DigitaleAgentur___ALT
/
registration
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add settings for blocklist and showing the domain list 

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2020-08-28 20:30:01 +02:00
parent 2438813f17
commit 9bdf377aec
No known key found for this signature in database
GPG Key ID: 7076EA9751AACDDA
6 changed files with 127 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
lib/Controller/RegisterController.php
View File

@ -17,6 +17,7 @@ declare(strict_types=1);
namespace OCA\Registration\Controller; namespace OCA\Registration\Controller;
use Exception; use Exception;
use OCA\Registration\AppInfo\Application;
use OCA\Registration\Db\Registration; use OCA\Registration\Db\Registration;
use OCA\Registration\Service\LoginFlowService; use OCA\Registration\Service\LoginFlowService;
use OCA\Registration\Service\MailService; use OCA\Registration\Service\MailService;
@ -78,9 +79,26 @@ class RegisterController extends Controller {
* @return TemplateResponse * @return TemplateResponse
*/ */
public function showEmailForm(string $email = '', string $message = ''): TemplateResponse { public function showEmailForm(string $email = '', string $message = ''): TemplateResponse {
$emailHint = '';
if ($this->config->getAppValue(Application::APP_ID, 'show_domains', 'no') === 'yes') {
if ($this->config->getAppValue(Application::APP_ID, 'domains_is_blocklist', 'no') === 'yes') {
$emailHint = $this->l10n->t(
'Registration is not allowed with the following domains:'
) . ' ' . implode(', ', explode(';',
$this->config->getAppValue(Application::APP_ID, 'allowed_domains', '')
));
} else {
$emailHint = $this->l10n->t(
'Registration is only allowed with the following domains:'
) . ' ' . implode(', ', explode(';',
$this->config->getAppValue(Application::APP_ID, 'allowed_domains', '')
));
}
}
$params = [ $params = [
'email' => $email, 'email' => $email,
'message' => $message, 'message' => $message ?: $emailHint,
]; ];
return new TemplateResponse('registration', 'form/email', $params, 'guest'); return new TemplateResponse('registration', 'form/email', $params, 'guest');
} }

14
lib/Controller/SettingsController.php
View File

@ -46,9 +46,16 @@ class SettingsController extends Controller {
* @param string $allowed_domains Registrations are only allowed for E-Mailadresses with these domains * @param string $allowed_domains Registrations are only allowed for E-Mailadresses with these domains
* @param bool|null $admin_approval_required newly registered users have to be validated by an admin * @param bool|null $admin_approval_required newly registered users have to be validated by an admin
* @param bool|null $email_is_login email address is forced as user id * @param bool|null $email_is_login email address is forced as user id
* @param bool|null $domains_is_blocklist is the domain list an allow or block list
* @param bool|null $show_domains should the email list be shown to the user or not
* @return DataResponse * @return DataResponse
*/ */
public function admin(string $registered_user_group, string $allowed_domains, ?bool $admin_approval_required, ?bool $email_is_login) { public function admin(string $registered_user_group,
string $allowed_domains,
?bool $admin_approval_required,
?bool $email_is_login,
?bool $domains_is_blocklist,
?bool $show_domains) {
// handle domains // handle domains
if (($allowed_domains === '') || ($allowed_domains === null)) { if (($allowed_domains === '') || ($allowed_domains === null)) {
$this->config->deleteAppValue($this->appName, 'allowed_domains'); $this->config->deleteAppValue($this->appName, 'allowed_domains');
@ -56,11 +63,10 @@ class SettingsController extends Controller {
$this->config->setAppValue($this->appName, 'allowed_domains', $allowed_domains); $this->config->setAppValue($this->appName, 'allowed_domains', $allowed_domains);
} }
// handle admin validation
$this->config->setAppValue($this->appName, 'admin_approval_required', $admin_approval_required ? 'yes' : 'no'); $this->config->setAppValue($this->appName, 'admin_approval_required', $admin_approval_required ? 'yes' : 'no');
// handle email is login
$this->config->setAppValue($this->appName, 'email_is_login', $email_is_login ? 'yes' : 'no'); $this->config->setAppValue($this->appName, 'email_is_login', $email_is_login ? 'yes' : 'no');
$this->config->setAppValue($this->appName, 'domains_is_blocklist', $domains_is_blocklist ? 'yes' : 'no');
$this->config->setAppValue($this->appName, 'show_domains', $show_domains ? 'yes' : 'no');
// handle groups // handle groups
$groups = $this->groupmanager->search(''); $groups = $this->groupmanager->search('');

