Fossil SCM
Add a new setting to disallow anonymous subscriptions. Anonymous subscriptions are enabled by default.
Commit
d048d86d0d76b91198b33c853c3ee1cc9019497841f241cbcd0a8d59c56efbc2
Parent
3d804812161ae43…
4 files changed
+15
-1
+6
-5
+8
-2
+13
-9
+15
-1
| --- src/alerts.c | ||
| +++ src/alerts.c | ||
| @@ -1228,11 +1228,15 @@ | ||
| 1228 | 1228 | ** The local part is currently more restrictive than RFC 5322 allows: |
| 1229 | 1229 | ** https://stackoverflow.com/a/2049510/142454 We will expand this as |
| 1230 | 1230 | ** necessary. |
| 1231 | 1231 | */ |
| 1232 | 1232 | zEAddr = P("e"); |
| 1233 | - if( zEAddr==0 ) return 0; | |
| 1233 | + if( zEAddr==0 ){ | |
| 1234 | + *peErr = 1; | |
| 1235 | + *pzErr = mprintf("required"); | |
| 1236 | + return 0; | |
| 1237 | + } | |
| 1234 | 1238 | for(i=j=n=0; (c = zEAddr[i])!=0; i++){ |
| 1235 | 1239 | if( c=='@' ){ |
| 1236 | 1240 | n = i; |
| 1237 | 1241 | j++; |
| 1238 | 1242 | continue; |
| @@ -1257,10 +1261,16 @@ | ||
| 1257 | 1261 | if( n>i-5 ){ |
| 1258 | 1262 | *peErr = 1; |
| 1259 | 1263 | *pzErr = mprintf("email domain too short"); |
| 1260 | 1264 | return 0; |
| 1261 | 1265 | } |
| 1266 | + | |
| 1267 | + if( authorized_subscription_email(zEAddr)==0 ){ | |
| 1268 | + *peErr = 1; | |
| 1269 | + *pzErr = mprintf("not an authorized email address"); | |
| 1270 | + return 0; | |
| 1271 | + } | |
| 1262 | 1272 | |
| 1263 | 1273 | /* Check to make sure the email address is available for reuse */ |
| 1264 | 1274 | if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q", zEAddr) ){ |
| 1265 | 1275 | *peErr = 1; |
| 1266 | 1276 | *pzErr = mprintf("this email address is used by someone else"); |
| @@ -1349,10 +1359,14 @@ | ||
| 1349 | 1359 | /* Everybody else jumps to the page to administer their own |
| 1350 | 1360 | ** account only. */ |
| 1351 | 1361 | cgi_redirectf("%R/alerts"); |
| 1352 | 1362 | return; |
| 1353 | 1363 | } |
| 1364 | + } | |
| 1365 | + if( !g.perm.Admin && !db_get_boolean("anon-subscribe",1) ){ | |
| 1366 | + register_page(); | |
| 1367 | + return; | |
| 1354 | 1368 | } |
| 1355 | 1369 | alert_submenu_common(); |
| 1356 | 1370 | needCaptcha = !login_is_individual(); |
| 1357 | 1371 | if( P("submit") |
| 1358 | 1372 | && cgi_csrf_safe(1) |
| 1359 | 1373 |
| --- src/alerts.c | |
| +++ src/alerts.c | |
| @@ -1228,11 +1228,15 @@ | |
| 1228 | ** The local part is currently more restrictive than RFC 5322 allows: |
| 1229 | ** https://stackoverflow.com/a/2049510/142454 We will expand this as |
| 1230 | ** necessary. |
| 1231 | */ |
| 1232 | zEAddr = P("e"); |
| 1233 | if( zEAddr==0 ) return 0; |
| 1234 | for(i=j=n=0; (c = zEAddr[i])!=0; i++){ |
| 1235 | if( c=='@' ){ |
| 1236 | n = i; |
| 1237 | j++; |
| 1238 | continue; |
| @@ -1257,10 +1261,16 @@ | |
| 1257 | if( n>i-5 ){ |
| 1258 | *peErr = 1; |
| 1259 | *pzErr = mprintf("email domain too short"); |
| 1260 | return 0; |
| 1261 | } |
| 1262 | |
| 1263 | /* Check to make sure the email address is available for reuse */ |
| 1264 | if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q", zEAddr) ){ |
| 1265 | *peErr = 1; |
| 1266 | *pzErr = mprintf("this email address is used by someone else"); |
| @@ -1349,10 +1359,14 @@ | |
| 1349 | /* Everybody else jumps to the page to administer their own |
| 1350 | ** account only. */ |
| 1351 | cgi_redirectf("%R/alerts"); |
| 1352 | return; |
| 1353 | } |
| 1354 | } |
| 1355 | alert_submenu_common(); |
| 1356 | needCaptcha = !login_is_individual(); |
| 1357 | if( P("submit") |
| 1358 | && cgi_csrf_safe(1) |
