From 3095c017a6fcb6b85d2b53ef4de30438d7bba28a Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 24 Dec 2019 12:45:38 +0100
Subject: [PATCH] accounts: Perform some basic checks on valid email addresses

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/backend/accounts.py          | 22 ++++++++++++++++++++++
 src/templates/auth/register.html | 16 ++++++++++++----
 src/web/auth.py                  |  5 ++++-
 3 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 9b012234..cc849bc2 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -305,6 +305,24 @@ class Accounts(Object):
 		# Account with uid does not exist, yet
 		return False
 
+	def mail_is_valid(self, mail):
+		username, delim, domain = mail.partition("@")
+
+		# There must be an @ and a domain part
+		if not domain:
+			return False
+
+		# The domain cannot end on a dot
+		if domain.endswith("."):
+			return False
+
+		# The domain should at least have one dot to fully qualified
+		if not "." in domain:
+			return False
+
+		# Looks like a valid email address
+		return True
+
 	def mail_is_blacklisted(self, mail):
 		username, delim, domain = mail.partition("@")
 
@@ -385,6 +403,10 @@ class Accounts(Object):
 		if self.uid_exists(uid):
 			raise ValueError("UID exists: %s" % uid)
 
+		# Check if the email address is valid
+		if not self.mail_is_valid(email):
+			raise ValueError("Email is invalid: %s" % email)
+
 		# Check if the email address is blacklisted
 		if self.mail_is_blacklisted(email):
 			raise ValueError("Email is blacklisted: %s" % email)
diff --git a/src/templates/auth/register.html b/src/templates/auth/register.html
index 5b1a81f4..fc17b524 100644
--- a/src/templates/auth/register.html
+++ b/src/templates/auth/register.html
@@ -26,10 +26,10 @@
 							pattern="[a-z_][a-z0-9_-]{3,31}">
 					</div>
 					<div id="uid-invalid" class="invalid-feedback">
-						{{Â _("Please choose a username in UNIX format with at least four characters, starting with a lowercase letter, followed by only lowercase letters, digits, dash and underscore.") }}
+						{{Â _("Please choose a username in UNIX format with at least four characters, starting with a lowercase letter, followed by only lowercase letters, digits, dash and underscore") }}
 					</div>
 					<div id="uid-taken" class="invalid-feedback">
-						{{ _("This username is not available.") }}
+						{{ _("This username is not available") }}
 					</div>
 				</div>
 
@@ -53,10 +53,13 @@
 					<input type="email" class="form-control"
 						name="email" placeholder="{{ _("Email Address") }}" required>
 					<div id="email-invalid" class="invalid-feedback">
-						{{Â _("This email address cannot be used.") }}
+						{{Â _("This email address is invalid") }}
+					</div>
+					<div id="email-blacklisted" class="invalid-feedback">
+						{{Â _("This email address cannot be used") }}
 					</div>
 					<div id="email-taken" class="invalid-feedback">
-						{{ _("This email address is already in use.") }}
+						{{ _("This email address is already in use") }}
 					</div>
 				</div>
 
@@ -148,6 +151,11 @@
 								$("#email-invalid").show();
 								break;
 
+							case "blacklisted":
+								email.addClass("is-invalid");
+								$("#email-blacklisted").show();
+								break;
+
 							case "taken":
 								email.addClass("is-invalid");
 								$("#email-taken").show();
diff --git a/src/web/auth.py b/src/web/auth.py
index c3ef726b..2bb232c9 100644
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -223,9 +223,12 @@ class APICheckEmail(base.APIHandler):
 		if not email:
 			result = "empty"
 
+		elif not self.backend.accounts.mail_is_valid(email):
+			result = "invalid"
+
 		# Check if this email address is blacklisted
 		elif self.backend.accounts.mail_is_blacklisted(email):
-			result = "invalid"
+			result = "blacklisted"
 
 		# Check if this email address is already useed
 		elif self.backend.accounts.get_by_mail(email):
-- 
2.47.2

