Add antispam app

* update_spam_database command to update suspicious domains from an external provider * Add a AntiSpamEmailField that deny emails from suspicious domains * Update documentation
2025-07-10 03:49:24 +00:00 · 2024-08-02 23:50:55 +02:00
parent 7b97f0bf47
commit 181e74b1d1
19 changed files with 569 additions and 328 deletions
--- a/core/tests.py
+++ b/core/tests.py
@ -24,8 +24,10 @@ from django.core.mail import EmailMessage
 from django.test import Client, TestCase
 from django.urls import reverse
 from django.utils.timezone import now
+from model_bakery import baker
 from pytest_django.asserts import assertInHTML, assertRedirects

+from antispam.models import ToxicDomain
 from club.models import Membership
 from core.markdown import markdown
 from core.models import AnonymousUser, Group, Page, User
@ -48,6 +50,10 @@ class TestUserRegistration:
            "captcha_1": "PASSED",
        }

+    @pytest.fixture()
+    def scam_domains(self):
+        return [baker.make(ToxicDomain, domain="scammer.spam")]
+
    def test_register_user_form_ok(self, client, valid_payload):
        """Should register a user correctly."""
        assert not User.objects.filter(email=valid_payload["email"]).exists()
@ -64,14 +70,25 @@ class TestUserRegistration:
                {"password2": "not the same as password1"},
                "Les deux mots de passe ne correspondent pas.",
            ),
-            ({"email": "not-an-email"}, "Saisissez une adresse de courriel valide."),
+            (
+                {"email": "not-an-email"},
+                "Saisissez une adresse de courriel valide.",
+            ),
+            (
+                {"email": "not\\an@email.com"},
+                "Saisissez une adresse de courriel valide.",
+            ),
+            (
+                {"email": "legit@scammer.spam"},
+                "Le domaine de l'addresse e-mail n'est pas autorisé.",
+            ),
            ({"first_name": ""}, "Ce champ est obligatoire."),
            ({"last_name": ""}, "Ce champ est obligatoire."),
            ({"captcha_1": "WRONG_CAPTCHA"}, "CAPTCHA invalide"),
        ],
    )
    def test_register_user_form_fail(
-        self, client, valid_payload, payload_edit, expected_error
+        self, client, scam_domains, valid_payload, payload_edit, expected_error
    ):
        """Should not register a user correctly."""
        payload = valid_payload | payload_edit
--- a/core/views/forms.py
+++ b/core/views/forms.py
@ -16,7 +16,7 @@
 # details.
 #
 # You should have received a copy of the GNU General Public License along with
-# this program; if not, write to the Free Sofware Foundation, Inc., 59 Temple
+# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
 # Place - Suite 330, Boston, MA 02111-1307, USA.
 #
 #
@ -45,6 +45,7 @@ from django.utils.translation import gettext_lazy as _
 from phonenumber_field.widgets import RegionalPhoneNumberWidget
 from PIL import Image

+from antispam.forms import AntiSpamEmailField
 from core.models import Gift, Page, SithFile, User
 from core.utils import resize_image

@ -194,6 +195,9 @@ class RegisteringForm(UserCreationForm):
    class Meta:
        model = User
        fields = ("first_name", "last_name", "email")
+        field_classes = {
+            "email": AntiSpamEmailField,
+        }


 class UserProfileForm(forms.ModelForm):