mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-19 19:21:10 +01:00
Roadblock users trying to register with external accounts that have invalid emails
Summary: Ref T3472. Currently, if an install only allows "@mycompany.com" emails and you try to register with an "@personal.com" account, we let you pick an "@mycompany.com" address instead. This is secure: you still have to verify the email. However, it defies user expectation -- it's somewhat confusing that we let you register. Instead, provide a hard roadblock. (These accounts can still be linked, just not used for registration.) Test Plan: See screenshot. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3472 Differential Revision: https://secure.phabricator.com/D7571
This commit is contained in:
parent
30a51dac36
commit
cd73fe78db
1 changed files with 17 additions and 3 deletions
|
@ -59,16 +59,30 @@ final class PhabricatorAuthRegisterController
|
||||||
$default_realname = $account->getRealName();
|
$default_realname = $account->getRealName();
|
||||||
$default_email = $account->getEmail();
|
$default_email = $account->getEmail();
|
||||||
if ($default_email) {
|
if ($default_email) {
|
||||||
// If the account source provided an email but it's not allowed by
|
// If the account source provided an email, but it's not allowed by
|
||||||
// the configuration, just pretend we didn't get an email at all.
|
// the configuration, roadblock the user. Previously, we let the user
|
||||||
|
// pick a valid email address instead, but this does not align well with
|
||||||
|
// user expectation and it's not clear the cases it enables are valuable.
|
||||||
|
// See discussion in T3472.
|
||||||
if (!PhabricatorUserEmail::isAllowedAddress($default_email)) {
|
if (!PhabricatorUserEmail::isAllowedAddress($default_email)) {
|
||||||
$default_email = null;
|
return $this->renderError(
|
||||||
|
array(
|
||||||
|
pht(
|
||||||
|
'The account you are attempting to register with has an invalid '.
|
||||||
|
'email address (%s). This Phabricator install only allows '.
|
||||||
|
'registration with specific email addresses:',
|
||||||
|
$default_email),
|
||||||
|
phutil_tag('br'),
|
||||||
|
phutil_tag('br'),
|
||||||
|
PhabricatorUserEmail::describeAllowedAddresses(),
|
||||||
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
// If the account source provided an email, but another account already
|
// If the account source provided an email, but another account already
|
||||||
// has that email, just pretend we didn't get an email.
|
// has that email, just pretend we didn't get an email.
|
||||||
|
|
||||||
// TODO: See T3340.
|
// TODO: See T3340.
|
||||||
|
// TODO: See T3472.
|
||||||
|
|
||||||
if ($default_email) {
|
if ($default_email) {
|
||||||
$same_email = id(new PhabricatorUserEmail())->loadOneWhere(
|
$same_email = id(new PhabricatorUserEmail())->loadOneWhere(
|
||||||
|
|
Loading…
Reference in a new issue