Add canonical e-mail blocks for suspended accounts (#16049)

Prevent new accounts from being created using the same underlying e-mail as a suspended account using extensions and period permutations. Stores e-mails as a SHA256 hash
2021-04-17 03:14:25 +02:00 · 2021-04-17 03:14:25 +02:00 · b3ceb3dcc4
commit b3ceb3dcc4
parent 170e05db12
9 changed files with 172 additions and 21 deletions
--- a/spec/validators/blacklisted_email_validator_spec.rb
+++ b/spec/validators/blacklisted_email_validator_spec.rb
@ -9,23 +9,36 @@ RSpec.describe BlacklistedEmailValidator, type: :validator do

    before do
      allow(user).to receive(:valid_invitation?) { false }
-      allow_any_instance_of(described_class).to receive(:blocked_email?) { blocked_email }
-      described_class.new.validate(user)
+      allow_any_instance_of(described_class).to receive(:blocked_email_provider?) { blocked_email }
    end

-    context 'blocked_email?' do
+    subject { described_class.new.validate(user); errors }
+
+    context 'when e-mail provider is blocked' do
      let(:blocked_email) { true }

-      it 'calls errors.add' do
-        expect(errors).to have_received(:add).with(:email, :blocked)
+      it 'adds error' do
+        expect(subject).to have_received(:add).with(:email, :blocked)
      end
    end

-    context '!blocked_email?' do
+    context 'when e-mail provider is not blocked' do
      let(:blocked_email) { false }

-      it 'not calls errors.add' do
-        expect(errors).not_to have_received(:add).with(:email, :blocked)
+      it 'does not add errors' do
+        expect(subject).not_to have_received(:add).with(:email, :blocked)
+      end
+
+      context 'when canonical e-mail is blocked' do
+        let(:other_user) { Fabricate(:user, email: 'i.n.f.o@mail.com') }
+
+        before do
+          other_user.account.suspend!
+        end
+
+        it 'adds error' do
+          expect(subject).to have_received(:add).with(:email, :taken)
+        end
      end
    end
  end