Fix being able to bypass e-mail restrictions

This commit is contained in:
Eugen Rochko 2022-02-28 12:15:44 +01:00
parent 637c7d464b
commit a73f32f7dc

View file

@ -86,11 +86,11 @@ class User < ApplicationRecord
validates :invite_request, presence: true, on: :create, if: :invite_text_required? validates :invite_request, presence: true, on: :create, if: :invite_text_required?
validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale? validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
validates_with BlacklistedEmailValidator, on: :create validates_with BlacklistedEmailValidator, if: -> { !confirmed? }
validates_with EmailMxValidator, if: :validate_email_dns? validates_with EmailMxValidator, if: :validate_email_dns?
validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create validates :agreement, acceptance: { allow_nil: false, accept: [true, 'true', '1'] }, on: :create
# Those are honeypot/antispam fields # Honeypot/anti-spam fields
attr_accessor :registration_form_time, :website, :confirm_password attr_accessor :registration_form_time, :website, :confirm_password
validates_with RegistrationFormTimeValidator, on: :create validates_with RegistrationFormTimeValidator, on: :create