Block registration based on email domain (#5157)

* implement email domain whitelist
2018-11-15 02:00:04 +01:00 · 2018-11-15 02:00:04 +01:00 · b97af15de6
commit b97af15de6
parent 4c1f1f9646
7 changed files with 106 additions and 0 deletions
--- a/modules/auth/user_form.go
+++ b/modules/auth/user_form.go
@ -1,4 +1,5 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

@ -6,6 +7,9 @@ package auth

 import (
 	"mime/multipart"
+	"strings"
+
+	"code.gitea.io/gitea/modules/setting"

 	"github.com/go-macaron/binding"
 	"gopkg.in/macaron.v1"
@ -84,6 +88,31 @@ func (f *RegisterForm) Validate(ctx *macaron.Context, errs binding.Errors) bindi
 	return validate(errs, ctx.Data, f, ctx.Locale)
 }

+// IsEmailDomainWhitelisted validates that the email address
+// provided by the user matches what has been configured .
+// If the domain whitelist from the config is empty, it marks the
+// email as whitelisted
+func (f RegisterForm) IsEmailDomainWhitelisted() bool {
+	if len(setting.Service.EmailDomainWhitelist) == 0 {
+		return true
+	}
+
+	n := strings.LastIndex(f.Email, "@")
+	if n <= 0 {
+		return false
+	}
+
+	domain := strings.ToLower(f.Email[n+1:])
+
+	for _, v := range setting.Service.EmailDomainWhitelist {
+		if strings.ToLower(v) == domain {
+			return true
+		}
+	}
+
+	return false
+}
+
 // MustChangePasswordForm form for updating your password after account creation
 // by an admin
 type MustChangePasswordForm struct {
--- a/modules/auth/user_form_test.go
+++ b/modules/auth/user_form_test.go
@ -0,0 +1,64 @@
+// Copyright 2018 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package auth
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestRegisterForm_IsDomainWhiteList_Empty(t *testing.T) {
+	_ = setting.Service
+
+	setting.Service.EmailDomainWhitelist = []string{}
+
+	form := RegisterForm{}
+
+	assert.True(t, form.IsEmailDomainWhitelisted())
+}
+
+func TestRegisterForm_IsDomainWhiteList_InvalidEmail(t *testing.T) {
+	_ = setting.Service
+
+	setting.Service.EmailDomainWhitelist = []string{"gitea.io"}
+
+	tt := []struct {
+		email string
+	}{
+		{"securitygieqqq"},
+		{"hdudhdd"},
+	}
+
+	for _, v := range tt {
+		form := RegisterForm{Email: v.email}
+
+		assert.False(t, form.IsEmailDomainWhitelisted())
+	}
+}
+
+func TestRegisterForm_IsDomainWhiteList_ValidEmail(t *testing.T) {
+	_ = setting.Service
+
+	setting.Service.EmailDomainWhitelist = []string{"gitea.io"}
+
+	tt := []struct {
+		email string
+		valid bool
+	}{
+		{"security@gitea.io", true},
+		{"security@gITea.io", true},
+		{"hdudhdd", false},
+		{"seee@example.com", false},
+	}
+
+	for _, v := range tt {
+		form := RegisterForm{Email: v.email}
+
+		assert.Equal(t, v.valid, form.IsEmailDomainWhitelisted())
+	}
+}