Merge pull request #51 from achilleas-k/email-block

And a "very nice" from my end on the way!

conf/locale/locale_en-GB.ini

@@ -230,6 +230,7 @@ captcha_incorrect=Captcha didn't match.
 password_not_match=Password and confirm password are not same.
 
 username_been_taken=Username has already been taken.
+email_not_allowed=Signup failed. Please contact the site administrators.
 repo_name_been_taken=Repository name has already been taken.
 org_name_been_taken=Organisation name has already been taken.
 team_name_been_taken=Team name has already been taken.
@@ -240,6 +241,7 @@ enterred_invalid_repo_name=Please make sure that the repository name you have en
 enterred_invalid_owner_name=Please make sure that the owner name you have entered is correct.
 enterred_invalid_password=Please make sure the that password you have entered is correct.
 user_not_exist=Given user does not exist.
+invite_email_blocked=User invitation failed. Please contact the site administrators.
 last_org_owner=Removing the last user from a owner team isn't allowed, as there must always be at least one owner in any given organisation.
 
 invalid_ssh_key=Sorry, we're not able to verify your SSH key: %s

conf/locale/locale_en-US.ini

@@ -230,6 +230,7 @@ captcha_incorrect = Captcha didn't match.
 password_not_match = Password and confirm password are not same.
 
 username_been_taken = Username has already been taken.
+email_not_allowed=Signup failed. Please contact the site administrators.
 repo_name_been_taken = Repository name has already been taken.
 org_name_been_taken = Organization name has already been taken.
 team_name_been_taken = Team name has already been taken.
@@ -240,6 +241,7 @@ enterred_invalid_repo_name = Please make sure that the repository name you enter
 enterred_invalid_owner_name = Please make sure that the owner name you entered is correct.
 enterred_invalid_password = Please make sure the that password you entered is correct.
 user_not_exist = Given user does not exist.
+invite_email_blocked=User invitation failed. Please contact the site administrators.
 last_org_owner = Removing the last user from a owner team isn't allowed, as there must always be at least one owner in any given organization.
 
 invalid_ssh_key = Sorry, we're not able to verify your SSH key: %s

models/error.go

@@ -34,6 +34,21 @@ func (err ErrNamePatternNotAllowed) Error() string {
 	return fmt.Sprintf("name pattern is not allowed [pattern: %s]", err.Pattern)
 }
 
+type ErrBlockedDomain struct {
+	Email string
+}
+
+func IsErrBlockedDomain(err error) bool {
+	_, ok := err.(ErrBlockedDomain)
+	fmt.Printf("Error type is BlockedDomain: %t\n", ok)
+	return ok
+}
+
+func (err ErrBlockedDomain) Error() string {
+	// don't inform the user of the blocked domain
+	return fmt.Sprintf("user sign up failed")
+}
+
 //  ____ ___
 // |    |   \______ ___________
 // |    |   /  ___// __ \_  __ \

models/user.go

@@ -5,6 +5,7 @@
 package models
 
 import (
+	"bufio"
 	"bytes"
 	"container/list"
 	"crypto/sha256"
@@ -15,6 +16,7 @@ import (
 	_ "image/jpeg"
 	"image/png"
 	"os"
+	"path"
 	"path/filepath"
 	"strings"
 	"time"
@@ -492,6 +494,31 @@ func IsUserExist(uid int64, name string) (bool, error) {
 	return x.Where("id != ?", uid).Get(&User{LowerName: strings.ToLower(name)})
 }
 
+func IsBlockedDomain(email string) bool {
+	fpath := path.Join(setting.CustomPath, "blocklist")
+	if !com.IsExist(fpath) {
+		return false
+	}
+
+	f, err := os.Open(fpath)
+	if err != nil {
+		log.Error(2, "Failed to open file %q: %v", fpath, err)
+		return false
+	}
+	defer f.Close()
+
+	scanner := bufio.NewScanner(f)
+	for scanner.Scan() {
+		// Check provided email address against each line as suffix
+		if strings.HasSuffix(email, scanner.Text()) {
+			log.Trace("New user email matched blocked domain: %q", email)
+			return true
+		}
+	}
+
+	return false
+}
+
 // GetUserSalt returns a ramdom user salt token.
 func GetUserSalt() (string, error) {
 	return tool.RandomString(10)
@@ -561,6 +588,10 @@ func CreateUser(u *User) (err error) {
 		return ErrEmailAlreadyUsed{u.Email}
 	}
 
+	if IsBlockedDomain(u.Email) {
+		return ErrBlockedDomain{u.Email}
+	}
+
 	u.LowerName = strings.ToLower(u.Name)
 	u.AvatarEmail = u.Email
 	u.Avatar = tool.HashEmail(u.AvatarEmail)

routes/repo/setting.go

@@ -393,12 +393,16 @@ func inviteWithMail(c *context.Context, mail string) (*models.User, error) {
 }
 func SettingsCollaborationPost(c *context.Context) {
 	var name string
-	new := strings.ToLower(c.Query("invite"))
-	if len(new) > 0 {
-		u, err := inviteWithMail(c, new)
+	email := strings.ToLower(c.Query("invite"))
+	if len(email) > 0 {
+		u, err := inviteWithMail(c, email)
 		if err != nil {
-			log.Info("Problem with inviting user:%s, %+v", new, err)
-			c.Flash.Error(c.Tr("form.user_not_invitable"))
+			log.Info("Problem with inviting user %q: %s", email, err)
+			if models.IsErrBlockedDomain(err) {
+				c.Flash.Error(c.Tr("form.invite_email_blocked"))
+			} else if models.IsErrEmailAlreadyUsed(err) {
+				c.Flash.Error(c.Tr("form.email_been_used"))
+			}
 			c.Redirect(setting.AppSubURL + c.Req.URL.Path)
 			return
 		}

routes/user/auth.go

@@ -352,6 +352,8 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 		case models.IsErrNamePatternNotAllowed(err):
 			c.FormErr("UserName")
 			c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), SIGNUP, &f)
+		case models.IsErrBlockedDomain(err):
+			c.RenderWithErr(c.Tr("form.email_not_allowed"), SIGNUP, &f)
 		default:
 			c.ServerError("CreateUser", err)
 		}