From 45976a1bdeb511d33016fdf6f906c06d995064ce Mon Sep 17 00:00:00 2001
From: techknowlogick <techknowlogick@gitea.io>
Date: Wed, 30 Aug 2023 11:46:49 -0400
Subject: Check blocklist for emails when adding them to account (#26812)

---
 models/user/email_address.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'models')

diff --git a/models/user/email_address.go b/models/user/email_address.go
index e310858f92..e916249e30 100644
--- a/models/user/email_address.go
+++ b/models/user/email_address.go
@@ -16,6 +16,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/validation"
 
 	"xorm.io/builder"
 )
@@ -161,7 +162,17 @@ func ValidateEmail(email string) error {
 		return ErrEmailInvalid{email}
 	}
 
-	// TODO: add an email allow/block list
+	// if there is no allow list, then check email against block list
+	if len(setting.Service.EmailDomainAllowList) == 0 &&
+		validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
+		return ErrEmailInvalid{email}
+	}
+
+	// if there is an allow list, then check email against allow list
+	if len(setting.Service.EmailDomainAllowList) > 0 &&
+		!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
+		return ErrEmailInvalid{email}
+	}
 
 	return nil
 }
-- 
cgit v1.2.3