FIX: ensure inactive users can't email in

discourse · Dec 21, 2015 · 3e923c7 · 3e923c7
1 parent b3198d7
commit 3e923c7
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
@@ -20,6 +20,7 @@ class EmailLogNotFound < ProcessingError; end
     class InvalidPost < ProcessingError; end
     class ReplyUserNotFoundError < ProcessingError; end
     class ReplyUserNotMatchingError < ProcessingError; end
+    class InactiveUserError < ProcessingError; end
 
     attr_reader :body, :email_log
 
@@ -58,8 +59,8 @@ def process
       user_email = from.address
       user_name  = from.display_name
 
-      # TODO: deal with suspended/inactive users
       user = User.find_by_email(user_email)
+      raise InactiveUserError if user.present? && !user.active && !user.staged
 
       # TODO: take advantage of all the "TO"s
       dest_info = dest_infos[0]

diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb
@@ -447,6 +447,38 @@ def test_parse_body(mail_string)
     end
   end
 
+  describe "posting reply as a inactive user" do
+    let(:reply_key) { raise "Override this in a lower describe block" }
+    let(:email_raw) { raise "Override this in a lower describe block" }
+    let(:to) { SiteSetting.reply_by_email_address.gsub("%{reply_key}", reply_key) }
+    let(:receiver) { Email::Receiver.new(email_raw) }
+    let(:topic) { Fabricate(:topic) }
+    let(:post) { Fabricate(:post, topic: topic, post_number: 1) }
+    let(:replying_user_email) { 'jake@adventuretime.ooo' }
+    let(:replying_user) { Fabricate(:user, email: replying_user_email, trust_level: 2, active: false) }
+    let(:email_log) { EmailLog.new(reply_key: reply_key,
+                                   post: post,
+                                   post_id: post.id,
+                                   topic_id: topic.id,
+                                   email_type: 'user_posted',
+                                   user: replying_user,
+                                   user_id: replying_user.id,
+                                   to_address: replying_user_email
+    ) }
+
+    before do
+      email_log.save
+    end
+
+    describe "should not create post" do
+      let!(:reply_key) { '59d8df8370b7e95c5a49fbf86aeb2c93' }
+      let!(:email_raw) { fill_email(fixture_file("emails/valid_reply.eml"), replying_user_email, to) }
+      it "raises a InactiveUserError" do
+        expect { receiver.process }.to raise_error(Email::Receiver::InactiveUserError)
+      end
+    end
+  end
+
   describe "posting a new topic in a category" do
     let(:category_destination) { raise "Override this in a lower describe block" }
     let(:email_raw) { raise "Override this in a lower describe block" }