From 4a9a13c055e5f47f627ebc30134e14107d05b867 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= <LpSolit@netscape.net>
Date: Wed, 22 Feb 2017 17:48:52 +0100
Subject: Add an email domain blacklist

---
 catdap.yml                        | 12 +++++++++++-
 lib/CatDap/Controller/register.pm | 19 +++++++++++++------
 2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/catdap.yml b/catdap.yml
index ba1c46f..d0df579 100644
--- a/catdap.yml
+++ b/catdap.yml
@@ -33,8 +33,18 @@ Model::User:
 
 register:
         login_regex: ^[a-z][a-z0-9]*$
-        login_blacklist:
+        login_username_blacklist:
                 - apache
+        login_domain_blacklist:
+                - armyspy.com
+                - codehot.co.uk
+                - dayrep.com
+                - guerillamail.com
+                - jourrapide.com
+                - rhyta.com
+                - wowring.ru
+                - yopmail.com
+                - zasod.com
 
 forgot_password:
         secret:
diff --git a/lib/CatDap/Controller/register.pm b/lib/CatDap/Controller/register.pm
index 2ef3fce..f33130a 100644
--- a/lib/CatDap/Controller/register.pm
+++ b/lib/CatDap/Controller/register.pm
@@ -44,28 +44,35 @@ sub check : Local {
         push @errors, $c->loc('Invalid username');
     }
     my $email = $c->request->params->{mail1};
-    if (! Email::Valid->address($email)) {
+    my $email_obj;
+    # This method sanitizes the email address.
+    ($email, $email_obj) = Email::Valid->address($email);
+    if (!$email) {
         push @errors, $c->loc('Invalid email address');
     }
-    if ($email ne $c->request->params->{mail2}) {
+    elsif ($email ne $c->request->params->{mail2}) {
         push @errors, $c->loc('Addresses do not match');
     }
-    if (! $c->validate_captcha($c->req->param('validate'))){
+
+    if (!$c->validate_captcha($c->req->param('validate'))) {
         push @errors, $c->loc('Incorrect validation text, please try again');
     }
 
-    if ( ! open( my $etcpasswd, "/etc/passwd")) {
+    if (!open(my $etcpasswd, '<', '/etc/passwd')) {
         push @errors, $c->loc('Cannot check /etc/passwd, please warn system administrators');
     } else {
-        if ( grep { /^$username:/ } <$etcpasswd> ) {
+        if (grep { /^$username:/ } <$etcpasswd>) {
             push @errors, $c->loc('Invalid username, already used by system');
         }
         close($etcpasswd);
     }
 
-    if ( grep /^$username$/, @{${$c->config}{'register'}{'login_blacklist'}}) {
+    if (grep { /^$username$/ } @{${$c->config}{'register'}{'login_username_blacklist'}}) {
         push @errors, $c->loc('Username is not authorized to be used');
     }
+    if ($email_obj and grep { $email_obj->host =~ /^\Q$_\E$/i } @{${$c->config}{'register'}{'login_domain_blacklist'}}) {
+        push @errors, $c->loc('Email domain is not authorized to be used');
+    }
 
     if ($c->request->params->{gn} !~ /^[\p{IsAlnum}'\- ]+$/) {
         push @errors, $c->loc(
-- 
cgit v1.2.1