Merge pull request #527 from lanedirt/525-prevent-email-address-colli…

…sion-from-occuring Prevent email address collision from occurring during identity generation
lanedirt · Jan 13, 2025 · 5e61bd5 · 5e61bd5
2 parents a2e8a43 + 92904dc
commit 5e61bd5
Show file tree

Hide file tree

Showing 12 changed files with 795 additions and 25 deletions.
diff --git a/src/AliasVault.Api/AliasVault.Api.csproj b/src/AliasVault.Api/AliasVault.Api.csproj
@@ -34,6 +34,7 @@
 
     <ItemGroup>
       <ProjectReference Include="..\Databases\AliasServerDb\AliasServerDb.csproj" />
+      <ProjectReference Include="..\Generators\AliasVault.Generators.Identity\AliasVault.Generators.Identity.csproj" />
       <ProjectReference Include="..\Shared\AliasVault.Shared.Server\AliasVault.Shared.Server.csproj" />
       <ProjectReference Include="..\Shared\AliasVault.Shared\AliasVault.Shared.csproj" />
       <ProjectReference Include="..\Utilities\AliasVault.Auth\AliasVault.Auth.csproj" />

diff --git a/src/AliasVault.Api/Controllers/IdentityController.cs b/src/AliasVault.Api/Controllers/IdentityController.cs
@@ -0,0 +1,58 @@
+//-----------------------------------------------------------------------
+// <copyright file="IdentityController.cs" company="lanedirt">
+// Copyright (c) lanedirt. All rights reserved.
+// Licensed under the MIT license. See LICENSE.md file in the project root for full license information.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace AliasVault.Api.Controllers;
+
+using AliasServerDb;
+using AliasVault.Api.Controllers.Abstracts;
+using AliasVault.Api.Helpers;
+using Asp.Versioning;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+
+/// <summary>
+/// Controller for generating identities taking into account existing information on the AliasVault server.
+/// </summary>
+/// <param name="userManager">UserManager instance.</param>
+/// <param name="dbContextFactory">DbContextFactory instance.</param>
+[ApiVersion("1")]
+public class IdentityController(UserManager<AliasVaultUser> userManager, IAliasServerDbContextFactory dbContextFactory) : AuthenticatedRequestController(userManager)
+{
+    /// <summary>
+    /// Verify that provided email address is not already taken by another user.
+    /// </summary>
+    /// <param name="email">The full email address to check.</param>
+    /// <returns>True if the email address is already taken, false otherwise.</returns>
+    [HttpPost("CheckEmail/{email}")]
+    public async Task<IActionResult> CheckEmail(string email)
+    {
+        var user = await GetCurrentUserAsync();
+        if (user == null)
+        {
+            return Unauthorized();
+        }
+
+        bool isTaken = await EmailClaimExistsAsync(email);
+        return Ok(new { isTaken });
+    }
+
+    /// <summary>
+    /// Verify that provided email address is not already taken by another user.
+    /// </summary>
+    /// <param name="email">The email address to check.</param>
+    /// <returns>True if the email address is already taken, false otherwise.</returns>
+    private async Task<bool> EmailClaimExistsAsync(string email)
+    {
+        await using var context = await dbContextFactory.CreateDbContextAsync();
+
+        var sanitizedEmail = EmailHelper.SanitizeEmail(email);
+        var claimExists = await context.UserEmailClaims.FirstOrDefaultAsync(c => c.Address == sanitizedEmail);
+
+        return claimExists != null;
+    }
+}
diff --git a/src/AliasVault.Api/Controllers/VaultController.cs b/src/AliasVault.Api/Controllers/VaultController.cs
@@ -386,7 +386,7 @@ private async Task UpdateUserEmailClaims(AliasServerDbContext context, string us
         foreach (var email in newEmailAddresses)
         {
             // Sanitize email address.
-            var sanitizedEmail = email.Trim().ToLower();
+            var sanitizedEmail = EmailHelper.SanitizeEmail(email);
 
             // If email address is invalid according to the EmailAddressAttribute, skip it.
             if (!new EmailAddressAttribute().IsValid(sanitizedEmail))