| 1359 |
| --- src/alerts.c | |
| +++ src/alerts.c | |
| @@ -1228,11 +1228,15 @@ | |
| 1228 | ** The local part is currently more restrictive than RFC 5322 allows: |
| 1229 | ** https://stackoverflow.com/a/2049510/142454 We will expand this as |
| 1230 | ** necessary. |
| 1231 | */ |
| 1232 | zEAddr = P("e"); |
| 1233 | if( zEAddr==0 ){ |
| 1234 | *peErr = 1; |
| 1235 | *pzErr = mprintf("required"); |
| 1236 | return 0; |
| 1237 | } |
| 1238 | for(i=j=n=0; (c = zEAddr[i])!=0; i++){ |
| 1239 | if( c=='@' ){ |
| 1240 | n = i; |
| 1241 | j++; |
| 1242 | continue; |
| @@ -1257,10 +1261,16 @@ | |
| 1261 | if( n>i-5 ){ |
| 1262 | *peErr = 1; |
| 1263 | *pzErr = mprintf("email domain too short"); |
| 1264 | return 0; |
| 1265 | } |
| 1266 | |
| 1267 | if( authorized_subscription_email(zEAddr)==0 ){ |
| 1268 | *peErr = 1; |
| 1269 | *pzErr = mprintf("not an authorized email address"); |
| 1270 | return 0; |
| 1271 | } |
| 1272 | |
| 1273 | /* Check to make sure the email address is available for reuse */ |
| 1274 | if( db_exists("SELECT 1 FROM subscriber WHERE semail=%Q", zEAddr) ){ |
| 1275 | *peErr = 1; |
| 1276 | *pzErr = mprintf("this email address is used by someone else"); |
| @@ -1349,10 +1359,14 @@ | |
| 1359 | /* Everybody else jumps to the page to administer their own |
| 1360 | ** account only. */ |
| 1361 | cgi_redirectf("%R/alerts"); |
| 1362 | return; |
| 1363 | } |
| 1364 | } |
| 1365 | if( !g.perm.Admin && !db_get_boolean("anon-subscribe",1) ){ |
| 1366 | register_page(); |
| 1367 | return; |
| 1368 | } |
| 1369 | alert_submenu_common(); |
| 1370 | needCaptcha = !login_is_individual(); |
| 1371 | if( P("submit") |
| 1372 | && cgi_csrf_safe(1) |
| 1373 |
+6
-5
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -1462,19 +1462,20 @@ | ||
| 1462 | 1462 | return rc; |
| 1463 | 1463 | } |
| 1464 | 1464 | |
| 1465 | 1465 | /* |
| 1466 | 1466 | ** Check an email address and confirm that it is valid for self-registration. |
| 1467 | -** The email address is known already to be well-formed. | |
| 1467 | +** The email address is known already to be well-formed. Return true | |
| 1468 | +** if the email address is on the allowed list. | |
| 1468 | 1469 | ** |
| 1469 | 1470 | ** The default behavior is that any valid email address is accepted. |
| 1470 | -** But if the "self-reg-email" setting exists and is not empty, then | |
| 1471 | +** But if the "auth-sub-email" setting exists and is not empty, then | |
| 1471 | 1472 | ** it is a comma-separated list of GLOB patterns for email addresses |
| 1472 | 1473 | ** that are authorized to self-register. |
| 1473 | 1474 | */ |
| 1474 | -static int authorized_self_register_email(const char *zEAddr){ | |
| 1475 | - char *zGlob = db_get("self-reg-email",0); | |
| 1475 | +int authorized_subscription_email(const char *zEAddr){ | |
| 1476 | + char *zGlob = db_get("auth-sub-email",0); | |
| 1476 | 1477 | Glob *pGlob; |
| 1477 | 1478 | char *zAddr; |
| 1478 | 1479 | int rc; |
| 1479 | 1480 | |
| 1480 | 1481 | if( zGlob==0 || zGlob[0]==0 ) return 1; |
| @@ -1549,11 +1550,11 @@ | ||
| 1549 | 1550 | iErrLine = 3; |
| 1550 | 1551 | zErr = "Required"; |
| 1551 | 1552 | }else if( email_address_is_valid(zEAddr,0)==0 ){ |
| 1552 | 1553 | iErrLine = 3; |
| 1553 | 1554 | zErr = "Not a valid email address"; |
| 1554 | - }else if( authorized_self_register_email(zEAddr)==0 ){ | |
| 1555 | + }else if( authorized_subscription_email(zEAddr)==0 ){ | |
| 1555 | 1556 | iErrLine = 3; |
| 1556 | 1557 | zErr = "Not an authorized email address"; |
