Add canonical e-mail blocks for suspended accounts (#16049)
Prevent new accounts from being created using the same underlying e-mail as a suspended account using extensions and period permutations. Stores e-mails as a SHA256 hashmaster
parent
170e05db12
commit
b3ceb3dcc4
@ -0,0 +1,18 @@ |
|||||||
|
# frozen_string_literal: true |
||||||
|
|
||||||
|
module EmailHelper |
||||||
|
def self.included(base) |
||||||
|
base.extend(self) |
||||||
|
end |
||||||
|
|
||||||
|
def email_to_canonical_email(str) |
||||||
|
username, domain = str.downcase.split('@', 2) |
||||||
|
username, = username.gsub('.', '').split('+', 2) |
||||||
|
|
||||||
|
"#{username}@#{domain}" |
||||||
|
end |
||||||
|
|
||||||
|
def email_to_canonical_email_hash(str) |
||||||
|
Digest::SHA2.new(256).hexdigest(email_to_canonical_email(str)) |
||||||
|
end |
||||||
|
end |
@ -0,0 +1,27 @@ |
|||||||
|
# frozen_string_literal: true |
||||||
|
# == Schema Information |
||||||
|
# |
||||||
|
# Table name: canonical_email_blocks |
||||||
|
# |
||||||
|
# id :bigint(8) not null, primary key |
||||||
|
# canonical_email_hash :string default(""), not null |
||||||
|
# reference_account_id :bigint(8) not null |
||||||
|
# created_at :datetime not null |
||||||
|
# updated_at :datetime not null |
||||||
|
# |
||||||
|
|
||||||
|
class CanonicalEmailBlock < ApplicationRecord |
||||||
|
include EmailHelper |
||||||
|
|
||||||
|
belongs_to :reference_account, class_name: 'Account' |
||||||
|
|
||||||
|
validates :canonical_email_hash, presence: true |
||||||
|
|
||||||
|
def email=(email) |
||||||
|
self.canonical_email_hash = email_to_canonical_email_hash(email) |
||||||
|
end |
||||||
|
|
||||||
|
def self.block?(email) |
||||||
|
where(canonical_email_hash: email_to_canonical_email_hash(email)).exists? |
||||||
|
end |
||||||
|
end |
@ -0,0 +1,10 @@ |
|||||||
|
class CreateCanonicalEmailBlocks < ActiveRecord::Migration[6.1] |
||||||
|
def change |
||||||
|
create_table :canonical_email_blocks do |t| |
||||||
|
t.string :canonical_email_hash, null: false, default: '', index: { unique: true } |
||||||
|
t.belongs_to :reference_account, null: false, foreign_key: { on_cascade: :delete, to_table: 'accounts' } |
||||||
|
|
||||||
|
t.timestamps |
||||||
|
end |
||||||
|
end |
||||||
|
end |
@ -0,0 +1,4 @@ |
|||||||
|
Fabricator(:canonical_email_block) do |
||||||
|
email "test@example.com" |
||||||
|
reference_account { Fabricate(:account) } |
||||||
|
end |
@ -0,0 +1,47 @@ |
|||||||
|
require 'rails_helper' |
||||||
|
|
||||||
|
RSpec.describe CanonicalEmailBlock, type: :model do |
||||||
|
describe '#email=' do |
||||||
|
let(:target_hash) { '973dfe463ec85785f5f95af5ba3906eedb2d931c24e69824a89ea65dba4e813b' } |
||||||
|
|
||||||
|
it 'sets canonical_email_hash' do |
||||||
|
subject.email = 'test@example.com' |
||||||
|
expect(subject.canonical_email_hash).to eq target_hash |
||||||
|
end |
||||||
|
|
||||||
|
it 'sets the same hash even with dot permutations' do |
||||||
|
subject.email = 't.e.s.t@example.com' |
||||||
|
expect(subject.canonical_email_hash).to eq target_hash |
||||||
|
end |
||||||
|
|
||||||
|
it 'sets the same hash even with extensions' do |
||||||
|
subject.email = 'test+mastodon1@example.com' |
||||||
|
expect(subject.canonical_email_hash).to eq target_hash |
||||||
|
end |
||||||
|
|
||||||
|
it 'sets the same hash with different casing' do |
||||||
|
subject.email = 'Test@EXAMPLE.com' |
||||||
|
expect(subject.canonical_email_hash).to eq target_hash |
||||||
|
end |
||||||
|
end |
||||||
|
|
||||||
|
describe '.block?' do |
||||||
|
let!(:canonical_email_block) { Fabricate(:canonical_email_block, email: 'foo@bar.com') } |
||||||
|
|
||||||
|
it 'returns true for the same email' do |
||||||
|
expect(described_class.block?('foo@bar.com')).to be true |
||||||
|
end |
||||||
|
|
||||||
|
it 'returns true for the same email with dots' do |
||||||
|
expect(described_class.block?('f.oo@bar.com')).to be true |
||||||
|
end |
||||||
|
|
||||||
|
it 'returns true for the same email with extensions' do |
||||||
|
expect(described_class.block?('foo+spam@bar.com')).to be true |
||||||
|
end |
||||||
|
|
||||||
|
it 'returns false for different email' do |
||||||
|
expect(described_class.block?('hoge@bar.com')).to be false |
||||||
|
end |
||||||
|
end |
||||||
|
end |
Loading…
Reference in new issue