recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Roadblock users trying to register with external accounts that have invalid emails

Summary:
Ref T3472. Currently, if an install only allows "@mycompany.com" emails and you try to register with an "@personal.com" account, we let you pick an "@mycompany.com" address instead. This is secure: you still have to verify the email. However, it defies user expectation -- it's somewhat confusing that we let you register. Instead, provide a hard roadblock.

(These accounts can still be linked, just not used for registration.)

Test Plan: See screenshot.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3472

Differential Revision: https://secure.phabricator.com/D7571

epriestley cd73fe78 30a51dac

+17 -3
+17 -3
src/applications/auth/controller/PhabricatorAuthRegisterController.php
··· 59 59 $default_realname = $account->getRealName(); 60 60 $default_email = $account->getEmail(); 61 61 if ($default_email) { 62 - // If the account source provided an email but it's not allowed by 63 - // the configuration, just pretend we didn't get an email at all. 62 + // If the account source provided an email, but it's not allowed by 63 + // the configuration, roadblock the user. Previously, we let the user 64 + // pick a valid email address instead, but this does not align well with 65 + // user expectation and it's not clear the cases it enables are valuable. 66 + // See discussion in T3472. 64 67 if (!PhabricatorUserEmail::isAllowedAddress($default_email)) { 65 - $default_email = null; 68 + return $this->renderError( 69 + array( 70 + pht( 71 + 'The account you are attempting to register with has an invalid '. 72 + 'email address (%s). This Phabricator install only allows '. 73 + 'registration with specific email addresses:', 74 + $default_email), 75 + phutil_tag('br'), 76 + phutil_tag('br'), 77 + PhabricatorUserEmail::describeAllowedAddresses(), 78 + )); 66 79 } 67 80 68 81 // If the account source provided an email, but another account already 69 82 // has that email, just pretend we didn't get an email. 70 83 71 84 // TODO: See T3340. 85 + // TODO: See T3472. 72 86 73 87 if ($default_email) { 74 88 $same_email = id(new PhabricatorUserEmail())->loadOneWhere(