Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Boxiang Sun
gitlab-ce
Commits
ce58437c
Commit
ce58437c
authored
Jul 14, 2016
by
Patricio Cano
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed `signup_domain_valid?` flow and added documentation.
parent
8382cff3
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
39 additions
and
20 deletions
+39
-20
app/models/user.rb
app/models/user.rb
+19
-18
doc/administration/access_restrictions.md
doc/administration/access_restrictions.md
+20
-2
doc/administration/img/domain_blacklist.png
doc/administration/img/domain_blacklist.png
+0
-0
No files found.
app/models/user.rb
View file @
ce58437c
...
@@ -760,41 +760,31 @@ class User < ActiveRecord::Base
...
@@ -760,41 +760,31 @@ class User < ActiveRecord::Base
Project
.
where
(
id:
events
)
Project
.
where
(
id:
events
)
end
end
def
match_domain
(
email_domains
)
email_domains
.
any?
do
|
domain
|
escaped
=
Regexp
.
escape
(
domain
).
gsub
(
'\*'
,
'.*?'
)
regexp
=
Regexp
.
new
"^
#{
escaped
}
$"
,
Regexp
::
IGNORECASE
email_domain
=
Mail
::
Address
.
new
(
self
.
email
).
domain
email_domain
=~
regexp
end
end
def
signup_domain_valid?
def
signup_domain_valid?
valid
=
true
valid
=
true
error
=
nil
if
current_application_settings
.
domain_blacklist_enabled?
if
current_application_settings
.
domain_blacklist_enabled?
blocked_domains
=
current_application_settings
.
domain_blacklist
blocked_domains
=
current_application_settings
.
domain_blacklist
if
match_domain
(
blocked_domains
)
if
match_domain
(
blocked_domains
,
self
.
email
)
self
.
errors
.
add
:email
,
'is not from an allowed domain.'
error
=
'is not from an allowed domain.'
valid
=
false
valid
=
false
end
end
end
end
allowed_domains
=
current_application_settings
.
restricted_signup_domains
allowed_domains
=
current_application_settings
.
restricted_signup_domains
unless
allowed_domains
.
blank?
unless
allowed_domains
.
blank?
if
match_domain
(
allowed_domains
)
if
match_domain
(
allowed_domains
,
self
.
email
)
self
.
errors
.
clear
valid
=
true
valid
=
true
else
else
self
.
errors
.
add
:email
,
error
=
"is not whitelisted. Email domains valid for registration are:
#{
allowed_domains
.
join
(
', '
)
}
"
'is not whitelisted. '
+
'Email domains valid for registration are: '
+
allowed_domains
.
join
(
', '
)
valid
=
false
valid
=
false
end
end
end
end
return
valid
self
.
errors
.
add
(
:email
,
error
)
unless
valid
valid
end
end
def
can_be_removed?
def
can_be_removed?
...
@@ -895,4 +885,15 @@ class User < ActiveRecord::Base
...
@@ -895,4 +885,15 @@ class User < ActiveRecord::Base
self
.
can_create_group
=
false
self
.
can_create_group
=
false
self
.
projects_limit
=
0
self
.
projects_limit
=
0
end
end
private
def
match_domain
(
email_domains
,
email
)
signup_domain
=
Mail
::
Address
.
new
(
email
).
domain
email_domains
.
any?
do
|
domain
|
escaped
=
Regexp
.
escape
(
domain
).
gsub
(
'\*'
,
'.*?'
)
regexp
=
Regexp
.
new
"^
#{
escaped
}
$"
,
Regexp
::
IGNORECASE
signup_domain
=~
regexp
end
end
end
end
doc/administration/access_restrictions.md
View file @
ce58437c
# Access Restrictions
# Access Restrictions
> **Note:** Th
is feature is
only available on versions 8.10 and above.
> **Note:** Th
ese features are
only available on versions 8.10 and above.
With GitLab's Access restrictions you can choose which Git access protocols you
With GitLab's Access restrictions you can choose which Git access protocols you
want your users to use to communicate with GitLab. This feature can be enabled
want your users to use to communicate with GitLab. This feature can be enabled
...
@@ -35,4 +35,22 @@ not selected.
...
@@ -35,4 +35,22 @@ not selected.
> **Note:** Please keep in mind that disabling an access protocol does not actually
> **Note:** Please keep in mind that disabling an access protocol does not actually
block access to the server itself. The ports used for the protocol, be it SSH or
block access to the server itself. The ports used for the protocol, be it SSH or
HTTP, will still be accessible. What GitLab does is restrict access on the
HTTP, will still be accessible. What GitLab does is restrict access on the
application level.
application level.
\ No newline at end of file
## Blacklist email domains
With this feature enabled, you can block email addresses of an specific domain
from creating an account on your GitLab server. This is particularly useful to
prevent spam. Disposable email addresses are usually used by malicious users to
create dummy accounts and spam issues.
This feature can be activated via the
`Application Settings`
in the Admin area,
and you have the option of entering the list manually, or uploading a file with
the list.
The blacklist accepts wildcards, so you can use
`*.test.com`
to block every
`test.com`
subdomain, or
`*.io`
to block all domains ending in
`.io`
. Domains
should be separated by a whitespace, semicolon, comma, or a new line.
![
Domain Blacklist
](
img/domain_blacklist.png
)
doc/administration/img/domain_blacklist.png
0 → 100644
View file @
ce58437c
174 KB
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment