Comments (5)
@JadonZufall Good work.
Admins need to add domains to valid domains. So we need to have a model in database containing valid domains creted by admins.Also we need django admin parts too.
We can check VALID_DOMAINS first then query db for more valid domains, or maybe a cache mechanism for performance that work with create or update events of valid domain model.
Also I think email_split[0] not in BANNED_CHAR
does not return the required result. because you have more than one char in email_split[0]
. I porpose using some piece of code like all([char not in email_split[0] for char in BANNED_CHAR])
from backend.
@sbabashahi
ahh shoot you're right about the email_split[0] not in BANNED_CHAR
in my head I was thinking '+' in email_split[0]
but I thought I would add it to a list in case there were other domains that also did something similar to gmail. But you seemed to have figured it out so don't think that should be a problem.
from backend.
Something like this?
BANNED_CHAR = ['+']
VALID_DOMAINS = ['gmail.com', 'outlook.com', 'inbox.com', 'icloud.com', 'mail.com', 'yahoo.com', 'hotmail.com', 'aol.com', 'hotmail.co.uk', 'hotmail.fr', 'msn.com', 'yahoo.fr', 'wanadoo.fr', 'comcast.net', 'yahoo.co.uk', 'yahoo.com.br', 'yahoo.co.in', 'live.com', 'rediffmail.com', 'free.fr', 'outlook.com']
SPECIAL_DOMAINS = ['edu', 'gov']
def email_check(email) -> bool:
email_split = email.split('@')
if email_split[0] not in BANNED_CHAR and email_split[1].lower() in VALID_DOMAINS:
return True
else:
if email_split[1].split('.')[1] in SPECIAL_DOMAINS:
return True
else:
return False
Banned chars because gmail lets you create infinite emails by doing + and then some string, not sure if other domains do it might be something to look into.
I took the top 20 or so domain names and put them in as valid domains.
If the domain name ends in .edu or .gov that generally means the email is valid as they don't just hand those out I'm sure there are a few more of those I just can't think of but those are the primary two at least for the US.
If you needed to change these on the fly you could do it from a database or just read / write a file.
You could also probably do this a little bit faster with regex.
from backend.
@sbabashahi
What about put off sending authorization email? Like 24 hours? Most of the temporary email services would expire in less than 24 hours.
from backend.
About the +
character it may used for identify email sender. Personally I use it like [email protected]
, By this simple trick I can identify where my email exposed for advertisement and which website sell email address. I think its not good idea to block this character in email address.
About temporary email provider there is some services which can identify email address & phone and provide some information about them, Like as is there temporary or not and more.
Some providers:
Out of the context, I like SSO and think its most useful and efficient way to identify users and prevent spam. Also it have good user experience which users can sign-up/sign-in with just one click select their favorite SSO provider.
Oh, I just seen we have SSO by Google already.
I think we can add more SSO provider like Apple, Github, Gitlab, Twitter & etc and then, get rid of signup with email.
from backend.
Related Issues (20)
- Performance
- Performance HOT 2
- Can't run on localhost(gunicorn & google oAuth) HOT 1
- django.contrib.gis HOT 3
- Installing Geospatial libraries HOT 3
- create_initial_data HOT 2
- overriding save() method HOT 3
- Unwatched instances (comment, question, answer) HOT 2
- Search in company domain HOT 1
- Reform Average Salary
- Improve reading configs from env HOT 3
- Add approved field to admin
- Review for Managers
- Improve performance of updating with using update_field HOT 5
- Where is API documentation? HOT 16
- comma separate salary numbers HOT 2
- Add ability to search companies with their webpage
- Jobguy data HOT 1
- why using custom response instead of using rest_framework Response?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from backend.