| 1557 | 1558 | }else if( strlen(zPasswd)<6 ){ |
| 1558 | 1559 | iErrLine = 4; |
| 1559 | 1560 | zErr = "Password must be at least 6 characters long"; |
| 1560 | 1561 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1462,19 +1462,20 @@ | |
| 1462 | return rc; |
| 1463 | } |
| 1464 | |
| 1465 | /* |
| 1466 | ** Check an email address and confirm that it is valid for self-registration. |
| 1467 | ** The email address is known already to be well-formed. |
| 1468 | ** |
| 1469 | ** The default behavior is that any valid email address is accepted. |
| 1470 | ** But if the "self-reg-email" setting exists and is not empty, then |
| 1471 | ** it is a comma-separated list of GLOB patterns for email addresses |
| 1472 | ** that are authorized to self-register. |
| 1473 | */ |
| 1474 | static int authorized_self_register_email(const char *zEAddr){ |
| 1475 | char *zGlob = db_get("self-reg-email",0); |
| 1476 | Glob *pGlob; |
| 1477 | char *zAddr; |
| 1478 | int rc; |
| 1479 | |
| 1480 | if( zGlob==0 || zGlob[0]==0 ) return 1; |
| @@ -1549,11 +1550,11 @@ | |
| 1549 | iErrLine = 3; |
| 1550 | zErr = "Required"; |
| 1551 | }else if( email_address_is_valid(zEAddr,0)==0 ){ |
| 1552 | iErrLine = 3; |
| 1553 | zErr = "Not a valid email address"; |
| 1554 | }else if( authorized_self_register_email(zEAddr)==0 ){ |
| 1555 | iErrLine = 3; |
| 1556 | zErr = "Not an authorized email address"; |
| 1557 | }else if( strlen(zPasswd)<6 ){ |
| 1558 | iErrLine = 4; |
| 1559 | zErr = "Password must be at least 6 characters long"; |
| 1560 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -1462,19 +1462,20 @@ | |
| 1462 | return rc; |
| 1463 | } |
| 1464 | |
| 1465 | /* |
| 1466 | ** Check an email address and confirm that it is valid for self-registration. |
| 1467 | ** The email address is known already to be well-formed. Return true |
| 1468 | ** if the email address is on the allowed list. |
| 1469 | ** |
| 1470 | ** The default behavior is that any valid email address is accepted. |
| 1471 | ** But if the "auth-sub-email" setting exists and is not empty, then |
| 1472 | ** it is a comma-separated list of GLOB patterns for email addresses |
| 1473 | ** that are authorized to self-register. |
| 1474 | */ |
| 1475 | int authorized_subscription_email(const char *zEAddr){ |
| 1476 | char *zGlob = db_get("auth-sub-email",0); |
| 1477 | Glob *pGlob; |
| 1478 | char *zAddr; |
| 1479 | int rc; |
| 1480 | |
| 1481 | if( zGlob==0 || zGlob[0]==0 ) return 1; |
| @@ -1549,11 +1550,11 @@ | |
| 1550 | iErrLine = 3; |
| 1551 | zErr = "Required"; |
| 1552 | }else if( email_address_is_valid(zEAddr,0)==0 ){ |
| 1553 | iErrLine = 3; |
| 1554 | zErr = "Not a valid email address"; |
| 1555 | }else if( authorized_subscription_email(zEAddr)==0 ){ |
| 1556 | iErrLine = 3; |
| 1557 | zErr = "Not an authorized email address"; |
| 1558 | }else if( strlen(zPasswd)<6 ){ |
| 1559 | iErrLine = 4; |
| 1560 | zErr = "Password must be at least 6 characters long"; |
| 1561 |
+8
-2
| --- src/main.c | ||
| +++ src/main.c | ||
| @@ -2523,18 +2523,24 @@ | ||
| 2523 | 2523 | ** |
| 2524 | 2524 | ** Works like the http command but gives setup permission to all users. |
| 2525 | 2525 | ** |
| 2526 | 2526 | ** Options: |
| 2527 | 2527 | ** --th-trace trace TH1 execution (for debugging purposes) |
| 2528 | +** --usercap CAP user capability string. (Default: "sx") | |
| 2528 | 2529 | ** |
| 2529 | 2530 | */ |
| 2530 | 2531 | void cmd_test_http(void){ |
| 2531 | 2532 | const char *zIpAddr; /* IP address of remote client */ |
