Email blacklist (#419)

2017-11-23 03:19:47 +02:00 · 2017-11-23 03:19:47 +02:00 · 7f9dc622b1
parent 1f31427e5e
commit 7f9dc622b1
2 changed files with 32 additions and 0 deletions
--- a/config.example.py
+++ b/config.example.py
@ -1,4 +1,5 @@
 import os
+import re

 DEBUG = True

@ -44,6 +45,19 @@ ENABLE_SHOW_STATS = True
 # Depends on email support!
 ALLOW_PASSWORD_RESET = True

+# A list of strings or compiled regexes to deny registering emails by.
+# Regexes will be .search()'d against emails,
+# while strings will be a simple 'string in email.lower()' check.
+# Leave empty to disable the blacklist.
+EMAIL_BLACKLIST = (
+    # Hotmail completely rejects "untrusted" emails,
+    # so it's less of a headache to blacklist them as users can't receive the mails anyway.
+    re.compile(r'(?i)@((hotmail|live|msn|outlook|passport)\.com|passport\.net)'),
+    re.compile(r'(?i)@outlook\.(at|be|cl|co\.(id|il|nz|th)|com\.(ar|au|br|gr|pe|tr|vn)|cz|de|dk|es|fr|hu|ie|in|it|jp|kr|lv|my|ph|pt|sa|sg|sk)'),
+    # '@dodgydomain.tk'
+)
+
+
 # Recaptcha keys (https://www.google.com/recaptcha)
 RECAPTCHA_PUBLIC_KEY = '***'
 RECAPTCHA_PRIVATE_KEY = '***'
--- a/nyaa/forms.py
+++ b/nyaa/forms.py
@ -69,6 +69,23 @@ def upload_recaptcha_validator_shim(form, field):
        return True


+def register_email_validator(form, field):
+    email_blacklist = app.config.get('EMAIL_BLACKLIST', [])
+    email = field.data.strip()
+    validation_exception = StopValidation('Blacklisted email provider')
+
+    for item in email_blacklist:
+        if isinstance(item, re._pattern_type):
+            if item.search(email):
+                raise validation_exception
+        elif isinstance(item, str):
+            if item in email.lower():
+                raise validation_exception
+        else:
+            raise Exception('Unexpected email validator type {!r} ({!r})'.format(type(item), item))
+    return True
+
+
 _username_validator = Regexp(
    r'^[a-zA-Z0-9_\-]+$',
    message='Your username must only consist of alphanumerics and _- (a-zA-Z0-9_-)')
@ -112,6 +129,7 @@ class RegisterForm(FlaskForm):
        Email(),
        DataRequired(),
        Length(min=5, max=128),
+        register_email_validator,
        Unique(User, User.email, 'Email already in use by another account')
    ])