Add option to include resolved DNS records when blacklisting e-mail domains in admin UI (#13254)

* Add shortcuts to blacklist a user's e-mail domain in admin UI

* Add option to blacklist resolved MX and IP records for e-mail domains
This commit is contained in:
Eugen Rochko 2020-03-12 22:35:20 +01:00 committed by GitHub
parent f556f79b77
commit bea0bb39d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 79 additions and 8 deletions

View File

@ -6,12 +6,12 @@ module Admin
def index def index
authorize :email_domain_block, :index? authorize :email_domain_block, :index?
@email_domain_blocks = EmailDomainBlock.page(params[:page]) @email_domain_blocks = EmailDomainBlock.where(parent_id: nil).includes(:children).order(id: :desc).page(params[:page])
end end
def new def new
authorize :email_domain_block, :create? authorize :email_domain_block, :create?
@email_domain_block = EmailDomainBlock.new @email_domain_block = EmailDomainBlock.new(domain: params[:_domain])
end end
def create def create
@ -21,6 +21,28 @@ module Admin
if @email_domain_block.save if @email_domain_block.save
log_action :create, @email_domain_block log_action :create, @email_domain_block
if @email_domain_block.with_dns_records?
hostnames = []
ips = []
Resolv::DNS.open do |dns|
dns.timeouts = 1
hostnames = dns.getresources(@email_domain_block.domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
([@email_domain_block.domain] + hostnames).uniq.each do |hostname|
ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::A).to_a.map { |e| e.address.to_s })
ips.concat(dns.getresources(hostname, Resolv::DNS::Resource::IN::AAAA).to_a.map { |e| e.address.to_s })
end
end
(hostnames + ips).each do |hostname|
another_email_domain_block = EmailDomainBlock.new(domain: hostname, parent: @email_domain_block)
log_action :create, another_email_domain_block if another_email_domain_block.save
end
end
redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.created_msg') redirect_to admin_email_domain_blocks_path, notice: I18n.t('admin.email_domain_blocks.created_msg')
else else
render :new render :new
@ -41,7 +63,7 @@ module Admin
end end
def resource_params def resource_params
params.require(:email_domain_block).permit(:domain) params.require(:email_domain_block).permit(:domain, :with_dns_records)
end end
end end
end end

View File

@ -7,13 +7,27 @@
# domain :string default(""), not null # domain :string default(""), not null
# created_at :datetime not null # created_at :datetime not null
# updated_at :datetime not null # updated_at :datetime not null
# parent_id :bigint(8)
# #
class EmailDomainBlock < ApplicationRecord class EmailDomainBlock < ApplicationRecord
include DomainNormalizable include DomainNormalizable
belongs_to :parent, class_name: 'EmailDomainBlock', optional: true
has_many :children, class_name: 'EmailDomainBlock', foreign_key: :parent_id, inverse_of: :parent, dependent: :destroy
validates :domain, presence: true, uniqueness: true, domain: true validates :domain, presence: true, uniqueness: true, domain: true
def with_dns_records=(val)
@with_dns_records = ActiveModel::Type::Boolean.new.cast(val)
end
def with_dns_records?
@with_dns_records
end
alias with_dns_records with_dns_records?
def self.block?(email) def self.block?(email)
_, domain = email.split('@', 2) _, domain = email.split('@', 2)

