discourse/lib/validators/email_validator.rb

class EmailValidator < ActiveModel::EachValidator

  def validate_each(record, attribute, value)
    unless EmailValidator.allowed?(value)
      record.errors.add(attribute, I18n.t(:'user.email.not_allowed'))
    end

    if record.errors[attribute].blank? && value && ScreenedEmail.should_block?(value)
      record.errors.add(attribute, I18n.t(:'user.email.blocked'))
    end
  end

  def self.allowed?(email)
    if (setting = SiteSetting.email_domains_whitelist).present?
      return email_in_restriction_setting?(setting, email) || is_developer?(email)
    elsif (setting = SiteSetting.email_domains_blacklist).present?
      return !(email_in_restriction_setting?(setting, email) && !is_developer?(email))
    end

    true
  end

  def self.email_in_restriction_setting?(setting, value)
    domains = setting.gsub('.', '\.')
    regexp = Regexp.new("@(.+\\.)?(#{domains})$", true)
    value =~ regexp
  end

  def self.is_developer?(value)
    Rails.configuration.respond_to?(:developer_emails) && Rails.configuration.developer_emails.include?(value)
  end

  def self.email_regex
    /\A[a-zA-Z0-9!#\$%&'*+\/=?\^_`{|}~\-]+(?:\.[a-zA-Z0-9!#\$%&'\*+\/=?\^_`{|}~\-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?$\z/
  end

end
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-25 13:01:27 -04:00			`class EmailValidator < ActiveModel::EachValidator`

			`def validate_each(record, attribute, value)`
FIX: respect email domain whitelist/blacklist when creating staged users 2017-10-03 05:23:18 -04:00			`unless EmailValidator.allowed?(value)`
			`record.errors.add(attribute, I18n.t(:'user.email.not_allowed'))`
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-25 13:01:27 -04:00			`end`
FIX: respect email domain whitelist/blacklist when creating staged users 2017-10-03 05:23:18 -04:00
FIX: disposable invite was giving email validation error 2014-10-23 13:25:49 -04:00			`if record.errors[attribute].blank? && value && ScreenedEmail.should_block?(value)`
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-25 13:01:27 -04:00			`record.errors.add(attribute, I18n.t(:'user.email.blocked'))`
			`end`
			`end`

FIX: respect email domain whitelist/blacklist when creating staged users 2017-10-03 05:23:18 -04:00			`def self.allowed?(email)`
			`if (setting = SiteSetting.email_domains_whitelist).present?`
			`return email_in_restriction_setting?(setting, email) \|\| is_developer?(email)`
			`elsif (setting = SiteSetting.email_domains_blacklist).present?`
			`return !(email_in_restriction_setting?(setting, email) && !is_developer?(email))`
			`end`

			`true`
			`end`

			`def self.email_in_restriction_setting?(setting, value)`
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-25 13:01:27 -04:00			`domains = setting.gsub('.', '\.')`
SECURITY: email domain whitelist could be bypassed 2018-01-17 15:45:32 -05:00			`regexp = Regexp.new("@(.+\\.)?(#{domains})$", true)`
Add BlockedEmail, to block signups based on email. Track stats of how many times each email address is blocked, and last time it was blocked. Move email validation out of User model and into EmailValidator. Signup form remembers which email addresses have failed and shows validation error on email field. 2013-07-25 13:01:27 -04:00			`value =~ regexp`
			`end`

FIX: respect email domain whitelist/blacklist when creating staged users 2017-10-03 05:23:18 -04:00			`def self.is_developer?(value)`
FIX: allow developer emails to bypass email blacklist/whitelist restriction 2015-01-29 12:52:59 -05:00			`Rails.configuration.respond_to?(:developer_emails) && Rails.configuration.developer_emails.include?(value)`
			`end`

Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 15:17:36 -04:00			`def self.email_regex`
FIX: Don't allow invalid email to be saved. 2016-12-21 04:00:45 -05:00			/\A[a-zA-Z0-9!#\$%&'+\/=?\^_`{\|}~\-]+(?:\.[a-zA-Z0-9!#\$%&'\+\/=?\^_`{\|}~\-]+)@(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-][a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?$\z/
Add ability to run validation on site settings. notification_email and other email address settings are now validated. 2014-06-09 15:17:36 -04:00			`end`

FIX: disposable invite was giving email validation error 2014-10-23 13:25:49 -04:00			`end`