Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
d9ee55ee
Commit
d9ee55ee
authored
Jan 12, 2017
by
Reza Mohammadi
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Bypass signup domain validation for external users
Fixes #25279
parent
bbb7fbcd
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
36 additions
and
4 deletions
+36
-4
app/models/user.rb
app/models/user.rb
+1
-1
changelogs/unreleased/bypass-email-domain-validation-when-created-by-admin.yml
.../bypass-email-domain-validation-when-created-by-admin.yml
+4
-0
doc/user/admin_area/settings/sign_up_restrictions.md
doc/user/admin_area/settings/sign_up_restrictions.md
+21
-3
spec/models/user_spec.rb
spec/models/user_spec.rb
+10
-0
No files found.
app/models/user.rb
View file @
d9ee55ee
...
@@ -119,7 +119,7 @@ class User < ActiveRecord::Base
...
@@ -119,7 +119,7 @@ class User < ActiveRecord::Base
validates
:avatar
,
file_size:
{
maximum:
200
.
kilobytes
.
to_i
}
validates
:avatar
,
file_size:
{
maximum:
200
.
kilobytes
.
to_i
}
before_validation
:generate_password
,
on: :create
before_validation
:generate_password
,
on: :create
before_validation
:signup_domain_valid?
,
on: :create
before_validation
:signup_domain_valid?
,
on: :create
,
if:
->
(
user
)
{
!
user
.
created_by_id
}
before_validation
:sanitize_attrs
before_validation
:sanitize_attrs
before_validation
:set_notification_email
,
if:
->
(
user
)
{
user
.
email_changed?
}
before_validation
:set_notification_email
,
if:
->
(
user
)
{
user
.
email_changed?
}
before_validation
:set_public_email
,
if:
->
(
user
)
{
user
.
public_email_changed?
}
before_validation
:set_public_email
,
if:
->
(
user
)
{
user
.
public_email_changed?
}
...
...
changelogs/unreleased/bypass-email-domain-validation-when-created-by-admin.yml
0 → 100644
View file @
d9ee55ee
---
title
:
Bypass email domain validation when a user is created by an admin.
merge_request
:
8575
author
:
Reza Mohammadi @remohammadi
doc/user/admin_area/settings/sign_up_restrictions.md
View file @
d9ee55ee
# Sign-up restrictions
# Sign-up restrictions
You can block email addresses of specific domains, or whitelist only some
specifc domains via the
**Application Settings**
in the Admin area.
>**Note**: These restrictions are only applied during sign-up. An admin is
able to add add a user through the admin panel with a disallowed domain. Also
note that the users can change their email addresses after signup to
disallowed domains.
## Whitelist email domains
> [Introduced][ce-598] in GitLab 7.11.0
You can restrict users to only signup using email addresses matching the given
domains list.
## Blacklist email domains
## Blacklist email domains
> [Introduced][ce-5259] in GitLab 8.10.
> [Introduced][ce-5259] in GitLab 8.10.
...
@@ -9,13 +24,16 @@ from creating an account on your GitLab server. This is particularly useful to
...
@@ -9,13 +24,16 @@ from creating an account on your GitLab server. This is particularly useful to
prevent spam. Disposable email addresses are usually used by malicious users to
prevent spam. Disposable email addresses are usually used by malicious users to
create dummy accounts and spam issues.
create dummy accounts and spam issues.
## Settings
This feature can be activated via the
**Application Settings**
in the Admin area,
This feature can be activated via the
**Application Settings**
in the Admin area,
and you have the option of entering the list manually, or uploading a file with
and you have the option of entering the list manually, or uploading a file with
the list.
the list.
The blacklist accepts wildcards, so you can use
`*.test.com`
to block every
Both whitelist and blacklist accept wildcards, so for example, you can use
`test.com`
subdomain, or
`*.io`
to block all domains ending in
`.io`
. Domains
`*.company.com`
to accept every
`company.com`
subdomain, or
`*.io`
to block all
should be separated by a whitespace, semicolon, comma, or a new line.
domains ending in
`.io`
. Domains should be separated by a whitespace,
semicolon, comma, or a new line.
![
Domain Blacklist
](
img/domain_blacklist.png
)
![
Domain Blacklist
](
img/domain_blacklist.png
)
...
...
spec/models/user_spec.rb
View file @
d9ee55ee
...
@@ -141,6 +141,11 @@ describe User, models: true do
...
@@ -141,6 +141,11 @@ describe User, models: true do
user
=
build
(
:user
,
email:
"example@test.com"
)
user
=
build
(
:user
,
email:
"example@test.com"
)
expect
(
user
).
to
be_invalid
expect
(
user
).
to
be_invalid
end
end
it
'accepts example@test.com when added by another user'
do
user
=
build
(
:user
,
email:
"example@test.com"
,
created_by_id:
1
)
expect
(
user
).
to
be_valid
end
end
end
context
'domain blacklist'
do
context
'domain blacklist'
do
...
@@ -159,6 +164,11 @@ describe User, models: true do
...
@@ -159,6 +164,11 @@ describe User, models: true do
user
=
build
(
:user
,
email:
'info@example.com'
)
user
=
build
(
:user
,
email:
'info@example.com'
)
expect
(
user
).
not_to
be_valid
expect
(
user
).
not_to
be_valid
end
end
it
'accepts info@example.com when added by another user'
do
user
=
build
(
:user
,
email:
'info@example.com'
,
created_by_id:
1
)
expect
(
user
).
to
be_valid
end
end
end
context
'when a signup domain is blacklisted but a wildcard subdomain is allowed'
do
context
'when a signup domain is blacklisted but a wildcard subdomain is allowed'
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment