Stricter whitelist rules #2213
Stricter whitelist rules #2213
Conversation
|
spec for blacklist: on it. |
|
I tried to ditch the whitelist regexp, but it created some important issue in my opinion: you can't use it as wildcard to whitelist subdomains. The instance I found this issue on is a big institution using By removing the regexp, the admin has the tedious task to list all subdomain of whitelisted subdomains (and add them if they're ever created). I added a spec for specific subdomain blacklist + top domain whitelist. Anyway, tell me what's the desired approach :) |
spec/models/user_spec.rb
Outdated
| @@ -87,5 +103,20 @@ | |||
| user = User.new(email: 'foo@mastodon.space', account: account, password: password) | |||
| expect(user.valid?).to be_truthy | |||
| end | |||
|
|
|||
| it 'should not allow a smart user to be created unless they are whitelisted' do | |||
There was a problem hiding this comment.
Instead of "smart user" could you just describe what is being tested? This will become unclear in the future.
* Stricter whitelist rules * Linting * Added spec for blacklisting * Test subdomain blacklist on domain whitelist * No need to split * Change spec name
* Stricter whitelist rules * Linting * Added spec for blacklisting * Test subdomain blacklist on domain whitelist * No need to split * Change spec name
…upstream Merge upstream changes
I was browsing an instance where you need a whitelisted email domain, however I figured out you could circumvent the protection by using the whitelisted domain as a subdomain of your email address.