diff options
Diffstat (limited to 'modules/forms')
| -rw-r--r-- | modules/forms/user_form.go | 31 | ||||
| -rw-r--r-- | modules/forms/user_form_test.go | 34 |
2 files changed, 49 insertions, 16 deletions
diff --git a/modules/forms/user_form.go b/modules/forms/user_form.go index af36628c30..07733baeba 100644 --- a/modules/forms/user_form.go +++ b/modules/forms/user_form.go @@ -95,23 +95,21 @@ func (f *RegisterForm) Validate(req *http.Request, errs binding.Errors) binding. return middleware.Validate(errs, ctx.Data, f, ctx.Locale) } -// IsEmailDomainWhitelisted validates that the email address -// provided by the user matches what has been configured . -// If the domain whitelist from the config is empty, it marks the -// email as whitelisted -func (f RegisterForm) IsEmailDomainWhitelisted() bool { - if len(setting.Service.EmailDomainWhitelist) == 0 { - return true +// IsEmailDomainListed checks whether the domain of an email address +// matches a list of domains +func IsEmailDomainListed(list []string, email string) bool { + if len(list) == 0 { + return false } - n := strings.LastIndex(f.Email, "@") + n := strings.LastIndex(email, "@") if n <= 0 { return false } - domain := strings.ToLower(f.Email[n+1:]) + domain := strings.ToLower(email[n+1:]) - for _, v := range setting.Service.EmailDomainWhitelist { + for _, v := range list { if strings.ToLower(v) == domain { return true } @@ -120,6 +118,19 @@ func (f RegisterForm) IsEmailDomainWhitelisted() bool { return false } +// IsEmailDomainAllowed validates that the email address +// provided by the user matches what has been configured . +// The email is marked as allowed if it matches any of the +// domains in the whitelist or if it doesn't match any of +// domains in the blocklist, if any such list is not empty. +func (f RegisterForm) IsEmailDomainAllowed() bool { + if len(setting.Service.EmailDomainWhitelist) == 0 { + return !IsEmailDomainListed(setting.Service.EmailDomainBlocklist, f.Email) + } + + return IsEmailDomainListed(setting.Service.EmailDomainWhitelist, f.Email) +} + // MustChangePasswordForm form for updating your password after account creation // by an admin type MustChangePasswordForm struct { diff --git a/modules/forms/user_form_test.go b/modules/forms/user_form_test.go index 6e0518789c..9f67143d12 100644 --- a/modules/forms/user_form_test.go +++ b/modules/forms/user_form_test.go @@ -12,17 +12,17 @@ import ( "github.com/stretchr/testify/assert" ) -func TestRegisterForm_IsDomainWhiteList_Empty(t *testing.T) { +func TestRegisterForm_IsDomainAllowed_Empty(t *testing.T) { _ = setting.Service setting.Service.EmailDomainWhitelist = []string{} form := RegisterForm{} - assert.True(t, form.IsEmailDomainWhitelisted()) + assert.True(t, form.IsEmailDomainAllowed()) } -func TestRegisterForm_IsDomainWhiteList_InvalidEmail(t *testing.T) { +func TestRegisterForm_IsDomainAllowed_InvalidEmail(t *testing.T) { _ = setting.Service setting.Service.EmailDomainWhitelist = []string{"gitea.io"} @@ -37,11 +37,11 @@ func TestRegisterForm_IsDomainWhiteList_InvalidEmail(t *testing.T) { for _, v := range tt { form := RegisterForm{Email: v.email} - assert.False(t, form.IsEmailDomainWhitelisted()) + assert.False(t, form.IsEmailDomainAllowed()) } } -func TestRegisterForm_IsDomainWhiteList_ValidEmail(t *testing.T) { +func TestRegisterForm_IsDomainAllowed_WhitelistedEmail(t *testing.T) { _ = setting.Service setting.Service.EmailDomainWhitelist = []string{"gitea.io"} @@ -59,6 +59,28 @@ func TestRegisterForm_IsDomainWhiteList_ValidEmail(t *testing.T) { for _, v := range tt { form := RegisterForm{Email: v.email} - assert.Equal(t, v.valid, form.IsEmailDomainWhitelisted()) + assert.Equal(t, v.valid, form.IsEmailDomainAllowed()) + } +} + +func TestRegisterForm_IsDomainAllowed_BlocklistedEmail(t *testing.T) { + _ = setting.Service + + setting.Service.EmailDomainWhitelist = []string{} + setting.Service.EmailDomainBlocklist = []string{"gitea.io"} + + tt := []struct { + email string + valid bool + }{ + {"security@gitea.io", false}, + {"security@gitea.example", true}, + {"hdudhdd", true}, + } + + for _, v := range tt { + form := RegisterForm{Email: v.email} + + assert.Equal(t, v.valid, form.IsEmailDomainAllowed()) } } |