Block disposabled emails (#9)

VernissageApp · Feb 25, 2024 · 09dd85f · 09dd85f
1 parent 6c6fc85
commit 09dd85f
Show file tree

Hide file tree

Showing 11 changed files with 3,853 additions and 2 deletions.
diff --git a/Resources/disposable-emails.txt b/Resources/disposable-emails.txt
diff --git a/Sources/VernissageServer/Application+Configure.swift b/Sources/VernissageServer/Application+Configure.swift
@@ -266,6 +266,8 @@ extension Application {
         self.migrations.add(Attachment.AddLicense())
         self.migrations.add(User.CreateLastLoginDate())
 
+        self.migrations.add(DisposableEmail.CreateDisposableEmails())
+
         try await self.autoMigrate()
     }
 

diff --git a/Sources/VernissageServer/Errors/RegisterError.swift b/Sources/VernissageServer/Errors/RegisterError.swift
@@ -21,6 +21,7 @@ enum RegisterError: String, Error {
     case reasonIsMandatory
     case invitationTokenIsInvalid
     case invitationTokenHasBeenUsed
+    case disposableEmailCannotBeUsed
 }
 
 extension RegisterError: TerminateError {
@@ -49,6 +50,7 @@ extension RegisterError: TerminateError {
         case .reasonIsMandatory: return "Reason is mandatory when only registration by approval is enabled."
         case .invitationTokenIsInvalid: return "Invitation token is invalid."
         case .invitationTokenHasBeenUsed: return "Invitation token has been used."
+        case .disposableEmailCannotBeUsed: return "Disposable email cannot be used."
         }
     }
 

diff --git a/Sources/VernissageServer/Extensions/Application+Seed.swift b/Sources/VernissageServer/Extensions/Application+Seed.swift
@@ -19,6 +19,7 @@ extension Application {
         try await locations(on: database)
         try await categories(on: database)
         try await licenses(on: database)
+        try await disposableEmails(on: database)
     }
 
     func seedAdmin() async throws {
@@ -524,6 +525,46 @@ extension Application {
         }
     }
 
