From a15d0ecbd64c08f18555ab42241ff6673e43f36c Mon Sep 17 00:00:00 2001
From: Henrik Levkowetz <henrik@levkowetz.com>
Date: Fri, 20 May 2016 22:39:30 +0000
Subject: [PATCH] Prevent people from adding ietf list addresses to their
 personal accounts.  - Legacy-Id: 11218

---
 ietf/ietfauth/forms.py     | 9 ++++++++-
 ietf/secr/rolodex/forms.py | 7 ++++++-
 ietf/settings.py           | 4 ++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/ietf/ietfauth/forms.py b/ietf/ietfauth/forms.py
index 00abc084a..814cc7336 100644
--- a/ietf/ietfauth/forms.py
+++ b/ietf/ietfauth/forms.py
@@ -1,6 +1,8 @@
 import re
 
 from django import forms
+from django.conf import settings
+from django.core.exceptions import ValidationError
 from django.forms import ModelForm
 from django.db import models
 from django.contrib.auth.models import User
@@ -64,6 +66,11 @@ class NewEmailForm(forms.Form):
             existing = Email.objects.filter(address=email).first()
             if existing:
                 raise forms.ValidationError("Email address '%s' is already assigned to account '%s' (%s)" % (existing, existing.person and existing.person.user, existing.person))
+
+        for pat in settings.EXLUDED_PERSONAL_EMAIL_REGEX_PATTERNS:
+            if re.search(pat, email):
+                raise ValidationError("This email address is not valid in a datatracker account")
+
         return email
 
 
@@ -76,7 +83,7 @@ class RoleEmailForm(forms.Form):
         f = self.fields["email"]
         f.label = u"%s in %s" % (role.name, role.group.acronym.upper())
         f.help_text = u"Email to use for <i>%s</i> role in %s" % (role.name, role.group.name)
-        f.queryset = f.queryset.filter(models.Q(person=role.person_id) | models.Q(role=role))
+        f.queryset = f.queryset.filter(models.Q(person=role.person_id) | models.Q(role=role)).distinct()
         f.initial = role.email_id
         f.choices = [(e.pk, e.address if e.active else u"({})".format(e.address)) for e in f.queryset]
 
diff --git a/ietf/secr/rolodex/forms.py b/ietf/secr/rolodex/forms.py
index 5a38fa041..25cd9ae79 100644
--- a/ietf/secr/rolodex/forms.py
+++ b/ietf/secr/rolodex/forms.py
@@ -1,6 +1,7 @@
 from django import forms
+from django.conf import settings
 from django.contrib.auth.models import User
-from django.core.exceptions import ObjectDoesNotExist
+from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.core.validators import validate_email
 
 from ietf.person.models import Email, Person
@@ -87,6 +88,10 @@ class NewEmailForm(EmailForm):
         if address:
             validate_email(address)
 
+            for pat in settings.EXLUDED_PERSONAL_EMAIL_REGEX_PATTERNS:
+                if re.search(pat, address):
+                    raise ValidationError("This email address is not valid in a datatracker account")
+
         return address
         
 class NewPersonForm(forms.ModelForm):
diff --git a/ietf/settings.py b/ietf/settings.py
index cce34d864..de4860fcb 100644
--- a/ietf/settings.py
+++ b/ietf/settings.py
@@ -608,6 +608,10 @@ TRAC_ADMIN_CMD = "/usr/bin/trac-admin"
 TRAC_WIKI_DIR = "/a/www/www6s/trac"
 TRAC_SVN_DIR = "/a/svn/group"
 
+# Email addresses people attempt to set for their account will be checked
+# against the following list of regex expressions with re.search(pat, addr):
+EXLUDED_PERSONAL_EMAIL_REGEX_PATTERNS = ["@ietf.org$"]
+
 # Put the production SECRET_KEY in settings_local.py, and also any other
 # sensitive or site-specific changes.  DO NOT commit settings_local.py to svn.
 from settings_local import *            # pyflakes:ignore