mirror of
https://github.com/mastodon/mastodon.git
synced 2024-10-21 09:06:10 +00:00
b3ceb3dcc4
Prevent new accounts from being created using the same underlying e-mail as a suspended account using extensions and period permutations. Stores e-mails as a SHA256 hash
45 lines
1.2 KiB
Ruby
45 lines
1.2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class BlacklistedEmailValidator < ActiveModel::Validator
|
|
def validate(user)
|
|
return if user.valid_invitation? || user.email.blank?
|
|
|
|
@email = user.email
|
|
|
|
user.errors.add(:email, :blocked) if blocked_email_provider?
|
|
user.errors.add(:email, :taken) if blocked_canonical_email?
|
|
end
|
|
|
|
private
|
|
|
|
def blocked_email_provider?
|
|
disallowed_through_email_domain_block? || disallowed_through_configuration? || not_allowed_through_configuration?
|
|
end
|
|
|
|
def blocked_canonical_email?
|
|
CanonicalEmailBlock.block?(@email)
|
|
end
|
|
|
|
def disallowed_through_email_domain_block?
|
|
EmailDomainBlock.block?(@email)
|
|
end
|
|
|
|
def not_allowed_through_configuration?
|
|
return false if Rails.configuration.x.email_domains_whitelist.blank?
|
|
|
|
domains = Rails.configuration.x.email_domains_whitelist.gsub('.', '\.')
|
|
regexp = Regexp.new("@(.+\\.)?(#{domains})$", true)
|
|
|
|
@email !~ regexp
|
|
end
|
|
|
|
def disallowed_through_configuration?
|
|
return false if Rails.configuration.x.email_domains_blacklist.blank?
|
|
|
|
domains = Rails.configuration.x.email_domains_blacklist.gsub('.', '\.')
|
|
regexp = Regexp.new("@(.+\\.)?(#{domains})", true)
|
|
|
|
regexp.match?(@email)
|
|
end
|
|
end
|