| 2533 | + const char *zUserCap; | |
| 2532 | 2534 | |
| 2533 | 2535 | Th_InitTraceLog(); |
| 2534 | - login_set_capabilities("sx", 0); | |
| 2535 | - g.useLocalauth = 1; | |
| 2536 | + zUserCap = find_option("usercap",0,1); | |
| 2537 | + if( zUserCap==0 ){ | |
| 2538 | + g.useLocalauth = 1; | |
| 2539 | + zUserCap = "sx"; | |
| 2540 | + } | |
| 2541 | + login_set_capabilities(zUserCap, 0); | |
| 2536 | 2542 | g.httpIn = stdin; |
| 2537 | 2543 | g.httpOut = stdout; |
| 2538 | 2544 | fossil_binary_mode(g.httpOut); |
| 2539 | 2545 | fossil_binary_mode(g.httpIn); |
| 2540 | 2546 | g.zExtRoot = find_option("extroot",0,1); |
| 2541 | 2547 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2523,18 +2523,24 @@ | |
| 2523 | ** |
| 2524 | ** Works like the http command but gives setup permission to all users. |
| 2525 | ** |
| 2526 | ** Options: |
| 2527 | ** --th-trace trace TH1 execution (for debugging purposes) |
| 2528 | ** |
| 2529 | */ |
| 2530 | void cmd_test_http(void){ |
| 2531 | const char *zIpAddr; /* IP address of remote client */ |
| 2532 | |
| 2533 | Th_InitTraceLog(); |
| 2534 | login_set_capabilities("sx", 0); |
| 2535 | g.useLocalauth = 1; |
| 2536 | g.httpIn = stdin; |
| 2537 | g.httpOut = stdout; |
| 2538 | fossil_binary_mode(g.httpOut); |
| 2539 | fossil_binary_mode(g.httpIn); |
| 2540 | g.zExtRoot = find_option("extroot",0,1); |
| 2541 |
| --- src/main.c | |
| +++ src/main.c | |
| @@ -2523,18 +2523,24 @@ | |
| 2523 | ** |
| 2524 | ** Works like the http command but gives setup permission to all users. |
| 2525 | ** |
| 2526 | ** Options: |
| 2527 | ** --th-trace trace TH1 execution (for debugging purposes) |
| 2528 | ** --usercap CAP user capability string. (Default: "sx") |
| 2529 | ** |
| 2530 | */ |
| 2531 | void cmd_test_http(void){ |
| 2532 | const char *zIpAddr; /* IP address of remote client */ |
| 2533 | const char *zUserCap; |
| 2534 | |
| 2535 | Th_InitTraceLog(); |
| 2536 | zUserCap = find_option("usercap",0,1); |
| 2537 | if( zUserCap==0 ){ |
| 2538 | g.useLocalauth = 1; |
| 2539 | zUserCap = "sx"; |
| 2540 | } |
| 2541 | login_set_capabilities(zUserCap, 0); |
| 2542 | g.httpIn = stdin; |
| 2543 | g.httpOut = stdout; |
| 2544 | fossil_binary_mode(g.httpOut); |
| 2545 | fossil_binary_mode(g.httpIn); |
| 2546 | g.zExtRoot = find_option("extroot",0,1); |
| 2547 |
+13
-9
| --- src/setup.c | ||
| +++ src/setup.c | ||
| @@ -517,21 +517,25 @@ | ||
| 517 | 517 | @ but with provide any new capabilities until the email address provided |
| 518 | 518 | @ with registration has been verified. |
| 519 | 519 | @ (Property: "selfreg-verify")</p> |
| 520 | 520 | |
| 521 | 521 | @ <hr /> |
| 522 | - entry_attribute("Authorized self-registration email addresses", 35, | |
| 523 | - "self-reg-email", "selfregemail", "", 0); | |
| 522 | + onoff_attribute("Allow anonymous subscriptions", | |
| 523 | + "anon-subscribe", "anonsub", 1, 0); | |
| 524 | + @ <p>Are email notification subscriptions allowed for users Nobody and | |
| 525 | + @ Anonymous? | |
| 526 | + @ (Property: "anon-subscribe")</p> | |
| 527 | + | |
| 528 | + @ <hr /> | |
| 529 | + entry_attribute("Authorized subscription email addresses", 35, | |
| 530 | + "auth-sub-email", "asemail", "", 0); | |
| 524 | 531 | @ <p>This is a comma-separated list of GLOB patterns that specify |
| 525 | - @ email addresses that are authorized to self-register. If blank | |
| 532 | + @ email addresses that are authorized to subscriptions. If blank | |
