feat: restrict gmail misuse as recoveryEmail (!112) · Merge requests · e / infra / ecloud / nextcloud-apps / email-recovery

Description

Gmail doesn't care (.) in its address. Spammer use it to make fake recovery Email entries. To restrict this misuse, we retrieve similar Gmail addresses from the database using regex. (We have to consider current alias mail restriction too & make sure that is also applied for Gmails).
Gmail also has alias domain (googlemail.com). We have to block misuse of this domain too as recovery mail.
Improve recovery-mail count retrieval queries.
Fix max-alias count for recovery mail is overshooting by 1.

Assume, we don't have any account setup against: abc@gmail.com as recovery mail. & max alias allowed as 3

serial	step	expected	observed	staus
1	User 1 comes to setup new account with recoveryMail: `ab.c@gmail.com`	user can setup recovery	user setup recovery	✅
2	User 2 comes to setup new account with recoveryMail: `abc@gmail.com`	user couldn't setup recovery	user failed to set up recovery	✅
3	User 3 comes to setup new account with recoveryMail: `a.b.c@googlemail.com`	user couldn't setup recovery	user failed to set up recovery	✅
4	User 4 has already a account, & want to setup recovery mail to: `A.bc@googlemail`	user couldn't setup recovery	user failed to set up recovery	✅
5	User 5 comes to setup new account with recoveryMail: `abc+x@gmail.com`	user can setup recovery	user setup recovery	✅
6	User 6 comes to setup new account with recoveryMail: `a.b.c+y@gmail.com`	user can setup recovery	user setup recovery	✅
7	User 7 comes to setup new account with recoveryMail: `a.bc+asdad@googlemail.com`	user can setup recovery	user setup recovery	✅
8	User 8 comes to setup new account with recoveryMail: `a.b.c+ooo@gmail.com`	user couldn't setup recovery	user failed to set up recovery	✅
9	User 7 wants to change the recovery mail to `a.bc@ppp.com`	user can setup recovery	user setup recovery	✅

Edited Oct 15, 2025 by Fahim Salam Chowdhury