From 5424ee3dbe6c2f17a42aa312938003b00c8c8f7c Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Mon, 27 Jan 2025 15:20:30 +0530 Subject: [PATCH 1/2] skip domain check if its in disposable list --- lib/Service/RecoveryEmailService.php | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/lib/Service/RecoveryEmailService.php b/lib/Service/RecoveryEmailService.php index 7ca523d..8a62a58 100644 --- a/lib/Service/RecoveryEmailService.php +++ b/lib/Service/RecoveryEmailService.php @@ -136,17 +136,26 @@ class RecoveryEmailService { $this->logger->info('VerifyMail API Key is not configured.'); } - // Check if it's a popular domain and not custom blacklist, then verify the email - if ($this->domainService->isPopularDomain($recoveryEmail, $l) && !$this->domainService->isDomainInCustomBlacklist($recoveryEmail, $l)) { + if ($this->domainService->isDomainInCustomBlacklist($recoveryEmail, $l)) { + \OC::$server->getLogger()->logger("found in custom disposable domain list"); + //throw new \Exception($l->t('The provided email domain is a disposable domain and cannot be used.')); + throw new BlacklistedEmailException($l->t('The email address is disposable. Please provide another recovery address.')); + } + + // Check if the domain is a popular domain + if ($this->domainService->isPopularDomain($recoveryEmail, $l)) { + // Skip domain verification and directly validate the email + $this->ensureRealTimeRateLimit(self::RATE_LIMIT_EMAIL, 2, $l); + $this->ensureEmailIsValid($recoveryEmail, $username, $apiKey, $l); + } else { + // Verify the domain using the API + $this->ensureRealTimeRateLimit(self::RATE_LIMIT_DOMAIN, 15, $l); + $domain = substr(strrchr($recoveryEmail, "@"), 1); + $this->verifyDomainWithApi($domain, $username, $apiKey, $l); + // If domain verification succeeds, validate the email $this->ensureRealTimeRateLimit(self::RATE_LIMIT_EMAIL, 2, $l); $this->ensureEmailIsValid($recoveryEmail, $username, $apiKey, $l); } - - // Verify the domain using the API - $this->ensureRealTimeRateLimit(self::RATE_LIMIT_DOMAIN, 15, $l); - $domain = substr(strrchr($recoveryEmail, "@"), 1); - $this->verifyDomainWithApi($domain, $username, $apiKey, $l); - return true; } private function getUserEmail(string $username): string { -- GitLab From 6b3dc8c9adbb198ea5727ebe10b0b03d98d4fcd4 Mon Sep 17 00:00:00 2001 From: Avinash Gusain Date: Mon, 27 Jan 2025 15:27:36 +0530 Subject: [PATCH 2/2] skip domain check if its in disposable list --- lib/Service/RecoveryEmailService.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Service/RecoveryEmailService.php b/lib/Service/RecoveryEmailService.php index 8a62a58..c1001ec 100644 --- a/lib/Service/RecoveryEmailService.php +++ b/lib/Service/RecoveryEmailService.php @@ -237,7 +237,7 @@ class RecoveryEmailService { $httpClient = $this->httpClientService->newClient(); // Make the API request $response = $httpClient->get($url, [ - 'timeout' => 5, // Timeout for the API call + 'timeout' => 15, // Timeout for the API call ]); // Process response, handle errors (e.g., disposable email, non-deliverable email) @@ -272,7 +272,7 @@ class RecoveryEmailService { $httpClient = $this->httpClientService->newClient(); // Make the API request $response = $httpClient->get($url, [ - 'timeout' => 5, // Timeout for the API call + 'timeout' => 15, // Timeout for the API call ]); // Process response, handle errors (e.g., disposable email, non-deliverable email) -- GitLab