From 7a1f8a58df7edeb4f1d03c9dd3c25d5370d858a6 Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Thu, 8 Aug 2019 23:04:19 +0200 Subject: [PATCH] Fix crash when saving invalid domain name (#11528) Fix #7629 --- app/models/account_domain_block.rb | 2 +- app/models/concerns/domain_normalizable.rb | 2 +- app/models/domain_allow.rb | 2 +- app/models/domain_block.rb | 2 +- app/models/email_domain_block.rb | 2 +- app/validators/domain_validator.rb | 17 +++++++++++++++++ config/locales/en.yml | 2 ++ 7 files changed, 24 insertions(+), 5 deletions(-) create mode 100644 app/validators/domain_validator.rb diff --git a/app/models/account_domain_block.rb b/app/models/account_domain_block.rb index 7c0d60379eb..3aaffde9a95 100644 --- a/app/models/account_domain_block.rb +++ b/app/models/account_domain_block.rb @@ -15,7 +15,7 @@ class AccountDomainBlock < ApplicationRecord include DomainNormalizable belongs_to :account - validates :domain, presence: true, uniqueness: { scope: :account_id } + validates :domain, presence: true, uniqueness: { scope: :account_id }, domain: true after_commit :remove_blocking_cache after_commit :remove_relationship_cache diff --git a/app/models/concerns/domain_normalizable.rb b/app/models/concerns/domain_normalizable.rb index fb84058fc27..c00b3142fa7 100644 --- a/app/models/concerns/domain_normalizable.rb +++ b/app/models/concerns/domain_normalizable.rb @@ -4,7 +4,7 @@ module DomainNormalizable extend ActiveSupport::Concern included do - before_validation :normalize_domain + before_save :normalize_domain end private diff --git a/app/models/domain_allow.rb b/app/models/domain_allow.rb index 85018b636e2..5fe0e3a29c3 100644 --- a/app/models/domain_allow.rb +++ b/app/models/domain_allow.rb @@ -13,7 +13,7 @@ class DomainAllow < ApplicationRecord include DomainNormalizable - validates :domain, presence: true, uniqueness: true + validates :domain, presence: true, uniqueness: true, domain: true scope :matches_domain, ->(value) { where(arel_table[:domain].matches("%#{value}%")) } diff --git a/app/models/domain_block.rb b/app/models/domain_block.rb index 3f5b9f23ea7..37b8d98c6d5 100644 --- a/app/models/domain_block.rb +++ b/app/models/domain_block.rb @@ -19,7 +19,7 @@ class DomainBlock < ApplicationRecord enum severity: [:silence, :suspend, :noop] - validates :domain, presence: true, uniqueness: true + validates :domain, presence: true, uniqueness: true, domain: true has_many :accounts, foreign_key: :domain, primary_key: :domain delegate :count, to: :accounts, prefix: true diff --git a/app/models/email_domain_block.rb b/app/models/email_domain_block.rb index 0fcd36477b9..bc70dea254a 100644 --- a/app/models/email_domain_block.rb +++ b/app/models/email_domain_block.rb @@ -12,7 +12,7 @@ class EmailDomainBlock < ApplicationRecord include DomainNormalizable - validates :domain, presence: true, uniqueness: true + validates :domain, presence: true, uniqueness: true, domain: true def self.block?(email) _, domain = email.split('@', 2) diff --git a/app/validators/domain_validator.rb b/app/validators/domain_validator.rb new file mode 100644 index 00000000000..ae07f17980b --- /dev/null +++ b/app/validators/domain_validator.rb @@ -0,0 +1,17 @@ +# frozen_string_literal: true + +class DomainValidator < ActiveModel::EachValidator + def validate_each(record, attribute, value) + return if value.blank? + + record.errors.add(attribute, I18n.t('domain_validator.invalid_domain')) unless compliant?(value) + end + + private + + def compliant?(value) + Addressable::URI.new.tap { |uri| uri.host = value } + rescue Addressable::URI::InvalidURIError + false + end +end diff --git a/config/locales/en.yml b/config/locales/en.yml index 7fd0536ae47..786906e2df6 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -628,6 +628,8 @@ en: people: one: "%{count} person" other: "%{count} people" + domain_validator: + invalid_domain: is not a valid domain name errors: '403': You don't have permission to view this page. '404': The page you are looking for isn't here.