From 4a9a13c055e5f47f627ebc30134e14107d05b867 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Buclin?= <LpSolit@netscape.net>
Date: Wed, 22 Feb 2017 17:48:52 +0100
Subject: Add an email domain blacklist

---
 lib/CatDap/Controller/register.pm | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/CatDap/Controller/register.pm b/lib/CatDap/Controller/register.pm
index 2ef3fce..f33130a 100644
--- a/lib/CatDap/Controller/register.pm
+++ b/lib/CatDap/Controller/register.pm
@@ -44,28 +44,35 @@ sub check : Local {
         push @errors, $c->loc('Invalid username');
     }
     my $email = $c->request->params->{mail1};
-    if (! Email::Valid->address($email)) {
+    my $email_obj;
+    # This method sanitizes the email address.
+    ($email, $email_obj) = Email::Valid->address($email);
+    if (!$email) {
         push @errors, $c->loc('Invalid email address');
     }
-    if ($email ne $c->request->params->{mail2}) {
+    elsif ($email ne $c->request->params->{mail2}) {
         push @errors, $c->loc('Addresses do not match');
     }
-    if (! $c->validate_captcha($c->req->param('validate'))){
+
+    if (!$c->validate_captcha($c->req->param('validate'))) {
         push @errors, $c->loc('Incorrect validation text, please try again');
     }
 
-    if ( ! open( my $etcpasswd, "/etc/passwd")) {
+    if (!open(my $etcpasswd, '<', '/etc/passwd')) {
         push @errors, $c->loc('Cannot check /etc/passwd, please warn system administrators');
     } else {
-        if ( grep { /^$username:/ } <$etcpasswd> ) {
+        if (grep { /^$username:/ } <$etcpasswd>) {
             push @errors, $c->loc('Invalid username, already used by system');
         }
         close($etcpasswd);
     }
 
-    if ( grep /^$username$/, @{${$c->config}{'register'}{'login_blacklist'}}) {
+    if (grep { /^$username$/ } @{${$c->config}{'register'}{'login_username_blacklist'}}) {
         push @errors, $c->loc('Username is not authorized to be used');
     }
+    if ($email_obj and grep { $email_obj->host =~ /^\Q$_\E$/i } @{${$c->config}{'register'}{'login_domain_blacklist'}}) {
+        push @errors, $c->loc('Email domain is not authorized to be used');
+    }
 
     if ($c->request->params->{gn} !~ /^[\p{IsAlnum}'\- ]+$/) {
         push @errors, $c->loc(
-- 
cgit v1.2.1