FIX: don't allow blocked user to send emails in

2024-11-27 09:36:19 -05:00 · 2016-02-11 10:39:57 +01:00 · 2016-02-11 10:39:57 +01:00 · cad7fc1062
commit cad7fc1062
parent 5120dcfb3d
6 changed files with 28 additions and 3 deletions
--- a/app/jobs/scheduled/poll_mailbox.rb
+++ b/app/jobs/scheduled/poll_mailbox.rb
@ -38,6 +38,7 @@ module Jobs
        when Email::Receiver::NoMessageIdError            then :email_reject_no_message_id
        when Email::Receiver::AutoGeneratedEmailError     then :email_reject_auto_generated
        when Email::Receiver::InactiveUserError           then :email_reject_inactive_user
+        when Email::Receiver::BlockedUserError            then :email_reject_blocked_user
        when Email::Receiver::BadDestinationAddress       then :email_reject_bad_destination_address
        when Email::Receiver::StrangersNotAllowedError    then :email_reject_strangers_not_allowed
        when Email::Receiver::InsufficientTrustLevelError then :email_reject_insufficient_trust_level
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -56,6 +56,7 @@ en:
        auto_generated_email_error: "Happens when the 'precedence' header is set to: list, junk, bulk or auto_reply, or when any other header contains: auto-submitted, auto-replied or auto-generated."
        no_body_detected_error: "Happens when we couldn't extract a body and there was no attachments."
        inactive_user_error: "Happens when the sender is not active."
+        blocked_user_error: "Happens when the sender has been blocked."
        bad_destination_address: "Happens when none of the email addresses in To/Cc/Bcc fields matched a configured incoming email address."
        strangers_not_allowed_error: "Happens when a user tried to create a new topic in a category they're not a member of."
        insufficient_trust_level_error: "Happens when a use tried to create a new topic in a category they don't have the required trust level for."
@ -1795,6 +1796,13 @@ en:

        Your account associated with this email address is not activated. Please activate your account before sending emails in.

+    email_reject_blocked_user:
+      subject_template: "[%{site_name}] Email issue -- Blocked User"
+      text_body_template: |
+        We're sorry, but your email message to %{destination} (titled %{former_title}) didn't work.
+
+        Your account associated with this email address has been blocked.
+
    email_reject_reply_user_not_matching:
      subject_template: "[%{site_name}] Email issue -- Reply User Not Matching"
      text_body_template: |
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@ -13,6 +13,7 @@ module Email
    class AutoGeneratedEmailError     < ProcessingError; end
    class NoBodyDetectedError         < ProcessingError; end
    class InactiveUserError           < ProcessingError; end
+    class BlockedUserError            < ProcessingError; end
    class BadDestinationAddress       < ProcessingError; end
    class StrangersNotAllowedError    < ProcessingError; end
    class InsufficientTrustLevelError < ProcessingError; end
@ -53,8 +54,9 @@ module Email
      body = select_body || ""

      raise AutoGeneratedEmailError if is_auto_generated?
-      raise NoBodyDetectedError if body.blank? && !@mail.has_attachments?
-      raise InactiveUserError if !user.active && !user.staged
+      raise NoBodyDetectedError     if body.blank? && !@mail.has_attachments?
+      raise InactiveUserError       if !user.active && !user.staged
+      raise BlockedUserError        if user.blocked

      if action = subscription_action_for(body, subject)
        message = SubscriptionMailer.send(action, user)
--- a/spec/components/email/receiver_spec.rb
+++ b/spec/components/email/receiver_spec.rb
@ -43,6 +43,11 @@ describe Email::Receiver do
    expect { process(:inactive_sender) }.to raise_error(Email::Receiver::InactiveUserError)
  end

+  it "raises a BlockedUserError when the sender has been blocked" do
+    Fabricate(:user, email: "blocked@bar.com", blocked: true)
+    expect { process(:blocked_sender) }.to raise_error(Email::Receiver::BlockedUserError)
+  end
+
  skip "doesn't raise an InactiveUserError when the sender is staged" do
    Fabricate(:user, email: "staged@bar.com", active: false, staged: true)
    expect { process(:staged_sender) }.not_to raise_error
--- a/spec/fixtures/emails/blocked_sender.eml
+++ b/spec/fixtures/emails/blocked_sender.eml
@ -0,0 +1,9 @@
+Return-Path: <blocked@bar.com>
+From: Foo Bar <blocked@bar.com>
+Date: Fri, 15 Jan 2016 00:12:43 +0100
+Message-ID: <8@foo.bar.mail>
+Mime-Version: 1.0
+Content-Type: text/plain
+Content-Transfer-Encoding: 7bit
+
+Lorem ipsum dolor sit amet, consectetur adipiscing elit.
--- a/spec/fixtures/emails/staged_sender.eml
+++ b/spec/fixtures/emails/staged_sender.eml
@ -1,7 +1,7 @@
 Return-Path: <staged@bar.com>
 From: Foo Bar <staged@bar.com>
 Date: Fri, 15 Jan 2016 00:12:43 +0100
-Message-ID: <9@foo.bar.mail>
+Message-ID: <39@foo.bar.mail>
 Mime-Version: 1.0
 Content-Type: text/plain
 Content-Transfer-Encoding: 7bit