mirror of
				https://github.com/go-gitea/gitea
				synced 2025-10-26 08:58:24 +00:00 
			
		
		
		
	Check blocklist for emails when adding them to account (#26812)
This commit is contained in:
		| @@ -16,6 +16,7 @@ import ( | |||||||
| 	"code.gitea.io/gitea/modules/log" | 	"code.gitea.io/gitea/modules/log" | ||||||
| 	"code.gitea.io/gitea/modules/setting" | 	"code.gitea.io/gitea/modules/setting" | ||||||
| 	"code.gitea.io/gitea/modules/util" | 	"code.gitea.io/gitea/modules/util" | ||||||
|  | 	"code.gitea.io/gitea/modules/validation" | ||||||
|  |  | ||||||
| 	"xorm.io/builder" | 	"xorm.io/builder" | ||||||
| ) | ) | ||||||
| @@ -161,7 +162,17 @@ func ValidateEmail(email string) error { | |||||||
| 		return ErrEmailInvalid{email} | 		return ErrEmailInvalid{email} | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	// TODO: add an email allow/block list | 	// if there is no allow list, then check email against block list | ||||||
|  | 	if len(setting.Service.EmailDomainAllowList) == 0 && | ||||||
|  | 		validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) { | ||||||
|  | 		return ErrEmailInvalid{email} | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// if there is an allow list, then check email against allow list | ||||||
|  | 	if len(setting.Service.EmailDomainAllowList) > 0 && | ||||||
|  | 		!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) { | ||||||
|  | 		return ErrEmailInvalid{email} | ||||||
|  | 	} | ||||||
|  |  | ||||||
| 	return nil | 	return nil | ||||||
| } | } | ||||||
|   | |||||||
| @@ -10,6 +10,8 @@ import ( | |||||||
| 	"strings" | 	"strings" | ||||||
|  |  | ||||||
| 	"code.gitea.io/gitea/modules/setting" | 	"code.gitea.io/gitea/modules/setting" | ||||||
|  |  | ||||||
|  | 	"github.com/gobwas/glob" | ||||||
| ) | ) | ||||||
|  |  | ||||||
| var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`) | var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`) | ||||||
| @@ -48,6 +50,29 @@ func IsValidSiteURL(uri string) bool { | |||||||
| 	return false | 	return false | ||||||
| } | } | ||||||
|  |  | ||||||
|  | // IsEmailDomainListed checks whether the domain of an email address | ||||||
|  | // matches a list of domains | ||||||
|  | func IsEmailDomainListed(globs []glob.Glob, email string) bool { | ||||||
|  | 	if len(globs) == 0 { | ||||||
|  | 		return false | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	n := strings.LastIndex(email, "@") | ||||||
|  | 	if n <= 0 { | ||||||
|  | 		return false | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	domain := strings.ToLower(email[n+1:]) | ||||||
|  |  | ||||||
|  | 	for _, g := range globs { | ||||||
|  | 		if g.Match(domain) { | ||||||
|  | 			return true | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return false | ||||||
|  | } | ||||||
|  |  | ||||||
| // IsAPIURL checks if URL is current Gitea instance API URL | // IsAPIURL checks if URL is current Gitea instance API URL | ||||||
| func IsAPIURL(uri string) bool { | func IsAPIURL(uri string) bool { | ||||||
| 	return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api")) | 	return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api")) | ||||||
|   | |||||||
| @@ -13,10 +13,10 @@ import ( | |||||||
| 	"code.gitea.io/gitea/modules/context" | 	"code.gitea.io/gitea/modules/context" | ||||||
| 	"code.gitea.io/gitea/modules/setting" | 	"code.gitea.io/gitea/modules/setting" | ||||||
| 	"code.gitea.io/gitea/modules/structs" | 	"code.gitea.io/gitea/modules/structs" | ||||||
|  | 	"code.gitea.io/gitea/modules/validation" | ||||||
| 	"code.gitea.io/gitea/modules/web/middleware" | 	"code.gitea.io/gitea/modules/web/middleware" | ||||||
|  |  | ||||||
| 	"gitea.com/go-chi/binding" | 	"gitea.com/go-chi/binding" | ||||||
| 	"github.com/gobwas/glob" |  | ||||||
| ) | ) | ||||||
|  |  | ||||||
| // InstallForm form for installation page | // InstallForm form for installation page | ||||||
| @@ -103,29 +103,6 @@ func (f *RegisterForm) Validate(req *http.Request, errs binding.Errors) binding. | |||||||
| 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale) | 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale) | ||||||
| } | } | ||||||
|  |  | ||||||
| // IsEmailDomainListed checks whether the domain of an email address |  | ||||||
| // matches a list of domains |  | ||||||
| func IsEmailDomainListed(globs []glob.Glob, email string) bool { |  | ||||||
| 	if len(globs) == 0 { |  | ||||||
| 		return false |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	n := strings.LastIndex(email, "@") |  | ||||||
| 	if n <= 0 { |  | ||||||
| 		return false |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	domain := strings.ToLower(email[n+1:]) |  | ||||||
|  |  | ||||||
| 	for _, g := range globs { |  | ||||||
| 		if g.Match(domain) { |  | ||||||
| 			return true |  | ||||||
| 		} |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return false |  | ||||||
| } |  | ||||||
|  |  | ||||||
| // IsEmailDomainAllowed validates that the email address | // IsEmailDomainAllowed validates that the email address | ||||||
| // provided by the user matches what has been configured . | // provided by the user matches what has been configured . | ||||||
| // The email is marked as allowed if it matches any of the | // The email is marked as allowed if it matches any of the | ||||||
| @@ -133,10 +110,10 @@ func IsEmailDomainListed(globs []glob.Glob, email string) bool { | |||||||
| // domains in the blocklist, if any such list is not empty. | // domains in the blocklist, if any such list is not empty. | ||||||
| func (f *RegisterForm) IsEmailDomainAllowed() bool { | func (f *RegisterForm) IsEmailDomainAllowed() bool { | ||||||
| 	if len(setting.Service.EmailDomainAllowList) == 0 { | 	if len(setting.Service.EmailDomainAllowList) == 0 { | ||||||
| 		return !IsEmailDomainListed(setting.Service.EmailDomainBlockList, f.Email) | 		return !validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, f.Email) | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	return IsEmailDomainListed(setting.Service.EmailDomainAllowList, f.Email) | 	return validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, f.Email) | ||||||
| } | } | ||||||
|  |  | ||||||
| // MustChangePasswordForm form for updating your password after account creation | // MustChangePasswordForm form for updating your password after account creation | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user