Draft: Block trash email domains in registration
Closes #1059 (closed)
What does this MR do?
Proposal for blacklisting disposable emails addresses: on registration, the email address is checked using the trashmail-blacklist.org service. (see for example https://v2.trashmail-blacklist.org/check/json/wegwerfemailadresse.com). I used Symfony's HTTP client for making the request.
How confident are you it won't break things if deployed?
Seems to work. Let's say 90% As a fallback, the check will accept every email address if the service is not reachable.
How to test
Steps a reviewer can take to verify that this MR does what it says it does e.g.
- Checkout branch locally
- Open the registration form
- Try creating an account with e.g. test@wegwerfemailadresse.com. This should not work
- Try creating another address, e.g. your personal one. This should work
Checklist
-
added a test, or explain why one is not needed/possible... -
no unrelated changes -
asked someone for a code review -
set a "for:" label to indicate who will be affected by this change -
use "state:" labels to track this MR's state until it was beta tested -
added an entry to CHANGELOG.md -
add a short text that can be used in the release notes -
Once your MR has been merged, you are responsible to create a testing issue in Beta Testing Repo: - Consider writing a detailed description in German.
- Describe in a few sentences, what should be tested from a user perspective.
- Also mention different settings (e.g. different browsers, roles, ...). how this change can be tested.
- Be aware, that also non technical people should understand.
Release notes text
(A short text that will appear in the release notes and describes the change for non-technical people. Not always necessary, e.g. not for refactoring.)
Edited by Alex