Implement E-Mail Domain Whitelist for Registration - Githubissues

rdmorganiser / rdmo

A tool to support the planning, implementation, and organization of research data management.

https://rdmorganiser.github.io

Apache License 2.0

105 stars 49 forks source link

Implement E-Mail Domain Whitelist for Registration #1151

Open AliceWi opened 2 months ago

AliceWi commented 2 months ago

Rationale / Begründung

User registrations can come from any email domain, which may lead to spam accounts, security risks, or unwanted users in the system. Implementing an email domain whitelist restricts user registrations to approved domains only, for example university or institute domains.

Affected

Users, Admins

Minimal functionality

Allow the specification of a list of allowed email domains in the settings.
The feature should be optional; if no domains are provided, RDMO should accept registrations from any domain.

Nice-to-have functionality

References / Verweise

jochenklar commented 2 months ago

Hi @AliceWi , thanks for the idea. This should not be to hard to implement.

afuetterer commented 2 months ago

A custom EmailValidator with an allowlist?

Ref: https://docs.djangoproject.com/en/4.2/ref/validators/#django.core.validators.EmailValidator.allowlist

jochenklar commented 2 months ago

I think it needs to be implemented here: https://github.com/rdmorganiser/rdmo/blob/main/rdmo/accounts/adapter.py#L14. The adapter hooks into allauth signup process. I think we just need to implement clean_email https://github.com/pennersr/django-allauth/blob/main/allauth/account/adapter.py#L346.