🎉 Add registration domain whitelist for emails

Signed-off-by: Andrey Miskov <amiskov@gmail.com>

backend/src/uxbox/config.clj

@@ -34,6 +34,7 @@
    :smtp-enabled false
    :allow-demo-users true
    :registration-enabled true
+   :registration-domain-whitelist ""
    :debug-humanize-transit true
    })
 
@@ -58,6 +59,7 @@
 (s/def ::smtp-enabled ::us/boolean)
 (s/def ::allow-demo-users ::us/boolean)
 (s/def ::registration-enabled ::us/boolean)
+(s/def ::registration-domain-whitelist ::us/string)
 (s/def ::debug-humanize-transit ::us/boolean)
 
 (s/def ::config

backend/src/uxbox/services/mutations/profile.clj

@@ -10,6 +10,7 @@
 (ns uxbox.services.mutations.profile
   (:require
    [clojure.spec.alpha :as s]
+   [clojure.string :as str]
    [datoteka.core :as fs]
    [promesa.core :as p]
    [promesa.exec :as px]
@@ -214,11 +215,23 @@
 (s/def ::register-profile
   (s/keys :req-un [::email ::password ::fullname]))
 
+(defn email-domain-in-whitelist?
+  "Returns true if email's domain is in the given whitelist or if given whitelist is an empty string."
+  [whitelist email]
+  (if (str/blank? whitelist)
+    true
+    (let [domains (str/split whitelist #",\s*")
+          email-domain (second (str/split email #"@"))]
+      (contains? (set domains) email-domain))))
+
 (sm/defmutation ::register-profile
   [params]
   (when-not (:registration-enabled cfg/config)
     (ex/raise :type :restriction
               :code :registration-disabled))
+  (when-not (email-domain-in-whitelist? (:registration-domain-whitelist cfg/config) (:email params))
+    (ex/raise :type :validation
+              :code ::email-domain-is-not-allowed))
   (db/with-atomic [conn db/pool]
     (check-profile-existence! conn params)
     (-> (register-profile conn params)

backend/tests/uxbox/tests/test_services_profile.clj

@@ -18,6 +18,7 @@
    [uxbox.db :as db]
    [uxbox.services.mutations :as sm]
    [uxbox.services.queries :as sq]
+   [uxbox.services.mutations.profile :as profile]
    [uxbox.tests.helpers :as th]))
 
 (t/use-fixtures :once th/state-init)
@@ -191,6 +192,15 @@
         (t/is (= 0 (count (:result out))))))
     ))
 
+(t/deftest registration-domain-whitelist
+  (let [whitelist "gmail.com, hey.com, ya.ru"]
+    (t/testing "allowed email domain"
+      (t/is (true? (profile/email-domain-in-whitelist? whitelist "username@ya.ru")))
+      (t/is (true? (profile/email-domain-in-whitelist? "" "username@somedomain.com"))))
+
+    (t/testing "not allowed email domain"
+      (t/is (false? (profile/email-domain-in-whitelist? whitelist "username@somedomain.com"))))))
+
 ;; TODO: profile deletion with teams
 ;; TODO: profile deletion with owner teams
 ;; TODO: profile registration

docs/05-Management-Guide.md

@@ -32,6 +32,7 @@ respective defaults):
 - `UXBOX_SMTP_TLS=`      (defaults to `false`)
 - `UXBOX_SMTP_ENABLED=false`
 - `UXBOX_REGISTRATION_ENABLED=true`
+- `UXBOX_REGISTRATION_DOMAIN_WHITELIST=""` (comma-separated domains, defaults to `""` which means that all domains are allowed)
 - `UXBOX_DEBUG_HUMANIZE_TRANSIT=true`