add blacklist emails

config/defaults.json

@@ -57,6 +57,7 @@
   },
   "recaptchaSite": "",
   "recaptchaSecret": "",
+  "blackListEmails": [],
   "client": [
     "protocol",
     "host",

lib/api/signup/index.js

@@ -38,6 +38,7 @@ app.post('/signup', function (req, res) {
   profile.locale = config.enforceLocale ? config.locale : l10n.requestLocale(req)
 
   signup.doSignUp(profile, meta, function (err) {
+    console.log('signup.doSignUp', err)
     if (err) return res.status(400).json({ error: err.message })
     return res.json(200)
   })

lib/api/signup/lib/signup.js

@@ -24,43 +24,70 @@ var User = require('lib/models').User
  */
 
 exports.doSignUp = function doSignUp (profile, meta, callback) {
-  var captchaResponse = profile['g-recaptcha-response']
-  if (!captchaResponse) return callback({ message: 'error captcha response empty' })
-
-  request(`https://www.google.com/recaptcha/api/siteverify?response=${captchaResponse}&secret=${config.recaptchaSecret}`, function (err, res, body) {
-    if (err) return callback({ message: 'error captcha server validation' })
-    var success
-    try {
-      success = (JSON.parse(body)).success
-    } catch (err) {
-      console.log(err)
-      success = false
-    }
-    if (!success) return callback({ message: 'captcha server validation failed' })
-    delete profile['g-recaptcha-response']
-    profile.email = normalizeEmail(profile.email)
-    var user = new User(profile)
+  validateCaptcha(profile['g-recaptcha-response'])
+    .then(() => blackListedEmails(profile.email))
+    .then(() => {
+      profile.email = normalizeEmail(profile.email)
+      var user = new User(profile)
 
-    log('new user [%s] from Local signup [%s]', user.id, profile.email)
+      log('new user [%s] from Local signup [%s]', user.id, profile.email)
 
-    user.reference = profile.reference
+      user.reference = profile.reference
 
-    // Override validation mechanism for development environments
-    if (config.env === 'development') user.emailValidated = true
+      // Override validation mechanism for development environments
+      if (config.env === 'development') user.emailValidated = true
 
-    var strategy = new SignupStrategy().use(emailWhitelisting)
+      var strategy = new SignupStrategy().use(emailWhitelisting)
 
-    strategy.signup(user, function (err) {
-      if (err) return callback(err)
-      User.register(user, profile.password, function (err, user) {
+      strategy.signup(user, function (err) {
         if (err) return callback(err)
-        log('Saved user [%s]', user.id)
-        sendValidationEmail(user, 'signup', meta, callback)
+        User.register(user, profile.password, function (err, user) {
+          if (err) return callback(err)
+          log('Saved user [%s]', user.id)
+          sendValidationEmail(user, 'signup', meta, callback)
+        })
       })
     })
+    .catch(callback)
+}
+
+/**
+ * Validates captcha
+ *
+ * @param {String} captchaResponse contains recaptcha response key
+ * @api private
+ */
+
+function validateCaptcha (captchaResponse) {
+  return new Promise(function (resolve, reject) {
+    if (!captchaResponse) return reject({ message: 'error captcha response empty' })
+    request(`https://www.google.com/recaptcha/api/siteverify?response=${captchaResponse}&secret=${config.recaptchaSecret}`, function (err, res, body) {
+      if (err) return reject({ message: 'error captcha server validation' })
+      var success
+      try {
+        success = (JSON.parse(body)).success
+      } catch (err) {
+        success = false
+      }
+      if (!success) return reject({ message: 'captcha server validation failed' })
+      return resolve()
+    })
   })
 }
 
+/**
+ * Validates black listed email domain
+ *
+ * @param {String} email new user email
+ * @api private
+ */
+
+function blackListedEmails (email) {
+  var domain = email.split('@')[1]
+  if (config.blackListEmails.includes(domain)) return Promise.reject({ message: 'black listed email' })
+  return Promise.resolve()
+}
+
 /**
  * Validates user email if a valid token is provided
  *

lib/site/sign-up/component.js

@@ -57,6 +57,7 @@ export default class SignUp extends Component {
   }
 
   onFail (err) {
+    this.captcha.execute()
     this.setState({ loading: false, errors: err })
   }