Browse Source

Email allowlist (#603)

* Email allowlist

* Set rails master key in deploy pipelines
pull/619/head
baarkerlounger 3 years ago committed by baarkerlounger
parent
commit
48fb7bd84d
  1. 1
      .github/workflows/production_pipeline.yml
  2. 1
      .github/workflows/staging_pipeline.yml
  3. 11
      app/mailers/devise_notify_mailer.rb
  4. 2
      config/credentials.yml.enc
  5. 55
      spec/mailers/devise_notify_mailer_spec.rb

1
.github/workflows/production_pipeline.yml

@ -41,6 +41,7 @@ jobs:
DB_DATABASE: data_collector DB_DATABASE: data_collector
DB_USERNAME: postgres DB_USERNAME: postgres
DB_PASSWORD: password DB_PASSWORD: password
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
steps: steps:
- name: Get latest release with tag - name: Get latest release with tag

1
.github/workflows/staging_pipeline.yml

@ -41,6 +41,7 @@ jobs:
DB_DATABASE: data_collector DB_DATABASE: data_collector
DB_USERNAME: postgres DB_USERNAME: postgres
DB_PASSWORD: password DB_PASSWORD: password
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
steps: steps:
- name: Checkout - name: Checkout

11
app/mailers/devise_notify_mailer.rb

@ -6,6 +6,8 @@ class DeviseNotifyMailer < Devise::Mailer
end end
def send_email(email, template_id, personalisation) def send_email(email, template_id, personalisation)
return true if intercept_send?(email)
notify_client.send_email( notify_client.send_email(
email_address: email, email_address: email,
template_id:, template_id:,
@ -41,6 +43,15 @@ class DeviseNotifyMailer < Devise::Mailer
) )
end end
def intercept_send?(email)
email_domain = email.split("@").last.downcase
!(Rails.env.production? || Rails.env.test?) && email_allowlist.exclude?(email_domain)
end
def email_allowlist
Rails.application.credentials[:email_allowlist]
end
# def unlock_instructions(record, token, opts = {}) # def unlock_instructions(record, token, opts = {})
# super # super
# end # end

2
config/credentials.yml.enc

@ -1 +1 @@
NrH9ar+0L80hqUK6sTWxA8KMuWIyC2rPmKj9kanuIxvak5haHJQYQZDGx+fPFxsfzNTcSIQIQ1jbHCGeHg3U+lclKj/JpWGlzBl0cnGKPT2r7ZSUxtru4OlwdJpH7+dZAmSVXUl4yLb6pHElF3tnk4C9QGPfI/9tkNjE/3gD+fmJqaIym7m+bxOYD6P3DSSVZApjyygMXk0eGk0h7X/uKbODHBuZRjt4l4NlZp1yWvrcGuXJzT6R2vovDzrvclf/ng0t96/l/WOwOc95pF+KogomAoMw0PCJeQS9rhDZMJm+7YSPZ1hM5SPFp7MygTwWbUR33Gc+tSt3507xCwbEtJwtUn3BgtpC1Kv+ZhsLtpl60C9LTS9RmxMiShgR/IS6cKh9CzkUg9dh7ySdoETYQ7So2u2rtRA2XVbt--1g8FBT3NrEcb3POD--4eGL6AQnVUgL3JJEfRMUPw== hLcfjxH/Ka+pWAH9SAfyAso/IjAzGysRE96eNAuT3vVzPhlHhMytX0eaGu0LE/GMwXryK5h00xuQMoYreCpnaZ+2RvfW1gucACFTJ6Kxpf+2JNseDQDCKvFLn1y2Vu2l2AqipCht9fcpENEInp5ch2G8Qrk6fiM5fVJE/3+MHZ/7wpEkKfOyB9xRBuQdq2jwwgDIpB1K6+oigHMsKQNHL9IPCj2nI16goIy3C6qP/kw5E+i3l6GocWt2Hfpb5SESiLSR9RiTFtNPTYQITVfY9cj+8/wAIMbNWW8cpuJ9pQ9SC1ubMh1EXq/cn8v+RTefAss/e6pv1eWdhMKYKZEWfLtZAigv2E+FhOwaKsD8BL7jzxFyf25r491iTaMr7jTCEZ+Ag/y/114Z029noJJnX7P1k0e1lN7tLiTtObQxWmmoFIz+Z7Ih3i2ojyRZ6Rr1zZTBn/FG2dyeYMAG480f9TtduUzlg9LxuWkua+Zh26zGIscAW407xfXdkCAKxAdLjohWBqe5hyNXo8Vnbo6HGiUVLL0um5ufC7vw--ag3NbQnjBzTn6Hog--p7F0N82TTip3adYucCH96Q==

55
spec/mailers/devise_notify_mailer_spec.rb

@ -0,0 +1,55 @@
require "rails_helper"
RSpec.describe DeviseNotifyMailer do
describe "Intercept mail" do
let(:notify_client) { instance_double(Notifications::Client) }
let(:devise_notify_mailer) { described_class.new }
let(:organisation) { FactoryBot.create(:organisation) }
let(:name) { "test" }
let(:password) { "password" }
let(:role) { "data_coordinator" }
before do
allow(described_class).to receive(:new).and_return(devise_notify_mailer)
allow(devise_notify_mailer).to receive(:notify_client).and_return(notify_client)
allow(notify_client).to receive(:send_email).and_return(true)
end
context "when the rails environment is staging" do
before do
allow(Rails.env).to receive(:test?).and_return(false)
allow(Rails.env).to receive(:staging?).and_return(true)
end
context "when the email domain is not in the allowlist" do
let(:email) { "test@example.com" }
it "does not send emails" do
expect(notify_client).not_to receive(:send_email)
User.create!(name:, organisation:, email:, password:, role:)
end
end
context "when the email domain is in the allowlist" do
let(:domain) { Rails.application.credentials[:email_allowlist].first }
let(:email) { "test@#{domain}" }
it "does send emails" do
expect(notify_client).to receive(:send_email).once
User.create!(name:, organisation:, email:, password:, role:)
end
end
end
context "when the rails environment is not staging" do
context "when the email domain is not in the allowlist" do
let(:email) { "test@example.com" }
it "does send emails" do
expect(notify_client).to receive(:send_email).once
User.create!(name:, organisation:, email:, password:, role:)
end
end
end
end
end
Loading…
Cancel
Save