Merge pull request #92 from mpsonntag/bc20whitelist

Add BC20 whitelist support

conf/locale/locale_en-GB.ini

@@ -231,6 +231,7 @@ password_not_match=Password and confirm password are not same.
 
 username_been_taken=Username has already been taken.
 email_not_allowed=Signup failed. Please contact the site administrators.
+email_not_whitelisted=Please use the email address you used to register with the conference. If you have further issues signing up, please contact us at gin@g-node.org.
 repo_name_been_taken=Repository name has already been taken.
 org_name_been_taken=Organisation name has already been taken.
 team_name_been_taken=Team name has already been taken.

conf/locale/locale_en-US.ini

@@ -231,6 +231,7 @@ password_not_match = Password and confirm password are not same.
 
 username_been_taken = Username has already been taken.
 email_not_allowed=Signup failed. Please contact the site administrators.
+email_not_whitelisted=Please use the email address you used to register with the conference. If you have further issues signing up, please contact us at gin@g-node.org.
 repo_name_been_taken = Repository name has already been taken.
 org_name_been_taken = Organization name has already been taken.
 team_name_been_taken = Team name has already been taken.

internal/db/db_gin.go

@@ -2,8 +2,11 @@ package db
 
 import (
 	"bufio"
+	"crypto/sha1"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"os"
 	"path"
@@ -230,6 +233,43 @@ func isAddressAllowed(email string) bool {
 	return true
 }
 
+// isOnWhitelist returns true if the hash of a provided email address 
+// can be found in an external whitelist file.
+// Returns false if the email address hash is not found or the file cannot be accessed.
+func isOnWhitelist(email string) bool {
+	// BC20 whitelist location
+	const whitelistlocation = "https://bc20-posters.g-node.org/uploads/emailwhitelist"
+
+	// Hash email address
+	hasher := sha1.New()
+	io.WriteString(hasher, email)
+	hash := hasher.Sum(nil)
+	compare := hex.EncodeToString(hash[:])
+
+	// Fetch whitelist
+	resp, err := http.Get(whitelistlocation)
+	if err != nil {
+		log.Error(2, "Error fetching whitelist: '%s'", err.Error())
+		return false
+	}
+	defer resp.Body.Close()
+
+	// Check if provided email address is in whitelist
+	var registered bool
+	respScan := bufio.NewScanner(resp.Body)
+	for respScan.Scan() {
+		curr := respScan.Text()
+		if curr == "" {
+			continue
+		}
+		if curr == compare {
+			registered = true
+			break
+		}
+	}
+	return registered
+}
+
 func (u *User) OldGinVerifyPassword(plain string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(u.Passwd), []byte(plain))
 	return err == nil

internal/db/error.go

@@ -48,6 +48,19 @@ func (err ErrBlockedDomain) Error() string {
 	return fmt.Sprintf("user sign up failed")
 }
 
+type ErrNotWhitelisted struct {
+	Email string
+}
+
+func IsErrNotWhitelisted(err error) bool {
+	_, ok := err.(ErrNotWhitelisted)
+	return ok
+}
+
+func (err ErrNotWhitelisted) Error() string {
+	return fmt.Sprintf("Email address not verified")
+}
+
 //  ____ ___
 // |    |   \______ ___________
 // |    |   /  ___// __ \_  __ \

internal/db/user.go

@@ -559,6 +559,10 @@ func CreateUser(u *User) (err error) {
 		return ErrBlockedDomain{u.Email}
 	}
 
+	if !isOnWhitelist(u.Email) {
+		return ErrNotWhitelisted{u.Email}
+	}
+
 	u.LowerName = strings.ToLower(u.Name)
 	u.AvatarEmail = u.Email
 	u.Avatar = tool.HashEmail(u.AvatarEmail)

internal/route/user/auth.go

@@ -354,6 +354,9 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 			c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), SIGNUP, &f)
 		case db.IsErrBlockedDomain(err):
 			c.RenderWithErr(c.Tr("form.email_not_allowed"), SIGNUP, &f)
+		case db.IsErrNotWhitelisted(err):
+			c.FormErr("Email")
+			c.RenderWithErr(c.Tr("form.email_not_whitelisted"), SIGNUP, &f)
 		default:
 			c.ServerError("CreateUser", err)
 		}