identity: prevent users with disposable emails from signing up
while this is not a perfect way to prevent abuse of service, we do want to avoid getting spammed with fake accounts. Creating a valid email account is significantly more cumbersome than using a disposable email address. Currently the list of blacklisted domains is extracted from https://github.com/disposable/disposable and it is refreshed after every 24 hours.
This commit is contained in:
@@ -54,7 +54,7 @@ namespace Streetwriters.Identity.Controllers
|
||||
public async Task<IActionResult> Signup([FromForm] SignupForm form)
|
||||
{
|
||||
var client = Clients.FindClientById(form.ClientId);
|
||||
if (client == null) return BadRequest("Invalid client_id.");
|
||||
if (client == null) return BadRequest(new string[] { "Invalid client id." });
|
||||
|
||||
await AddClientRoleAsync(client.Id);
|
||||
|
||||
@@ -62,6 +62,8 @@ namespace Streetwriters.Identity.Controllers
|
||||
form.Email = form.Email.ToLowerInvariant();
|
||||
form.Username = form.Username?.ToLowerInvariant();
|
||||
|
||||
if (!await EmailAddressValidator.IsEmailAddressValidAsync(form.Email)) return BadRequest(new string[] { "Invalid email address." });
|
||||
|
||||
var result = await UserManager.CreateAsync(new User
|
||||
{
|
||||
Email = form.Email,
|
||||
@@ -85,7 +87,7 @@ namespace Streetwriters.Identity.Controllers
|
||||
}
|
||||
else
|
||||
{
|
||||
return BadRequest(new string[] { "Email is invalid or already taken." });
|
||||
return BadRequest(new string[] { "Invalid email address." });
|
||||
}
|
||||
|
||||
return Ok(new
|
||||
|
||||
Reference in New Issue
Block a user