gitlab-org--gitlab-foss/app/models/concerns/restricted_signup.rb

86 lines
2.5 KiB
Ruby
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# frozen_string_literal: true
module RestrictedSignup
extend ActiveSupport::Concern
private
def validate_admin_signup_restrictions(email)
return if allowed_domain?(email)
error_type = fetch_error_type(email)
return unless error_type.present?
[
signup_email_invalid_message,
error_message[created_by_key][error_type]
].join(' ')
end
def fetch_error_type(email)
if allowlist_present?
:allowlist
elsif denied_domain?(email)
:denylist
elsif restricted_email?(email)
:restricted
end
end
def error_message
{
admin: {
allowlist: html_escape_once(_("Go to the 'Admin area > Sign-up restrictions', and check 'Allowed domains for sign-ups'.")).html_safe,
denylist: html_escape_once(_("Go to the 'Admin area > Sign-up restrictions', and check the 'Domain denylist'.")).html_safe,
restricted: html_escape_once(_("Go to the 'Admin area > Sign-up restrictions', and check 'Email restrictions for sign-ups'.")).html_safe,
group_setting: html_escape_once(_("Go to the groups 'Settings > General' page, and check 'Restrict membership by email domain'.")).html_safe
},
nonadmin: {
allowlist: error_nonadmin,
denylist: error_nonadmin,
restricted: error_nonadmin,
group_setting: error_nonadmin
}
}
end
def error_nonadmin
_("Check with your administrator.")
end
def created_by_key
created_by&.can_admin_all_resources? ? :admin : :nonadmin
end
def denied_domain?(email)
return false unless Gitlab::CurrentSettings.domain_denylist_enabled?
denied_domains = Gitlab::CurrentSettings.domain_denylist
denied_domains.present? && domain_matches?(denied_domains, email)
end
def allowlist_present?
Gitlab::CurrentSettings.domain_allowlist.present?
end
def allowed_domain?(email)
allowed_domains = Gitlab::CurrentSettings.domain_allowlist
allowlist_present? && domain_matches?(allowed_domains, email)
end
def restricted_email?(email)
return false unless Gitlab::CurrentSettings.email_restrictions_enabled?
restrictions = Gitlab::CurrentSettings.email_restrictions
restrictions.present? && Gitlab::UntrustedRegexp.new(restrictions).match?(email)
end
def domain_matches?(email_domains, email)
signup_domain = Mail::Address.new(email).domain
email_domains.any? do |domain|
escaped = Regexp.escape(domain).gsub('\*', '.*?')
regexp = Regexp.new "^#{escaped}$", Regexp::IGNORECASE
signup_domain =~ regexp
end
end
end