Merge branch 'email-blacklist' into 'develop'
Add email blacklist, fixes #1404 Closes #1404 See merge request pleroma/pleroma!2837
This commit is contained in:
commit
28584bb224
7 changed files with 70 additions and 9 deletions
|
@ -49,6 +49,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
- Configuration: Added a blacklist for email servers.
|
||||||
- Chats: Added `accepts_chat_messages` field to user, exposed in APIs and federation.
|
- Chats: Added `accepts_chat_messages` field to user, exposed in APIs and federation.
|
||||||
- Chats: Added support for federated chats. For details, see the docs.
|
- Chats: Added support for federated chats. For details, see the docs.
|
||||||
- ActivityPub: Added support for existing AP ids for instances migrated from Mastodon.
|
- ActivityPub: Added support for existing AP ids for instances migrated from Mastodon.
|
||||||
|
|
|
@ -516,7 +516,8 @@
|
||||||
"user_exists",
|
"user_exists",
|
||||||
"users",
|
"users",
|
||||||
"web"
|
"web"
|
||||||
]
|
],
|
||||||
|
email_blacklist: []
|
||||||
|
|
||||||
config :pleroma, Oban,
|
config :pleroma, Oban,
|
||||||
repo: Pleroma.Repo,
|
repo: Pleroma.Repo,
|
||||||
|
|
|
@ -3056,6 +3056,7 @@
|
||||||
%{
|
%{
|
||||||
key: :restricted_nicknames,
|
key: :restricted_nicknames,
|
||||||
type: {:list, :string},
|
type: {:list, :string},
|
||||||
|
description: "List of nicknames users may not register with.",
|
||||||
suggestions: [
|
suggestions: [
|
||||||
".well-known",
|
".well-known",
|
||||||
"~",
|
"~",
|
||||||
|
@ -3088,6 +3089,12 @@
|
||||||
"users",
|
"users",
|
||||||
"web"
|
"web"
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
%{
|
||||||
|
key: :email_blacklist,
|
||||||
|
type: {:list, :string},
|
||||||
|
description: "List of email domains users may not register with.",
|
||||||
|
suggestions: ["mailinator.com", "maildrop.cc"]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
@ -207,6 +207,11 @@ config :pleroma, :mrf_user_allowlist, %{
|
||||||
* `sign_object_fetches`: Sign object fetches with HTTP signatures
|
* `sign_object_fetches`: Sign object fetches with HTTP signatures
|
||||||
* `authorized_fetch_mode`: Require HTTP signatures for AP fetches
|
* `authorized_fetch_mode`: Require HTTP signatures for AP fetches
|
||||||
|
|
||||||
|
## Pleroma.User
|
||||||
|
|
||||||
|
* `restricted_nicknames`: List of nicknames users may not register with.
|
||||||
|
* `email_blacklist`: List of email domains users may not register with.
|
||||||
|
|
||||||
## Pleroma.ScheduledActivity
|
## Pleroma.ScheduledActivity
|
||||||
|
|
||||||
* `daily_user_limit`: the number of scheduled activities a user is allowed to create in a single day (Default: `25`)
|
* `daily_user_limit`: the number of scheduled activities a user is allowed to create in a single day (Default: `25`)
|
||||||
|
|
|
@ -676,10 +676,19 @@ def register_changeset(struct, params \\ %{}, opts \\ []) do
|
||||||
|> validate_required([:name, :nickname, :password, :password_confirmation])
|
|> validate_required([:name, :nickname, :password, :password_confirmation])
|
||||||
|> validate_confirmation(:password)
|
|> validate_confirmation(:password)
|
||||||
|> unique_constraint(:email)
|
|> unique_constraint(:email)
|
||||||
|
|> validate_format(:email, @email_regex)
|
||||||
|
|> validate_change(:email, fn :email, email ->
|
||||||
|
valid? =
|
||||||
|
Config.get([User, :email_blacklist])
|
||||||
|
|> Enum.all?(fn blacklisted_domain ->
|
||||||
|
!String.ends_with?(email, ["@" <> blacklisted_domain, "." <> blacklisted_domain])
|
||||||
|
end)
|
||||||
|
|
||||||
|
if valid?, do: [], else: [email: "Invalid email"]
|
||||||
|
end)
|
||||||
|> unique_constraint(:nickname)
|
|> unique_constraint(:nickname)
|
||||||
|> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
|
|> validate_exclusion(:nickname, Config.get([User, :restricted_nicknames]))
|
||||||
|> validate_format(:nickname, local_nickname_regex())
|
|> validate_format(:nickname, local_nickname_regex())
|
||||||
|> validate_format(:email, @email_regex)
|
|
||||||
|> validate_length(:bio, max: bio_limit)
|
|> validate_length(:bio, max: bio_limit)
|
||||||
|> validate_length(:name, min: 1, max: name_limit)
|
|> validate_length(:name, min: 1, max: name_limit)
|
||||||
|> validate_length(:registration_reason, max: reason_limit)
|
|> validate_length(:registration_reason, max: reason_limit)
|
||||||
|
|
|
@ -513,6 +513,29 @@ test "it restricts certain nicknames" do
|
||||||
refute changeset.valid?
