fix: use stricter validation to restrict gmail signups (#11285)

- use stricter validation to restrict gmail signups
2025-11-03 04:27:53 +00:00 · 2025-04-12 10:52:49 +05:30
parent e0097ab102
commit befdfb0ae6
2 changed files with 18 additions and 1 deletions
--- a/spec/controllers/devise/omniauth_callbacks_controller_spec.rb
+++ b/spec/controllers/devise/omniauth_callbacks_controller_spec.rb
@@ -56,6 +56,23 @@ RSpec.describe 'DeviseOverrides::OmniauthCallbacksController', type: :request do
      end
    end

+    it 'blocks personal accounts signup with different Gmail case variations' do
+      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true' do
+        # Test different case variations of Gmail
+        ['personal@Gmail.com', 'personal@GMAIL.com', 'personal@Gmail.COM'].each do |email|
+          set_omniauth_config(email)
+          get '/omniauth/google_oauth2/callback'
+
+          # expect a 302 redirect to auth/google_oauth2/callback
+          expect(response).to redirect_to('http://www.example.com/auth/google_oauth2/callback')
+          follow_redirect!
+
+          # expect a 302 redirect to app/login with error disallowing personal accounts
+          expect(response).to redirect_to(%r{/app/login\?error=business-account-only$})
+        end
+      end
+    end
+
    # This test does not affect line coverage, but it is important to ensure that the logic
    # does not allow any signup if the ENV explicitly disables it
    it 'blocks signup if ENV disabled' do