Merge branch 'master' of /git/ansible

* 'master' of /git/ansible:
  Add fas config for blocked email domains
  Backport FAS patch 168

roles/fas_server/files/user.py

@@ -88,7 +88,7 @@ from fas.auth import (
 from fas.util import available_languages
 from fas.validators import KnownUser, PasswordStrength, ValidGPGKeyID, \
     ValidSSHKey, NonFedoraEmail, ValidLanguage, UnknownUser, ValidUsername, \
-    ValidHumanWithOverride, MaybeFloat, EVEmail
+    ValidHumanWithOverride, MaybeFloat, EVEmail, NonBlockedEmail
 from fas import _
 
 #ADMIN_GROUP = config.get('admingroup', 'accounts')
@@ -113,6 +113,7 @@ class UserCreate(validators.Schema):
         validators.Email(not_empty=True, strip=True),
         NonFedoraEmail(not_empty=True, strip=True),
         EVEmail(not_empty=True, strip=True),
+        NonBlockedEmail(not_empty=True, strip=True),
     )
     verify_email = validators.All(
         validators.Email(not_empty=True, strip=True),

roles/fas_server/files/validators.py

@@ -274,6 +274,25 @@ class ValidUsername(validators.FancyValidator):
             raise validators.Invalid(self.message('blacklist', state, username=value),
                     value, state)
 
+
+class NonBlockedEmail(validators.FancyValidator):
+    '''Make sure that a username isn't blacklisted'''
+    email_blacklist = config.get('email_domain_blacklist').split(',')
+
+    messages = {'blacklist': _("'%(email)s' is a blacklisted email.")}
+
+    def _to_python(self, value, state):
+        # pylint: disable-msg=C0111,W0613
+        return value.strip()
+
+    def validate_python(self, value, state):
+        # pylint: disable-msg=C0111
+        for blocked in self.email_blacklist:
+            if value.endswith(blocked):
+                raise validators.Invalid(self.message('blacklist', state, email=value),
+                    value, state)
+
+
 class ValidLanguage(validators.FancyValidator):
     '''Make sure that a username isn't blacklisted'''
     messages = {'not_available': _("The language '%(lang)s' is not available.")}

roles/fas_server/templates/fas.cfg.j2

@@ -63,6 +63,7 @@ tgcaptcha2.jpeg_generator = 'vanasco_dowty'
 
 # Usernames that are unavailable for fas allocation
 username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,bin,board,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fax,fedora,fedorarewards,fesco,freemedia,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,keys,kojiadmin,ldap,legal,logo,lp,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix"
+email_domain_blacklist = "{{ fas_blocked_emails }}"
 
 # admingroup has powers to change anything in the fas UI
 admingroup = 'accounts'