Merge branch 'email-domain-blacklist' into 'master'

Added the ability to block sign ups using a domain blacklist.

As part of this MR, I restructured the Application Settings form to separate **Sign up** related settings from **Sign in** related settings and make everything cleaner and easier to read.

Fixes #19749 

Related to #5573

See merge request !5259

3 files changed, 101 insertions, 14 deletions

diff --git a/spec/fixtures/domain_blacklist.txt b/spec/fixtures/domain_blacklist.txt
new file mode 100644
index 00000000000..baeb11eda9a
--- /dev/null
+++ b/spec/fixtures/domain_blacklist.txt
@@ -0,0 +1,3 @@
+example.com
+test.com
+foo.bar
\ No newline at end of file
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index 2ea1320267c..fb040ba82bc 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -54,23 +54,60 @@ describe ApplicationSetting, models: true do
 
   context 'restricted signup domains' do
     it 'set single domain' do
-      setting.restricted_signup_domains_raw = 'example.com'
-      expect(setting.restricted_signup_domains).to eq(['example.com'])
+      setting.domain_whitelist_raw = 'example.com'
+      expect(setting.domain_whitelist).to eq(['example.com'])
     end
 
     it 'set multiple domains with spaces' do
-      setting.restricted_signup_domains_raw = 'example.com *.example.com'
-      expect(setting.restricted_signup_domains).to eq(['example.com', '*.example.com'])
+      setting.domain_whitelist_raw = 'example.com *.example.com'
+      expect(setting.domain_whitelist).to eq(['example.com', '*.example.com'])
     end
 
     it 'set multiple domains with newlines and a space' do
-      setting.restricted_signup_domains_raw = "example.com\n *.example.com"
-      expect(setting.restricted_signup_domains).to eq(['example.com', '*.example.com'])
+      setting.domain_whitelist_raw = "example.com\n *.example.com"
+      expect(setting.domain_whitelist).to eq(['example.com', '*.example.com'])
     end
 
     it 'set multiple domains with commas' do
-      setting.restricted_signup_domains_raw = "example.com, *.example.com"
-      expect(setting.restricted_signup_domains).to eq(['example.com', '*.example.com'])
+      setting.domain_whitelist_raw = "example.com, *.example.com"
+      expect(setting.domain_whitelist).to eq(['example.com', '*.example.com'])
+    end
+  end
+
+  context 'blacklisted signup domains' do
+    it 'set single domain' do
+      setting.domain_blacklist_raw = 'example.com'
+      expect(setting.domain_blacklist).to contain_exactly('example.com')
+    end
+
+    it 'set multiple domains with spaces' do
+      setting.domain_blacklist_raw = 'example.com *.example.com'
+      expect(setting.domain_blacklist).to contain_exactly('example.com', '*.example.com')
+    end
+
+    it 'set multiple domains with newlines and a space' do
+      setting.domain_blacklist_raw = "example.com\n *.example.com"
+      expect(setting.domain_blacklist).to contain_exactly('example.com', '*.example.com')
+    end
+
+    it 'set multiple domains with commas' do
+      setting.domain_blacklist_raw = "example.com, *.example.com"
+      expect(setting.domain_blacklist).to contain_exactly('example.com', '*.example.com')
+    end
+
+    it 'set multiple domains with semicolon' do
+      setting.domain_blacklist_raw = "example.com; *.example.com"
+      expect(setting.domain_blacklist).to contain_exactly('example.com', '*.example.com')
+    end
+
+    it 'set multiple domains with mixture of everything' do
+      setting.domain_blacklist_raw = "example.com; *.example.com\n test.com\sblock.com   yes.com"
+      expect(setting.domain_blacklist).to contain_exactly('example.com', '*.example.com', 'test.com', 'block.com', 'yes.com')
+    end
+
+    it 'set multiple domain with file' do
+      setting.domain_blacklist_file = File.open(Rails.root.join('spec/fixtures/', 'domain_blacklist.txt'))
+      expect(setting.domain_blacklist).to contain_exactly('example.com', 'test.com', 'foo.bar')
     end
   end
 end
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 3bf82cf2668..2a5a7fb2fc6 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -89,9 +89,9 @@ describe User, models: true do
     end
 
     describe 'email' do
-      context 'when no signup domains listed' do
+      context 'when no signup domains whitelisted' do
         before do
-          allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return([])
+          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return([])
         end
 
         it 'accepts any email' do
@@ -100,9 +100,9 @@ describe User, models: true do
         end
       end
 
-      context 'when a signup domain is listed and subdomains are allowed' do
+      context 'when a signup domain is whitelisted and subdomains are allowed' do
         before do
-          allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return(['example.com', '*.example.com'])
+          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com', '*.example.com'])
         end
 
         it 'accepts info@example.com' do
@@ -121,9 +121,9 @@ describe User, models: true do
         end
       end
 
-      context 'when a signup domain is listed and subdomains are not allowed' do
+      context 'when a signup domain is whitelisted and subdomains are not allowed' do
         before do
-          allow_any_instance_of(ApplicationSetting).to receive(:restricted_signup_domains).and_return(['example.com'])
+          allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['example.com'])
         end
 
         it 'accepts info@example.com' do
@@ -142,6 +142,53 @@ describe User, models: true do
         end
       end
 
+      context 'domain blacklist' do
+        before do
+          allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist_enabled?).and_return(true)
+          allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['example.com'])
+        end
+
+        context 'when a signup domain is blacklisted' do
+          it 'accepts info@test.com' do
+            user = build(:user, email: 'info@test.com')
+            expect(user).to be_valid
+          end
+
+          it 'rejects info@example.com' do
+            user = build(:user, email: 'info@example.com')
+            expect(user).not_to be_valid
+          end
+        end
+
+        context 'when a signup domain is blacklisted but a wildcard subdomain is allowed' do
+          before do
+            allow_any_instance_of(ApplicationSetting).to receive(:domain_blacklist).and_return(['test.example.com'])
+            allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['*.example.com'])
+          end
+
+          it 'should give priority to whitelist and allow info@test.example.com' do
+            user = build(:user, email: 'info@test.example.com')
+            expect(user).to be_valid
+          end
+        end
+
+        context 'with both lists containing a domain' do
+          before do
+            allow_any_instance_of(ApplicationSetting).to receive(:domain_whitelist).and_return(['test.com'])
+          end
+
+          it 'accepts info@test.com' do
+            user = build(:user, email: 'info@test.com')
+            expect(user).to be_valid
+          end
+
+          it 'rejects info@example.com' do
+            user = build(:user, email: 'info@example.com')
+            expect(user).not_to be_valid
+          end
+        end
+      end
+
       context 'owns_notification_email' do
         it 'accepts temp_oauth_email emails' do
           user = build(:user, email: "temp-email-for-oauth@example.com")