Add a config option to whitelist users registration

Through whole email or domain email Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2019-12-17 12:09:24 +01:00
parent deed070b24
commit d552fcb2d3
19 changed files with 351 additions and 212 deletions
--- a/lib/mobilizon/config.ex
+++ b/lib/mobilizon/config.ex
@@ -21,6 +21,12 @@ defmodule Mobilizon.Config do
  @spec instance_registrations_open? :: boolean
  def instance_registrations_open?, do: to_boolean(instance_config()[:registrations_open])

+  @spec instance_registrations_whitelist :: list(String.t())
+  def instance_registrations_whitelist, do: instance_config()[:registration_email_whitelist]
+
+  @spec instance_registrations_whitelist? :: boolean
+  def instance_registrations_whitelist?, do: length(instance_registrations_whitelist()) > 0
+
  @spec instance_demo_mode? :: boolean
  def instance_demo_mode?, do: to_boolean(instance_config()[:demo])

--- a/lib/mobilizon_web/resolvers/config.ex
+++ b/lib/mobilizon_web/resolvers/config.ex
@@ -30,6 +30,7 @@ defmodule MobilizonWeb.Resolvers.Config do
     %{
       name: Config.instance_name(),
       registrations_open: Config.instance_registrations_open?(),
+       registrations_whitelist: Config.instance_registrations_whitelist?(),
       demo_mode: Config.instance_demo_mode?(),
       description: Config.instance_description(),
       location: location,
--- a/lib/mobilizon_web/resolvers/user.ex
+++ b/lib/mobilizon_web/resolvers/user.ex
@@ -116,20 +116,46 @@ defmodule MobilizonWeb.Resolvers.User do
  """
  @spec create_user(any(), map(), any()) :: tuple()
  def create_user(_parent, args, _resolution) do
-    with {:registrations_open, true} <-
-           {:registrations_open, Config.instance_registrations_open?()},
+    with :registration_ok <- check_registration_config(args),
         {:ok, %User{} = user} <- Users.register(args) do
      Activation.send_confirmation_email(user, Map.get(args, :locale, "en"))
      {:ok, user}
    else
-      {:registrations_open, false} ->
+      :registration_closed ->
        {:error, "Registrations are not enabled"}

+      :not_whitelisted ->
+        {:error, "Your email is not on the whitelist"}
+
      error ->
        error
    end
  end

+  @spec check_registration_config(map()) :: atom()
+  defp check_registration_config(%{email: email}) do
+    cond do
+      Config.instance_registrations_open?() ->
+        :registration_ok
+
+      Config.instance_registrations_whitelist?() ->
+        check_white_listed_email?(email)
+
+      true ->
+        :registration_closed
+    end
+  end
+
+  @spec check_white_listed_email?(String.t()) :: :registration_ok | :not_whitelisted
+  defp check_white_listed_email?(email) do
+    [_, domain] = String.split(email, "@", parts: 2, trim: true)
+
+    if domain in Config.instance_registrations_whitelist() or
+         email in Config.instance_registrations_whitelist(),
+       do: :registration_ok,
+       else: :not_whitelisted
+  end
+
  @doc """
  Validate an user, get its actor and a token
  """
--- a/lib/mobilizon_web/schema/config.ex
+++ b/lib/mobilizon_web/schema/config.ex
@@ -13,6 +13,7 @@ defmodule MobilizonWeb.Schema.ConfigType do
    field(:description, :string)

    field(:registrations_open, :boolean)
+    field(:registrations_whitelist, :boolean)
    field(:demo_mode, :boolean)
    field(:country_code, :string)
    field(:location, :lonlat)