aboutsummaryrefslogtreecommitdiff
path: root/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java')
-rw-r--r--src/main/java/com/juick/service/EmailService.java3
-rw-r--r--src/main/java/com/juick/service/EmailServiceImpl.java36
-rw-r--r--src/main/java/com/juick/www/controllers/Settings.java42
3 files changed, 60 insertions, 21 deletions
diff --git a/src/main/java/com/juick/service/EmailService.java b/src/main/java/com/juick/service/EmailService.java
index 614cf412..7d8126c5 100644
--- a/src/main/java/com/juick/service/EmailService.java
+++ b/src/main/java/com/juick/service/EmailService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2023, Juick
+ * Copyright (C) 2008-2024, Juick
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -39,4 +39,5 @@ public interface EmailService {
String getEmailByAuthCode(String code);
void deleteAuthCode(String code);
Integer cleanupAuthCodes();
+ boolean isValidEmail(String email);
}
diff --git a/src/main/java/com/juick/service/EmailServiceImpl.java b/src/main/java/com/juick/service/EmailServiceImpl.java
index 383dbdaf..08aaf1b9 100644
--- a/src/main/java/com/juick/service/EmailServiceImpl.java
+++ b/src/main/java/com/juick/service/EmailServiceImpl.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2020, Juick
+ * Copyright (C) 2008-2024, Juick
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -17,13 +17,21 @@
package com.juick.service;
+import com.fasterxml.jackson.databind.ObjectMapper;
import com.juick.model.User;
+import jakarta.inject.Inject;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.EmptyResultDataAccessException;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;
+import java.io.IOException;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.temporal.ChronoUnit;
@@ -36,6 +44,13 @@ import java.util.List;
@Transactional
public class EmailServiceImpl extends BaseJdbcService implements EmailService {
+ @Inject
+ private OkHttpClient httpClient;
+ @Inject
+ private ObjectMapper jsonMapper;
+
+ @Value("${email_validation_service_url:http://localhost:8080}")
+ private String emailValidationServiceUrl;
@Override
public boolean verifyAddressByCode(Integer userId, String code) {
try {
@@ -120,4 +135,23 @@ public class EmailServiceImpl extends BaseJdbcService implements EmailService {
new MapSqlParameterSource()
.addValue("day", toDateTime(day.atOffset(ZoneOffset.UTC)), dateTimeType()));
}
+
+ @Override
+ public boolean isValidEmail(String email) {
+ var request = new Request.Builder()
+ .url(emailValidationServiceUrl + "/?email=" + email)
+ .addHeader(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+ .build();
+ try {
+ try(var response = httpClient.newCall(request).execute()) {
+ if (response.isSuccessful() && response.body() != null) {
+ var account = jsonMapper.readTree(response.body().string());
+ return account.has("disposable") && account.get("disposable").textValue().equals("false");
+ }
+ }
+ } catch (IOException e) {
+ return false;
+ }
+ return false;
+ }
}
diff --git a/src/main/java/com/juick/www/controllers/Settings.java b/src/main/java/com/juick/www/controllers/Settings.java
index 457985b5..8d66bd36 100644
--- a/src/main/java/com/juick/www/controllers/Settings.java
+++ b/src/main/java/com/juick/www/controllers/Settings.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2023, Juick
+ * Copyright (C) 2008-2024, Juick
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -175,25 +175,29 @@ public class Settings {
}
break;
case "email-add":
- if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
- String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
- if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
- Session session = Session.getDefaultInstance(System.getProperties());
- try {
- MimeMessage message = new MimeMessage(session);
- message.setFrom(new InternetAddress("noreply@juick.com"));
- message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
- message.setSubject("Juick authorization link");
- message.setText(String.format("Follow link to attach this email to Juick account:\n" +
- "http://juick.com/settings?page=auth-email&code=%s\n\n" +
- "If you don't know, what this mean - just ignore this mail.\n", authCode));
- Transport.send(message);
- result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
- "<p><a href=\"/settings\">Back</a></p>";
+ if (!emailService.isValidEmail(request.getParameter("account"))) {
+ result = "<p>Invalid email. <a href=\"/settings\">Back</a>.</p>";
+ } else {
+ if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
+ String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
+ if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
+ Session session = Session.getDefaultInstance(System.getProperties());
+ try {
+ MimeMessage message = new MimeMessage(session);
+ message.setFrom(new InternetAddress("noreply@juick.com"));
+ message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
+ message.setSubject("Juick authorization link");
+ message.setText(String.format("Follow link to attach this email to Juick account:\n" +
+ "http://juick.com/settings?page=auth-email&code=%s\n\n" +
+ "If you don't know, what this mean - just ignore this mail.\n", authCode));
+ Transport.send(message);
+ result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
+ "<p><a href=\"/settings\">Back</a></p>";
- } catch (MessagingException ex) {
- logger.error("mail exception", ex);
- throw new HttpBadRequestException();
+ } catch (MessagingException ex) {
+ logger.error("mail exception", ex);
+ throw new HttpBadRequestException();
+ }
}
}
}