mirror of
https://github.com/simple-login/app.git
synced 2024-09-30 05:31:30 +02:00
Support random suffix for personal domains
This commit is contained in:
parent
61e4455406
commit
aeef9ccca9
@ -8,7 +8,6 @@ from app.config import (
|
|||||||
CUSTOM_ALIAS_SECRET,
|
CUSTOM_ALIAS_SECRET,
|
||||||
)
|
)
|
||||||
from app.dashboard.base import dashboard_bp
|
from app.dashboard.base import dashboard_bp
|
||||||
from app.email_utils import email_belongs_to_alias_domains
|
|
||||||
from app.extensions import db
|
from app.extensions import db
|
||||||
from app.log import LOG
|
from app.log import LOG
|
||||||
from app.models import (
|
from app.models import (
|
||||||
@ -33,8 +32,13 @@ def available_suffixes(user: User) -> [bool, str, str]:
|
|||||||
suffixes = []
|
suffixes = []
|
||||||
|
|
||||||
# put custom domain first
|
# put custom domain first
|
||||||
|
# for each user domain, generate both the domain and a random suffix version
|
||||||
for alias_domain in user_custom_domains:
|
for alias_domain in user_custom_domains:
|
||||||
suffix = "@" + alias_domain
|
domain_suffixes = [
|
||||||
|
"@" + alias_domain,
|
||||||
|
"." + random_word() + "@" + alias_domain
|
||||||
|
]
|
||||||
|
for suffix in domain_suffixes:
|
||||||
suffixes.append((True, suffix, signer.sign(suffix).decode()))
|
suffixes.append((True, suffix, signer.sign(suffix).decode()))
|
||||||
|
|
||||||
# then default domain
|
# then default domain
|
||||||
@ -174,41 +178,24 @@ def verify_prefix_suffix(user, alias_prefix, alias_suffix) -> bool:
|
|||||||
|
|
||||||
# make sure alias_suffix is either .random_word@simplelogin.co or @my-domain.com
|
# make sure alias_suffix is either .random_word@simplelogin.co or @my-domain.com
|
||||||
alias_suffix = alias_suffix.strip()
|
alias_suffix = alias_suffix.strip()
|
||||||
if alias_suffix.startswith("@"):
|
alias_domain_prefix, alias_domain = alias_suffix.split("@", 1)
|
||||||
alias_domain = alias_suffix[1:]
|
|
||||||
# alias_domain can be either custom_domain or if DISABLE_ALIAS_SUFFIX, one of the default ALIAS_DOMAINS
|
if alias_domain_prefix:
|
||||||
if DISABLE_ALIAS_SUFFIX:
|
if not alias_domain_prefix.startswith(".") or len(alias_domain_prefix) < 2:
|
||||||
if (
|
LOG.exception("nonsensical alias suffix %s, user %s", alias_domain_prefix, user)
|
||||||
alias_domain not in user_custom_domains
|
return False
|
||||||
and alias_domain not in ALIAS_DOMAINS
|
|
||||||
):
|
if alias_domain not in user_custom_domains and alias_domain not in ALIAS_DOMAINS:
|
||||||
LOG.exception("wrong alias suffix %s, user %s", alias_suffix, user)
|
LOG.exception("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||||
return False
|
return False
|
||||||
else:
|
else:
|
||||||
if alias_domain not in user_custom_domains:
|
if alias_domain not in user_custom_domains:
|
||||||
|
if not DISABLE_ALIAS_SUFFIX:
|
||||||
LOG.exception("wrong alias suffix %s, user %s", alias_suffix, user)
|
LOG.exception("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||||
return False
|
return False
|
||||||
else:
|
|
||||||
if not alias_suffix.startswith("."):
|
|
||||||
LOG.exception("User %s submits a wrong alias suffix %s", user, alias_suffix)
|
|
||||||
return False
|
|
||||||
|
|
||||||
full_alias = alias_prefix + alias_suffix
|
if alias_domain not in ALIAS_DOMAINS:
|
||||||
if not email_belongs_to_alias_domains(full_alias):
|
LOG.exception("wrong alias suffix %s, user %s", alias_suffix, user)
|
||||||
LOG.exception(
|
|
||||||
"Alias suffix should end with one of the alias domains %s",
|
|
||||||
user,
|
|
||||||
alias_suffix,
|
|
||||||
)
|
|
||||||
return False
|
|
||||||
|
|
||||||
random_word_part = alias_suffix[1 : alias_suffix.find("@")]
|
|
||||||
if not word_exist(random_word_part):
|
|
||||||
LOG.exception(
|
|
||||||
"alias suffix %s needs to start with a random word, user %s",
|
|
||||||
alias_suffix,
|
|
||||||
user,
|
|
||||||
)
|
|
||||||
return False
|
return False
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
Loading…
Reference in New Issue
Block a user