Check blocklist for emails when adding them to account (#26812)
This commit is contained in:
parent
1bb9b1c4d9
commit
45976a1bde
3 changed files with 40 additions and 27 deletions
|
@ -16,6 +16,7 @@ import (
|
||||||
"code.gitea.io/gitea/modules/log"
|
"code.gitea.io/gitea/modules/log"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/util"
|
"code.gitea.io/gitea/modules/util"
|
||||||
|
"code.gitea.io/gitea/modules/validation"
|
||||||
|
|
||||||
"xorm.io/builder"
|
"xorm.io/builder"
|
||||||
)
|
)
|
||||||
|
@ -161,7 +162,17 @@ func ValidateEmail(email string) error {
|
||||||
return ErrEmailInvalid{email}
|
return ErrEmailInvalid{email}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: add an email allow/block list
|
// if there is no allow list, then check email against block list
|
||||||
|
if len(setting.Service.EmailDomainAllowList) == 0 &&
|
||||||
|
validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
|
||||||
|
return ErrEmailInvalid{email}
|
||||||
|
}
|
||||||
|
|
||||||
|
// if there is an allow list, then check email against allow list
|
||||||
|
if len(setting.Service.EmailDomainAllowList) > 0 &&
|
||||||
|
!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
|
||||||
|
return ErrEmailInvalid{email}
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,8 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
|
|
||||||
|
"github.com/gobwas/glob"
|
||||||
)
|
)
|
||||||
|
|
||||||
var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`)
|
var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`)
|
||||||
|
@ -48,6 +50,29 @@ func IsValidSiteURL(uri string) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// IsEmailDomainListed checks whether the domain of an email address
|
||||||
|
// matches a list of domains
|
||||||
|
func IsEmailDomainListed(globs []glob.Glob, email string) bool {
|
||||||
|
if len(globs) == 0 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
n := strings.LastIndex(email, "@")
|
||||||
|
if n <= 0 {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
domain := strings.ToLower(email[n+1:])
|
||||||
|
|
||||||
|
for _, g := range globs {
|
||||||
|
if g.Match(domain) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// IsAPIURL checks if URL is current Gitea instance API URL
|
// IsAPIURL checks if URL is current Gitea instance API URL
|
||||||
func IsAPIURL(uri string) bool {
|
func IsAPIURL(uri string) bool {
|
||||||
return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api"))
|
return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api"))
|
||||||
|
|
|
@ -13,10 +13,10 @@ import (
|
||||||
"code.gitea.io/gitea/modules/context"
|
"code.gitea.io/gitea/modules/context"
|
||||||
"code.gitea.io/gitea/modules/setting"
|
"code.gitea.io/gitea/modules/setting"
|
||||||
"code.gitea.io/gitea/modules/structs"
|
"code.gitea.io/gitea/modules/structs"
|
||||||
|
"code.gitea.io/gitea/modules/validation"
|
||||||
"code.gitea.io/gitea/modules/web/middleware"
|
"code.gitea.io/gitea/modules/web/middleware"
|
||||||
|
|
||||||
"gitea.com/go-chi/binding"
|
"gitea.com/go-chi/binding"
|
||||||
"github.com/gobwas/glob"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// InstallForm form for installation page
|
// InstallForm form for installation page
|
||||||
|
@ -103,29 +103,6 @@ func (f *RegisterForm) Validate(req *http.Request, errs binding.Errors) binding.
|
||||||
return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
|
return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsEmailDomainListed checks whether the domain of an email address
|
|
||||||
// matches a list of domains
|
|
||||||
func IsEmailDomainListed(globs []glob.Glob, email string) bool {
|
|
||||||
if len(globs) == 0 {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
n := strings.LastIndex(email, "@")
|
|
||||||
if n <= 0 {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
domain := strings.ToLower(email[n+1:])
|
|
||||||
|
|
||||||
for _, g := range globs {
|
|
||||||
if g.Match(domain) {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsEmailDomainAllowed validates that the email address
|
// IsEmailDomainAllowed validates that the email address
|
||||||
// provided by the user matches what has been configured .
|
// provided by the user matches what has been configured .
|
||||||
// The email is marked as allowed if it matches any of the
|
// The email is marked as allowed if it matches any of the
|
||||||
|
@ -133,10 +110,10 @@ func IsEmailDomainListed(globs []glob.Glob, email string) bool {
|
||||||
// domains in the blocklist, if any such list is not empty.
|
// domains in the blocklist, if any such list is not empty.
|
||||||
func (f *RegisterForm) IsEmailDomainAllowed() bool {
|
func (f *RegisterForm) IsEmailDomainAllowed() bool {
|
||||||
if len(setting.Service.EmailDomainAllowList) == 0 {
|
if len(setting.Service.EmailDomainAllowList) == 0 {
|
||||||
return !IsEmailDomainListed(setting.Service.EmailDomainBlockList, f.Email)
|
return !validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, f.Email)
|
||||||
}
|
}
|
||||||
|
|
||||||
return IsEmailDomainListed(setting.Service.EmailDomainAllowList, f.Email)
|
return validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, f.Email)
|
||||||
}
|
}
|
||||||
|
|
||||||
// MustChangePasswordForm form for updating your password after account creation
|
// MustChangePasswordForm form for updating your password after account creation
|
||||||
|
|
Loading…
Reference in a new issue