Merge remote-tracking branch 'parent/main' into upstream-20230105

2024-01-05 10:01:36 +09:00 · 2024-01-05 10:01:36 +09:00 · a0a3d1b101
commit a0a3d1b101
parent 9ff2306821 964a0ecf37
65 changed files with 1008 additions and 453 deletions
--- a/app/models/concerns/attachmentable.rb
+++ b/app/models/concerns/attachmentable.rb
@ -11,11 +11,12 @@ module Attachmentable
  # For some file extensions, there exist different content
  # type variants, and browsers often send the wrong one,
  # for example, sending an audio .ogg file as video/ogg,
-  # likewise, MimeMagic also misreports them as such. For
+  # likewise, kt-paperclip also misreports them as such. For
  # those files, it is necessary to use the output of the
  # `file` utility instead
  INCORRECT_CONTENT_TYPES = %w(
    audio/vorbis
+    audio/opus
    video/ogg
    video/webm
  ).freeze
--- a/app/models/email_domain_block.rb
+++ b/app/models/email_domain_block.rb
@ -4,11 +4,12 @@
 #
 # Table name: email_domain_blocks
 #
-#  id         :bigint(8)        not null, primary key
-#  domain     :string           default(""), not null
-#  created_at :datetime         not null
-#  updated_at :datetime         not null
-#  parent_id  :bigint(8)
+#  id                  :bigint(8)        not null, primary key
+#  domain              :string           default(""), not null
+#  created_at          :datetime         not null
+#  updated_at          :datetime         not null
+#  parent_id           :bigint(8)
+#  allow_with_approval :boolean          default(FALSE), not null
 #

 class EmailDomainBlock < ApplicationRecord
@ -42,8 +43,8 @@ class EmailDomainBlock < ApplicationRecord
      @attempt_ip = attempt_ip
    end

-    def match?
-      blocking? || invalid_uri?
+    def match?(...)
+      blocking?(...) || invalid_uri?
    end

    private
@ -52,8 +53,8 @@ class EmailDomainBlock < ApplicationRecord
      @uris.any?(&:nil?)
    end

-    def blocking?
-      blocks = EmailDomainBlock.where(domain: domains_with_variants).order(Arel.sql('char_length(domain) desc'))
+    def blocking?(allow_with_approval: false)
+      blocks = EmailDomainBlock.where(domain: domains_with_variants, allow_with_approval: allow_with_approval).order(Arel.sql('char_length(domain) desc'))
      blocks.each { |block| block.history.add(@attempt_ip) } if @attempt_ip.present?
      blocks.any?
    end
@ -86,4 +87,8 @@ class EmailDomainBlock < ApplicationRecord
  def self.block?(domain_or_domains, attempt_ip: nil)
    Matcher.new(domain_or_domains, attempt_ip: attempt_ip).match?
  end
+
+  def self.requires_approval?(domain_or_domains, attempt_ip: nil)
+    Matcher.new(domain_or_domains, attempt_ip: attempt_ip).match?(allow_with_approval: true)
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -420,7 +420,7 @@ class User < ApplicationRecord

  def set_approved
    self.approved = begin
-      if sign_up_from_ip_requires_approval?
+      if sign_up_from_ip_requires_approval? || sign_up_email_requires_approval?
        false
      else
        open_registrations? || valid_invitation? || external?
@ -432,6 +432,12 @@ class User < ApplicationRecord
    !sign_up_ip.nil? && IpBlock.where(severity: :sign_up_requires_approval).where('ip >>= ?', sign_up_ip.to_s).exists?
  end

+  def sign_up_email_requires_approval?
+    return false unless email.present? || unconfirmed_email.present?
+
+    EmailDomainBlock.requires_approval?(email.presence || unconfirmed_email, attempt_ip: sign_up_ip)
+  end
+
  def open_registrations?
    Setting.registrations_mode == 'open'
  end