Added some heuristics for detecting suspicious emails.

This commit is contained in:
Azareal 2018-06-30 20:22:39 +10:00
parent c640a73afd
commit 2319548e1f
2 changed files with 31 additions and 0 deletions

View File

@ -243,6 +243,32 @@ func NameToSlug(name string) (slug string) {
return slug return slug
} }
// TODO: Write a test for this
func HasSuspiciousEmail(email string) bool {
lowEmail := strings.ToLower(email)
// TODO: Use a more flexible blacklist, perhaps with a similar mechanism to the HTML tag registration system in PreparseMessage()
if strings.Contains(lowEmail, "casino") || strings.Contains(lowEmail, "viagra") {
return true
}
var dotCount int
var shortBits int
var currentSegmentLength int
for _, char := range lowEmail {
if char == '.' {
dotCount++
if currentSegmentLength < 3 {
shortBits++
}
currentSegmentLength = 0
} else {
currentSegmentLength++
}
}
return dotCount > 7 || shortBits > 2
}
// TODO: Write a test for this // TODO: Write a test for this
func WeakPassword(password string, username string, email string) error { func WeakPassword(password string, username string, email string) error {
lowPassword := strings.ToLower(password) lowPassword := strings.ToLower(password)

View File

@ -251,6 +251,11 @@ func AccountRegisterSubmit(w http.ResponseWriter, r *http.Request, user common.U
regError("You didn't put in an email.", "no-email") regError("You didn't put in an email.", "no-email")
} }
ok := common.HasSuspiciousEmail(email)
if ok {
regError("Your email address is suspicious.", "suspicious-email")
}
password := r.PostFormValue("password") password := r.PostFormValue("password")
// ? Move this into Create()? What if we want to programatically set weak passwords for tests? // ? Move this into Create()? What if we want to programatically set weak passwords for tests?
err := common.WeakPassword(password, username, email) err := common.WeakPassword(password, username, email)