make sure that user cannot use any suffix

app/dashboard/views/custom_alias.py

@@ -6,7 +6,7 @@ from app.dashboard.base import dashboard_bp
 from app.extensions import db
 from app.log import LOG
 from app.models import GenEmail, DeletedAlias, CustomDomain
-from app.utils import convert_to_id, random_word
+from app.utils import convert_to_id, random_word, word_exist
 
 
 @dashboard_bp.route("/custom_alias", methods=["GET", "POST"])
@@ -27,6 +27,14 @@ def custom_alias():
             email_prefix = convert_to_id(email_prefix)
             email_suffix = request.form.get("email-suffix")
 
+            # verify email_suffix
+            if not word_exist(email_suffix):
+                flash(
+                    "nice try :). The suffix is there so no one can take all the *nice* aliases though",
+                    "warning",
+                )
+                return redirect(url_for("dashboard.custom_alias"))
+
             if not email_prefix:
                 error = "alias prefix cannot be empty"
             else:

app/utils.py

@@ -16,6 +16,10 @@ def random_word():
     return random.choice(_words)
 
 
+def word_exist(word):
+    return word in _words
+
+
 def random_words():
     """Generate a random words. Used to generate user-facing string, for ex email addresses"""
     nb_words = random.randint(2, 3)