0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-23 23:18:48 -05:00

🎉 Add registration domain whitelist for emails

Signed-off-by: Andrey Miskov <amiskov@gmail.com>
This commit is contained in:
Andrey Miskov 2020-03-16 18:55:44 +03:00 committed by Andrey Antukh
parent 394d238f97
commit c663d54eb8
4 changed files with 26 additions and 0 deletions

View file

@ -34,6 +34,7 @@
:smtp-enabled false
:allow-demo-users true
:registration-enabled true
:registration-domain-whitelist ""
:debug-humanize-transit true
})
@ -58,6 +59,7 @@
(s/def ::smtp-enabled ::us/boolean)
(s/def ::allow-demo-users ::us/boolean)
(s/def ::registration-enabled ::us/boolean)
(s/def ::registration-domain-whitelist ::us/string)
(s/def ::debug-humanize-transit ::us/boolean)
(s/def ::config

View file

@ -10,6 +10,7 @@
(ns uxbox.services.mutations.profile
(:require
[clojure.spec.alpha :as s]
[clojure.string :as str]
[datoteka.core :as fs]
[promesa.core :as p]
[promesa.exec :as px]
@ -214,11 +215,23 @@
(s/def ::register-profile
(s/keys :req-un [::email ::password ::fullname]))
(defn email-domain-in-whitelist?
"Returns true if email's domain is in the given whitelist or if given whitelist is an empty string."
[whitelist email]
(if (str/blank? whitelist)
true
(let [domains (str/split whitelist #",\s*")
email-domain (second (str/split email #"@"))]
(contains? (set domains) email-domain))))
(sm/defmutation ::register-profile
[params]
(when-not (:registration-enabled cfg/config)
(ex/raise :type :restriction
:code :registration-disabled))
(when-not (email-domain-in-whitelist? (:registration-domain-whitelist cfg/config) (:email params))
(ex/raise :type :validation
:code ::email-domain-is-not-allowed))
(db/with-atomic [conn db/pool]
(check-profile-existence! conn params)
(-> (register-profile conn params)

View file

@ -18,6 +18,7 @@
[uxbox.db :as db]
[uxbox.services.mutations :as sm]
[uxbox.services.queries :as sq]
[uxbox.services.mutations.profile :as profile]
[uxbox.tests.helpers :as th]))
(t/use-fixtures :once th/state-init)
@ -191,6 +192,15 @@
(t/is (= 0 (count (:result out))))))
))
(t/deftest registration-domain-whitelist
(let [whitelist "gmail.com, hey.com, ya.ru"]
(t/testing "allowed email domain"
(t/is (true? (profile/email-domain-in-whitelist? whitelist "username@ya.ru")))
(t/is (true? (profile/email-domain-in-whitelist? "" "username@somedomain.com"))))
(t/testing "not allowed email domain"
(t/is (false? (profile/email-domain-in-whitelist? whitelist "username@somedomain.com"))))))
;; TODO: profile deletion with teams
;; TODO: profile deletion with owner teams
;; TODO: profile registration

View file

@ -32,6 +32,7 @@ respective defaults):
- `UXBOX_SMTP_TLS=` (defaults to `false`)
- `UXBOX_SMTP_ENABLED=false`
- `UXBOX_REGISTRATION_ENABLED=true`
- `UXBOX_REGISTRATION_DOMAIN_WHITELIST=""` (comma-separated domains, defaults to `""` which means that all domains are allowed)
- `UXBOX_DEBUG_HUMANIZE_TRANSIT=true`