40
lib/Service/RegistrationService.php
View File

@ -34,6 +34,7 @@ use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Exceptions\PasswordlessTokenException;
use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IProvider;
use OC\Authentication\Token\IToken; use OC\Authentication\Token\IToken;
use OCA\Registration\AppInfo\Application;
use OCA\Registration\Db\Registration; use OCA\Registration\Db\Registration;
use OCA\Registration\Db\RegistrationMapper; use OCA\Registration\Db\RegistrationMapper;
use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\DoesNotExistException;
@ -174,12 +175,41 @@ class RegistrationService {
); );
} }
if (!$this->checkAllowedDomains($email)) { if ($this->config->getAppValue($this->appName, 'allowed_domains', '') === '') {
return;
}
$emailIsInDomainList = $this->checkAllowedDomains($email);
$blockDomains = $this->config->getAppValue(Application::APP_ID, 'domains_is_blocklist', 'no') === 'yes';
$showDomains = $this->config->getAppValue(Application::APP_ID, 'show_domains', 'no') === 'yes';
if (!$blockDomains && !$emailIsInDomainList) {
if ($showDomains) {
throw new RegistrationException(
$this->l10n->t(
'Registration is only allowed with the following domains:'
) . ' ' . implode(', ', explode(';',
$this->config->getAppValue(Application::APP_ID, 'allowed_domains', '')
))
);
}
throw new RegistrationException( throw new RegistrationException(
$this->l10n->t( $this->l10n->t('Registration with this email domain is not allowed.')
'Registration is only allowed for the following domains: ' . );
$this->config->getAppValue($this->appName, 'allowed_domains', '') }
)
if ($blockDomains && $emailIsInDomainList) {
if ($showDomains) {
throw new RegistrationException(
$this->l10n->t(
'Registration is not allowed with the following domains:'
) . ' ' . implode(', ', explode(';',
$this->config->getAppValue(Application::APP_ID, 'allowed_domains', '')
))
);
}
throw new RegistrationException(
$this->l10n->t('Registration with this email domain is not allowed.')
); );
} }
} }

7
lib/Settings/RegistrationSettings.php
View File

@ -59,11 +59,10 @@ class RegistrationSettings implements ISettings {
// handle domains // handle domains
$allowedDomains = $this->config->getAppValue($this->appName, 'allowed_domains', ''); $allowedDomains = $this->config->getAppValue($this->appName, 'allowed_domains', '');
// handle admin validation
$adminApprovalRequired = $this->config->getAppValue($this->appName, 'admin_approval_required', 'no'); $adminApprovalRequired = $this->config->getAppValue($this->appName, 'admin_approval_required', 'no');
// handle admin validation
$emailIsLogin = $this->config->getAppValue($this->appName, 'email_is_login', 'no'); $emailIsLogin = $this->config->getAppValue($this->appName, 'email_is_login', 'no');
$domainsIsBlocklist = $this->config->getAppValue($this->appName, 'domains_is_blocklist', 'no');
$showDomains = $this->config->getAppValue($this->appName, 'show_domains', 'no');
return new TemplateResponse('registration', 'admin', [ return new TemplateResponse('registration', 'admin', [
'groups' => $groupIds, 'groups' => $groupIds,
@ -71,6 +70,8 @@ class RegistrationSettings implements ISettings {
'allowed' => $allowedDomains, 'allowed' => $allowedDomains,
'approval_required' => $adminApprovalRequired, 'approval_required' => $adminApprovalRequired,
'email_is_login' => $emailIsLogin, 'email_is_login' => $emailIsLogin,
'domains_is_blocklist' => $domainsIsBlocklist,
'show_domains' => $showDomains,
], ''); ], '');
} }

16
templates/admin.php
View File

@ -28,7 +28,21 @@ foreach ($_['groups'] as $group) {
<input type="text" id="allowed_domains" name="allowed_domains" value="<?php p($_['allowed']);?>" placeholder="nextcloud.com;*.example.com"> <input type="text" id="allowed_domains" name="allowed_domains" value="<?php p($_['allowed']);?>" placeholder="nextcloud.com;*.example.com">
</label> </label>
</p> </p>
<em><?php p($l->t('Enter a semicolon-separated list of allowed domains, * for wildcard. Example: %s', ['nextcloud.com;*.example.com']));?></em> <em><?php p($l->t('Enter a semicolon-separated list of allowed email domains, * for wildcard. Example: %s', ['nextcloud.com;*.example.com']));?></em>
<p>
<input type="checkbox" id="domains_is_blocklist" class="checkbox" name="domains_is_blocklist" <?php if ($_['domains_is_blocklist'] === 'yes') {
echo ' checked';
} ?>>
<label for="domains_is_blocklist"><?php p($l->t('Block listed email domains instead of allowing them')); ?></label>
</p>
<p>
<input type="checkbox" id="show_domains" class="checkbox" name="show_domains" <?php if ($_['show_domains'] === 'yes') {
echo ' checked';
} ?>>
<label for="show_domains"><?php p($l->t('Show the allowed/blocked email domains to users')); ?></label>
</p>
<p> <p>
<input type="checkbox" id="email_is_login" class="checkbox" name="email_is_login" <?php if ($_['email_is_login'] === 'yes') { <input type="checkbox" id="email_is_login" class="checkbox" name="email_is_login" <?php if ($_['email_is_login'] === 'yes') {

