3369-restrict-domains.patch - Redmine

       validates_length_of :address, :maximum => User::MAIL_LENGTH_LIMIT, :allow_nil => true
       validates_uniqueness_of :address, :case_sensitive => false,
         :if => Proc.new {|email| email.address_changed? && email.address.present?}
       validate :validate_domain, :if => Proc.new{|email| email.errors[:address].blank? && email.address.present?}
       safe_attributes 'address'
-...
           Token.where(:user_id => user_id, :action => tokens).delete_all
         end
       end
       def validate_domain
         denied, allowed =
           [:email_domains_denied, :email_domains_allowed].map do |setting|
             Setting.__send__(setting)
           end
         invalid = false
         domain = address.sub(/\A.*@/, '')
         if denied.present? && domain_in?(domain, denied)
           invalid = true
         end
         if allowed.present? && !domain_in?(domain, allowed)
           invalid = true
         end
         errors.add(:address, l(:error_domain_not_allowed, :domain => domain)) if invalid
       end
       def domain_in?(addr, domains)
         domain = addr.downcase.sub(/\A.*@/, '')
         unless domains.is_a?(Array)
           domains = domains.to_s.split(/[\s,]+/)
         end
         domains = domains.map{|s| s.downcase.sub(/\A.*@/, '')}.reject(&:blank?)
         domains.include?(domain)
       end
     end

         <p><%= setting_text_field :max_additional_emails, :size => 6 %></p>
         <p><%= setting_check_box :unsubscribe %></p>
         <p><%= setting_text_area :email_domains_allowed %>
         <em class="info"><%= l(:text_comma_separated) %> <%= l(:label_example) %>: foo.example.com, bar.example.org</em></p>
         <p><%= setting_text_area :email_domains_denied %>
         <em class="info"><%= l(:text_comma_separated) %> <%= l(:label_example) %>: baz.example.net, qux.example.biz</em></p>
       </div>
       <fieldset class="box tabular settings">

       error_can_not_delete_auth_source: "This authentication mode is in use and cannot be deleted."
       error_spent_on_future_date: "Cannot log time on a future date"
       error_not_allowed_to_log_time_for_other_users: "You are not allowed to log time for other users"
       error_domain_not_allowed: "Domain %{domain} is not allowed"
       mail_subject_lost_password: "Your %{value} password"
       mail_body_lost_password: 'To change your password, click on the following link:'
-...
       setting_force_default_language_for_loggedin: Force default language for logged-in users
       setting_link_copied_issue: Link issues on copy
       setting_max_additional_emails: Maximum number of additional email addresses
       setting_email_domains_allowed: Allowed email domains
       setting_email_domains_denied: Disallowed email domains
       setting_search_results_per_page: Search results per page
       setting_attachment_extensions_allowed: Allowed extensions
       setting_attachment_extensions_denied: Disallowed extensions

     max_additional_emails:
       format: int
       default: 5
     email_domains_allowed:
       default:
     email_domains_denied:
       default:
     # Maximum lifetime of user sessions in minutes
     session_lifetime:
       format: int

         end
       end
       def test_create_with_disallowed_domain_should_failure
         @request.session[:user_id] = 2
         with_settings :email_domains_denied => "example.com, Somenet.Foo\r\nlocalhost.localdomain" do
           assert_no_difference 'EmailAddress.count' do
             post :create, :params => {
                 :user_id => 2,
                 :email_address => {
                   :address => 'another@somenet.foo'
+                }
+              }
             assert_response :success
             assert_select_error /Email Domain somenet.foo is not allowed/
           end
         end
         with_settings :email_domains_allowed => "example.com, Somenet.Foo\r\nlocalhost.localdomain" do
           assert_no_difference 'EmailAddress.count' do
             post :create, :params => {
                 :user_id => 2,
                 :email_address => {
                   :address => 'something@example.fr'
+                }
+              }
             assert_response :success
             assert_select_error /Email Domain example.fr is not allowed/
           end
         end
       end
       def test_create_should_send_security_notification
         @request.session[:user_id] = 2
         ActionMailer::Base.deliveries.clear

         assert_include "Email #{I18n.translate('activerecord.errors.messages.taken')}", u.errors.full_messages
       end
       def test_mail_with_disallowed_domain
         with_settings :email_domains_denied => "example.com, Somenet.Foo\r\nlocalhost.localdomain" do
           assert_difference 'User.count' do
             assert_difference 'EmailAddress.count' do
               u = User.new(
                 :login => 'newuser1', :firstname => 'new', :lastname => 'user',
                 :mail => 'newuser@example.net'
+              )
               assert u.save
             end
           end
           assert_no_difference 'User.count' do
             assert_no_difference 'EmailAddress.count' do
               u = User.new(
                 :login => 'newuser2', :firstname => 'new', :lastname => 'user',
                 :mail => 'newuser@somenet.foo'
+              )
               assert !u.save
               assert_include 'Email Domain somenet.foo is not allowed', u.errors.full_messages
             end
           end
         end
       end
       def test_mail_with_allowed_domain
         with_settings :email_domains_allowed => "example.com, Somenet.Foo\r\nlocalhost.localdomain" do
           assert_difference 'User.count' do
             assert_difference 'EmailAddress.count' do
               u = User.new(
                 :login => 'newuser1', :firstname => 'new', :lastname => 'user',
                 :mail => 'newuser@somenet.foo'
+              )
               assert u.save
             end
           end
           assert_no_difference 'User.count' do
             assert_no_difference 'EmailAddress.count' do
               u = User.new(
                 :login => 'newuser2', :firstname => 'new', :lastname => 'user',
                 :mail => 'newuser@example.net'
+              )
               assert !u.save
               assert_include 'Email Domain example.net is not allowed', u.errors.full_messages
             end
           end
         end
       end
       def test_update
         assert_equal "admin", @admin.login
         @admin.login = "john"

Project

General

Profile

Redmine

Feature #3369 » 3369-restrict-domains.patch