View File

@ -96,10 +96,17 @@
= table_link_to 'angle-double-down', t('admin.accounts.demote'), demote_admin_account_role_path(@account.id), method: :post, data: { confirm: t('admin.accounts.are_you_sure') } if can?(:demote, @account.user) = table_link_to 'angle-double-down', t('admin.accounts.demote'), demote_admin_account_role_path(@account.id), method: :post, data: { confirm: t('admin.accounts.are_you_sure') } if can?(:demote, @account.user)
%tr %tr
%th= t('admin.accounts.email') %th{ rowspan: can?(:create, :email_domain_block) ? 3 : 2 }= t('admin.accounts.email')
%td= @account.user_email %td{ rowspan: can?(:create, :email_domain_block) ? 3 : 2 }= @account.user_email
%td= table_link_to 'edit', t('admin.accounts.change_email.label'), admin_account_change_email_path(@account.id) if can?(:change_email, @account.user) %td= table_link_to 'edit', t('admin.accounts.change_email.label'), admin_account_change_email_path(@account.id) if can?(:change_email, @account.user)
%tr
%td= table_link_to 'search', t('admin.accounts.search_same_email_domain'), admin_accounts_path(email: "%@#{@account.user_email.split('@').last}")
- if can?(:create, :email_domain_block)
%tr
%td= table_link_to 'ban', t('admin.accounts.add_email_domain_block'), new_admin_email_domain_block_path(_domain: @account.user_email.split('@').last)
- if @account.user_unconfirmed_email.present? - if @account.user_unconfirmed_email.present?
%tr %tr
%th= t('admin.accounts.unconfirmed_email') %th= t('admin.accounts.unconfirmed_email')
@ -204,7 +211,7 @@
= link_to t('admin.accounts.perform_full_suspension'), new_admin_account_action_path(@account.id, type: 'suspend'), class: 'button button--destructive' if can?(:suspend, @account) = link_to t('admin.accounts.perform_full_suspension'), new_admin_account_action_path(@account.id, type: 'suspend'), class: 'button button--destructive' if can?(:suspend, @account)
- unless @account.local? - unless @account.local?
- if DomainBlock.where(domain: @account.domain).exists? - if DomainBlock.rule_for(@account.domain)
= link_to t('admin.domain_blocks.view'), admin_instance_path(@account.domain), class: 'button' = link_to t('admin.domain_blocks.view'), admin_instance_path(@account.domain), class: 'button'
- else - else
= link_to t('admin.domain_blocks.add_new'), new_admin_domain_block_path(_domain: @account.domain), class: 'button button--destructive' = link_to t('admin.domain_blocks.add_new'), new_admin_domain_block_path(_domain: @account.domain), class: 'button button--destructive'

View File

@ -3,3 +3,13 @@
%samp= email_domain_block.domain %samp= email_domain_block.domain
%td %td
= table_link_to 'trash', t('admin.email_domain_blocks.delete'), admin_email_domain_block_path(email_domain_block), method: :delete = table_link_to 'trash', t('admin.email_domain_blocks.delete'), admin_email_domain_block_path(email_domain_block), method: :delete
- email_domain_block.children.each do |child_email_domain_block|
%tr
%td
%samp= child_email_domain_block.domain
%span.muted-hint
= surround '(', ')' do
= t('admin.email_domain_blocks.from_html', domain: content_tag(:samp, email_domain_block.domain))
%td
= table_link_to 'trash', t('admin.email_domain_blocks.delete'), admin_email_domain_block_path(child_email_domain_block), method: :delete

View File

@ -5,7 +5,10 @@
= render 'shared/error_messages', object: @email_domain_block = render 'shared/error_messages', object: @email_domain_block
.fields-group .fields-group
= f.input :domain, wrapper: :with_label, label: t('admin.email_domain_blocks.domain') = f.input :domain, wrapper: :with_block_label, label: t('admin.email_domain_blocks.domain')
.fields-group
= f.input :with_dns_records, as: :boolean, wrapper: :with_label
.actions .actions
= f.button :button, t('.create'), type: :submit = f.button :button, t('.create'), type: :submit

