Handle banned users

testmycode · Feb 26, 2024 · ec87e9c · ec87e9c
1 parent 5302892
commit ec87e9c
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 1 deletion.
diff --git a/app/controllers/api/v8/users_controller.rb b/app/controllers/api/v8/users_controller.rb
@@ -102,6 +102,13 @@ def create
         set_user_fields
         set_extra_data
 
+        if BannedEmail.banned?(@user.email)
+          return render json: {
+            success: true,
+            message: 'User created.'
+          }
+        end
+
         if @user.errors.empty? && @user.save
           # TODO: Whitelist origins
           UserMailer.email_confirmation(@user, params[:origin], params[:language]).deliver_now

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
@@ -37,6 +37,12 @@ def create
     set_password
     set_user_fields
 
+    if BannedEmail.banned?(@user.email)
+      flash[:notice] = 'User account created. You can now log in.'
+      redirect_to root_path
+      return
+    end
+
     if @user.errors.empty? && @user.save
       UserMailer.email_confirmation(@user).deliver_now
       if @bare_layout

diff --git a/app/models/banned_email.rb b/app/models/banned_email.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class BannedEmail < ApplicationRecord
+  validates :email, presence: true, uniqueness: { case_sensitive: false }
+
+  # Returns true if the given email is banned. Handles emails with +prefiexes by removing the prefix and checking if that address is banned.
+  def self.banned?(email)
+    email = email.strip
+    email = email.gsub(/\+.*@/, '@').downcase
+    BannedEmail.exists?(email: email)
+  end
+end
diff --git a/db/migrate/20240226094608_add_banned_emails.rb b/db/migrate/20240226094608_add_banned_emails.rb
@@ -0,0 +1,8 @@
+class AddBannedEmails < ActiveRecord::Migration[6.1]
+  def change
+    create_table :banned_emails do |t|
+      t.string :email, null: false
+      t.timestamps
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2024_01_12_130207) do
+ActiveRecord::Schema.define(version: 2024_02_26_094608) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -80,6 +80,12 @@
     t.index ["user_id", "submission_id", "name"], name: "index_awarded_points_on_user_id_and_submission_id_and_name", unique: true
   end
 
+  create_table "banned_emails", force: :cascade do |t|
+    t.string "email", null: false
+    t.datetime "created_at", precision: 6, null: false
+    t.datetime "updated_at", precision: 6, null: false
+  end
+
   create_table "certificates", id: :serial, force: :cascade do |t|
     t.string "name"
     t.binary "pdf"