Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-24 10:46:10 +01:00

merge with HEAD

This commit is contained in:
Michael Jerger 2024-11-20 08:20:33 +01:00
parent bc088cc989
commit 109d09de1a
2 changed files with 78 additions and 4 deletions

View file

@ -7,6 +7,7 @@ package validation
import ( import (
"fmt" "fmt"
"net/mail" "net/mail"
"net/url"
"regexp" "regexp"
"strings" "strings"
@ -100,11 +101,40 @@ func validateEmailDomain(email string) error {
} }
func IsEmailDomainAllowed(email string) bool { func IsEmailDomainAllowed(email string) bool {
if len(setting.Service.EmailDomainAllowList) == 0 { return isEmailDomainAllowedInternal(
return !isEmailDomainListed(setting.Service.EmailDomainBlockList, email) email,
} setting.Service.EmailDomainAllowList,
setting.Service.EmailDomainBlockList,
setting.Federation.Enabled,
setting.AppURL)
}
return isEmailDomainListed(setting.Service.EmailDomainAllowList, email) func isEmailDomainAllowedInternal(
email string,
emailDomainAllowList []glob.Glob,
emailDomainBlockList []glob.Glob,
isFederation bool,
fqdn string,
) bool {
var result bool
if len(emailDomainAllowList) == 0 {
result = !isEmailDomainListed(emailDomainBlockList, email)
} else if isFederation {
localFqdn, err := url.ParseRequestURI(fqdn)
if err != nil {
return false
}
globber, err := glob.Compile(localFqdn.Hostname(), ',')
if err != nil {
return false
}
emailDomainAllowList = append(emailDomainAllowList, globber)
result = isEmailDomainListed(emailDomainAllowList, email)
} else {
result = isEmailDomainListed(emailDomainAllowList, email)
}
return result
} }
// isEmailDomainListed checks whether the domain of an email address // isEmailDomainListed checks whether the domain of an email address

View file

@ -6,6 +6,7 @@ package validation
import ( import (
"testing" "testing"
"github.com/gobwas/glob"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
) )
@ -65,3 +66,46 @@ func TestEmailAddressValidate(t *testing.T) {
}) })
} }
} }
func TestEmailDomainAllowList(t *testing.T) {
res := IsEmailDomainAllowed("someuser@localhost.localdomain")
assert.True(t, res)
}
func TestEmailDomainAllowListInternal(t *testing.T) {
domain, _ := glob.Compile("domain.de", ',')
emailDomainAllowList := []glob.Glob{domain}
emailDomainBlockList := []glob.Glob{}
res := isEmailDomainAllowedInternal(
"user@repo.domain.de",
emailDomainAllowList,
emailDomainBlockList,
false,
"https://repo.domain.de")
assert.False(t, res)
res = isEmailDomainAllowedInternal(
"user@repo.domain.de",
emailDomainAllowList,
emailDomainBlockList,
true,
"xttps://repo")
assert.False(t, res)
res = isEmailDomainAllowedInternal(
"user@repo.Domain.de",
emailDomainAllowList,
emailDomainBlockList,
true,
"https://repo.domain.de")
assert.True(t, res)
res = isEmailDomainAllowedInternal(
"user@repo.domain.de",
emailDomainAllowList,
emailDomainBlockList,
true,
"https://repo.domain.de")
assert.True(t, res)
}