Fix for #768 (If email server is configured, admins can send user passwords, also domains can be denied from registration)

2025-10-18 17:17:40 +00:00 · 2019-12-29 13:54:52 +01:00
parent 01381488f4
commit 5887f0fe6b
7 changed files with 209 additions and 233 deletions
--- a/cps/helper.py
+++ b/cps/helper.py
@@ -701,9 +701,13 @@ def speaking_language(languages=None):
 # from https://code.luasoftware.com/tutorials/flask/execute-raw-sql-in-flask-sqlalchemy/
 def check_valid_domain(domain_text):
    domain_text = domain_text.split('@', 1)[-1].lower()
-    sql = "SELECT * FROM registration WHERE :domain LIKE domain;"
+    sql = "SELECT * FROM registration WHERE (:domain LIKE domain and allow = 1);"
    result = ub.session.query(ub.Registration).from_statement(text(sql)).params(domain=domain_text).all()
-    return len(result)
+    if not len(result):
+        return False
+    sql = "SELECT * FROM registration WHERE (:domain LIKE domain and allow = 0);"
+    result = ub.session.query(ub.Registration).from_statement(text(sql)).params(domain=domain_text).all()
+    return not len(result)


 # Orders all Authors in the list according to authors sort