···1616 "code.gitea.io/gitea/modules/log"
1717 "code.gitea.io/gitea/modules/setting"
1818 "code.gitea.io/gitea/modules/util"
1919+ "code.gitea.io/gitea/modules/validation"
19202021 "xorm.io/builder"
2122)
···161162 return ErrEmailInvalid{email}
162163 }
163164164164- // TODO: add an email allow/block list
165165+ // if there is no allow list, then check email against block list
166166+ if len(setting.Service.EmailDomainAllowList) == 0 &&
167167+ validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
168168+ return ErrEmailInvalid{email}
169169+ }
170170+171171+ // if there is an allow list, then check email against allow list
172172+ if len(setting.Service.EmailDomainAllowList) > 0 &&
173173+ !validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
174174+ return ErrEmailInvalid{email}
175175+ }
165176166177 return nil
167178}
+25
modules/validation/helpers.go
···1010 "strings"
11111212 "code.gitea.io/gitea/modules/setting"
1313+1414+ "github.com/gobwas/glob"
1315)
14161517var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`)
···4547 return true
4648 }
4749 }
5050+ return false
5151+}
5252+5353+// IsEmailDomainListed checks whether the domain of an email address
5454+// matches a list of domains
5555+func IsEmailDomainListed(globs []glob.Glob, email string) bool {
5656+ if len(globs) == 0 {
5757+ return false
5858+ }
5959+6060+ n := strings.LastIndex(email, "@")
6161+ if n <= 0 {
6262+ return false
6363+ }
6464+6565+ domain := strings.ToLower(email[n+1:])
6666+6767+ for _, g := range globs {
6868+ if g.Match(domain) {
6969+ return true
7070+ }
7171+ }
7272+4873 return false
4974}
5075
+3-26
services/forms/user_form.go
···1313 "code.gitea.io/gitea/modules/context"
1414 "code.gitea.io/gitea/modules/setting"
1515 "code.gitea.io/gitea/modules/structs"
1616+ "code.gitea.io/gitea/modules/validation"
1617 "code.gitea.io/gitea/modules/web/middleware"
17181819 "gitea.com/go-chi/binding"
1919- "github.com/gobwas/glob"
2020)
21212222// InstallForm form for installation page
···103103 return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
104104}
105105106106-// IsEmailDomainListed checks whether the domain of an email address
107107-// matches a list of domains
108108-func IsEmailDomainListed(globs []glob.Glob, email string) bool {
109109- if len(globs) == 0 {
110110- return false
111111- }
112112-113113- n := strings.LastIndex(email, "@")
114114- if n <= 0 {
115115- return false
116116- }
117117-118118- domain := strings.ToLower(email[n+1:])
119119-120120- for _, g := range globs {
121121- if g.Match(domain) {
122122- return true
123123- }
124124- }
125125-126126- return false
127127-}
128128-129106// IsEmailDomainAllowed validates that the email address
130107// provided by the user matches what has been configured .
131108// The email is marked as allowed if it matches any of the
···133110// domains in the blocklist, if any such list is not empty.
134111func (f *RegisterForm) IsEmailDomainAllowed() bool {
135112 if len(setting.Service.EmailDomainAllowList) == 0 {
136136- return !IsEmailDomainListed(setting.Service.EmailDomainBlockList, f.Email)
113113+ return !validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, f.Email)
137114 }
138115139139- return IsEmailDomainListed(setting.Service.EmailDomainAllowList, f.Email)
116116+ return validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, f.Email)
140117}
141118142119// MustChangePasswordForm form for updating your password after account creation