Add email address denylist regexp matching

Author: carlbennett

etc/config.sample.json

@@ -42,12 +42,13 @@
     "user_password_pepper": "bnetdocs-INSERTRANDOMVALUEHERE",
     "user_register_disabled": false,
     "user_register_requirements": {
+      "email_enable_denylist": true,
       "email_validate_quick": true,
       "password_allow_email": false,
       "password_allow_username": false,
       "password_length_max": null,
       "password_length_min": 6,
-      "username_length_max": 64,
+      "username_length_max": 28,
       "username_length_min": 3
     }
   },
@@ -67,6 +68,9 @@
     "server_id": 405789880749260820
   },
   "email": {
+    "recipient_denylist_regexp": [
+      "/@mailinator\\.com$/i"
+    ],
     "recipient_from": [
       "root@localhost",
       "BNETDocs"

src/controllers/User/Register.php

@@ -91,11 +91,20 @@ protected function tryRegister(Router &$router, UserRegisterModel &$model) {
     $pwlen       = strlen($pw1);
     $usernamelen = strlen($username);
     $req = &Common::$config->bnetdocs->user_register_requirements;
+    $email_denylist = &Common::$config->email->recipient_denylist_regexp;
     if ($req->email_validate_quick
       && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
       $model->error = 'INVALID_EMAIL';
       return;
     }
+    if ($req->email_enable_denylist) {
+      foreach ($email_denylist as $_bad_email) {
+        if (preg_match($_bad_email, $email)) {
+          $model->error = 'EMAIL_NOT_ALLOWED';
+          return;
+        }
+      }
+    }
     if (!$req->password_allow_email && stripos($pw1, $email)) {
       $model->error = 'PASSWORD_CONTAINS_EMAIL';
       return;

src/controllers/User/Update.php

@@ -199,6 +199,18 @@ public function &run(Router &$router, View &$view, array &$args) {
 
           // email change request
 
+          // email denylist check
+          $email_not_allowed = false;
+          if ($req->email_enable_denylist) {
+            $email_denylist = &Common::$config->email->recipient_denylist_regexp;
+            foreach ($email_denylist as $_bad_email) {
+              if (preg_match($_bad_email, $email)) {
+                $email_not_allowed = true;
+                break;
+              }
+            }
+          }
+
           if (strtolower($model->email_1) !== strtolower($model->email_2)) {
 
             // email mismatch
@@ -209,11 +221,17 @@ public function &run(Router &$router, View &$view, array &$args) {
             // email is empty
             $model->email_error = ['red', 'EMPTY'];
 
-          } else if (!filter_var($model->email_2, FILTER_VALIDATE_EMAIL)) {
+          } else if ($req->email_validate_quick
+            && !filter_var($model->email_2, FILTER_VALIDATE_EMAIL)) {
 
             // email is invalid; it doesn't meet RFC 822 requirements
             $model->email_error = ['red', 'INVALID'];
 
+          } else if ($email_not_allowed) {
+
+            // email is not allowed; it matches a denylist regular expression
+            $model->email_error = ['red', 'NOT_ALLOWED'];
+
           } else {
 
             // initiate email change

src/templates/User/Register.phtml

@@ -36,6 +36,10 @@ switch ($this->getContext()->error) {
     $af      = "email";
     $message = "The email address is invalid.";
     break;
+  case "EMAIL_NOT_ALLOWED":
+    $af      = "email";
+    $message = "The email address is not allowed, use a different one.";
+    break;
   case "PASSWORD_CONTAINS_EMAIL":
     $af      = "pw1";
     $message = "The password contains the email address, "

src/templates/User/Update.phtml

@@ -34,6 +34,9 @@ switch ($this->getContext()->email_error[1]) {
     $email_error = 'Your new email address cannot be blank.'; break;
   case 'INVALID':
     $email_error = 'Your new email address uses invalid formatting.'; break;
+  case 'NOT_ALLOWED':
+    $email_error = 'Your new email address is not allowed, use a different '
+      . 'one.'; break;
   case 'CHANGE_FAILED':
     $email_error = 'Failed to change email due to an internal error.'; break;
   case 'CHANGE_SUCCESS':