diff --git a/src/AliasVault.Api/Helpers/EmailHelper.cs b/src/AliasVault.Api/Helpers/EmailHelper.cs
@@ -0,0 +1,24 @@
+//-----------------------------------------------------------------------
+// <copyright file="EmailHelper.cs" company="lanedirt">
+// Copyright (c) lanedirt. All rights reserved.
+// Licensed under the MIT license. See LICENSE.md file in the project root for full license information.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace AliasVault.Api.Helpers;
+
+/// <summary>
+/// EmailHelper class which contains helper methods for email.
+/// </summary>
+public static class EmailHelper
+{
+    /// <summary>
+    /// Sanitize email address by trimming and converting to lowercase.
+    /// </summary>
+    /// <param name="email">Email address to sanitize.</param>
+    /// <returns>Sanitized email address.</returns>
+    public static string SanitizeEmail(string email)
+    {
+        return email.Trim().ToLower();
+    }
+}
diff --git a/src/AliasVault.Client/Services/CredentialService.cs b/src/AliasVault.Client/Services/CredentialService.cs
@@ -49,20 +49,43 @@ public static string GenerateRandomPassword()
     /// <returns>Task.</returns>
     public async Task<Credential> GenerateRandomIdentity(Credential credential)
     {
-        // Generate a random identity using the IIdentityGenerator implementation.
-        var identity = await IdentityGeneratorFactory.CreateIdentityGenerator(dbService.Settings.DefaultIdentityLanguage).GenerateRandomIdentityAsync();
-
-        // Generate random values for the Identity properties
-        credential.Username = identity.NickName;
-        credential.Alias.FirstName = identity.FirstName;
-        credential.Alias.LastName = identity.LastName;
-        credential.Alias.NickName = identity.NickName;
-        credential.Alias.Gender = identity.Gender == Gender.Male ? "Male" : "Female";
-        credential.Alias.BirthDate = identity.BirthDate;
-
-        // Set the email
-        var emailDomain = GetDefaultEmailDomain();
-        credential.Alias.Email = $"{identity.EmailPrefix}@{emailDomain}";
+        const int MaxAttempts = 5;
+        var attempts = 0;
+        bool isEmailTaken;
+
+        do
+        {
+            // Generate a random identity using the IIdentityGenerator implementation
+            var identity = await IdentityGeneratorFactory.CreateIdentityGenerator(dbService.Settings.DefaultIdentityLanguage).GenerateRandomIdentityAsync();
+
+            // Generate random values for the Identity properties
+            credential.Username = identity.NickName;
+            credential.Alias.FirstName = identity.FirstName;
+            credential.Alias.LastName = identity.LastName;
+            credential.Alias.NickName = identity.NickName;
+            credential.Alias.Gender = identity.Gender == Gender.Male ? "Male" : "Female";
+            credential.Alias.BirthDate = identity.BirthDate;
+
+            // Set the email
+            var emailDomain = GetDefaultEmailDomain();
+            credential.Alias.Email = $"{identity.EmailPrefix}@{emailDomain}";
+
+            // Check if email is already taken
+            try
+            {
+                var response = await httpClient.PostAsync($"v1/Identity/CheckEmail/{credential.Alias.Email}", null);
+                var result = await response.Content.ReadFromJsonAsync<Dictionary<string, bool>>();
+                isEmailTaken = result?["isTaken"] ?? false;
+            }
+            catch
+            {
+                // If the API call fails, assume email is not taken to allow operation to continue
+                isEmailTaken = false;
+            }
+
+            attempts++;
+        }
+        while (isEmailTaken && attempts < MaxAttempts);
 
         // Generate password
         credential.Passwords.First().Value = GenerateRandomPassword();

diff --git a/...nerators/AliasVault.Generators.Identity/Implementations/Dictionaries/en/firstnames_female b/...nerators/AliasVault.Generators.Identity/Implementations/Dictionaries/en/firstnames_female
@@ -151,3 +151,109 @@ Juliana
 Charlie
 Lucia
 Stella
+Adriana
+Beatrice
+Bianca
+Calliope
+Carmen
+Celeste
+Dakota
+Diana
+Esther
+Florence
+Francesca
+Georgia
+Harlow
+Haven
+Holly
+Hope
+India
+Indie
+Iris
+Juniper
+Kaia
+Keira
+Lara
+Laura
+Laurel
+Luna
+Magnolia
+Maeve
+Marina
+Marlowe
+Nina
+Noelle
+Octavia
+Olive
+Ophelia
+Phoenix
+Poppy
+Primrose
+Ramona
+River
+Rosalie
+Rosemary
+Sage
+Salem
+Selena
+Sienna
+Summer
+Sylvie
+Thea
+Tessa
+Wren
+Winter
+Willa
+Ada
+Aspen
+Blair
+Brynn
+Cassidy
+Cecilia
+Daisy
+Dawn
+Daphne
+Ember
+Fiona
+Flora
+Freya
+Gemma
+Giselle
+Harmony
+Heidi
+Imogen
+Indie
+Jessie
+June
+Kaia
+Lena
+Lola
+Mabel
+Maisie
+Margot
+Matilda
+Mira
+Morgan
+Nell
+Nadia
+Odette
+Opal
+Pearl
+Phoebe
+Raven
+Reese
+Robin
+Rowan
+Ruth
+Sabrina
+Sasha
+Sierra
+Skye
+Sloane
+Talia
+Thora
+Vera
+Willa
+Winnie
+Yara
+Zara
diff --git a/...Generators/AliasVault.Generators.Identity/Implementations/Dictionaries/en/firstnames_male b/...Generators/AliasVault.Generators.Identity/Implementations/Dictionaries/en/firstnames_male
@@ -140,3 +140,108 @@ Levi
 Alan
 Jorge
 Carson
+Felix
+Oliver
+Theodore
+Harrison
+Maxwell
+Sebastian
+Xavier
+Dominick
+Lincoln
+Elliott
+Walter
+Simon
+Dean
+Hugo
+Malcolm
+Leon
+Oscar
+Calvin
+Raymond
+Edgar
+Franklin
+Arthur
+Lawrence
+Dennis
+Russell
+Douglas
+Leonard
+Gregory
+Harold
+Frederick
+Martin
+Curtis
+Stanley
+Gilbert
+Harvey
+Francis
+Eugene
+Ralph
+Roy
+Albert
+Bruce
+Ronald
+Keith
+Craig
+Roger
+Randy
+Gary
+Dennis
+Edwin
+Don
+Glen
+Gordon
+Howard
+Earl
+Leo
+Lloyd
+Milton
+Norman
+Roland
+Vernon
+Warren
+Alfred
+Bernard
+Chester
+Clarence
+Clifford
+Clyde
+Dale
+Dan
+Darrell
+Floyd
+Herman
+Jerome
+Maurice
+Neil
+Ray
+Rodney
+Roland
+Stuart
+Wallace
+Wayne
+Wendell
+Barry
+Cecil
+Claude
+Daryl
+Edmund
+Everett
+Ferdinand
+Forrest
+Gerald
+Hugh
+Irving
+Leslie
+Marvin
+Morris
+Nelson
+Perry
+Phillip
+Roderick
+Ross
+Terrence
+Wade
+Winston
+Zachariah