Email Whitelist

Justoverclock

Hari I think (but not sure) that can be used on every form in Flarum

clarkwinkelmann

Hari it applies everywhere an email can be typed as long as the Flarum user validator is used behind the scenes.

That means the SignUp form, the email change request and the user edit modal. From web or REST API. Admins can't bypass the rules.

There might be other extensions that use the user validator and benefit from it as well. For example in the other whitelist extension (username), the FoF Username Request extension will also benefit from the username validation since it re-uses the Flarum user validator.

I have not checked how the social logins are impacted. I suspect they don't use the validator so if you have social login enabled they might be able to register other email addresses.

Hari

clarkwinkelmann I have not checked how the social logins are impacted. I suspect they don't use the validator so if you have social login enabled they might be able to register other email addresses

Thanks for remembering the earlier discussion on this point.

Thanks again to the sponsor and you, you guys rock. 🤘 These days whatever thoughts* come to my mind are turning into extensions automatically, all positive vibes around flarum ❤️💐

Hari

JasperVriends Welcome back

Hari Thanks again to the sponsor and you, you guys rock. 🤘 These days whatever thoughts* come to my mind are turning into extensions automatically, all positive vibes around flarum ❤️💐

I'm enjoying the extensions rain ⛈

to disable forgot password button add this in custom CSS

.LogInModal-forgotPassword {
display: none;
}

Braden

We will exalt a heavy price. They will not take us easily! 🔪

What about it @Hari 😃 will it work when a test user who adds a number like 61 making a fake email but on a whitelisted domain for example @gmail (fruits61@gmail)

Hari

Braden I have not tried this extension, I am using social login only.

Braden

Hari you reminded me of those days it was a hassle. Finally you succeeded , congratulations🎉

Hari

Braden Yeah, even today I use the same CSS, jasper has released a extension but it doesn't suit for my need.

In my case I only want users to signup using social login, and should able to forgot password and login using native login too because most of my users login from office environments and fb or twitter is blocked on thier network.

Braden

Hey clark, after 18 days , new users were unable to signup, even with google login, they were receiving the custom header message.

This is how i had set it up

clarkwinkelmann

Braden which mode is used? The format seems to be incorrect for both.

In normal mode, just write the full domain without @ and including top level domain. In regex mode, delimiters are required for each expression (can be / or any other valid delimiter for PHP).

Braden

clarkwinkelmann I will come with the outcome report later on. Thanks for the soft support you provide to us clark.

dekrypted

A cool feature might be to have a system like FriendsOfFlarum's Doorman extension, but as a follow up. So if an email doesn't make the whitelist, you can use a single use referral code to bypass it, like Doorman invoked if you don't make the whitelist.

clarkwinkelmann

dekrypted good idea, and totally doable, but I'm not planning to add any new feature at this time. I could add it as a sponsored feature though.

dekrypted

clarkwinkelmann sponsored? as in, premium?

clarkwinkelmann

dekrypted you can contact me via my website to get the feature developed at an hourly rate, either as a private extension for you or as an addition to an open source extension. I usually provide cheaper rate when working on an open source feature as a way to contribute to the open source community.

I probably won't have any availability before next year though.

dekrypted

clarkwinkelmann oh okay... if i were to make a pr with this feature and a fairly well implementation could you merge it? i know a bit of php

clarkwinkelmann

dekrypted I am not strictly against it but I can't guarantee how long it will take me to review and merge since it also requires some of my limited time and I don't like merging code I didn't review properly in an extension I might need to work on in the future.

If I am not available you could still release your version publicly as a fork.

dekrypted

clarkwinkelmann okay! i might work on that sometime.