Allowed/Disallowed email domains settings to restrict users' email addresses (#3369).

Patch by Yuichi HARADA and Go MAEDA. git-svn-id: http://svn.redmine.org/redmine/trunk@19735 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-12-16 05:20:28 +01:00 · 2020-04-30 09:00:06 +00:00
parent d94226dd4c
commit 94c62816a5
6 changed files with 103 additions and 0 deletions
--- a/test/functional/email_addresses_controller_test.rb
+++ b/test/functional/email_addresses_controller_test.rb
@@ -118,6 +118,36 @@ class EmailAddressesControllerTest < Redmine::ControllerTest
    end
  end

+  def test_create_with_disallowed_domain_should_fail
+    @request.session[:user_id] = 2
+
+    with_settings :email_domains_denied => 'black.example' do
+      assert_no_difference 'EmailAddress.count' do
+        post :create, :params => {
+            :user_id => 2,
+            :email_address => {
+              :address => 'another@black.example'
+            }
+          }
+        assert_response :success
+        assert_select_error 'Email is invalid'
+      end
+    end
+
+    with_settings :email_domains_allowed => 'white.example' do
+      assert_no_difference 'EmailAddress.count' do
+        post :create, :params => {
+            :user_id => 2,
+            :email_address => {
+              :address => 'something@example.fr'
+            }
+          }
+        assert_response :success
+        assert_select_error 'Email is invalid'
+      end
+    end
+  end
+
  def test_create_should_send_security_notification
    @request.session[:user_id] = 2
    ActionMailer::Base.deliveries.clear
--- a/test/unit/email_address_test.rb
+++ b/test/unit/email_address_test.rb
@@ -30,4 +30,38 @@ class EmailAddressTest < ActiveSupport::TestCase
    email = EmailAddress.new(address: 'jsmith@example.xn--80akhbyknj4f')
    assert email.valid?
  end
+
+  def test_address_should_be_validated_against_denied_domains
+    with_settings :email_domains_denied => "black.test\r\nBLACK.EXAMPLE, .subdomain.test" do
+      email = EmailAddress.new(address: 'user@black.test')
+      assert_not email.valid?
+      email = EmailAddress.new(address: 'user@notblack.test')
+      assert email.valid?
+      email = EmailAddress.new(address: 'user@BLACK.TEST')
+      assert_not email.valid?
+      email = EmailAddress.new(address: 'user@black.example')
+      assert_not email.valid?
+      email = EmailAddress.new(address: 'user@subdomain.test')
+      assert email.valid?
+      email = EmailAddress.new(address: 'user@foo.subdomain.test')
+      assert_not email.valid?
+    end
+  end
+
+  def test_address_should_be_validated_against_allowed_domains
+    with_settings :email_domains_allowed => "white.test\r\nWHITE.EXAMPLE, .subdomain.test" do
+      email = EmailAddress.new(address: 'user@white.test')
+      assert email.valid?
+      email = EmailAddress.new(address: 'user@notwhite.test')
+      assert_not email.valid?
+      email = EmailAddress.new(address: 'user@WHITE.TEST')
+      assert email.valid?
+      email = EmailAddress.new(address: 'user@white.example')
+      assert email.valid?
+      email = EmailAddress.new(address: 'user@subdomain.test')
+      assert_not email.valid?
+      email = EmailAddress.new(address: 'user@foo.subdomain.test')
+      assert email.valid?
+    end
+  end
 end