users: require email verification for signups from proxies.

Require users who signup using proxies to verify their email addresses before they can perform any edits. For verification purposes, the email must be a nondisposable address from a whitelist of trusted email providers.
2020-03-24 02:18:37 -05:00
parent 5faa323729
commit b7bd6c8fdd
10 changed files with 83 additions and 2 deletions
--- a/test/functional/emails_controller_test.rb
+++ b/test/functional/emails_controller_test.rb
@@ -85,6 +85,30 @@ class EmailsControllerTest < ActionDispatch::IntegrationTest
          assert_equal(false, @user.reload.email_address.is_verified)
        end
      end
+
+      context "with a nondisposable email address" do
+        should "mark the user as verified" do
+          Danbooru.config.stubs(:email_domain_verification_list).returns(["gmail.com"])
+          @user.email_address.update!(address: "test@gmail.com")
+          get email_verification_url(@user)
+
+          assert_redirected_to @user
+          assert_equal(true, @user.reload.email_address.is_verified)
+          assert_equal(true, @user.is_verified)
+        end
+      end
+
+      context "with a disposable email address" do
+        should "not mark the user as verified" do
+          Danbooru.config.stubs(:email_domain_verification_list).returns([])
+          @user.email_address.update!(address: "test@mailinator.com")
+          get email_verification_url(@user)
+
+          assert_redirected_to @user
+          assert_equal(true, @user.reload.email_address.is_verified)
+          assert_equal(false, @user.is_verified)
+        end
+      end
    end
  end
 end