Add email blacklist, fixes #1404

2020-08-02 14:53:42 -05:00 · 2020-08-02 14:53:42 -05:00 · dc88b6f091
commit dc88b6f091
parent 70951d042b
5 changed files with 47 additions and 2 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -509,7 +509,8 @@
    "user_exists",
    "users",
    "web"
-  ]
+  ],
+  email_blacklist: []

 config :pleroma, Oban,
  repo: Pleroma.Repo,
--- a/config/description.exs
+++ b/config/description.exs
@ -3021,6 +3021,7 @@
      %{
        key: :restricted_nicknames,
        type: {:list, :string},
+        description: "List of nicknames users may not register with.",
        suggestions: [
          ".well-known",
          "~",
@ -3053,6 +3054,12 @@
          "users",
          "web"
        ]
+      },
+      %{
+        key: :email_blacklist,
+        type: {:list, :string},
+        description: "List of email domains users may not register with.",
+        suggestions: ["mailinator.com", "maildrop.cc"]
      }
    ]
  },
--- a/docs/configuration/cheatsheet.md
+++ b/docs/configuration/cheatsheet.md
@ -202,6 +202,11 @@ config :pleroma, :mrf_user_allowlist, %{
 * `sign_object_fetches`: Sign object fetches with HTTP signatures
 * `authorized_fetch_mode`: Require HTTP signatures for AP fetches

+## Pleroma.User
+
+* `restricted_nicknames`: List of nicknames users may not register with.
+* `email_blacklist`: List of email domains users may not register with.
+
 ## Pleroma.ScheduledActivity

 * `daily_user_limit`: the number of scheduled activities a user is allowed to create in a single day (Default: `25`)
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -676,10 +676,19 @@ def register_changeset(struct, params \\ %{}, opts \\ []) do
    |> validate_required([:name, :nickname, :password, :password_confirmation])
    |> validate_confirmation(:password)
    |> unique_constraint(:email)
+    |> validate_format(:email, @email_regex)
+    |> validate_change(:email, fn :email, email ->
+      valid? =
+        Config.get([User, :email_blacklist])
+        |> Enum.all?(fn blacklisted_domain ->
+          !String.ends_with?(email, ["@" <> blacklisted_domain, "." <> blacklisted_domain])
+        end)
+
+      if valid?, do: [], else: [email: "Email domain is blacklisted"]
+    end)
    |> unique_constraint(:nickname)
    |> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
    |> validate_format(:nickname, local_nickname_regex())
-    |> validate_format(:email, @email_regex)
    |> validate_length(:bio, max: bio_limit)
    |> validate_length(:name, min: 1, max: name_limit)
    |> validate_length(:registration_reason, max: reason_limit)
--- a/test/user_test.exs
+++ b/test/user_test.exs
@ -490,6 +490,29 @@ test "it restricts certain nicknames" do
      refute changeset.valid?
    end

+    test "it blocks blacklisted email domains" do
+      clear_config([User, :email_blacklist], ["trolling.world"])
+
+      # Block with match
+      params = Map.put(@full_user_data, :email, "troll@trolling.world")
+      changeset = User.register_changeset(%User{}, params)
+      refute changeset.valid?
+
+      # Block with subdomain match
+      params = Map.put(@full_user_data, :email, "troll@gnomes.trolling.world")
+      changeset = User.register_changeset(%User{}, params)
+      refute changeset.valid?
+
+      # Pass with different domains that are similar
+      params = Map.put(@full_user_data, :email, "troll@gnomestrolling.world")
+      changeset = User.register_changeset(%User{}, params)
+      assert changeset.valid?
+
+      params = Map.put(@full_user_data, :email, "troll@trolling.world.us")
+      changeset = User.register_changeset(%User{}, params)
+      assert changeset.valid?
+    end
+
    test "it sets the password_hash and ap_id" do
      changeset = User.register_changeset(%User{}, @full_user_data)