From df891dc59fd26394b63f5e50b8e2e61895f71c08 Mon Sep 17 00:00:00 2001
From: Kyle D <kdumontnu@gmail.com>
Date: Tue, 16 Mar 2021 21:54:02 -0600
Subject: [PATCH] Validate email in oauth registration form (#15014)

---
 routers/user/auth.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/routers/user/auth.go b/routers/user/auth.go
index e5e8cc115..37181c68e 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -942,6 +942,11 @@ func LinkAccountPostRegister(ctx *context.Context) {
 		}
 	}
 
+	if !form.IsEmailDomainAllowed() {
+		ctx.RenderWithErr(ctx.Tr("auth.email_domain_blacklisted"), tplLinkAccount, &form)
+		return
+	}
+
 	if setting.Service.AllowOnlyExternalRegistration || !setting.Service.RequireExternalRegistrationPassword {
 		// In models.User an empty password is classed as not set, so we set form.Password to empty.
 		// Eventually the database should be changed to indicate "Second Factor"-enabled accounts