Added some heuristics for detecting suspicious emails.
This commit is contained in:
parent
c640a73afd
commit
2319548e1f
@ -243,6 +243,32 @@ func NameToSlug(name string) (slug string) {
|
||||
return slug
|
||||
}
|
||||
|
||||
// TODO: Write a test for this
|
||||
func HasSuspiciousEmail(email string) bool {
|
||||
lowEmail := strings.ToLower(email)
|
||||
// TODO: Use a more flexible blacklist, perhaps with a similar mechanism to the HTML tag registration system in PreparseMessage()
|
||||
if strings.Contains(lowEmail, "casino") || strings.Contains(lowEmail, "viagra") {
|
||||
return true
|
||||
}
|
||||
|
||||
var dotCount int
|
||||
var shortBits int
|
||||
var currentSegmentLength int
|
||||
for _, char := range lowEmail {
|
||||
if char == '.' {
|
||||
dotCount++
|
||||
if currentSegmentLength < 3 {
|
||||
shortBits++
|
||||
}
|
||||
currentSegmentLength = 0
|
||||
} else {
|
||||
currentSegmentLength++
|
||||
}
|
||||
}
|
||||
|
||||
return dotCount > 7 || shortBits > 2
|
||||
}
|
||||
|
||||
// TODO: Write a test for this
|
||||
func WeakPassword(password string, username string, email string) error {
|
||||
lowPassword := strings.ToLower(password)
|
||||
|
@ -251,6 +251,11 @@ func AccountRegisterSubmit(w http.ResponseWriter, r *http.Request, user common.U
|
||||
regError("You didn't put in an email.", "no-email")
|
||||
}
|
||||
|
||||
ok := common.HasSuspiciousEmail(email)
|
||||
if ok {
|
||||
regError("Your email address is suspicious.", "suspicious-email")
|
||||
}
|
||||
|
||||
password := r.PostFormValue("password")
|
||||
// ? Move this into Create()? What if we want to programatically set weak passwords for tests?
|
||||
err := common.WeakPassword(password, username, email)
|
||||
|
Loading…
Reference in New Issue
Block a user