Email spam security (#641)
* Add hCaptcha on register page * register page captcha test cases * Refactor integration validation rules to include form context - Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation. - Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address. - Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users. - Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations. These changes improve the flexibility and user experience of form integrations, particularly for email handling. * for self-hosted ignore emil validation for spam * fix pint * ignore register throttle for testing env * support new migration for mysql also * Register page captcha enable if captcha key set * fix test case * fix test case * fix test case * fix pint * Refactor RegisterController middleware and update TestCase setup - Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint. - Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference. * Enhance hCaptcha integration in tests and configuration - Added hCaptcha site and secret keys to phpunit.xml for testing purposes. - Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment. These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions. --------- Co-authored-by: Julien Nahum <julien@nahum.net>
This commit is contained in:
Chirag Chhatrala
GitHub
@@ -2,20 +2,23 @@
|
||||
|
||||
namespace App\Integrations\Handlers;
|
||||
|
||||
use App\Models\Forms\Form;
|
||||
use App\Models\Integration\FormIntegration;
|
||||
use App\Notifications\Forms\FormEmailNotification;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use Illuminate\Support\Facades\Notification;
|
||||
use App\Open\MentionParser;
|
||||
use App\Service\Forms\FormSubmissionFormatter;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
|
||||
class EmailIntegration extends AbstractEmailIntegrationHandler
|
||||
{
|
||||
public const RISKY_USERS_LIMIT = 120;
|
||||
|
||||
public static function getValidationRules(): array
|
||||
public static function getValidationRules(?Form $form): array
|
||||
{
|
||||
return [
|
||||
'send_to' => 'required',
|
||||
$rules = [
|
||||
'send_to' => ['required'],
|
||||
'sender_name' => 'required',
|
||||
'sender_email' => 'email|nullable',
|
||||
'subject' => 'required',
|
||||
@@ -24,6 +27,31 @@ class EmailIntegration extends AbstractEmailIntegrationHandler
|
||||
'include_hidden_fields_submission_data' => ['nullable', 'boolean'],
|
||||
'reply_to' => 'nullable',
|
||||
];
|
||||
|
||||
if ($form->is_pro || config('app.self_hosted')) {
|
||||
return $rules;
|
||||
}
|
||||
|
||||
// Free plan users can only send to a single email address (avoid spam)
|
||||
$rules['send_to'][] = function ($attribute, $value, $fail) use ($form) {
|
||||
if (count(explode("\n", trim($value))) > 1 || count(explode(',', $value)) > 1) {
|
||||
$fail('You can only send to a single email address on the free plan. Please upgrade to the Pro plan to create a new integration.');
|
||||
}
|
||||
};
|
||||
|
||||
// Free plan users can only have a single email integration per form (avoid spam)
|
||||
if (!request()->route('integrationid')) {
|
||||
$existingEmailIntegrations = FormIntegration::where('form_id', $form->id)
|
||||
->where('integration_id', 'email')
|
||||
->count();
|
||||
if ($existingEmailIntegrations > 0) {
|
||||
throw ValidationException::withMessages([
|
||||
'settings.send_to' => ['Free users are limited to 1 email integration per form.']
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
return $rules;
|
||||
}
|
||||
|
||||
protected function shouldRun(): bool
|
||||
|
||||
Reference in New Issue
Block a user