From 652e6231115636ad1f15e932d131d542b85a9ca6 Mon Sep 17 00:00:00 2001 From: Son NK Date: Tue, 31 Dec 2019 17:11:42 +0100 Subject: [PATCH] make sure that user cannot use any suffix --- app/dashboard/views/custom_alias.py | 10 +++++++++- app/utils.py | 4 ++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/app/dashboard/views/custom_alias.py b/app/dashboard/views/custom_alias.py index 034746a1..7d04f577 100644 --- a/app/dashboard/views/custom_alias.py +++ b/app/dashboard/views/custom_alias.py @@ -6,7 +6,7 @@ from app.dashboard.base import dashboard_bp from app.extensions import db from app.log import LOG from app.models import GenEmail, DeletedAlias, CustomDomain -from app.utils import convert_to_id, random_word +from app.utils import convert_to_id, random_word, word_exist @dashboard_bp.route("/custom_alias", methods=["GET", "POST"]) @@ -27,6 +27,14 @@ def custom_alias(): email_prefix = convert_to_id(email_prefix) email_suffix = request.form.get("email-suffix") + # verify email_suffix + if not word_exist(email_suffix): + flash( + "nice try :). The suffix is there so no one can take all the *nice* aliases though", + "warning", + ) + return redirect(url_for("dashboard.custom_alias")) + if not email_prefix: error = "alias prefix cannot be empty" else: diff --git a/app/utils.py b/app/utils.py index 33a2703d..2c8b6599 100644 --- a/app/utils.py +++ b/app/utils.py @@ -16,6 +16,10 @@ def random_word(): return random.choice(_words) +def word_exist(word): + return word in _words + + def random_words(): """Generate a random words. Used to generate user-facing string, for ex email addresses""" nb_words = random.randint(2, 3)