+    /// Emails that are temporary. Fresh list can be found here: https://github.com/disposable-email-domains/disposable-email-domains.
+    private func disposableEmails(on database: Database) async throws {
+        if self.environment == .testing {
+            self.logger.notice("Disposable emails are not initialized during testing (testing environment is set).")
+            return
+        }
+
+        self.logger.info("Disposable emails have to be added to the database, this may take a while.")
+        let dispisableEmailsPath = self.directory.resourcesDirectory.finished(with: "/") + "disposable-emails.txt"
+
+        guard let fileHandle = FileHandle(forReadingAtPath: dispisableEmailsPath) else {
+            self.logger.notice("File with disposable emails cannot be opened ('\(dispisableEmailsPath)').")
+            return
+        }
+
+        guard let fileData = try fileHandle.readToEnd() else {
+            self.logger.notice("Cannot read file with disposable emails ('\(dispisableEmailsPath)').")
+            return
+        }
+
+        guard let disposableEmailsString = String(data: fileData, encoding: .utf8) else {
+            self.logger.notice("Cannot create string from file data ('\(dispisableEmailsPath)').")
+            return
+        }
+
+        let dispisableEmailsLines = disposableEmailsString.split(separator: "\n")
+
+        let amountInDatabase = try await DisposableEmail.query(on: database).count()
+        if amountInDatabase == dispisableEmailsLines.count {
+            self.logger.info("All disposable emails has been already added to the database.")
+            return
+        }
+
+        try await dispisableEmailsLines.asyncForEach { line in
+            try await ensureDisposableEmailExists(on: database, domain: String(line))
+        }
+
+        self.logger.info("All disposable emails added.")
+    }
+
     private func ensureSettingExists(on database: Database, existing settings: [Setting], key: SettingKey, value: SettingValue) async throws {
         if !settings.contains(where: { $0.key == key.rawValue }) {
             let setting = Setting(key: key.rawValue, value: value.value())
@@ -715,4 +756,18 @@ extension Application {
             _ = try await localizable.save(on: database)
         }
     }
+
+    private func ensureDisposableEmailExists(on database: Database, domain: String) async throws {
+        let domainNormalized = domain.uppercased()
+        let disposableEmailFromDatabase = try await DisposableEmail.query(on: database)
+            .filter(\.$domainNormalized == domainNormalized)
+            .first()
+
+        if disposableEmailFromDatabase != nil {
+            return
+        }
+
+        let disposableEmail = DisposableEmail(domain: domain)
+        _ = try await disposableEmail.save(on: database)
+    }
 }
diff --git a/Sources/VernissageServer/Migrations/CreateDisposableEmails.swift b/Sources/VernissageServer/Migrations/CreateDisposableEmails.swift
@@ -0,0 +1,37 @@
+//
+//  https://mczachurski.dev
+//  Copyright © 2023 Marcin Czachurski and the repository contributors.
+//  Licensed under the Apache License 2.0.
+//
+
+import Vapor
+import Fluent
+import SQLKit
+
+extension DisposableEmail {
+    struct CreateDisposableEmails: AsyncMigration {
+        func prepare(on database: Database) async throws {
+            try await database
+                .schema(DisposableEmail.schema)
+                .field(.id, .int64, .identifier(auto: false))
+                .field("domain", .string, .required)
+                .field("domainNormalized", .string, .required)
+                .field("createdAt", .datetime)
+                .field("updatedAt", .datetime)
+                .unique(on: "domain")
+                .create()
+
+            if let sqlDatabase = database as? SQLDatabase {
+                try await sqlDatabase
+                    .create(index: "domainNormalizedIndex")
+                    .on(DisposableEmail.schema)
+                    .column("domainNormalized")
+                    .run()
+            }
+        }
+
+        func revert(on database: Database) async throws {
+            try await database.schema(DisposableEmail.schema).delete()
+        }
+    }
+}
diff --git a/Sources/VernissageServer/Models/DisposableEmail.swift b/Sources/VernissageServer/Models/DisposableEmail.swift
@@ -0,0 +1,43 @@
+//
+//  https://mczachurski.dev
+//  Copyright © 2023 Marcin Czachurski and the repository contributors.
+//  Licensed under the Apache License 2.0.
+//
+
+import Fluent
+import Vapor
+import Frostflake
+
+/// Information about disposabled domains. That kind of domains cannot be used during registration process.
+final class DisposableEmail: Model {
+    static let schema: String = "DisposableEmails"
+
+    @ID(custom: .id, generatedBy: .user)
+    var id: Int64?
+
+    @Field(key: "domain")
+    var domain: String
+
+    @Field(key: "domainNormalized")
+    var domainNormalized: String
+
+    @Timestamp(key: "createdAt", on: .create)
+    var createdAt: Date?
+
+    @Timestamp(key: "updatedAt", on: .update)
+    var updatedAt: Date?
+
+    init() {
+        self.id = .init(bitPattern: Frostflake.generate())
+    }
+
+    convenience init(id: Int64? = nil, domain: String) {
+        self.init()
+
+        self.domain = domain
+        self.domainNormalized = domain.uppercased()
+    }
+}
+
+/// Allows `DisposableEmail` to be encoded to and decoded from HTTP messages.
+extension DisposableEmail: Content { }
diff --git a/Sources/VernissageServer/Services/ActivityPubService.swift b/Sources/VernissageServer/Services/ActivityPubService.swift
@@ -278,10 +278,10 @@ final class ActivityPubService: ActivityPubServiceType {
         }
 
         let statusId = try status.requireID()
-        context.logger.warning("Deleting status '\(statusId)' (reblog) from local database.")
+        context.logger.info("Deleting status '\(statusId)' (reblog) from local database.")
         try await statusesService.delete(id: statusId, on: context.application.db)
 
-        context.logger.warning("Recalculating reblogs for orginal status '\(orginalStatusId)' in local database.")
+        context.logger.info("Recalculating reblogs for orginal status '\(orginalStatusId)' in local database.")
         try await statusesService.updateReblogsCount(for: orginalStatusId, on: context.application.db)
     }
 

diff --git a/Sources/VernissageServer/Services/UsersService.swift b/Sources/VernissageServer/Services/UsersService.swift
@@ -343,6 +343,16 @@ final class UsersService: UsersServiceType {
         if user != nil {
             throw RegisterError.emailIsAlreadyConnected
         }
+
+        guard let emailDomain = emailNormalized.split(separator: "@").last else {
+            return
+        }
+
+        let emailDomainString = String(emailDomain)
+        let disposableEmail = try await DisposableEmail.query(on: request.db).filter(\.$domainNormalized == emailDomainString).first()
+        if disposableEmail != nil {
+            throw RegisterError.disposableEmailCannotBeUsed
+        }
     }
 
