ip bans: add hit counter, deleted flag, new ban type.

* Make IP bans soft deletable.
* Add a hit counter to track how many times an IP ban has blocked someone.
* Add a last hit timestamp to track when the IP ban last blocked someone.
* Add a new type of IP ban, the signup ban. Signup bans restrict new
  signups from editing anything until they've verified their email
  address.

test/functional/ip_bans_controller_test.rb

@@ -21,6 +21,11 @@ class IpBansControllerTest < ActionDispatch::IntegrationTest
           assert_response :redirect
         end
       end
+
+      should "log a mod action" do
+        post_auth ip_bans_path, @admin, params: { ip_ban: { ip_addr: "1.2.3.4", reason: "xyz" }}
+        assert_equal("ip_ban_create", ModAction.last.category)
+      end
     end
 
     context "index action" do
@@ -37,12 +42,12 @@ class IpBansControllerTest < ActionDispatch::IntegrationTest
       end
     end
 
-    context "destroy action" do
-      should "destroy an ip ban" do
-        assert_difference("IpBan.count", -1) do
-          delete_auth ip_ban_path(@ip_ban), @admin, params: {:format => "js"}
-          assert_response :success
-        end
+    context "update action" do
+      should "mark an ip ban as deleted" do
+        put_auth ip_ban_path(@ip_ban), @admin, params: { ip_ban: { is_deleted: true }, format: "js" }
+        assert_response :success
+        assert_equal(true, @ip_ban.reload.is_deleted)
+        assert_equal("ip_ban_delete", ModAction.last.category)
       end
     end
   end

test/functional/sessions_controller_test.rb

@@ -35,11 +35,33 @@ class SessionsControllerTest < ActionDispatch::IntegrationTest
       end
 
       should "not allow IP banned users to login" do
-        create(:ip_ban, ip_addr: "1.2.3.4")
+        @ip_ban = create(:ip_ban, category: :normal, ip_addr: "1.2.3.4")
         post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" }
 
         assert_response 403
         assert_not_equal(@user.id, session[:user_id])
+        assert_equal(1, @ip_ban.reload.hit_count)
+        assert(@ip_ban.last_hit_at > 1.minute.ago)
+      end
+
+      should "allow signup-restricted IP banned users to login" do
+        @ip_ban = create(:ip_ban, category: :signup, ip_addr: "1.2.3.4")
+        post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" }
+
+        assert_redirected_to posts_path
+        assert_equal(@user.id, session[:user_id])
+        assert_equal(0, @ip_ban.reload.hit_count)
+        assert_nil(@ip_ban.last_hit_at)
+      end
+
+      should "ignore deleted IP bans when logging in" do
+        @ip_ban = create(:ip_ban, is_deleted: true, category: :normal, ip_addr: "1.2.3.4")
+        post session_path, params: { name: @user.name, password: "password" }, headers: { REMOTE_ADDR: "1.2.3.4" }
+
+        assert_redirected_to posts_path
+        assert_equal(@user.id, session[:user_id])
+        assert_equal(0, @ip_ban.reload.hit_count)
+        assert_nil(@ip_ban.last_hit_at)
       end
     end
 

test/functional/users_controller_test.rb

@@ -168,6 +168,19 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
         assert_equal(true, User.last.requires_verification)
       end
 
+      should "mark users signing up from a signup banned IP as requiring verification" do
+        skip unless IpLookup.enabled?
+        self.remote_addr = "187.37.226.17"
+
+        @ip_ban = create(:ip_ban, ip_addr: self.remote_addr, category: :signup)
+        post users_path, params: { user: { name: "xxx", password: "xxxxx1", password_confirmation: "xxxxx1" }}
+
+        assert_redirected_to User.last
+        assert_equal(true, User.last.requires_verification)
+        assert_equal(1, @ip_ban.reload.hit_count)
+        assert(@ip_ban.last_hit_at > 1.minute.ago)
+      end
+
       should "not mark users signing up from non-proxies as requiring verification" do
         skip unless IpLookup.enabled?
         self.remote_addr = "187.37.226.17"