add blocking of contacts #156

* for use in case of repeated invalid submissions
openrightsgroup · Oct 31, 2021 · 04e32da · 04e32da
1 parent 9934b2c
commit 04e32da
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/api/1.2/api.php b/api/1.2/api.php
@@ -233,6 +233,10 @@ function checkAuth($app, $req, $key=null, $admin=false, $check_date=true) {
 			$code = 409;
 			$message = $e->getMessage();
 			break;
+        Case 'ContactPermissionDeniedError':
+            $code = 403;
+            $message = "Contact email is disallowed";
+            break;
 		case 'UserStatusError':
 			$code = 403;
 			$message = "Account is " . $e->getMessage();
@@ -1677,6 +1681,10 @@ function result_callback($msg, $queue) {
         false
         );
 
+    if (!$contact['enabled']) {
+        throw new ContactPermissionDeniedError();
+    }
+
     try {
         $app['service.queue']->submitted_url($url['url']);
     } catch (Exception $exc) {

diff --git a/api/1.2/libs/exceptions.php b/api/1.2/libs/exceptions.php
@@ -43,3 +43,5 @@ class TokenLookupError extends APIException {}
 class InvalidTokenError extends APIException {}
 
 class InvalidSortError extends APIException {}
+
+class ContactPermissionDeniedError extends APIException {}
diff --git a/sql/pg.schema.sql b/sql/pg.schema.sql
@@ -632,7 +632,8 @@ CREATE TABLE public.contacts (
     createdat timestamp with time zone,
     token character varying(36),
     verify_attempts smallint DEFAULT 0,
-    verify_last_attempt timestamp with time zone
+    verify_last_attempt timestamp with time zone,
+    enabled bool default true
 );
Original file line number	Diff line number	Diff line change
Expand Up		@@ -43,3 +43,5 @@ class TokenLookupError extends APIException {}
		class InvalidTokenError extends APIException {}

		class InvalidSortError extends APIException {}

		class ContactPermissionDeniedError extends APIException {}