1
0
Fork 1
forked from fedi/mastodon

Fix crash when saving invalid domain name (#11528)

Fix #7629
This commit is contained in:
Eugen Rochko 2019-08-08 23:04:19 +02:00 committed by GitHub
parent 699db454c3
commit 7a1f8a58df
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 24 additions and 5 deletions

View file

@ -15,7 +15,7 @@ class AccountDomainBlock < ApplicationRecord
include DomainNormalizable
belongs_to :account
validates :domain, presence: true, uniqueness: { scope: :account_id }
validates :domain, presence: true, uniqueness: { scope: :account_id }, domain: true
after_commit :remove_blocking_cache
after_commit :remove_relationship_cache

View file

@ -4,7 +4,7 @@ module DomainNormalizable
extend ActiveSupport::Concern
included do
before_validation :normalize_domain
before_save :normalize_domain
end
private

View file

@ -13,7 +13,7 @@
class DomainAllow < ApplicationRecord
include DomainNormalizable
validates :domain, presence: true, uniqueness: true
validates :domain, presence: true, uniqueness: true, domain: true
scope :matches_domain, ->(value) { where(arel_table[:domain].matches("%#{value}%")) }

View file

@ -19,7 +19,7 @@ class DomainBlock < ApplicationRecord
enum severity: [:silence, :suspend, :noop]
validates :domain, presence: true, uniqueness: true
validates :domain, presence: true, uniqueness: true, domain: true
has_many :accounts, foreign_key: :domain, primary_key: :domain
delegate :count, to: :accounts, prefix: true

View file

@ -12,7 +12,7 @@
class EmailDomainBlock < ApplicationRecord
include DomainNormalizable
validates :domain, presence: true, uniqueness: true
validates :domain, presence: true, uniqueness: true, domain: true
def self.block?(email)
_, domain = email.split('@', 2)

View file

@ -0,0 +1,17 @@
# frozen_string_literal: true
class DomainValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
return if value.blank?
record.errors.add(attribute, I18n.t('domain_validator.invalid_domain')) unless compliant?(value)
end
private
def compliant?(value)
Addressable::URI.new.tap { |uri| uri.host = value }
rescue Addressable::URI::InvalidURIError
false
end
end

View file

@ -628,6 +628,8 @@ en:
people:
one: "%{count} person"
other: "%{count} people"
domain_validator:
invalid_domain: is not a valid domain name
errors:
'403': You don't have permission to view this page.
'404': The page you are looking for isn't here.