From 2319548e1f96aa1ec31b70bae65c05d1b5be3af6 Mon Sep 17 00:00:00 2001 From: Azareal Date: Sat, 30 Jun 2018 20:22:39 +1000 Subject: [PATCH] Added some heuristics for detecting suspicious emails. --- common/utils.go | 26 ++++++++++++++++++++++++++ routes/account.go | 5 +++++ 2 files changed, 31 insertions(+) diff --git a/common/utils.go b/common/utils.go index b47079e9..04f44261 100644 --- a/common/utils.go +++ b/common/utils.go @@ -243,6 +243,32 @@ func NameToSlug(name string) (slug string) { return slug } +// TODO: Write a test for this +func HasSuspiciousEmail(email string) bool { + lowEmail := strings.ToLower(email) + // TODO: Use a more flexible blacklist, perhaps with a similar mechanism to the HTML tag registration system in PreparseMessage() + if strings.Contains(lowEmail, "casino") || strings.Contains(lowEmail, "viagra") { + return true + } + + var dotCount int + var shortBits int + var currentSegmentLength int + for _, char := range lowEmail { + if char == '.' { + dotCount++ + if currentSegmentLength < 3 { + shortBits++ + } + currentSegmentLength = 0 + } else { + currentSegmentLength++ + } + } + + return dotCount > 7 || shortBits > 2 +} + // TODO: Write a test for this func WeakPassword(password string, username string, email string) error { lowPassword := strings.ToLower(password) diff --git a/routes/account.go b/routes/account.go index 414976a2..602a980e 100644 --- a/routes/account.go +++ b/routes/account.go @@ -251,6 +251,11 @@ func AccountRegisterSubmit(w http.ResponseWriter, r *http.Request, user common.U regError("You didn't put in an email.", "no-email") } + ok := common.HasSuspiciousEmail(email) + if ok { + regError("Your email address is suspicious.", "suspicious-email") + } + password := r.PostFormValue("password") // ? Move this into Create()? What if we want to programatically set weak passwords for tests? err := common.WeakPassword(password, username, email)