aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/www/controllers
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2024-05-24 15:19:14 +0300
committerGravatar Vitaly Takmazov2024-05-24 16:11:10 +0300
commit85199c72f0d90932ab42f377ff457ce8376b19ed (patch)
tree6e2ce6b81202365205d160e474fda287951a3b43 /src/main/java/com/juick/www/controllers
parentdfa030a3765c5b5e43e263234155d344f5c6186e (diff)
Do not allow disposable emails
Diffstat (limited to 'src/main/java/com/juick/www/controllers')
-rw-r--r--src/main/java/com/juick/www/controllers/Settings.java42
1 files changed, 23 insertions, 19 deletions
diff --git a/src/main/java/com/juick/www/controllers/Settings.java b/src/main/java/com/juick/www/controllers/Settings.java
index 457985b5..8d66bd36 100644
--- a/src/main/java/com/juick/www/controllers/Settings.java
+++ b/src/main/java/com/juick/www/controllers/Settings.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2023, Juick
+ * Copyright (C) 2008-2024, Juick
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -175,25 +175,29 @@ public class Settings {
}
break;
case "email-add":
- if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
- String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
- if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
- Session session = Session.getDefaultInstance(System.getProperties());
- try {
- MimeMessage message = new MimeMessage(session);
- message.setFrom(new InternetAddress("noreply@juick.com"));
- message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
- message.setSubject("Juick authorization link");
- message.setText(String.format("Follow link to attach this email to Juick account:\n" +
- "http://juick.com/settings?page=auth-email&code=%s\n\n" +
- "If you don't know, what this mean - just ignore this mail.\n", authCode));
- Transport.send(message);
- result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
- "<p><a href=\"/settings\">Back</a></p>";
+ if (!emailService.isValidEmail(request.getParameter("account"))) {
+ result = "<p>Invalid email. <a href=\"/settings\">Back</a>.</p>";
+ } else {
+ if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
+ String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
+ if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
+ Session session = Session.getDefaultInstance(System.getProperties());
+ try {
+ MimeMessage message = new MimeMessage(session);
+ message.setFrom(new InternetAddress("noreply@juick.com"));
+ message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
+ message.setSubject("Juick authorization link");
+ message.setText(String.format("Follow link to attach this email to Juick account:\n" +
+ "http://juick.com/settings?page=auth-email&code=%s\n\n" +
+ "If you don't know, what this mean - just ignore this mail.\n", authCode));
+ Transport.send(message);
+ result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
+ "<p><a href=\"/settings\">Back</a></p>";
- } catch (MessagingException ex) {
- logger.error("mail exception", ex);
- throw new HttpBadRequestException();
+ } catch (MessagingException ex) {
+ logger.error("mail exception", ex);
+ throw new HttpBadRequestException();
+ }
}
}
}