From 3e923c7a4186a1391a203671074c0e5bdec006f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Hanol?= <regis@hanol.fr>
Date: Mon, 21 Dec 2015 17:54:02 +0100
Subject: [PATCH] FIX: ensure inactive users can't email in

---
 lib/email/receiver.rb                  |  3 ++-
 spec/components/email/receiver_spec.rb | 32 ++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index 8f536380eec..2c0983701dd 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -20,6 +20,7 @@ module Email
     class InvalidPost < ProcessingError; end
     class ReplyUserNotFoundError < ProcessingError; end
     class ReplyUserNotMatchingError < ProcessingError; end
+    class InactiveUserError < ProcessingError; end
 
     attr_reader :body, :email_log
 
@@ -58,8 +59,8 @@ module Email
       user_email = from.address
       user_name  = from.display_name
 
-      # TODO: deal with suspended/inactive users
       user = User.find_by_email(user_email)
+      raise InactiveUserError if user.present? && !user.active && !user.staged
 
       # TODO: take advantage of all the "TO"s
       dest_info = dest_infos[0]
diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb
index 2cb66f0495c..baa3037c41c 100644
--- a/spec/components/email/receiver_spec.rb
+++ b/spec/components/email/receiver_spec.rb
@@ -447,6 +447,38 @@ This is a link http://example.com"
     end
   end
 
+  describe "posting reply as a inactive user" do
+    let(:reply_key) { raise "Override this in a lower describe block" }
+    let(:email_raw) { raise "Override this in a lower describe block" }
+    let(:to) { SiteSetting.reply_by_email_address.gsub("%{reply_key}", reply_key) }
+    let(:receiver) { Email::Receiver.new(email_raw) }
+    let(:topic) { Fabricate(:topic) }
+    let(:post) { Fabricate(:post, topic: topic, post_number: 1) }
+    let(:replying_user_email) { 'jake@adventuretime.ooo' }
+    let(:replying_user) { Fabricate(:user, email: replying_user_email, trust_level: 2, active: false) }
+    let(:email_log) { EmailLog.new(reply_key: reply_key,
+                                   post: post,
+                                   post_id: post.id,
+                                   topic_id: topic.id,
+                                   email_type: 'user_posted',
+                                   user: replying_user,
+                                   user_id: replying_user.id,
+                                   to_address: replying_user_email
+    ) }
+
+    before do
+      email_log.save
+    end
+
+    describe "should not create post" do
+      let!(:reply_key) { '59d8df8370b7e95c5a49fbf86aeb2c93' }
+      let!(:email_raw) { fill_email(fixture_file("emails/valid_reply.eml"), replying_user_email, to) }
+      it "raises a InactiveUserError" do
+        expect { receiver.process }.to raise_error(Email::Receiver::InactiveUserError)
+      end
+    end
+  end
+
   describe "posting a new topic in a category" do
     let(:category_destination) { raise "Override this in a lower describe block" }
     let(:email_raw) { raise "Override this in a lower describe block" }