diff options
| author |  Vitaly Takmazov | 2024-05-24 15:19:14 +0300 |
|---|---|---|
| committer | Vitaly Takmazov | 2024-05-24 16:11:10 +0300 |
| commit | 85199c72f0d90932ab42f377ff457ce8376b19ed (patch) | |
| tree | 6e2ce6b81202365205d160e474fda287951a3b43 /src/main/java/com/juick/www/controllers | |
| parent | dfa030a3765c5b5e43e263234155d344f5c6186e (diff) | |
Do not allow disposable emails
Diffstat (limited to 'src/main/java/com/juick/www/controllers')
| -rw-r--r-- | src/main/java/com/juick/www/controllers/Settings.java | 42 |
1 files changed, 23 insertions, 19 deletions
diff --git a/src/main/java/com/juick/www/controllers/Settings.java b/src/main/java/com/juick/www/controllers/Settings.java index 457985b5..8d66bd36 100644 --- a/src/main/java/com/juick/www/controllers/Settings.java +++ b/src/main/java/com/juick/www/controllers/Settings.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2023, Juick + * Copyright (C) 2008-2024, Juick * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -175,25 +175,29 @@ public class Settings { } break; case "email-add": - if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) { - String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); - if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) { - Session session = Session.getDefaultInstance(System.getProperties()); - try { - MimeMessage message = new MimeMessage(session); - message.setFrom(new InternetAddress("noreply@juick.com")); - message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account"))); - message.setSubject("Juick authorization link"); - message.setText(String.format("Follow link to attach this email to Juick account:\n" + - "http://juick.com/settings?page=auth-email&code=%s\n\n" + - "If you don't know, what this mean - just ignore this mail.\n", authCode)); - Transport.send(message); - result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" + - "<p><a href=\"/settings\">Back</a></p>"; + if (!emailService.isValidEmail(request.getParameter("account"))) { + result = "<p>Invalid email. <a href=\"/settings\">Back</a>.</p>"; + } else { + if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) { + String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); + if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) { + Session session = Session.getDefaultInstance(System.getProperties()); + try { + MimeMessage message = new MimeMessage(session); + message.setFrom(new InternetAddress("noreply@juick.com")); + message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account"))); + message.setSubject("Juick authorization link"); + message.setText(String.format("Follow link to attach this email to Juick account:\n" + + "http://juick.com/settings?page=auth-email&code=%s\n\n" + + "If you don't know, what this mean - just ignore this mail.\n", authCode)); + Transport.send(message); + result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" + + "<p><a href=\"/settings\">Back</a></p>"; - } catch (MessagingException ex) { - logger.error("mail exception", ex); - throw new HttpBadRequestException(); + } catch (MessagingException ex) { + logger.error("mail exception", ex); + throw new HttpBadRequestException(); + } } } } |