Implement country denylist for user registration

carlbennett · carlbennett · commit c520b9a8b69d · 2021-02-20T16:03:18.000-06:00
diff --git a/etc/config.sample.json b/etc/config.sample.json
@@ -48,6 +48,11 @@
     "user_register_requirements": {
       "email_enable_denylist": true,
       "email_validate_quick": true,
+      "geoip_countrycode_denylist": {
+        "CN": "China is banned from this site for spamming and registering fake accounts",
+        "RU": "Russia is banned from this site for spamming and registering fake accounts",
+        "UA": "Ukraine is banned from this site for association with Russia and spamming and registering fake accounts"
+      },
       "password_allow_email": false,
       "password_allow_username": false,
       "password_length_max": null,
@@ -74,6 +79,9 @@
   },
   "email": {
     "recipient_denylist_regexp": [
+      "/@.+\\\\.cn$/i",
+      "/@.+\\\\.ru$/i",
+      "/@.+\\\\.ua$/i",
       "/@mailinator\\.com$/i"
     ],
     "recipient_from": [
diff --git a/src/controllers/User/Register.php b/src/controllers/User/Register.php
@@ -92,6 +92,7 @@ protected function tryRegister(Router &$router, UserRegisterModel &$model) {
     $usernamelen = strlen($username);
     $req = &Common::$config->bnetdocs->user_register_requirements;
     $email_denylist = &Common::$config->email->recipient_denylist_regexp;
+    $countrycode_denylist = &$req->geoip_countrycode_denylist;
     if ($req->email_validate_quick
       && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
       $model->error = 'INVALID_EMAIL';
@@ -141,6 +142,16 @@ protected function tryRegister(Router &$router, UserRegisterModel &$model) {
         return;
       }
     }
+    if (function_exists('geoip_country_code_by_name')) {
+      $their_country = geoip_country_code_by_name(getenv('REMOTE_ADDR'));
+      foreach ($countrycode_denylist as $bad_country => $reason) {
+        if (strtoupper($their_country) == strtoupper($bad_country)) {
+          $model->error = 'COUNTRY_DENIED';
+          $model->error_extra = $reason;
+          return;
+        }
+      }
+    }
     if (Common::$config->bnetdocs->user_register_disabled) {
       $model->error = 'REGISTER_DISABLED';
       return;
diff --git a/src/templates/User/Register.phtml b/src/templates/User/Register.phtml
@@ -70,6 +70,11 @@ switch ($this->getContext()->error) {
     $message = $this->getContext()->error_extra;
     if (empty($message)) $message = "The password is blacklisted.";
     break;
+  case "COUNTRY_DENIED":
+    $af      = null;
+    $message = $this->getContext()->error_extra;
+    if (empty($message)) $message = "Your country is blacklisted.";
+    break;
   case "REGISTER_DISABLED":
     $af      = null;
     $message = "Creating accounts has been administratively disabled "
