aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--catdap.yml12
-rw-r--r--lib/CatDap/Controller/register.pm19
2 files changed, 24 insertions, 7 deletions
diff --git a/catdap.yml b/catdap.yml
index ba1c46f..d0df579 100644
--- a/catdap.yml
+++ b/catdap.yml
@@ -33,8 +33,18 @@ Model::User:
register:
login_regex: ^[a-z][a-z0-9]*$
- login_blacklist:
+ login_username_blacklist:
- apache
+ login_domain_blacklist:
+ - armyspy.com
+ - codehot.co.uk
+ - dayrep.com
+ - guerillamail.com
+ - jourrapide.com
+ - rhyta.com
+ - wowring.ru
+ - yopmail.com
+ - zasod.com
forgot_password:
secret:
diff --git a/lib/CatDap/Controller/register.pm b/lib/CatDap/Controller/register.pm
index 2ef3fce..f33130a 100644
--- a/lib/CatDap/Controller/register.pm
+++ b/lib/CatDap/Controller/register.pm
@@ -44,28 +44,35 @@ sub check : Local {
push @errors, $c->loc('Invalid username');
}
my $email = $c->request->params->{mail1};
- if (! Email::Valid->address($email)) {
+ my $email_obj;
+ # This method sanitizes the email address.
+ ($email, $email_obj) = Email::Valid->address($email);
+ if (!$email) {
push @errors, $c->loc('Invalid email address');
}
- if ($email ne $c->request->params->{mail2}) {
+ elsif ($email ne $c->request->params->{mail2}) {
push @errors, $c->loc('Addresses do not match');
}
- if (! $c->validate_captcha($c->req->param('validate'))){
+
+ if (!$c->validate_captcha($c->req->param('validate'))) {
push @errors, $c->loc('Incorrect validation text, please try again');
}
- if ( ! open( my $etcpasswd, "/etc/passwd")) {
+ if (!open(my $etcpasswd, '<', '/etc/passwd')) {
push @errors, $c->loc('Cannot check /etc/passwd, please warn system administrators');
} else {
- if ( grep { /^$username:/ } <$etcpasswd> ) {
+ if (grep { /^$username:/ } <$etcpasswd>) {
push @errors, $c->loc('Invalid username, already used by system');
}
close($etcpasswd);
}
- if ( grep /^$username$/, @{${$c->config}{'register'}{'login_blacklist'}}) {
+ if (grep { /^$username$/ } @{${$c->config}{'register'}{'login_username_blacklist'}}) {
push @errors, $c->loc('Username is not authorized to be used');
}
+ if ($email_obj and grep { $email_obj->host =~ /^\Q$_\E$/i } @{${$c->config}{'register'}{'login_domain_blacklist'}}) {
+ push @errors, $c->loc('Email domain is not authorized to be used');
+ }
if ($c->request->params->{gn} !~ /^[\p{IsAlnum}'\- ]+$/) {
push @errors, $c->loc(