From 656f72948c939cee804c2d33174204be6e9101a8 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 12 Jul 2016 21:32:11 +0000 Subject: [PATCH 1/2] Backport FAS patch 168 Signed-off-by: Patrick Uiterwijk --- roles/fas_server/files/user.py | 3 ++- roles/fas_server/files/validators.py | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/roles/fas_server/files/user.py b/roles/fas_server/files/user.py index c65086aae2..6d2afd8bac 100644 --- a/roles/fas_server/files/user.py +++ b/roles/fas_server/files/user.py @@ -88,7 +88,7 @@ from fas.auth import ( from fas.util import available_languages from fas.validators import KnownUser, PasswordStrength, ValidGPGKeyID, \ ValidSSHKey, NonFedoraEmail, ValidLanguage, UnknownUser, ValidUsername, \ - ValidHumanWithOverride, MaybeFloat, EVEmail + ValidHumanWithOverride, MaybeFloat, EVEmail, NonBlockedEmail from fas import _ #ADMIN_GROUP = config.get('admingroup', 'accounts') @@ -113,6 +113,7 @@ class UserCreate(validators.Schema): validators.Email(not_empty=True, strip=True), NonFedoraEmail(not_empty=True, strip=True), EVEmail(not_empty=True, strip=True), + NonBlockedEmail(not_empty=True, strip=True), ) verify_email = validators.All( validators.Email(not_empty=True, strip=True), diff --git a/roles/fas_server/files/validators.py b/roles/fas_server/files/validators.py index 072d854417..db647a4442 100644 --- a/roles/fas_server/files/validators.py +++ b/roles/fas_server/files/validators.py @@ -274,6 +274,25 @@ class ValidUsername(validators.FancyValidator): raise validators.Invalid(self.message('blacklist', state, username=value), value, state) + +class NonBlockedEmail(validators.FancyValidator): + '''Make sure that a username isn't blacklisted''' + email_blacklist = config.get('email_domain_blacklist').split(',') + + messages = {'blacklist': _("'%(email)s' is a blacklisted email.")} + + def _to_python(self, value, state): + # pylint: disable-msg=C0111,W0613 + return value.strip() + + def validate_python(self, value, state): + # pylint: disable-msg=C0111 + for blocked in self.email_blacklist: + if value.endswith(blocked): + raise validators.Invalid(self.message('blacklist', state, email=value), + value, state) + + class ValidLanguage(validators.FancyValidator): '''Make sure that a username isn't blacklisted''' messages = {'not_available': _("The language '%(lang)s' is not available.")} From d6fce05c1a30dfc65a6261304a4327101bdf8d3f Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Tue, 12 Jul 2016 21:33:20 +0000 Subject: [PATCH 2/2] Add fas config for blocked email domains Signed-off-by: Patrick Uiterwijk --- roles/fas_server/templates/fas.cfg.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/fas_server/templates/fas.cfg.j2 b/roles/fas_server/templates/fas.cfg.j2 index 9461ed0dad..b8162b1997 100644 --- a/roles/fas_server/templates/fas.cfg.j2 +++ b/roles/fas_server/templates/fas.cfg.j2 @@ -63,6 +63,7 @@ tgcaptcha2.jpeg_generator = 'vanasco_dowty' # Usernames that are unavailable for fas allocation username_blacklist = "abuse,accounts,adm,admin,amanda,apache,askfedora,asterisk,bin,board,bodhi2,canna,census,chair,chairman,containerbuild,cvsdirsec,cvsdocs,cvseclipse,cvsextras,cvsfont,daemon,dbus,decode,desktop,dgilmore,directors,dovecot,dumper,fama,famsco,fas,fax,fedora,fedorarewards,fesco,freemedia,ftbfs,ftp,ftpadm,ftpadmin,ftpsync,games,gdm,gnomebackup,gopher,gregdek,halt,hostmaster,hotness,ident,info,ingres,jaboutboul,jan,keys,kojiadmin,ldap,legal,logo,lp,mail,mailnull,manager,marketing,masher,masta,mirrormanager,mysql,nagios,named,netdump,news,newsadm,newsadmin,nfsnobody,nobody,noc,notifications,nrpe,nscd,ntp,nut,openvideo,operator,packager,patrick,pcap,pkgdb,pkgsigner,postfix,postgres,postmaster,press,privoxy,pvm,quagga,radiusd,radvd,relnotes,relrod,rel-eng,root,rpc,rpcuser,rpm,rsc,s3-mirror,sales,scholarship,secalert,secondary-signer,security,server-wg,shutdown,smmsp,spevack,squid,sshd,support,sync,system,tickets,toor,updates,usenet,uucp,vcsa,vendors,vendor-support,voting,webalizer,webmaster,wikiadmin,wnn,www,xfs,zabbix" +email_domain_blacklist = "{{ fas_blocked_emails }}" # admingroup has powers to change anything in the fas UI admingroup = 'accounts'