83
tests/Integration/Service/RegistrationServiceTest.php
View File

@ -106,12 +106,18 @@ class RegistrationServiceTest extends TestCase {
public function dataValidateEmail(): array { public function dataValidateEmail(): array {
return [ return [
['aaaa@example.com', ''], ['aaaa@example.com', '', 'no'],
['aaaa@example.com', 'example.com'], ['aaaa@example.com', 'example.com', 'no'],
['aaaa@example.com', 'eXample.com'], ['aaaa@example.com', 'eXample.com', 'no'],
['aaaa@eXample.com', 'example.com'], ['aaaa@eXample.com', 'example.com', 'no'],
['aaaa@cloud.example.com', '*.example.com'], ['aaaa@example.com', 'example.com;example.tld', 'no'],
['aaaa@cloud.example.com', 'cloud.example.*'], ['aaaa@example.com', 'example.tld;example.com', 'no'],
['aaaa@cloud.example.com', '*.example.com', 'no'],
['aaaa@cloud.example.com', 'cloud.example.*', 'no'],
['aaaa@example.com', '', 'yes'],
['aaaa@example.com', 'nextcloud.com', 'yes'],
['aaaa@example.com', 'nextcloud.com;example.tld', 'yes'],
]; ];
} }
@ -119,55 +125,54 @@ class RegistrationServiceTest extends TestCase {
* @dataProvider dataValidateEmail * @dataProvider dataValidateEmail
* @param string $email * @param string $email
* @param string $allowedDomains * @param string $allowedDomains
* @param string $blocked
* @throws RegistrationException * @throws RegistrationException
*/ */
public function testValidateEmail(string $email, string $allowedDomains) { public function testValidateEmail(string $email, string $allowedDomains, string $blocked) {
$this->config->expects($this->once()) $this->config->expects($this->atLeastOnce())
->method('getAppValue') ->method('getAppValue')
->with('registration', 'allowed_domains', '') ->willReturnMap([
->willReturn($allowedDomains); ['registration', 'allowed_domains', '', $allowedDomains],
['registration', 'domains_is_blocklist', 'no', $blocked],
['registration', 'show_domains', 'no', 'no'],
]);
$this->service->validateEmail($email); $this->service->validateEmail($email);
} }
public function testValidateNewEmailNotWithinAllowedDomain() { public function dataValidateEmailThrows(): array {
$email2 = 'bbbb@gmail.com'; return [
['aaaa@example.com', 'nextcloud.com;example.tld', 'no'],
['aaaa@example.com', 'nextcloud.com', 'no'],
$this->config->expects($this->atLeastOnce()) ['aaaa@example.com', 'example.com', 'yes'],
->method('getAppValue') ['aaaa@example.com', 'eXample.com', 'yes'],
->with('registration', 'allowed_domains', '') ['aaaa@eXample.com', 'example.com', 'yes'],
->willReturn('example.com'); ['aaaa@example.com', 'example.com;example.tld', 'yes'],
['aaaa@example.com', 'example.tld;example.com', 'yes'],
$this->expectException(RegistrationException::class); ['aaaa@cloud.example.com', '*.example.com', 'yes'],
$this->service->validateEmail($email2); ['aaaa@cloud.example.com', 'cloud.example.*', 'yes'],
} ];
public function testValidateNewEmailWithinMultipleAllowedDomain() {
$email = 'aaaa@example.com';
$email2 = 'bbbb@gmail.com';
$this->config->expects($this->atLeastOnce())
->method('getAppValue')
->with('registration', 'allowed_domains', '')
->willReturn('example.com;gmail.com');
$this->service->validateEmail($email);
$this->service->validateEmail($email2);
} }
/** /**
* @depends testValidateNewEmailWithinMultipleAllowedDomain * @dataProvider dataValidateEmailThrows
* @param string $email
* @param string $allowedDomains
* @param string $blocked
* @throws RegistrationException
*/ */
public function testValidateNewEmailNotWithinMultipleAllowedDomain() { public function testValidateEmailThrows(string $email, string $allowedDomains, string $blocked) {
$email2 = 'cccc@yahoo.com';
$this->config->expects($this->atLeastOnce()) $this->config->expects($this->atLeastOnce())
->method('getAppValue') ->method('getAppValue')
->with('registration', 'allowed_domains', '') ->willReturnMap([
->willReturn('example.com;gmail.com'); ['registration', 'allowed_domains', '', $allowedDomains],
['registration', 'domains_is_blocklist', 'no', $blocked],
['registration', 'show_domains', 'no', 'no'],
]);
$this->expectException(RegistrationException::class); $this->expectException(RegistrationException::class);
$this->service->validateEmail($email2); $this->service->validateEmail($email);
} }
public function testCreatePendingReg() { public function testCreatePendingReg() {