Fix registrations not checking MX records for email domain blocks requiring approval (#28608)

2024-01-15 18:10:57 +01:00 · 2024-01-15 18:10:57 +01:00 · e621c1c44c
commit e621c1c44c
parent a2f02a0775
3 changed files with 94 additions and 5 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -149,6 +149,10 @@ class User < ApplicationRecord
    end
  end

+  def self.skip_mx_check?
+    Rails.env.local?
+  end
+
  def role
    if role_id.nil?
      UserRole.everyone
@ -436,9 +440,24 @@ class User < ApplicationRecord
  end

  def sign_up_email_requires_approval?
-    return false unless email.present? || unconfirmed_email.present?
+    return false if email.blank?

-    EmailDomainBlock.requires_approval?(email.presence || unconfirmed_email, attempt_ip: sign_up_ip)
+    _, domain = email.split('@', 2)
+    return false if domain.blank?
+
+    records = []
+
+    # Doing this conditionally is not very satisfying, but this is consistent
+    # with the MX records validations we do and keeps the specs tractable.
+    unless self.class.skip_mx_check?
+      Resolv::DNS.open do |dns|
+        dns.timeouts = 5
+
+        records = dns.getresources(domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }.compact_blank
+      end
+    end
+
+    EmailDomainBlock.requires_approval?(records + [domain], attempt_ip: sign_up_ip)
  end

  def open_registrations?
@ -489,7 +508,7 @@ class User < ApplicationRecord
  end

  def validate_email_dns?
-    email_changed? && !external? && !Rails.env.local?
+    email_changed? && !external? && !self.class.skip_mx_check?
  end

  def validate_role_elevation