há 4 anos atrás · 9a50b3a68c
--- a/conf/locale/locale_en-GB.ini
+++ b/conf/locale/locale_en-GB.ini
@@ -231,6 +231,7 @@ password_not_match=Password and confirm password are not same.
 
															 username_been_taken=Username has already been taken.
														
 
															 email_not_allowed=Signup failed. Please contact the site administrators.
														
 
															+email_not_whitelisted=Please use the email address you used to register with the conference. If you have further issues signing up, please contact us at gin@g-node.org.
														
 
															 repo_name_been_taken=Repository name has already been taken.
														
 
															 org_name_been_taken=Organisation name has already been taken.
														
 
															 team_name_been_taken=Team name has already been taken.
														
--- a/conf/locale/locale_en-US.ini
+++ b/conf/locale/locale_en-US.ini
@@ -231,6 +231,7 @@ password_not_match = Password and confirm password are not same.
 
															 username_been_taken = Username has already been taken.
														
 
															 email_not_allowed=Signup failed. Please contact the site administrators.
														
 
															+email_not_whitelisted=Please use the email address you used to register with the conference. If you have further issues signing up, please contact us at gin@g-node.org.
														
 
															 repo_name_been_taken = Repository name has already been taken.
														
 
															 org_name_been_taken = Organization name has already been taken.
														
 
															 team_name_been_taken = Team name has already been taken.
														
--- a/internal/bindata/bindata.go
+++ b/internal/bindata/bindata.go
--- a/internal/db/db_gin.go
+++ b/internal/db/db_gin.go
@@ -2,8 +2,11 @@ package db
 
															 import (
														
 
															 	"bufio"
														
 
															+	"crypto/sha1"
														
 
															+	"encoding/hex"
														
 
															 	"encoding/json"
														
 
															 	"fmt"
														
 
															+	"io"
														
 
															 	"net/http"
														
 
															 	"os"
														
 
															 	"path"
														
@@ -230,6 +233,43 @@ func isAddressAllowed(email string) bool {
 
															 	return true
														
 
															 }
														
 
															+// isOnWhitelist returns true if the hash of a provided email address 
														
 
															+// can be found in an external whitelist file.
														
 
															+// Returns false if the email address hash is not found or the file cannot be accessed.
														
 
															+func isOnWhitelist(email string) bool {
														
 
															+	// BC20 whitelist location
														
 
															+	const whitelistlocation = "https://bc20-posters.g-node.org/uploads/emailwhitelist"
														
 
															+
														
 
															+	// Hash email address
														
 
															+	hasher := sha1.New()
														
 
															+	io.WriteString(hasher, email)
														
 
															+	hash := hasher.Sum(nil)
														
 
															+	compare := hex.EncodeToString(hash[:])
														
 
															+
														
 
															+	// Fetch whitelist
														
 
															+	resp, err := http.Get(whitelistlocation)
														
 
															+	if err != nil {
														
 
															+		log.Error(2, "Error fetching whitelist: '%s'", err.Error())
														
 
															+		return false
														
 
															+	}
														
 
															+	defer resp.Body.Close()
														
 
															+
														
 
															+	// Check if provided email address is in whitelist
														
 
															+	var registered bool
														
 
															+	respScan := bufio.NewScanner(resp.Body)
														
 
															+	for respScan.Scan() {
														
 
															+		curr := respScan.Text()
														
 
															+		if curr == "" {
														
 
															+			continue
														
 
															+		}
														
 
															+		if curr == compare {
														
 
															+			registered = true
														
 
															+			break
														
 
															+		}
														
 
															+	}
														
 
															+	return registered
														
 
															+}
														
 
															+
														
 
															 func (u *User) OldGinVerifyPassword(plain string) bool {
														
 
															 	err := bcrypt.CompareHashAndPassword([]byte(u.Passwd), []byte(plain))
														
 
															 	return err == nil
														
--- a/internal/db/error.go
+++ b/internal/db/error.go
@@ -48,6 +48,19 @@ func (err ErrBlockedDomain) Error() string {
 
															 	return fmt.Sprintf("user sign up failed")
														
 
															 }
														
 
															+type ErrNotWhitelisted struct {
														
 
															+	Email string
														
 
															+}
														
 
															+
														
 
															+func IsErrNotWhitelisted(err error) bool {
														
 
															+	_, ok := err.(ErrNotWhitelisted)
														
 
															+	return ok
														
 
															+}
														
 
															+
														
 
															+func (err ErrNotWhitelisted) Error() string {
														
 
															+	return fmt.Sprintf("Email address not verified")
														
 
															+}
														
 
															+
														
 
															 //  ____ ___
														
 
															 // |    |   \______ ___________
														
 
															 // |    |   /  ___// __ \_  __ \
														
--- a/internal/db/user.go
+++ b/internal/db/user.go
@@ -559,6 +559,10 @@ func CreateUser(u *User) (err error) {
 
															 		return ErrBlockedDomain{u.Email}
														
 
															 	}
														
 
															+	if !isOnWhitelist(u.Email) {
														
 
															+		return ErrNotWhitelisted{u.Email}
														
 
															+	}
														
 
															+
														
 
															 	u.LowerName = strings.ToLower(u.Name)
														
 
															 	u.AvatarEmail = u.Email
														
 
															 	u.Avatar = tool.HashEmail(u.AvatarEmail)
														
--- a/internal/route/user/auth.go
+++ b/internal/route/user/auth.go
@@ -354,6 +354,9 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 
															 			c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), SIGNUP, &f)
														
 
															 		case db.IsErrBlockedDomain(err):
														
 
															 			c.RenderWithErr(c.Tr("form.email_not_allowed"), SIGNUP, &f)
														
 
															+		case db.IsErrNotWhitelisted(err):
														
 
															+			c.FormErr("Email")
														
 
															+			c.RenderWithErr(c.Tr("form.email_not_whitelisted"), SIGNUP, &f)
														
 
															 		default:
														
 
															 			c.ServerError("CreateUser", err)
														
 
															 		}