| 526 | 533 | @ (the usual case), then any email address can be used to self-register. |
| 527 | - @ This setting is used to limit self-registration to members of a particular | |
| 528 | - @ organization or group based on their email address. For example, | |
| 529 | - @ if the pattern is "<tt>*@megacorp.com, *@af.mil.to</tt>" then | |
| 530 | - @ only employees of MegaCorp and members of the Tonganese airforce | |
| 531 | - @ can self-register. | |
| 532 | - @ (Property: "self-reg-email")</p> | |
| 534 | + @ This setting is used to limit subscriptions to members of a particular | |
| 535 | + @ organization or group based on their email address. | |
| 536 | + @ (Property: "auth-sub-email")</p> | |
| 533 | 537 | |
| 534 | 538 | @ <hr /> |
| 535 | 539 | entry_attribute("Default privileges", 10, "default-perms", |
| 536 | 540 | "defaultperms", "u", 0); |
| 537 | 541 | @ <p>Permissions given to users that... <ul><li>register themselves using |
| 538 | 542 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -517,21 +517,25 @@ | |
| 517 | @ but with provide any new capabilities until the email address provided |
| 518 | @ with registration has been verified. |
| 519 | @ (Property: "selfreg-verify")</p> |
| 520 | |
| 521 | @ <hr /> |
| 522 | entry_attribute("Authorized self-registration email addresses", 35, |
| 523 | "self-reg-email", "selfregemail", "", 0); |
| 524 | @ <p>This is a comma-separated list of GLOB patterns that specify |
| 525 | @ email addresses that are authorized to self-register. If blank |
| 526 | @ (the usual case), then any email address can be used to self-register. |
| 527 | @ This setting is used to limit self-registration to members of a particular |
| 528 | @ organization or group based on their email address. For example, |
| 529 | @ if the pattern is "<tt>*@megacorp.com, *@af.mil.to</tt>" then |
| 530 | @ only employees of MegaCorp and members of the Tonganese airforce |
| 531 | @ can self-register. |
| 532 | @ (Property: "self-reg-email")</p> |
| 533 | |
| 534 | @ <hr /> |
| 535 | entry_attribute("Default privileges", 10, "default-perms", |
| 536 | "defaultperms", "u", 0); |
| 537 | @ <p>Permissions given to users that... <ul><li>register themselves using |
| 538 |
| --- src/setup.c | |
| +++ src/setup.c | |
| @@ -517,21 +517,25 @@ | |
| 517 | @ but with provide any new capabilities until the email address provided |
| 518 | @ with registration has been verified. |
| 519 | @ (Property: "selfreg-verify")</p> |
| 520 | |
| 521 | @ <hr /> |
| 522 | onoff_attribute("Allow anonymous subscriptions", |
| 523 | "anon-subscribe", "anonsub", 1, 0); |
| 524 | @ <p>Are email notification subscriptions allowed for users Nobody and |
| 525 | @ Anonymous? |
| 526 | @ (Property: "anon-subscribe")</p> |
| 527 | |
| 528 | @ <hr /> |
| 529 | entry_attribute("Authorized subscription email addresses", 35, |
| 530 | "auth-sub-email", "asemail", "", 0); |
| 531 | @ <p>This is a comma-separated list of GLOB patterns that specify |
| 532 | @ email addresses that are authorized to subscriptions. If blank |
| 533 | @ (the usual case), then any email address can be used to self-register. |
| 534 | @ This setting is used to limit subscriptions to members of a particular |
| 535 | @ organization or group based on their email address. |
| 536 | @ (Property: "auth-sub-email")</p> |
| 537 | |
| 538 | @ <hr /> |
| 539 | entry_attribute("Default privileges", 10, "default-perms", |
| 540 | "defaultperms", "u", 0); |
| 541 | @ <p>Permissions given to users that... <ul><li>register themselves using |
| 542 |