jaculabilis/danbooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

dmcas: add rate limit and email validation to DMCA form.

Browse Source
This commit is contained in:
evazion
2022-11-02 19:48:36 -05:00
parent e849d8f1c2
commit 19c091d81c
2 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/dmcas_controller.rb
View File

@@ -1,6 +1,8 @@
# frozen_string_literal: true # frozen_string_literal: true
class DmcasController < ApplicationController class DmcasController < ApplicationController
rate_limit :create, rate: 1.0/15.minutes, burst: 3
def create def create
@dmca = params[:dmca].slice(:name, :email, :address, :infringing_urls, :original_urls, :proof, :perjury_agree, :good_faith_agree, :signature) @dmca = params[:dmca].slice(:name, :email, :address, :infringing_urls, :original_urls, :proof, :perjury_agree, :good_faith_agree, :signature)
@@ -20,7 +22,7 @@ class DmcasController < ApplicationController
EOS EOS
UserMailer.with_request(request, dmca: @dmca).dmca_complaint(to: Danbooru.config.dmca_email).deliver_now UserMailer.with_request(request, dmca: @dmca).dmca_complaint(to: Danbooru.config.dmca_email).deliver_now
UserMailer.with_request(request, dmca: @dmca).dmca_complaint(to: @dmca[:email]).deliver_now UserMailer.with_request(request, dmca: @dmca).dmca_complaint(to: @dmca[:email]).deliver_now unless Danbooru::EmailAddress.new(@dmca[:email]).undeliverable?(allow_smtp: Rails.env.production?)
end end
def show def show

25
test/functional/dmcas_controller.rb
View File

@@ -12,7 +12,7 @@ class DmcasControllerTest < ActionDispatch::IntegrationTest
should "work" do should "work" do
dmca = { dmca = {
name: "John Doe", name: "John Doe",
email: "test@example.com", email: "test@gmail.com",
address: "123 Fake Street", address: "123 Fake Street",
infringing_urls: "https://example.com/1.html\nhttps://example.com/2.html", infringing_urls: "https://example.com/1.html\nhttps://example.com/2.html",
original_urls: "https://google.com/1.html\nhttps://google.com/2.html", original_urls: "https://google.com/1.html\nhttps://google.com/2.html",
@@ -26,7 +26,28 @@ class DmcasControllerTest < ActionDispatch::IntegrationTest
assert_response :success assert_response :success
assert_emails 2 assert_emails 2
assert_equal("DMCA Complaint from John Doe", Dmail.last.title) assert_equal("DMCA Complaint from John Doe", Dmail.last.title)
assert_match(/test@example.com/, Dmail.last.body) assert_match(/test@gmail.com/, Dmail.last.body)
assert_match(%r{https://example\.com/1\.html}, Dmail.last.body)
end
should "not send an email to fake addresses" do
dmca = {
name: "John Doe",
email: "fake@example.com",
address: "123 Fake Street",
infringing_urls: "https://example.com/1.html\nhttps://example.com/2.html",
original_urls: "https://google.com/1.html\nhttps://google.com/2.html",
proof: "source: me",
signature: "John Doe",
}
create(:owner_user)
post dmca_path, params: { dmca: dmca }
assert_response :success
assert_emails 1
assert_equal("DMCA Complaint from John Doe", Dmail.last.title)
assert_match(/fake@example.com/, Dmail.last.body)
assert_match(%r{https://example\.com/1\.html}, Dmail.last.body) assert_match(%r{https://example\.com/1\.html}, Dmail.last.body)
end end
end end