Merge pull request #5 from coingaming/feat/registration-domain

feat: 🎸 registration only for allowed domains
coingaming · Jul 18, 2024 · d7be46b · d7be46b
2 parents 970d631 + 6738a5a
commit d7be46b
Show file tree

Hide file tree

Showing 6 changed files with 73 additions and 4 deletions.
diff --git a/config/.env.dev b/config/.env.dev
@@ -29,4 +29,6 @@ S3_ENDPOINT=http://localhost:10000
 S3_EXPORTS_BUCKET=dev-exports
 S3_IMPORTS_BUCKET=dev-imports
 
-VERIFICATION_ENABLED=false
+VERIFICATION_ENABLED=true
+DISABLE_REGISTRATION=false
+ALLOWED_DOMAINS="plausible.com,example.com"
diff --git a/config/.env.test b/config/.env.test
@@ -23,3 +23,4 @@ S3_REGION=us-east-1
 S3_ENDPOINT=http://localhost:10000
 S3_EXPORTS_BUCKET=test-exports
 S3_IMPORTS_BUCKET=test-imports
+ALLOWED_DOMAINS="plausible.com,example.com"
diff --git a/config/runtime.exs b/config/runtime.exs
@@ -293,6 +293,8 @@ secure_cookie =
 
 license_key = get_var_from_path_or_env(config_dir, "LICENSE_KEY", "")
 
+allowed_domains = get_var_from_path_or_env(config_dir, "ALLOWED_DOMAINS", "")
+
 config :plausible,
   environment: env,
   mailer_email: mailer_email,
@@ -301,7 +303,8 @@ config :plausible,
   custom_script_name: custom_script_name,
   log_failed_login_attempts: log_failed_login_attempts,
   license_key: license_key,
-  data_dir: data_dir
+  data_dir: data_dir,
+  allowed_domains: allowed_domains
 
 config :plausible, :selfhost,
   enable_email_verification: enable_email_verification,

diff --git a/lib/plausible_web/controllers/auth_controller.ex b/lib/plausible_web/controllers/auth_controller.ex
@@ -59,7 +59,8 @@ defmodule PlausibleWeb.AuthController do
   end
 
   def register(conn, %{"user" => %{"email" => email, "password" => password}}) do
-    with {:ok, user} <- login_user(conn, email, password) do
+    with {:domain_allowed, true} <- {:domain_allowed, domain_allowed?(email)},
+         {:ok, user} <- login_user(conn, email, password) do
       conn = set_user_session(conn, user)
 
       if user.email_verified do
@@ -68,6 +69,26 @@ defmodule PlausibleWeb.AuthController do
         Auth.EmailVerification.issue_code(user)
         redirect(conn, to: Routes.auth_path(conn, :activate_form))
       end
+    else
+      {:domain_allowed, false} ->
+        render(conn, "login_form.html",
+          error: "Registration not supported for your email domain.",
+          layout: {PlausibleWeb.LayoutView, "focus.html"}
+        )
+
+      conn ->
+        conn
+    end
+  end
+
+  defp domain_allowed?(email) do
+    allowed_domains =
+      Application.get_env(:plausible, :allowed_domains)
+      |> String.split(",")
+
+    case String.split(email, "@") do
+      [_, domain] -> domain in allowed_domains or allowed_domains == [""]
+      _ -> false
     end
   end
 

diff --git a/mix.exs b/mix.exs
@@ -83,7 +83,7 @@ defmodule Plausible.MixProject do
       {:envy, "~> 1.1.1"},
       {:eqrcode, "~> 0.1.10"},
       {:ex_machina, "~> 2.3", only: [:dev, :test, :ce_dev, :ce_test]},
-      {:excoveralls, "~> 0.10", only: :test},
+      {:excoveralls, "~> 0.10", only: [:test, :ce_test]},
       {:finch, "~> 0.17.0"},
       {:floki, "~> 0.35.0"},
       {:fun_with_flags, "~> 1.11.0"},

diff --git a/test/plausible_web/controllers/auth_controller_test.exs b/test/plausible_web/controllers/auth_controller_test.exs
@@ -92,6 +92,48 @@ defmodule PlausibleWeb.AuthControllerTest do
 
       assert get_session(conn, :current_user_id)
     end
+
+    test "domain not allowed", %{conn: conn} do
+      Repo.insert!(
+        User.new(%{
+          name: "Jane Doe",
+          email: "[email protected]",
+          password: "very-secret-and-very-long-123",
+          password_confirmation: "very-secret-and-very-long-123"
+        })
+      )
+
+      conn =
+        post(conn, "/register",
+          user: %{
+            email: "[email protected]",
+            password: "very-secret-and-very-long-123"
+          }
+        )
+
+      refute get_session(conn, :current_user_id)
+    end
+
+    test "email without @", %{conn: conn} do
+      Repo.insert!(
+        User.new(%{
+          name: "Jane Doe",
+          email: "usernot.allowed",
+          password: "very-secret-and-very-long-123",
+          password_confirmation: "very-secret-and-very-long-123"
+        })
+      )
+
+      conn =
+        post(conn, "/register",
+          user: %{
+            email: "usernot.allowed",
+            password: "very-secret-and-very-long-123"
+          }
+        )
+
+      refute get_session(conn, :current_user_id)
+    end
   end
 
   describe "GET /register/invitations/:invitation_id" do