Add comprehensive email validation for blocked users#8
Add comprehensive email validation for blocked users#8akshayutture-augment wants to merge 1 commit into
Conversation
… many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| def self.should_block?(email) | ||
| record = BlockedEmail.where(email: email).first | ||
| if record | ||
| record.match_count += 1 | ||
| record.last_match_at = Time.zone.now |
There was a problem hiding this comment.
The new BlockedEmail.should_block? compares the supplied email with BlockedEmail.where(email: email) verbatim (app/models/blocked_email.rb lines 11‑15). There is no normalization or downcasing of either the stored record or the value being checked, even though the client allows and sends uppercase characters in addresses. As a result a blocked record such as bad@spam.com is trivially bypassed by registering as bad@SPAM.com, because the SQL comparison is case sensitive and will not find the row. Please normalize (e.g., via Email.downcase) when persisting and when querying so that blocked addresses cannot be evaded by casing changes.
Useful? React with 👍 / 👎.
2 participants
Test 3
Replicated from ai-code-review-evaluation/discourse-cursor#3