self.website).host
|
||||
self.errors.add :base, (I18n.t('user.website.domain_not_allowed', domains: allowed_domains.split('|').join(", "))) unless allowed_domains.split('|').include?(domain)
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
# == Schema Information
|
||||
|
|
|
@ -1322,6 +1322,8 @@ en:
|
|||
|
||||
hide_user_profiles_from_public: "Disable user cards, user profiles and user directory for anonymous users."
|
||||
|
||||
user_website_domains_whitelist: "User website will be verified against these domains. Pipe-delimited list."
|
||||
|
||||
allow_profile_backgrounds: "Allow users to upload profile backgrounds."
|
||||
|
||||
sequential_replies_threshold: "Number of posts a user has to make in a row in a topic before being reminded about too many sequential replies."
|
||||
|
@ -1606,6 +1608,8 @@ en:
|
|||
ip_address:
|
||||
blocked: "New registrations are not allowed from your IP address."
|
||||
max_new_accounts_per_registration_ip: "New registrations are not allowed from your IP address (maximum limit reached). Contact a staff member."
|
||||
website:
|
||||
domain_not_allowed: "Website is invalid. Allowed domains are: %{domains}"
|
||||
|
||||
flags_reminder:
|
||||
flags_were_submitted:
|
||||
|
|
|
@ -410,6 +410,9 @@ users:
|
|||
hide_user_profiles_from_public:
|
||||
default: false
|
||||
client: true
|
||||
user_website_domains_whitelist:
|
||||
default: ''
|
||||
type: list
|
||||
|
||||
groups:
|
||||
enable_group_directory:
|
||||
|
|
|
@ -54,16 +54,19 @@ describe UserProfile do
|
|||
expect(user_profile).not_to be_valid
|
||||
end
|
||||
|
||||
it "doesn't support invalid website" do
|
||||
user_profile = Fabricate.build(:user_profile, website: "http://https://google.com")
|
||||
user_profile.user = Fabricate.build(:user)
|
||||
expect(user_profile).not_to be_valid
|
||||
context "website validation" do
|
||||
let(:user) { Fabricate(:user) }
|
||||
|
||||
it "ensures website is valid" do
|
||||
expect(Fabricate.build(:user_profile, user: user, website: "http://https://google.com")).not_to be_valid
|
||||
expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).to be_valid
|
||||
end
|
||||
|
||||
it "supports valid website" do
|
||||
user_profile = Fabricate.build(:user_profile, website: "https://google.com")
|
||||
user_profile.user = Fabricate.build(:user)
|
||||
expect(user_profile.valid?).to be true
|
||||
it "validates website domain if user_website_domains_whitelist setting is present" do
|
||||
SiteSetting.user_website_domains_whitelist = "discourse.org"
|
||||
expect(Fabricate.build(:user_profile, user: user, website: "https://google.com")).not_to be_valid
|
||||
expect(Fabricate.build(:user_profile, user: user, website: "http://discourse.org")).to be_valid
|
||||
end
|
||||
end
|
||||
|
||||
describe 'after save' do
|
||||
|
|
Loading…
Reference in New Issue