From d64f193f9e02670a7204400d554c5434c2464302 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Paul=20M=C3=BCller?= Date: Sun, 28 Nov 2021 01:50:34 +0100 Subject: [PATCH] enh: next escalation step against spam registration (#14) --- CHANGELOG | 2 ++ ckanext/dcor_schemas/auth.py | 16 +++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index c576ae2..6662f1a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,5 @@ +0.17.1 + - enh: next escalation step against spam registration (#14) 0.17.0 - fix: disallow bulk menu for making datasets private (#23) - enh: don't show package editing options to users who don't diff --git a/ckanext/dcor_schemas/auth.py b/ckanext/dcor_schemas/auth.py index d11272c..694faf3 100644 --- a/ckanext/dcor_schemas/auth.py +++ b/ckanext/dcor_schemas/auth.py @@ -1,4 +1,5 @@ from email.utils import parseaddr +import re from ckan.common import asbool, config from ckan import logic @@ -332,6 +333,19 @@ def user_create(context, data_dict=None): if data_dict is None: data_dict = {} + for name in ["fullname", "name", "display_name", "email"]: + if data_dict.get(name, "").lower().count("xx"): + # script kiddies + return {'success': False, + 'msg': f'SPAM registration detected!'} + + if "image_url" in data_dict: + imgu = data_dict.get("image_url", "").lower() + if imgu: + if not re.search(r"\.(png|jpg|jpeg)$", imgu): + return {'success': False, + 'msg': f'SPAM registration detected!'} + if "email" in data_dict: # somebody is attempting to create a user email = data_dict.get("email", "").strip() @@ -349,6 +363,6 @@ def user_create(context, data_dict=None): domain = email.split("@")[1] if domain in ["gmail.com"]: return {'success': False, - 'msg': f'Domain not allowed due to spam: {domain}!'} + 'msg': f'SPAM registration detected!'} return {'success': True}