Add ability to require approval when users sign up using specific email domains (#28468)

2024-01-04 10:07:05 +01:00 · 2024-01-04 10:07:05 +01:00 · dfdadb92e8
commit dfdadb92e8
parent 195b89d336
13 changed files with 84 additions and 16 deletions
--- a/app/models/email_domain_block.rb
+++ b/app/models/email_domain_block.rb
@ -4,11 +4,12 @@
 #
 # Table name: email_domain_blocks
 #
-#  id         :bigint(8)        not null, primary key
-#  domain     :string           default(""), not null
-#  created_at :datetime         not null
-#  updated_at :datetime         not null
-#  parent_id  :bigint(8)
+#  id                  :bigint(8)        not null, primary key
+#  domain              :string           default(""), not null
+#  created_at          :datetime         not null
+#  updated_at          :datetime         not null
+#  parent_id           :bigint(8)
+#  allow_with_approval :boolean          default(FALSE), not null
 #

 class EmailDomainBlock < ApplicationRecord
@ -42,8 +43,8 @@ class EmailDomainBlock < ApplicationRecord
      @attempt_ip = attempt_ip
    end

-    def match?
-      blocking? || invalid_uri?
+    def match?(...)
+      blocking?(...) || invalid_uri?
    end

    private
@ -52,8 +53,8 @@ class EmailDomainBlock < ApplicationRecord
      @uris.any?(&:nil?)
    end

-    def blocking?
-      blocks = EmailDomainBlock.where(domain: domains_with_variants).order(Arel.sql('char_length(domain) desc'))
+    def blocking?(allow_with_approval: false)
+      blocks = EmailDomainBlock.where(domain: domains_with_variants, allow_with_approval: allow_with_approval).order(Arel.sql('char_length(domain) desc'))
      blocks.each { |block| block.history.add(@attempt_ip) } if @attempt_ip.present?
      blocks.any?
    end
@ -86,4 +87,8 @@ class EmailDomainBlock < ApplicationRecord
  def self.block?(domain_or_domains, attempt_ip: nil)
    Matcher.new(domain_or_domains, attempt_ip: attempt_ip).match?
  end
+
+  def self.requires_approval?(domain_or_domains, attempt_ip: nil)
+    Matcher.new(domain_or_domains, attempt_ip: attempt_ip).match?(allow_with_approval: true)
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -418,7 +418,7 @@ class User < ApplicationRecord

  def set_approved
    self.approved = begin
-      if sign_up_from_ip_requires_approval?
+      if sign_up_from_ip_requires_approval? || sign_up_email_requires_approval?
        false
      else
        open_registrations? || valid_invitation? || external?
@ -430,6 +430,12 @@ class User < ApplicationRecord
    !sign_up_ip.nil? && IpBlock.where(severity: :sign_up_requires_approval).where('ip >>= ?', sign_up_ip.to_s).exists?
  end

+  def sign_up_email_requires_approval?
+    return false unless email.present? || unconfirmed_email.present?
+
+    EmailDomainBlock.requires_approval?(email.presence || unconfirmed_email, attempt_ip: sign_up_ip)
+  end
+
  def open_registrations?
    Setting.registrations_mode == 'open'
  end