Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent users from reusing a banned email after account is purged #19413

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

Prevent users from reusing a banned email after account is purged #19413

wants to merge 4 commits into from
+157 −2

Conversation

jdavcs
Copy link
Member

@jdavcs jdavcs commented Jan 17, 2025
edited
Loading

Implements #19095

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    1. enable new config option, add a list of banned emails
    2. try to register using a banned email (for gmail, try inserting periods and using plus addressing)

License

  • I agree to license these and all my past contributions to the core galaxy codebase under the MIT license.

@jdavcs jdavcs added kind/feature area/admin highlight/admin Included in admin/dev release notes labels Jan 17, 2025
@jdavcs jdavcs added this to the 25.0 milestone Jan 17, 2025
@jdavcs
Copy link
Member Author

jdavcs commented Jan 17, 2025

Test failures unrelated.

@jdavcs jdavcs requested a review from a team January 17, 2025 05:19
@bgruening
Copy link
Member

Would it make sense to consolidate this with the email-domain-blocklist?

@jdavcs
Copy link
Member Author

jdavcs commented Jan 17, 2025

Would it make sense to consolidate this with the email-domain-blocklist?

I don't think so. The application of the domain blocklist rule is contingent on the existence of the allowlist - i.e., by specifying an allowlist we block everything else, which makes the blocklist useless, which is why it is ignored in such cases. Thus, if we had "foo.com" in the allowlist, we couldn't block [email protected].

Could we change this logic and process the blocklist regardless to weed out exceptions? Sure. But, I think, that would lead to a more complex implementation: we'd have to combine the allowlist/blocklist logic with the banned emails logic - the ordering, as well as processing the domain part and the local-part of each entry. Whereas keeping them separate, I think, keeps the logic simple: first check if the actual email is banned, then process allow/block domain lists.

For the admin, I think having 2 lists, one of blocked domains and one of blocked addresses, should be easier to manage than a combined list of domains and addresses, even though it's two files instead of one. Duplication of domains across lists is not an issue. To me, the following looks more difficult to manage than two separate lists (see how domains and emails are interspersed after a sort):

another-bad-domain.com
[email protected]
bad-domain.com
[email protected]

ElectronicBlueberry
ElectronicBlueberry reviewed Jan 20, 2025
View reviewed changes
lib/galaxy/security/validate_user_input.py
localpart, domain = email.split("@")
if domain == "gmail.com":
localpart = localpart.replace(".", "")
if localpart.find("+") > -1:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

plus addressing / sub addressing is not a gmail exclusive feature. This works on many mail servers

ElectronicBlueberry
ElectronicBlueberry reviewed Jan 20, 2025
View reviewed changes
lib/galaxy/security/validate_user_input.py
"""
email = email.lower()
localpart, domain = email.split("@")
if domain == "gmail.com":
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is also "googlemail.com"

@ElectronicBlueberry
Copy link
Member

There are many ways to alias a mail. I suggest we catch some common ones we can find with a configuration file which admins can extend, should the need arise:

all:
  plus_addressing: true

gmail:
  aliases:
    - gmail.com
    - googlemail.com
  ignore_dots: true

proton:
  aliases:
    - proton.me
    - pm.me
    - protonmail.com
 
[...]

@martenson
Copy link
Member

martenson commented Jan 20, 2025
edited
Loading

Would it make sense to consolidate this with the email-domain-blocklist?

if you mean email_domain_blocklist_file I do not think that would bring us benefits. They serve different purposes and I doubt there is that big of an overlap within domains even.

+1 to @ElectronicBlueberry comments above

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ElectronicBlueberry ElectronicBlueberry ElectronicBlueberry left review comments

Assignees
No one assigned
Labels
area/admin highlight/admin Included in admin/dev release notes kind/feature
Projects
None yet
Milestone
25.0
Development

Successfully merging this pull request may close these issues.
4 participants
@jdavcs @bgruening @ElectronicBlueberry @martenson