Fix being able to bypass e-mail restrictions

2024-11-08 08:44:27 +00:00 · 2022-02-28 12:15:44 +01:00 · 2022-02-28 12:15:44 +01:00 · a73f32f7dc
parent 637c7d464b
commit a73f32f7dc
1 changed files with 2 additions and 2 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -86,11 +86,11 @@ class User < ApplicationRecord
  validates :invite_request, presence: true, on: :create, if: :invite_text_required?

  validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
-  validates_with BlacklistedEmailValidator, on: :create
+  validates_with BlacklistedEmailValidator, if: -> { !confirmed? }
  validates_with EmailMxValidator, if: :validate_email_dns?
  validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create

-  # Those are honeypot/antispam fields
+  # Honeypot/anti-spam fields
  attr_accessor :registration_form_time, :website, :confirm_password

  validates_with RegistrationFormTimeValidator, on: :create