🎉 Add registration domain whitelist for emails

Signed-off-by: Andrey Miskov <amiskov@gmail.com>
2025-01-08 07:50:43 -05:00 · 2020-03-16 18:55:44 +03:00 · 2020-03-16 18:55:44 +03:00 · c663d54eb8
commit c663d54eb8
parent 394d238f97
4 changed files with 26 additions and 0 deletions
--- a/backend/src/uxbox/config.clj
+++ b/backend/src/uxbox/config.clj
@ -34,6 +34,7 @@
   :smtp-enabled false
   :allow-demo-users true
   :registration-enabled true
+   :registration-domain-whitelist ""
   :debug-humanize-transit true
   })

@ -58,6 +59,7 @@
 (s/def ::smtp-enabled ::us/boolean)
 (s/def ::allow-demo-users ::us/boolean)
 (s/def ::registration-enabled ::us/boolean)
+(s/def ::registration-domain-whitelist ::us/string)
 (s/def ::debug-humanize-transit ::us/boolean)

 (s/def ::config
--- a/backend/src/uxbox/services/mutations/profile.clj
+++ b/backend/src/uxbox/services/mutations/profile.clj
@ -10,6 +10,7 @@
 (ns uxbox.services.mutations.profile
  (:require
   [clojure.spec.alpha :as s]
+   [clojure.string :as str]
   [datoteka.core :as fs]
   [promesa.core :as p]
   [promesa.exec :as px]
@ -214,11 +215,23 @@
 (s/def ::register-profile
  (s/keys :req-un [::email ::password ::fullname]))

+(defn email-domain-in-whitelist?
+  "Returns true if email's domain is in the given whitelist or if given whitelist is an empty string."
+  [whitelist email]
+  (if (str/blank? whitelist)
+    true
+    (let [domains (str/split whitelist #",\s*")
+          email-domain (second (str/split email #"@"))]
+      (contains? (set domains) email-domain))))
+
 (sm/defmutation ::register-profile
  [params]
  (when-not (:registration-enabled cfg/config)
    (ex/raise :type :restriction
              :code :registration-disabled))
+  (when-not (email-domain-in-whitelist? (:registration-domain-whitelist cfg/config) (:email params))
+    (ex/raise :type :validation
+              :code ::email-domain-is-not-allowed))
  (db/with-atomic [conn db/pool]
    (check-profile-existence! conn params)
    (-> (register-profile conn params)
--- a/backend/tests/uxbox/tests/test_services_profile.clj
+++ b/backend/tests/uxbox/tests/test_services_profile.clj
@ -18,6 +18,7 @@
   [uxbox.db :as db]
   [uxbox.services.mutations :as sm]
   [uxbox.services.queries :as sq]
+   [uxbox.services.mutations.profile :as profile]
   [uxbox.tests.helpers :as th]))

 (t/use-fixtures :once th/state-init)
@ -191,6 +192,15 @@
        (t/is (= 0 (count (:result out))))))
    ))

+(t/deftest registration-domain-whitelist
+  (let [whitelist "gmail.com, hey.com, ya.ru"]
+    (t/testing "allowed email domain"
+      (t/is (true? (profile/email-domain-in-whitelist? whitelist "username@ya.ru")))
+      (t/is (true? (profile/email-domain-in-whitelist? "" "username@somedomain.com"))))
+
+    (t/testing "not allowed email domain"
+      (t/is (false? (profile/email-domain-in-whitelist? whitelist "username@somedomain.com"))))))
+
 ;; TODO: profile deletion with teams
 ;; TODO: profile deletion with owner teams
 ;; TODO: profile registration
--- a/docs/05-Management-Guide.md
+++ b/docs/05-Management-Guide.md
@ -32,6 +32,7 @@ respective defaults):
 - `UXBOX_SMTP_TLS=`      (defaults to `false`)
 - `UXBOX_SMTP_ENABLED=false`
 - `UXBOX_REGISTRATION_ENABLED=true`
+- `UXBOX_REGISTRATION_DOMAIN_WHITELIST=""` (comma-separated domains, defaults to `""` which means that all domains are allowed)
 - `UXBOX_DEBUG_HUMANIZE_TRANSIT=true`