From 63c7b9157274f57c496399a1a5c728b32415034c Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Sun, 27 May 2018 04:58:08 +0200
Subject: [PATCH] Validate that e-mail resolves with MX and it's not
 blacklisted (#7631)

Original patch by @j-a4
---
 app/models/user.rb                   |  1 +
 app/validators/email_mx_validator.rb | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 app/validators/email_mx_validator.rb

diff --git a/app/models/user.rb b/app/models/user.rb
index cfbae58ed3..0becfa7e96 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -65,6 +65,7 @@ class User < ApplicationRecord
 
   validates :locale, inclusion: I18n.available_locales.map(&:to_s), if: :locale?
   validates_with BlacklistedEmailValidator, if: :email_changed?
+  validates_with EmailMxValidator, if: :email_changed?
 
   scope :recent, -> { order(id: :desc) }
   scope :admins, -> { where(admin: true) }
diff --git a/app/validators/email_mx_validator.rb b/app/validators/email_mx_validator.rb
new file mode 100644
index 0000000000..d4c7cc252a
--- /dev/null
+++ b/app/validators/email_mx_validator.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'resolv'
+
+class EmailMxValidator < ActiveModel::Validator
+  def validate(user)
+    return if Rails.env.test?
+    user.errors.add(:email, I18n.t('users.invalid_email')) if invalid_mx?(user.email)
+  end
+
+  private
+
+  def invalid_mx?(value)
+    _, domain = value.split('@', 2)
+
+    return true if domain.nil?
+
+    records = Resolv::DNS.new.getresources(domain, Resolv::DNS::Resource::IN::MX).to_a.map { |e| e.exchange.to_s }
+    records.empty? || on_blacklist?(records)
+  end
+
+  def on_blacklist?(values)
+    EmailDomainBlock.where(domain: values).any?
+  end
+end
-- 
GitLab