Allow blocking some email domains from registering an account #14667
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add a new configuration setting EMAIL_DOMAIN_BLACKLIST, which accepts a comma-separated lsit of email domains that should not be allowed to register an account on the instance. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Document the EMAIL_DOMAIN_BLACKLIST setting in the configuration cheat sheet and the sample configuration file. Also mention it in the FAQ as one of the ways to mitigate spam accounts. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
6543
reviewed
Feb 13, 2021
GiteaBot
added
the
lgtm/need 2
6543
reviewed
Feb 13, 2021
6543
reviewed
Feb 13, 2021
6543
added
the
type/feature
Rename the EMAIL_DOMAIN_BLACKLIST setting to EMAIL_DOMAIN_BLOCKLIST. Change all references in the code and docs accordingly. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Avoid code duplication by using a helper function to check whether an email domain is in a given list. Rename IsEmailDomainWhitelisted to IsEmailDomainAllowed, to better reflect the new semantics of that method which is now checking against either a whitelist or a blocklist. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Add a test fixture for the new email domain blocklist setting. Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
6543
approved these changes
Feb 14, 2021
GiteaBot
added
lgtm/need 1
lafriks
approved these changes
Feb 14, 2021
GiteaBot
added
lgtm/done
|
🚀 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are forbidden to register an account.
The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that.
The rationale is that, in my experience of running a Gitea instance, a single email domain is responsible for most of the spam accounts, and for all of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful.
close #13628