OTWO-7318 Email alert for http links in account details (#1804)

blackducksoftware · Nov 5, 2024 · 620edc6 · 620edc6
1 parent dd036b5
commit 620edc6
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 7 deletions.
diff --git a/app/mailers/account_mailer.rb b/app/mailers/account_mailer.rb
@@ -37,4 +37,9 @@ def reset_password(account_id)
     account = Account.find(account_id)
     mail to: account.email, subject: 'OpenHub Password Change Notification'
   end
+
+  def review_account_data_for_spam(account)
+    @account = account
+    mail to: '[email protected]', subject: 'OpenHub: review account data for SPAM'
+  end
 end
diff --git a/app/models/account/hooks.rb b/app/models/account/hooks.rb
@@ -39,6 +39,7 @@ def after_destroy(account)
 
   def after_save(account)
     update_person_effective_name(account) if account.person.present? && !account.access.spam?
+    notify_about_added_links(account)
   end
 
   private
@@ -75,11 +76,10 @@ def schedule_organization_analysis(organization_id)
   end
 
   def destroy_spammer_dependencies(account)
-    account.posts.each(&:destroy_with_empty_topic)
     account.all_manages.each { |manage| manage.destroy_by!(account) }
     account.edits.not_undone.each { |edit| safe_undo(edit) }
-    account.topics.where(posts_count: 0).destroy_all
     account.person.try(:destroy)
+    account.markup&.update(raw: '')
     dependent_destroy(account)
   rescue StandardError
     raise ActiveRecord::Rollback
@@ -136,5 +136,11 @@ def update_manage(account_id)
   def update_edit(account_id)
     Edit.where(undone_by: account_id).update_all(undone_by: @anonymous_account)
   end
+
+  def notify_about_added_links(account)
+    return unless account.saved_change_to_url? && account.url.present?
+
+    AccountMailer.review_account_data_for_spam(account).deliver_now
+  end
 end
 # rubocop:enable Metrics/ClassLength
diff --git a/app/models/markup.rb b/app/models/markup.rb
@@ -2,6 +2,7 @@
 
 class Markup < ApplicationRecord
   before_save :sanitize_html
+  after_save :notify_about_added_links
 
   validates :raw, length: { maximum: 500 }, allow_blank: true
 
@@ -13,9 +14,18 @@ def first_line
     lines.first.to_s.strip if formatted.present?
   end
 
+  def link?
+    formatted.match(/https?:\/\/[^\s]+/)
+  end
+
   private
 
   def sanitize_html
     self.formatted = raw.strip_tags_preserve_line_breaks
   end
+
+  def notify_about_added_links
+    account = Account.find_by(about_markup_id: id)
+    AccountMailer.review_account_data_for_spam(account).deliver_now if account && saved_change_to_formatted? && link?
+  end
 end
diff --git a/app/views/account_mailer/review_account_data_for_spam.html.haml b/app/views/account_mailer/review_account_data_for_spam.html.haml
@@ -0,0 +1,18 @@
+Dear OpenHub,
+
+%p
+  #{@account.name}(#{@account.email}) has added below links:
+  %br
+  - if @account.url
+    %br
+    %b URL:
+    = @account.url
+  - if @account.markup && @account.markup.link?
+    %br
+    %b Markup:
+    = @account.markup.formatted.html_safe
+  %br
+  %br
+  Mark #{@account.name} as spammer here:
+  = link_to account_url(@account, host: ENV['URL_HOST']), account_url(@account, host: ENV['URL_HOST'])
+
diff --git a/app/views/accounts/show/_header.html.haml b/app/views/accounts/show/_header.html.haml
@@ -18,7 +18,7 @@
         - if my_account?(@account) || current_user_is_admin?
           - if @account.location.present?
             %span.seperator &nbsp;|&nbsp;
-          != link_to bootstrap_icon('icon-cogs', t('.account.settings')), settings_account_path(@account)
+          != link_to bootstrap_icon('icon-cogs', t('.settings')), settings_account_path(@account)
         - if current_user_is_admin?
           |
           = link_to bootstrap_icon('icon-legal', t('.view_job')), admin_account_account_analysis_jobs_path(@account)

diff --git a/config/locales/accounts.en.yml b/config/locales/accounts.en.yml
@@ -113,6 +113,7 @@ en:
           title: 'Add your affiliation!'
         account_settings: '&nbsp;Settings'
         view_job: 'View Jobs'
+        settings: 'Settings'
       summary:
         title: 'Account Summary'
         projects_used: 'Projects Used'

diff --git a/test/models/account/hooks_test.rb b/test/models/account/hooks_test.rb
@@ -69,10 +69,8 @@ class Account::HooksTest < ActiveSupport::TestCase
 
       # verifications must be retained.
       _(account.verifications.count).must_equal 1
-      _(account.topics.count).must_equal 0
       _(account.person).must_be_nil
       _(account.positions.count).must_equal 0
-      _(account.posts.count).must_equal 0
       _(account.manages.count).must_equal 0
       # edits must be undone but still belong to spam account.
       _(account.edits.not_undone.count).must_equal 0
@@ -142,18 +140,20 @@ class Account::HooksTest < ActiveSupport::TestCase
     end
 
     it 'must request for email address verification' do
-      account = build(:account, activated_at: nil)
+      Account::Hooks.any_instance.stubs(:notify_about_added_links).returns(true)
 
+      account = build(:account, activated_at: nil)
       assert_difference('ActionMailer::Base.deliveries.size', 1) do
         account.save!
       end
-
       email = ActionMailer::Base.deliveries.last
       _(email.to).must_equal [account.email]
       _(email.body.raw_source).must_match I18n.t('account_mailer.signup_notification.body', login: account.login)
     end
 
     it 'wont request email address verification when activation_at is already set' do
+      Account::Hooks.any_instance.stubs(:notify_about_added_links).returns(true)
+
       assert_no_difference('ActionMailer::Base.deliveries.size') do
         create(:account, activated_at: Time.current)
       end

diff --git a/test/models/account_test.rb b/test/models/account_test.rb
@@ -166,6 +166,14 @@ class AccountTest < ActiveSupport::TestCase
     _(account.errors.messages[:name]).must_equal ['is too long (maximum is 50 characters)']
   end
 
+  it 'should send an email if url is changed' do
+    ActionMailer::Base.deliveries.clear
+    account = create(:account)
+    account.update(url: Faker::Internet.url)
+    email = ActionMailer::Base.deliveries.last
+    _(email.subject).must_equal 'OpenHub: review account data for SPAM'
+  end
+
   it 'should update the markup(about me) when updating a record' do
     account = create(:account)
     about_me = Faker::Lorem.paragraph(sentence_count: 2)
@@ -181,6 +189,16 @@ class AccountTest < ActiveSupport::TestCase
     _(account.markup.errors).must_include(:raw)
   end
 
+  it 'should send an email if markup has a link' do
+    ActionMailer::Base.deliveries.clear
+    account = create(:account)
+    about_me = Faker::Internet.url
+    account.about_raw = about_me
+    account.save
+    email = ActionMailer::Base.deliveries.last
+    _(email.subject).must_equal 'OpenHub: review account data for SPAM'
+  end
+
   it 'should error out when affiliation_type is not specified' do
     account.affiliation_type = ''
     _(account).wont_be :valid?