Commit b28d66c3 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'bypass-whitelist-for-external-user' into 'master'

Bypass signup domain validation for external users

Closes #25279

See merge request !8575
parents d01cd84e d9ee55ee
......@@ -119,7 +119,7 @@ class User < ActiveRecord::Base
validates :avatar, file_size: { maximum: 200.kilobytes.to_i }
before_validation :generate_password, on: :create
before_validation :signup_domain_valid?, on: :create
before_validation :signup_domain_valid?, on: :create, if: ->(user) { !user.created_by_id }
before_validation :sanitize_attrs
before_validation :set_notification_email, if: ->(user) { user.email_changed? }
before_validation :set_public_email, if: ->(user) { user.public_email_changed? }
......
---
title: Bypass email domain validation when a user is created by an admin.
merge_request: 8575
author: Reza Mohammadi @remohammadi
# Sign-up restrictions
You can block email addresses of specific domains, or whitelist only some
specifc domains via the **Application Settings** in the Admin area.
>**Note**: These restrictions are only applied during sign-up. An admin is
able to add add a user through the admin panel with a disallowed domain. Also
note that the users can change their email addresses after signup to
disallowed domains.
## Whitelist email domains
> [Introduced][ce-598] in GitLab 7.11.0
You can restrict users to only signup using email addresses matching the given
domains list.
## Blacklist email domains
> [Introduced][ce-5259] in GitLab 8.10.
......@@ -9,13 +24,16 @@ from creating an account on your GitLab server. This is particularly useful to
prevent spam. Disposable email addresses are usually used by malicious users to
create dummy accounts and spam issues.
## Settings
This feature can be activated via the **Application Settings** in the Admin area,
and you have the option of entering the list manually, or uploading a file with
the list.
The blacklist accepts wildcards, so you can use `*.test.com` to block every
`test.com` subdomain, or `*.io` to block all domains ending in `.io`. Domains
should be separated by a whitespace, semicolon, comma, or a new line.
Both whitelist and blacklist accept wildcards, so for example, you can use
`*.company.com` to accept every `company.com` subdomain, or `*.io` to block all
domains ending in `.io`. Domains should be separated by a whitespace,
semicolon, comma, or a new line.
![Domain Blacklist](img/domain_blacklist.png)
......
......@@ -141,6 +141,11 @@ describe User, models: true do
user = build(:user, email: "example@test.com")
expect(user).to be_invalid
end
it 'accepts example@test.com when added by another user' do
user = build(:user, email: "example@test.com", created_by_id: 1)
expect(user).to be_valid
end
end
context 'domain blacklist' do
......@@ -159,6 +164,11 @@ describe User, models: true do
user = build(:user, email: 'info@example.com')
expect(user).not_to be_valid
end
it 'accepts info@example.com when added by another user' do
user = build(:user, email: 'info@example.com', created_by_id: 1)
expect(user).to be_valid
end
end
context 'when a signup domain is blacklisted but a wildcard subdomain is allowed' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment