diff options
-rw-r--r-- | catdap.yml | 12 | ||||
-rw-r--r-- | lib/CatDap/Controller/register.pm | 19 |
2 files changed, 24 insertions, 7 deletions
@@ -33,8 +33,18 @@ Model::User: register: login_regex: ^[a-z][a-z0-9]*$ - login_blacklist: + login_username_blacklist: - apache + login_domain_blacklist: + - armyspy.com + - codehot.co.uk + - dayrep.com + - guerillamail.com + - jourrapide.com + - rhyta.com + - wowring.ru + - yopmail.com + - zasod.com forgot_password: secret: diff --git a/lib/CatDap/Controller/register.pm b/lib/CatDap/Controller/register.pm index 2ef3fce..f33130a 100644 --- a/lib/CatDap/Controller/register.pm +++ b/lib/CatDap/Controller/register.pm @@ -44,28 +44,35 @@ sub check : Local { push @errors, $c->loc('Invalid username'); } my $email = $c->request->params->{mail1}; - if (! Email::Valid->address($email)) { + my $email_obj; + # This method sanitizes the email address. + ($email, $email_obj) = Email::Valid->address($email); + if (!$email) { push @errors, $c->loc('Invalid email address'); } - if ($email ne $c->request->params->{mail2}) { + elsif ($email ne $c->request->params->{mail2}) { push @errors, $c->loc('Addresses do not match'); } - if (! $c->validate_captcha($c->req->param('validate'))){ + + if (!$c->validate_captcha($c->req->param('validate'))) { push @errors, $c->loc('Incorrect validation text, please try again'); } - if ( ! open( my $etcpasswd, "/etc/passwd")) { + if (!open(my $etcpasswd, '<', '/etc/passwd')) { push @errors, $c->loc('Cannot check /etc/passwd, please warn system administrators'); } else { - if ( grep { /^$username:/ } <$etcpasswd> ) { + if (grep { /^$username:/ } <$etcpasswd>) { push @errors, $c->loc('Invalid username, already used by system'); } close($etcpasswd); } - if ( grep /^$username$/, @{${$c->config}{'register'}{'login_blacklist'}}) { + if (grep { /^$username$/ } @{${$c->config}{'register'}{'login_username_blacklist'}}) { push @errors, $c->loc('Username is not authorized to be used'); } + if ($email_obj and grep { $email_obj->host =~ /^\Q$_\E$/i } @{${$c->config}{'register'}{'login_domain_blacklist'}}) { + push @errors, $c->loc('Email domain is not authorized to be used'); + } if ($c->request->params->{gn} !~ /^[\p{IsAlnum}'\- ]+$/) { push @errors, $c->loc( |