|
refute changeset.valid?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "it blocks blacklisted email domains" do
|
||||||
|
clear_config([User, :email_blacklist], ["trolling.world"])
|
||||||
|
|
||||||
|
# Block with match
|
||||||
|
params = Map.put(@full_user_data, :email, "troll@trolling.world")
|
||||||
|
changeset = User.register_changeset(%User{}, params)
|
||||||
|
refute changeset.valid?
|
||||||
|
|
||||||
|
# Block with subdomain match
|
||||||
|
params = Map.put(@full_user_data, :email, "troll@gnomes.trolling.world")
|
||||||
|
changeset = User.register_changeset(%User{}, params)
|
||||||
|
refute changeset.valid?
|
||||||
|
|
||||||
|
# Pass with different domains that are similar
|
||||||
|
params = Map.put(@full_user_data, :email, "troll@gnomestrolling.world")
|
||||||
|
changeset = User.register_changeset(%User{}, params)
|
||||||
|
assert changeset.valid?
|
||||||
|
|
||||||
|
params = Map.put(@full_user_data, :email, "troll@trolling.world.us")
|
||||||
|
changeset = User.register_changeset(%User{}, params)
|
||||||
|
assert changeset.valid?
|
||||||
|
end
|
||||||
|
|
||||||
test "it sets the password_hash and ap_id" do
|
test "it sets the password_hash and ap_id" do
|
||||||
changeset = User.register_changeset(%User{}, @full_user_data)
|
changeset = User.register_changeset(%User{}, @full_user_data)
|
||||||
|
|
||||||
|
|
|
@ -940,17 +940,32 @@ test "registers and logs in without :account_activation_required / :account_appr
|
||||||
assert refresh
|
assert refresh
|
||||||
assert scope == "read write follow"
|
assert scope == "read write follow"
|
||||||
|
|
||||||
conn =
|
clear_config([User, :email_blacklist], ["example.org"])
|
||||||
build_conn()
|
|
||||||
|> put_req_header("content-type", "multipart/form-data")
|
params = %{
|
||||||
|> put_req_header("authorization", "Bearer " <> token)
|
|
||||||
|> post("/api/v1/accounts", %{
|
|
||||||
username: "lain",
|
username: "lain",
|
||||||
email: "lain@example.org",
|
email: "lain@example.org",
|
||||||
password: "PlzDontHackLain",
|
password: "PlzDontHackLain",
|
||||||
bio: "Test Bio",
|
bio: "Test Bio",
|
||||||
agreement: true
|
agreement: true
|
||||||
})
|
}
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> put_req_header("content-type", "multipart/form-data")
|
||||||
|
|> put_req_header("authorization", "Bearer " <> token)
|
||||||
|
|> post("/api/v1/accounts", params)
|
||||||
|
|
||||||
|
assert %{"error" => "{\"email\":[\"Invalid email\"]}"} =
|
||||||
|
json_response_and_validate_schema(conn, 400)
|
||||||
|
|
||||||
|
Pleroma.Config.put([User, :email_blacklist], [])
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> put_req_header("content-type", "multipart/form-data")
|
||||||
|
|> put_req_header("authorization", "Bearer " <> token)
|
||||||
|
|> post("/api/v1/accounts", params)
|
||||||
|
|
||||||
%{
|
%{
|
||||||
"access_token" => token,
|
"access_token" => token,
|
||||||
|
|
Loading…
Reference in a new issue