Add comprehensive email validation for blocked users#8
Conversation
… many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field.
|
bugbot run |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| record.save | ||
| end | ||
| record && record.action_type == actions[:block] | ||
| end |
There was a problem hiding this comment.
Validation side-effect causes double match_count increment
Medium Severity
BlockedEmail.should_block? has a database write side-effect (incrementing match_count and calling save) but is invoked from within a validator. In users_controller.rb#create, user.valid? on line 168 triggers validations (including EmailValidator → should_block?), and then user.save on line 172 re-runs all validations, calling should_block? a second time. This causes match_count to be incremented by 2 for every single account creation attempt with a blocked email, producing inaccurate tracking data.
Additional Locations (1)
2 participants
Test 3
Summary by CodeRabbit
Release Notes
New Features
Database
✏️ Tip: You can customize this high-level summary in your review settings.
Replicated from ai-code-review-evaluation/discourse-coderabbit#3
Note
Medium Risk
Touches account creation and email validation paths and adds a new database-backed blocking mechanism; misconfiguration or validator bugs could prevent legitimate signups.
Overview
Adds a persistent blocked email system: introduces
BlockedEmail+ migration and anEmailValidatorthat enforces domain allow/deny lists and blocks specific emails while tracking match statistics.Updates
Userto use the newemail: truevalidator and extendsUsersController#createfailure responses to include structurederrorsand submittedvalues. The signup modal (CreateAccountController) now remembers rejected emails from the server and marks them invalid on subsequent attempts without re-submitting.Written by Cursor Bugbot for commit 5f8a130. Configure here.