View File

@ -92,6 +92,7 @@ en:
delete: Delete delete: Delete
destroyed_msg: Moderation note successfully destroyed! destroyed_msg: Moderation note successfully destroyed!
accounts: accounts:
add_email_domain_block: Blacklist e-mail domain
approve: Approve approve: Approve
approve_all: Approve all approve_all: Approve all
are_you_sure: Are you sure? are_you_sure: Are you sure?
@ -172,6 +173,7 @@ en:
staff: Staff staff: Staff
user: User user: User
search: Search search: Search
search_same_email_domain: Other users with the same e-mail domain
search_same_ip: Other users with the same IP search_same_ip: Other users with the same IP
shared_inbox_url: Shared inbox URL shared_inbox_url: Shared inbox URL
show: show:
@ -358,6 +360,7 @@ en:
destroyed_msg: Successfully deleted e-mail domain from blacklist destroyed_msg: Successfully deleted e-mail domain from blacklist
domain: Domain domain: Domain
empty: No e-mail domains currently blacklisted. empty: No e-mail domains currently blacklisted.
from_html: from %{domain}
new: new:
create: Add domain create: Add domain
title: New e-mail blacklist entry title: New e-mail blacklist entry

View File

@ -54,6 +54,9 @@ en:
whole_word: When the keyword or phrase is alphanumeric only, it will only be applied if it matches the whole word whole_word: When the keyword or phrase is alphanumeric only, it will only be applied if it matches the whole word
domain_allow: domain_allow:
domain: This domain will be able to fetch data from this server and incoming data from it will be processed and stored domain: This domain will be able to fetch data from this server and incoming data from it will be processed and stored
email_domain_block:
domain: This can be the domain name that shows up in the e-mail address, the MX record that domain resolves to, or IP of the server that MX record resolves to. Those will be checked upon user sign-up and the sign-up will be rejected.
with_dns_records: An attempt to resolve the given domain's DNS records will be made and the results will also be blacklisted
featured_tag: featured_tag:
name: 'You might want to use one of these:' name: 'You might want to use one of these:'
form_challenge: form_challenge:
@ -152,6 +155,8 @@ en:
username: Username username: Username
username_or_email: Username or Email username_or_email: Username or Email
whole_word: Whole word whole_word: Whole word
email_domain_block:
with_dns_records: Include MX records and IPs of the domain
featured_tag: featured_tag:
name: Hashtag name: Hashtag
interactions: interactions:

View File

@ -0,0 +1,5 @@
class AddParentIdToEmailDomainBlocks < ActiveRecord::Migration[5.2]
def change
add_reference :email_domain_blocks, :parent, null: true, default: nil, foreign_key: { on_delete: :cascade, to_table: :email_domain_blocks }, index: false
end
end

View File

@ -10,7 +10,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 2020_03_12_144258) do ActiveRecord::Schema.define(version: 2020_03_12_185443) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
@ -336,6 +336,7 @@ ActiveRecord::Schema.define(version: 2020_03_12_144258) do
t.string "domain", default: "", null: false t.string "domain", default: "", null: false
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.bigint "parent_id"
t.index ["domain"], name: "index_email_domain_blocks_on_domain", unique: true t.index ["domain"], name: "index_email_domain_blocks_on_domain", unique: true
end end
@ -869,6 +870,7 @@ ActiveRecord::Schema.define(version: 2020_03_12_144258) do
add_foreign_key "conversation_mutes", "accounts", name: "fk_225b4212bb", on_delete: :cascade add_foreign_key "conversation_mutes", "accounts", name: "fk_225b4212bb", on_delete: :cascade
add_foreign_key "conversation_mutes", "conversations", on_delete: :cascade add_foreign_key "conversation_mutes", "conversations", on_delete: :cascade
add_foreign_key "custom_filters", "accounts", on_delete: :cascade add_foreign_key "custom_filters", "accounts", on_delete: :cascade
add_foreign_key "email_domain_blocks", "email_domain_blocks", column: "parent_id", on_delete: :cascade
add_foreign_key "favourites", "accounts", name: "fk_5eb6c2b873", on_delete: :cascade add_foreign_key "favourites", "accounts", name: "fk_5eb6c2b873", on_delete: :cascade
add_foreign_key "favourites", "statuses", name: "fk_b0e856845e", on_delete: :cascade add_foreign_key "favourites", "statuses", name: "fk_b0e856845e", on_delete: :cascade
add_foreign_key "featured_tags", "accounts", on_delete: :cascade add_foreign_key "featured_tags", "accounts", on_delete: :cascade