     func updateUser(on request: Request, userDto: UserDto, userNameNormalized: String) async throws -> User {

diff --git a/Tests/VernissageServerTests/AcceptanceTests/AccountController/ChangeEmailActionTests.swift b/Tests/VernissageServerTests/AcceptanceTests/AccountController/ChangeEmailActionTests.swift
@@ -86,4 +86,24 @@ final class ChangeEmailActionTests: CustomTestCase {
         XCTAssertEqual(errorResponse.status, HTTPResponseStatus.badRequest, "Response http status code should be bad request (400).")
         XCTAssertEqual(errorResponse.error.code, "emailIsAlreadyConnected", "Error code should be equal 'emailIsAlreadyConnected'.")
     }
+
+    func testEmailShouldNotBeChangedWhenIsDisposabledEmail() async throws {
+
+        // Arrange.
+        _ = try await DisposableEmail.create(domain: "10minutes.org")
+        _ = try await User.create(userName: "kevinkrock")
+        let changeEmailDto = ChangeEmailDto(email: "[email protected]", redirectBaseUrl: "http://localhost:8080/")
+
+        // Act.
+        let errorResponse = try SharedApplication.application().getErrorResponse(
+            as: .user(userName: "kevinkrock", password: "p@ssword"),
+            to: "/account/email",
+            method: .PUT,
+            data: changeEmailDto
+        )
+
+        // Assert.
+        XCTAssertEqual(errorResponse.status, HTTPResponseStatus.badRequest, "Response http status code should be bad request (400).")
+        XCTAssertEqual(errorResponse.error.code, "disposableEmailCannotBeUsed", "Error code should be equal 'disposableEmailCannotBeUsed'.")
+    }
 }
diff --git a/Tests/VernissageServerTests/AcceptanceTests/RegisterController/RegisterActionTests.swift b/Tests/VernissageServerTests/AcceptanceTests/RegisterController/RegisterActionTests.swift
@@ -634,4 +634,29 @@ final class RegisterActionTests: CustomTestCase {
         XCTAssertEqual(errorResponse.status, HTTPResponseStatus.forbidden, "Response http status code should be forbidden (403).")
         XCTAssertEqual(errorResponse.error.code, "invitationTokenHasBeenUsed", "Error code should be equal 'invitationTokenHasBeenUsed'.")
     }
+
+    func testUserShouldNotBeCreatedWhenRegisteringWithDisposableEmail() async throws {
+
+        // Arrange.
+        _ = try await DisposableEmail.create(domain: "10minutes.net")
+
+        let registerUserDto = RegisterUserDto(userName: "robingobis",
+                                              email: "[email protected]",
+                                              password: "p@ssword",
+                                              redirectBaseUrl: "http://localhost:4200",
+                                              agreement: true,
+                                              name: "Robin Gobis",
+                                              securityToken: "123")
+
+        // Act.
+        let errorResponse = try SharedApplication.application().getErrorResponse(
+            to: "/register",
+            method: .POST,
+            data: registerUserDto
+        )
+
+        // Assert.
+        XCTAssertEqual(errorResponse.status, HTTPResponseStatus.badRequest, "Response http status code should be bad request (400).")
+        XCTAssertEqual(errorResponse.error.code, "disposableEmailCannotBeUsed", "Error code should be equal 'disposableEmailCannotBeUsed'.")
+    }
 }
diff --git a/Tests/VernissageServerTests/Helpers/Extensions/DisposableEmail.swift b/Tests/VernissageServerTests/Helpers/Extensions/DisposableEmail.swift
@@ -0,0 +1,23 @@
+//
+//  https://mczachurski.dev
+//  Copyright © 2023 Marcin Czachurski and the repository contributors.
+//  Licensed under the Apache License 2.0.
+//
+
+@testable import VernissageServer
+import XCTVapor
+import Fluent
+
+extension VernissageServer.DisposableEmail {
+    static func get(domain: String) async throws -> VernissageServer.DisposableEmail? {
+        return try await VernissageServer.DisposableEmail.query(on: SharedApplication.application().db)
+            .filter(\.$domainNormalized == domain.uppercased())
+            .first()
+    }
+
+    static func create(domain: String) async throws -> DisposableEmail {
+        let disposableEmail = DisposableEmail(domain: domain)
+        _ = try await disposableEmail.save(on: SharedApplication.application().db)
+        return disposableEmail
+    }
+}