diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c4b658fdf..3e63def27 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -163,7 +163,7 @@ class ApplicationController < ActionController::Base end def ip_ban_check - raise User::PrivilegeError if !request.get? && IpBan.hit!(:normal, CurrentUser.ip_addr) + raise User::PrivilegeError if !request.get? && IpBan.hit!(:full, CurrentUser.ip_addr) end def pundit_user diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 064d7ad71..7930cf76c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -59,7 +59,7 @@ class UsersController < ApplicationController end def create - requires_verification = IpLookup.new(CurrentUser.ip_addr).is_proxy? || IpBan.hit!(:signup, CurrentUser.ip_addr) + requires_verification = IpLookup.new(CurrentUser.ip_addr).is_proxy? || IpBan.hit!(:partial, CurrentUser.ip_addr) @user = authorize User.new( last_ip_addr: CurrentUser.ip_addr, diff --git a/app/models/ip_ban.rb b/app/models/ip_ban.rb index 24a75dd38..9dd3023c2 100644 --- a/app/models/ip_ban.rb +++ b/app/models/ip_ban.rb @@ -8,8 +8,8 @@ class IpBan < ApplicationRecord deletable enum category: { - normal: 0, - signup: 100 + full: 0, + partial: 100 }, _suffix: "ban" def self.ip_matches(ip_addr) @@ -50,13 +50,13 @@ class IpBan < ApplicationRecord errors[:ip_addr] << "is invalid" elsif ip_addr.private? || ip_addr.loopback? || ip_addr.link_local? errors[:ip_addr] << "must be a public address" - elsif normal_ban? && ip_addr.ipv4? && ip_addr.prefix < 24 + elsif full_ban? && ip_addr.ipv4? && ip_addr.prefix < 24 errors[:ip_addr] << "may not have a subnet bigger than /24" - elsif signup_ban? && ip_addr.ipv4? && ip_addr.prefix < 8 + elsif partial_ban? && ip_addr.ipv4? && ip_addr.prefix < 8 errors[:ip_addr] << "may not have a subnet bigger than /8" - elsif normal_ban? && ip_addr.ipv6? && ip_addr.prefix < 64 + elsif full_ban? && ip_addr.ipv6? && ip_addr.prefix < 64 errors[:ip_addr] << "may not have a subnet bigger than /64" - elsif signup_ban? && ip_addr.ipv6? && ip_addr.prefix < 20 + elsif partial_ban? && ip_addr.ipv6? && ip_addr.prefix < 20 errors[:ip_addr] << "may not have a subnet bigger than /20" elsif new_record? && IpBan.active.ip_matches(subnetted_ip).exists? errors[:ip_addr] << "is already banned" diff --git a/app/views/ip_bans/new.html.erb b/app/views/ip_bans/new.html.erb index 0cf53e332..7303a751a 100644 --- a/app/views/ip_bans/new.html.erb +++ b/app/views/ip_bans/new.html.erb @@ -3,12 +3,12 @@

New IP Ban

- A normal IP ban restricts the IP from creating new accounts, logging in to + A full IP ban prevents the IP from creating new accounts, logging in to existing accounts, or editing the site in any way.

- A signup IP ban restricts new signups from editing anything until after + A partial IP ban prevents new signups from editing anything until after they've verified their email address.

@@ -17,7 +17,7 @@ <%= edit_form_for(@ip_ban) do |f| %> <%= f.input :ip_addr, label: "IP Address", as: :string, hint: "Add /24 to ban a subnet. Example: 1.2.3.4/24" %> <%= f.input :reason, as: :string %> - <%= f.input :category, as: :select, include_blank: false, collection: [["Normal", "normal"], ["Signup", "signup"]] %> + <%= f.input :category, as: :select, include_blank: false, collection: [["Full", "full"], ["Partial", "partial"]] %> <%= f.button :submit, "Submit" %> <% end %> diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb index 53e2c9206..1eff49170 100644 --- a/test/functional/sessions_controller_test.rb +++ b/test/functional/sessions_controller_test.rb @@ -35,7 +35,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest end should "not allow IP banned users to login" do - @ip_ban = create(:ip_ban, category: :normal, ip_addr: "1.2.3.4") + @ip_ban = create(:ip_ban, category: :full, ip_addr: "1.2.3.4") post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" } assert_response 403 @@ -44,8 +44,8 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest assert(@ip_ban.last_hit_at > 1.minute.ago) end - should "allow signup-restricted IP banned users to login" do - @ip_ban = create(:ip_ban, category: :signup, ip_addr: "1.2.3.4") + should "allow partial IP banned users to login" do + @ip_ban = create(:ip_ban, category: :partial, ip_addr: "1.2.3.4") post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" } assert_redirected_to posts_path @@ -55,7 +55,7 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest end should "ignore deleted IP bans when logging in" do - @ip_ban = create(:ip_ban, is_deleted: true, category: :normal, ip_addr: "1.2.3.4") + @ip_ban = create(:ip_ban, is_deleted: true, category: :full, ip_addr: "1.2.3.4") post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" } assert_redirected_to posts_path diff --git a/test/functional/users_controller_test.rb b/test/functional/users_controller_test.rb index 8217dd1de..aa0c72f62 100644 --- a/test/functional/users_controller_test.rb +++ b/test/functional/users_controller_test.rb @@ -168,11 +168,11 @@ class UsersControllerTest < ActionDispatch::IntegrationTest assert_equal(true, User.last.requires_verification) end - should "mark users signing up from a signup banned IP as requiring verification" do + should "mark users signing up from a partial banned IP as requiring verification" do skip unless IpLookup.enabled? self.remote_addr = "187.37.226.17" - @ip_ban = create(:ip_ban, ip_addr: self.remote_addr, category: :signup) + @ip_ban = create(:ip_ban, ip_addr: self.remote_addr, category: :partial) post users_path, params: { user: { name: "xxx", password: "xxxxx1", password_confirmation: "xxxxx1" }} assert_redirected_to User.last