dmcas: add rate limit and email validation to DMCA form.

2022-11-02 19:48:36 -05:00
parent e849d8f1c2
commit 19c091d81c
2 changed files with 26 additions and 3 deletions
--- a/app/controllers/dmcas_controller.rb
+++ b/app/controllers/dmcas_controller.rb
@@ -1,6 +1,8 @@
 # frozen_string_literal: true

 class DmcasController < ApplicationController
+  rate_limit :create, rate: 1.0/15.minutes, burst: 3
+
  def create
    @dmca = params[:dmca].slice(:name, :email, :address, :infringing_urls, :original_urls, :proof, :perjury_agree, :good_faith_agree, :signature)

@@ -20,7 +22,7 @@ class DmcasController < ApplicationController
    EOS

    UserMailer.with_request(request, dmca: @dmca).dmca_complaint(to: Danbooru.config.dmca_email).deliver_now
-    UserMailer.with_request(request, dmca: @dmca).dmca_complaint(to: @dmca[:email]).deliver_now
+    UserMailer.with_request(request, dmca: @dmca).dmca_complaint(to: @dmca[:email]).deliver_now unless Danbooru::EmailAddress.new(@dmca[:email]).undeliverable?(allow_smtp: Rails.env.production?)
  end

  def show
--- a/test/functional/dmcas_controller.rb
+++ b/test/functional/dmcas_controller.rb
@@ -12,7 +12,7 @@ class DmcasControllerTest < ActionDispatch::IntegrationTest
    should "work" do
      dmca = {
        name: "John Doe",
-        email: "test@example.com",
+        email: "test@gmail.com",
        address: "123 Fake Street",
        infringing_urls: "https://example.com/1.html\nhttps://example.com/2.html",
        original_urls: "https://google.com/1.html\nhttps://google.com/2.html",
@@ -26,7 +26,28 @@ class DmcasControllerTest < ActionDispatch::IntegrationTest
      assert_response :success
      assert_emails 2
      assert_equal("DMCA Complaint from John Doe", Dmail.last.title)
-      assert_match(/test@example.com/, Dmail.last.body)
+      assert_match(/test@gmail.com/, Dmail.last.body)
+      assert_match(%r{https://example\.com/1\.html}, Dmail.last.body)
+    end
+
+    should "not send an email to fake addresses" do
+      dmca = {
+        name: "John Doe",
+        email: "fake@example.com",
+        address: "123 Fake Street",
+        infringing_urls: "https://example.com/1.html\nhttps://example.com/2.html",
+        original_urls: "https://google.com/1.html\nhttps://google.com/2.html",
+        proof: "source: me",
+        signature: "John Doe",
+      }
+
+      create(:owner_user)
+      post dmca_path, params: { dmca: dmca }
+
+      assert_response :success
+      assert_emails 1
+      assert_equal("DMCA Complaint from John Doe", Dmail.last.title)
+      assert_match(/fake@example.com/, Dmail.last.body)
      assert_match(%r{https://example\.com/1\.html}, Dmail.last.body)
    end
  end