Skip to content

Commit

Permalink
Reject non-governmental email addresses on update
Browse files Browse the repository at this point in the history
We've now chased up all users who were using one of our identified
"non-governmental" email domains, so we can enforce this validation
rule for all User accounts, not just new ones. This strengthens the
validation we introduced in 00e93e9.
  • Loading branch information
chrislo authored and floehopper committed Sep 21, 2023
1 parent 30adfd0 commit 9b94d8a
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion app/models/batch_invitation_user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ class BatchInvitationUser < ApplicationRecord
belongs_to :batch_invitation

validates :email, presence: true, format: { with: Devise.email_regexp }
validates :email, reject_non_governmental_email_addresses: true, on: :create
validates :email, reject_non_governmental_email_addresses: true

validates :outcome, inclusion: { in: [nil, "success", "failed", "skipped"] }

Expand Down
2 changes: 1 addition & 1 deletion app/models/user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ class User < ApplicationRecord
encrypts :otp_secret_key

validates :name, presence: true
validates :email, reject_non_governmental_email_addresses: true, on: :create
validates :email, reject_non_governmental_email_addresses: true
validates :reason_for_suspension, presence: true, if: proc { |u| u.suspended? }
validate :user_can_be_exempted_from_2sv
validate :organisation_admin_belongs_to_organisation
Expand Down
4 changes: 2 additions & 2 deletions test/models/batch_invitation_user_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@ class BatchInvitationUserTest < ActiveSupport::TestCase
user.errors[:email]
end

should "still allow user to be updated with a known non-government email address" do
should "not allow user to be updated with a known non-government email address" do
user = create(:batch_invitation_user, email: "alexia.statham@department.gov.uk")

user.email = "alexia.statham@yahoo.co.uk"

assert user.valid?
assert_not user.valid?
end
end

Expand Down
4 changes: 2 additions & 2 deletions test/models/user_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -284,12 +284,12 @@ def setup
user.errors[:email]
end

should "still allow user to be updated with a known non-government email address" do
should "not allow user to be updated with a known non-government email address" do
user = create(:batch_invitation_user, email: "alexia.statham@department.gov.uk")

user.email = "alexia.statham@yahoo.co.uk"

assert user.valid?
assert_not user.valid?
end

should "reject emails with invalid domain parts" do
Expand Down

0 comments on commit 9b94d8a

Please sign in to comment.