Block Temporary mail addresses (#116)

* Block Temporary mail addresses

* Update vapor, disable cache disposable mail

---------

Co-authored-by: Julien Nahum <julien@nahum.net>

app/Http/Controllers/Auth/RegisterController.php

@@ -51,7 +51,7 @@ class RegisterController extends Controller
     {
         return Validator::make($data, [
             'name' => 'required|max:255',
-            'email' => 'required|email:filter|max:255|unique:users',
+            'email' => 'required|email:filter|max:255|unique:users|indisposable',
             'password' => 'required|min:6|confirmed',
             'hear_about_us' => 'required|string',
             'agree_terms' => ['required',Rule::in([true])]

composer.json

@@ -37,6 +37,7 @@
     "league/flysystem-aws-s3-v3": "^3.0",
     "maatwebsite/excel": "^3.1",
     "openai-php/client": "^0.3.5",
+    "propaganistas/laravel-disposable-email": "^2.2",
     "sentry/sentry-laravel": "^2.11.0",
     "spatie/laravel-sitemap": "^6.0",
     "spatie/laravel-sluggable": "^3.0",
@@ -69,7 +70,8 @@
       "ext-posix": "8.0"
     },
     "allow-plugins": {
-      "pestphp/pest-plugin": true
+      "pestphp/pest-plugin": true,
+      "php-http/discovery": true
     }
   },
   "extra": {

config/app.php

@@ -177,11 +177,12 @@ return [
         App\Providers\RouteServiceProvider::class,
         App\Providers\VaporUiServiceProvider::class,
         App\Providers\ModelStatsServiceProvider::class,
-        App\Providers\PurifySetupProvider::class
+        App\Providers\PurifySetupProvider::class,
 
         /*
         * Package Service Providers...
         */
+        Propaganistas\LaravelDisposableEmail\DisposableEmailServiceProvider::class,
 
     ],
 

config/disposable-email.php

@@ -0,0 +1,70 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | JSON Source URL
+    |--------------------------------------------------------------------------
+    |
+    | The source URL yielding a list of disposable email domains. Change this
+    | to whatever source you like. Just make sure it returns a JSON array.
+    |
+    | A sensible default is provided using jsDelivr's services. jsDelivr is
+    | a free service, so there are no uptime or support guarantees.
+    |
+    */
+
+    'source' => 'https://cdn.jsdelivr.net/gh/disposable/disposable-email-domains@master/domains.json',
+
+    /*
+    |--------------------------------------------------------------------------
+    | Fetch class
+    |--------------------------------------------------------------------------
+    |
+    | The class responsible for fetching the contents of the source url.
+    | The default implementation makes use of file_get_contents and
+    | json_decode and will probably suffice for most applications.
+    |
+    | If your application has different needs (e.g. behind a proxy) then you
+    | can define a custom fetch class here that carries out the fetching.
+    | Your custom class should implement the Fetcher contract.
+    |
+    */
+
+    'fetcher' => \Propaganistas\LaravelDisposableEmail\Fetcher\DefaultFetcher::class,
+
+    /*
+    |--------------------------------------------------------------------------
+    | Storage Path
+    |--------------------------------------------------------------------------
+    |
+    | The location where the retrieved domains list should be stored locally.
+    | The path should be accessible and writable by the web server. A good
+    | place for storing the list is in the framework's own storage path.
+    |
+    */
+
+    'storage' => storage_path('framework/disposable_domains.json'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Cache Configuration
+    |--------------------------------------------------------------------------
+    |
+    | Here you may define whether the disposable domains list should be cached.
+    | If you disable caching or when the cache is empty, the list will be
+    | fetched from local storage instead.
+    |
+    | You can optionally specify an alternate cache connection or modify the
+    | cache key as desired.
+    |
+    */
+
+    'cache' => [
+        'enabled' => false,
+        'store' => 'default',
+        'key' => 'disposable_email:domains',
+    ],
+
+];

public/vendor/vapor-ui/mix-manifest.json

@@ -1,4 +1,4 @@
 {
-    "/app.js": "/app.js?id=1500556a77c7850b453f",
+    "/app.js": "/app.js?id=44c148984c42d320dccb",
     "/app.css": "/app.css?id=fbb793d795cfb9fe09b2"
 }

tests/Feature/RegisterTest.php

@@ -2,6 +2,7 @@
 
 use App\Models\User;
 use Tests\TestCase;
+use function Pest\Faker\faker;
 
 it('can register', function () {
     $this->postJson('/api/register', [
@@ -32,3 +33,32 @@ it('cannot register with existing email', function () {
         ->assertStatus(422)
         ->assertJsonValidationErrors(['email']);
 });
+
+it('cannot register with disposable email', function () {
+    // Select random email
+    $email = faker()->randomElement([
+        'dumliyupse@gufum.com', 
+        'kcs79722@zslsz.com', 
+        'pfizexwxtdifxupdhr@tpwlb.com', 
+        'qvj86ypqfm@email.edu.pl'
+    ]);
+
+    $this->postJson('/api/register', [
+            'name' => 'Test disposable',
+            'email' => $email,
+            'hear_about_us' => 'google',
+            'password' => 'secret',
+            'password_confirmation' => 'secret',
+            'agree_terms' => true
+        ])
+        ->assertStatus(422)
+        ->assertJsonValidationErrors(['email'])
+        ->assertJson([
+            'message' => 'Disposable email addresses are not allowed.',
+            'errors' => [
+                'email' => [
+                    'Disposable email addresses are not allowed.',
+                ],
+            ],
+        ]);
+});

vapor.yml

@@ -16,6 +16,7 @@ environments:
     build:
       - 'COMPOSER_MIRROR_PATH_REPOS=1 composer install --no-dev'
       - 'php artisan event:cache'
+      - 'php artisan disposable:update'
       - 'npm ci && npm run build && rm -rf node_modules'
     deploy:
       - 'php artisan migrate --force'