Commit ce58437c authored by Patricio Cano's avatar Patricio Cano

Fixed `signup_domain_valid?` flow and added documentation.

parent 8382cff3
...@@ -760,41 +760,31 @@ class User < ActiveRecord::Base ...@@ -760,41 +760,31 @@ class User < ActiveRecord::Base
Project.where(id: events) Project.where(id: events)
end end
def match_domain(email_domains)
email_domains.any? do |domain|
escaped = Regexp.escape(domain).gsub('\*', '.*?')
regexp = Regexp.new "^#{escaped}$", Regexp::IGNORECASE
email_domain = Mail::Address.new(self.email).domain
email_domain =~ regexp
end
end
def signup_domain_valid? def signup_domain_valid?
valid = true valid = true
error = nil
if current_application_settings.domain_blacklist_enabled? if current_application_settings.domain_blacklist_enabled?
blocked_domains = current_application_settings.domain_blacklist blocked_domains = current_application_settings.domain_blacklist
if match_domain(blocked_domains) if match_domain(blocked_domains, self.email)
self.errors.add :email, 'is not from an allowed domain.' error = 'is not from an allowed domain.'
valid = false valid = false
end end
end end
allowed_domains = current_application_settings.restricted_signup_domains allowed_domains = current_application_settings.restricted_signup_domains
unless allowed_domains.blank? unless allowed_domains.blank?
if match_domain(allowed_domains) if match_domain(allowed_domains, self.email)
self.errors.clear
valid = true valid = true
else else
self.errors.add :email, error = "is not whitelisted. Email domains valid for registration are: #{allowed_domains.join(', ')}"
'is not whitelisted. ' +
'Email domains valid for registration are: ' +
allowed_domains.join(', ')
valid = false valid = false
end end
end end
return valid self.errors.add(:email, error) unless valid
valid
end end
def can_be_removed? def can_be_removed?
...@@ -895,4 +885,15 @@ class User < ActiveRecord::Base ...@@ -895,4 +885,15 @@ class User < ActiveRecord::Base
self.can_create_group = false self.can_create_group = false
self.projects_limit = 0 self.projects_limit = 0
end end
private
def match_domain(email_domains, email)
signup_domain = Mail::Address.new(email).domain
email_domains.any? do |domain|
escaped = Regexp.escape(domain).gsub('\*', '.*?')
regexp = Regexp.new "^#{escaped}$", Regexp::IGNORECASE
signup_domain =~ regexp
end
end
end end
# Access Restrictions # Access Restrictions
> **Note:** This feature is only available on versions 8.10 and above. > **Note:** These features are only available on versions 8.10 and above.
With GitLab's Access restrictions you can choose which Git access protocols you With GitLab's Access restrictions you can choose which Git access protocols you
want your users to use to communicate with GitLab. This feature can be enabled want your users to use to communicate with GitLab. This feature can be enabled
...@@ -36,3 +36,21 @@ not selected. ...@@ -36,3 +36,21 @@ not selected.
block access to the server itself. The ports used for the protocol, be it SSH or block access to the server itself. The ports used for the protocol, be it SSH or
HTTP, will still be accessible. What GitLab does is restrict access on the HTTP, will still be accessible. What GitLab does is restrict access on the
application level. application level.
## Blacklist email domains
With this feature enabled, you can block email addresses of an specific domain
from creating an account on your GitLab server. This is particularly useful to
prevent spam. Disposable email addresses are usually used by malicious users to
create dummy accounts and spam issues.
This feature can be activated via the `Application Settings` in the Admin area,
and you have the option of entering the list manually, or uploading a file with
the list.
The blacklist accepts wildcards, so you can use `*.test.com` to block every
`test.com` subdomain, or `*.io` to block all domains ending in `.io`. Domains
should be separated by a whitespace, semicolon, comma, or a new line.
![Domain Blacklist](img/domain_blacklist.png)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment