6 files changed, 139 insertions, 3 deletions

diff --git a/www-apps/phabricator/files/20180110-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch b/www-apps/phabricator/files/20180110-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch
index d0e83032..08c31f3d 100644
--- a/www-apps/phabricator/files/20180110-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch
+++ b/www-apps/phabricator/files/20180110-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch
@@ -1,7 +1,7 @@
 From a8babcd82ed20f1ec50b7857a803e8816d8bc13d Mon Sep 17 00:00:00 2001
 From: Bertrand Jacquin <bertrand@jacquin.bzh>
 Date: Sat, 22 Feb 2014 18:31:14 +0100
-Subject: [PATCH] MEDIUM: Get VERSION for files in
+Subject: [PATCH 1/2] MEDIUM: Get VERSION for files in
  /usr/share/<PN>/GIT_COMMIT_INFO rather than from git
 
 ---
diff --git a/www-apps/phabricator/files/20180110-blacklists-for-registering-users.patch b/www-apps/phabricator/files/20180110-blacklists-for-registering-users.patch
new file mode 100644
index 00000000..d2271b45
--- /dev/null
+++ b/www-apps/phabricator/files/20180110-blacklists-for-registering-users.patch
@@ -0,0 +1,67 @@
+From 85499577c3ef30decdd1f8535acaac9836fcf75b Mon Sep 17 00:00:00 2001
+From: Carsten Haitzler <raster@rasterman.com>
+Date: Thu, 8 Feb 2018 18:29:06 +0900
+Subject: [PATCH 2/2] blacklists for registering users
+
+i came up with this patch to allow phab to have email blacklists for
+registering users... thanks to spam.
+---
+ .../PhabricatorAuthenticationConfigOptions.php       |  7 ++++++-
+ .../people/storage/PhabricatorUserEmail.php          | 20 +++++++++++++++++---
+ 2 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
+index 2239d98858d3..beb719fd4a5c 100644
+--- a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
++++ b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
+@@ -69,7 +69,12 @@ final class PhabricatorAuthenticationConfigOptions
+             "it implies {{auth.require-email-verification}}.\n\n".
+             "You should omit the `@` from domains. Note that the domain must ".
+             "match exactly. If you allow `yourcompany.com`, that permits ".
+-            "`joe@yourcompany.com` but rejects `joe@mail.yourcompany.com`."))
++            "`joe@yourcompany.com` but rejects `joe@mail.yourcompany.com`.\n\n" .
++            "You may also use this as a blacklist by prefixing any domain with" .
++            "a `!` (exclamation) mark. If any entry in this list has this mark" .
++            "then the list as a whole is treated as a blacklist and whitelist" .
++            "items as above are ineffective and only items with a `!` at the" .
++            "start of them are effective in blacklisting domains."))
+         ->addExample(
+           "yourcompany.com\nmail.yourcompany.com",
+           pht('Valid Setting')),
+diff --git a/src/applications/people/storage/PhabricatorUserEmail.php b/src/applications/people/storage/PhabricatorUserEmail.php
+index 42946015dee1..e116d5421697 100644
+--- a/src/applications/people/storage/PhabricatorUserEmail.php
++++ b/src/applications/people/storage/PhabricatorUserEmail.php
+@@ -110,15 +110,29 @@ final class PhabricatorUserEmail extends PhabricatorUserDAO {
+       return false;
+     }
+ 
++    $default_allow = false;
++
+     $lower_domain = phutil_utf8_strtolower($domain);
+     foreach ($allowed_domains as $allowed_domain) {
+       $lower_allowed = phutil_utf8_strtolower($allowed_domain);
+-      if ($lower_allowed === $lower_domain) {
+-        return true;
++      // allow !domain.com to indicate this domain is NOT allowed instead
++      // of explicitly allowed. if you have at least 1 "not" domain listed
++      // then the list becomes a blacklist and only domains NOT allowed will
++      // be filtered.
++      if (substr($lower_allowed, 0, 1) === "!") {
++	$default_allow = true;
++	$lower_allowed = substr($lower_allowed, 1);
++        if ($lower_allowed === $lower_domain) {
++          return false;
++        }
++      } else {
++        if ($lower_allowed === $lower_domain) {
++          return true;
++        }
+       }
+     }
+ 
+-    return false;
++    return $default_allow;
+   }
+ 
+ 
diff --git a/www-apps/phabricator/files/9999-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch b/www-apps/phabricator/files/9999-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch
index 2f2db963..f91c40e0 100644
--- a/www-apps/phabricator/files/9999-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch
+++ b/www-apps/phabricator/files/9999-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch
@@ -1,7 +1,7 @@
-From 9e7e228ae902d87d36f2852de09b45ba14104bcc Mon Sep 17 00:00:00 2001
+From f17aff9ec7e993eeb6eca6b94e5a1ad8de257add Mon Sep 17 00:00:00 2001
 From: Bertrand Jacquin <bertrand@jacquin.bzh>
 Date: Sat, 22 Feb 2014 18:31:14 +0100
-Subject: [PATCH] MEDIUM: Get VERSION for files in
+Subject: [PATCH 1/2] MEDIUM: Get VERSION for files in
  /usr/share/<PN>/GIT_COMMIT_INFO rather than from git
 
 ---
diff --git a/www-apps/phabricator/files/9999-blacklists-for-registering-users.patch b/www-apps/phabricator/files/9999-blacklists-for-registering-users.patch
new file mode 100644
index 00000000..1050d231
--- /dev/null
+++ b/www-apps/phabricator/files/9999-blacklists-for-registering-users.patch
@@ -0,0 +1,67 @@
+From 3c62eabca0c8666f45205b784a4f9d96753cace2 Mon Sep 17 00:00:00 2001
+From: Carsten Haitzler <raster@rasterman.com>
+Date: Thu, 8 Feb 2018 18:29:06 +0900
+Subject: [PATCH 2/2] blacklists for registering users
+
+i came up with this patch to allow phab to have email blacklists for
+registering users... thanks to spam.
+---
+ .../PhabricatorAuthenticationConfigOptions.php       |  7 ++++++-
+ .../people/storage/PhabricatorUserEmail.php          | 20 +++++++++++++++++---
+ 2 files changed, 23 insertions(+), 4 deletions(-)
+
+diff --git a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
+index 2239d98858d3..beb719fd4a5c 100644
+--- a/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
++++ b/src/applications/config/option/PhabricatorAuthenticationConfigOptions.php
+@@ -69,7 +69,12 @@ final class PhabricatorAuthenticationConfigOptions
+             "it implies {{auth.require-email-verification}}.\n\n".
+             "You should omit the `@` from domains. Note that the domain must ".
+             "match exactly. If you allow `yourcompany.com`, that permits ".
+-            "`joe@yourcompany.com` but rejects `joe@mail.yourcompany.com`."))
++            "`joe@yourcompany.com` but rejects `joe@mail.yourcompany.com`.\n\n" .
++            "You may also use this as a blacklist by prefixing any domain with" .
++            "a `!` (exclamation) mark. If any entry in this list has this mark" .
++            "then the list as a whole is treated as a blacklist and whitelist" .
++            "items as above are ineffective and only items with a `!` at the" .
++            "start of them are effective in blacklisting domains."))
+         ->addExample(
+           "yourcompany.com\nmail.yourcompany.com",
+           pht('Valid Setting')),
+diff --git a/src/applications/people/storage/PhabricatorUserEmail.php b/src/applications/people/storage/PhabricatorUserEmail.php
+index 42946015dee1..e116d5421697 100644
+--- a/src/applications/people/storage/PhabricatorUserEmail.php
++++ b/src/applications/people/storage/PhabricatorUserEmail.php
+@@ -110,15 +110,29 @@ final class PhabricatorUserEmail extends PhabricatorUserDAO {
+       return false;
+     }
+ 
++    $default_allow = false;
++
+     $lower_domain = phutil_utf8_strtolower($domain);
+     foreach ($allowed_domains as $allowed_domain) {
+       $lower_allowed = phutil_utf8_strtolower($allowed_domain);
+-      if ($lower_allowed === $lower_domain) {
+-        return true;
++      // allow !domain.com to indicate this domain is NOT allowed instead
++      // of explicitly allowed. if you have at least 1 "not" domain listed
++      // then the list becomes a blacklist and only domains NOT allowed will
++      // be filtered.
++      if (substr($lower_allowed, 0, 1) === "!") {
++	$default_allow = true;
++	$lower_allowed = substr($lower_allowed, 1);
++        if ($lower_allowed === $lower_domain) {
++          return false;
++        }
++      } else {
++        if ($lower_allowed === $lower_domain) {
++          return true;
++        }
+       }
+     }
+ 
+-    return false;
++    return $default_allow;
+   }
+ 
+ 
diff --git a/www-apps/phabricator/phabricator-20180110.ebuild b/www-apps/phabricator/phabricator-20180110.ebuild
index 54bd30a6..9f32fae9 100644
--- a/www-apps/phabricator/phabricator-20180110.ebuild
+++ b/www-apps/phabricator/phabricator-20180110.ebuild
@@ -67,6 +67,7 @@ src_prepare() {
 	git remote -v > "${S}/GIT_REMOTE_INFO"
 
 	eapply "${FILESDIR}/${PV}-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch"
+	eapply "${FILESDIR}/${PV}-blacklists-for-registering-users.patch"
 
 	find -type f -name .gitignore -print0 \
 		| xargs -0 --no-run-if-empty -- \
diff --git a/www-apps/phabricator/phabricator-9999.ebuild b/www-apps/phabricator/phabricator-9999.ebuild
index 0acb5c87..bd4d7c94 100644
--- a/www-apps/phabricator/phabricator-9999.ebuild
+++ b/www-apps/phabricator/phabricator-9999.ebuild
@@ -65,6 +65,7 @@ src_prepare() {
 	git remote -v > "${S}/GIT_REMOTE_INFO"
 
 	eapply "${FILESDIR}/${PV}-MEDIUM-Get-VERSION-for-files-in-usr-share-PN-GIT_COM.patch"
+	eapply "${FILESDIR}/${PV}-blacklists-for-registering-users.patch"
 
 	find -type f -name .gitignore -print0 \
 		| xargs -0 --no-run-if-empty -- \