diff --git a/backend/src/uxbox/config.clj b/backend/src/uxbox/config.clj index 665959869..88a7fc3f6 100644 --- a/backend/src/uxbox/config.clj +++ b/backend/src/uxbox/config.clj @@ -34,6 +34,7 @@ :smtp-enabled false :allow-demo-users true :registration-enabled true + :registration-domain-whitelist "" :debug-humanize-transit true }) @@ -58,6 +59,7 @@ (s/def ::smtp-enabled ::us/boolean) (s/def ::allow-demo-users ::us/boolean) (s/def ::registration-enabled ::us/boolean) +(s/def ::registration-domain-whitelist ::us/string) (s/def ::debug-humanize-transit ::us/boolean) (s/def ::config diff --git a/backend/src/uxbox/services/mutations/profile.clj b/backend/src/uxbox/services/mutations/profile.clj index b06bc1648..b2ed333fe 100644 --- a/backend/src/uxbox/services/mutations/profile.clj +++ b/backend/src/uxbox/services/mutations/profile.clj @@ -10,6 +10,7 @@ (ns uxbox.services.mutations.profile (:require [clojure.spec.alpha :as s] + [clojure.string :as str] [datoteka.core :as fs] [promesa.core :as p] [promesa.exec :as px] @@ -214,11 +215,23 @@ (s/def ::register-profile (s/keys :req-un [::email ::password ::fullname])) +(defn email-domain-in-whitelist? + "Returns true if email's domain is in the given whitelist or if given whitelist is an empty string." + [whitelist email] + (if (str/blank? whitelist) + true + (let [domains (str/split whitelist #",\s*") + email-domain (second (str/split email #"@"))] + (contains? (set domains) email-domain)))) + (sm/defmutation ::register-profile [params] (when-not (:registration-enabled cfg/config) (ex/raise :type :restriction :code :registration-disabled)) + (when-not (email-domain-in-whitelist? (:registration-domain-whitelist cfg/config) (:email params)) + (ex/raise :type :validation + :code ::email-domain-is-not-allowed)) (db/with-atomic [conn db/pool] (check-profile-existence! conn params) (-> (register-profile conn params) diff --git a/backend/tests/uxbox/tests/test_services_profile.clj b/backend/tests/uxbox/tests/test_services_profile.clj index 8d5cd1384..5f0c6d7fa 100644 --- a/backend/tests/uxbox/tests/test_services_profile.clj +++ b/backend/tests/uxbox/tests/test_services_profile.clj @@ -18,6 +18,7 @@ [uxbox.db :as db] [uxbox.services.mutations :as sm] [uxbox.services.queries :as sq] + [uxbox.services.mutations.profile :as profile] [uxbox.tests.helpers :as th])) (t/use-fixtures :once th/state-init) @@ -191,6 +192,15 @@ (t/is (= 0 (count (:result out)))))) )) +(t/deftest registration-domain-whitelist + (let [whitelist "gmail.com, hey.com, ya.ru"] + (t/testing "allowed email domain" + (t/is (true? (profile/email-domain-in-whitelist? whitelist "username@ya.ru"))) + (t/is (true? (profile/email-domain-in-whitelist? "" "username@somedomain.com")))) + + (t/testing "not allowed email domain" + (t/is (false? (profile/email-domain-in-whitelist? whitelist "username@somedomain.com")))))) + ;; TODO: profile deletion with teams ;; TODO: profile deletion with owner teams ;; TODO: profile registration diff --git a/docs/05-Management-Guide.md b/docs/05-Management-Guide.md index 5456f0da8..ecd136f87 100644 --- a/docs/05-Management-Guide.md +++ b/docs/05-Management-Guide.md @@ -32,6 +32,7 @@ respective defaults): - `UXBOX_SMTP_TLS=` (defaults to `false`) - `UXBOX_SMTP_ENABLED=false` - `UXBOX_REGISTRATION_ENABLED=true` +- `UXBOX_REGISTRATION_DOMAIN_WHITELIST=""` (comma-separated domains, defaults to `""` which means that all domains are allowed) - `UXBOX_DEBUG_HUMANIZE_TRANSIT=true`