feat: block Gmail/Googlemail email+password sign-up, prompt Google OAuth (#343)

Author: devin-ai-integration[bot]

src/app/(auth)/sign-up/page.tsx

@@ -17,6 +17,7 @@ import { AuthFormMessage, type AuthMessage } from '@/features/auth/form-message'
 import { OAuthProviders } from '@/features/auth/oauth-provider-buttons'
 import { TurnstileWidget } from '@/features/auth/turnstile-widget'
 import { useTurnstile } from '@/features/auth/use-turnstile'
+import { isGoogleEmail } from '@/lib/utils/email'
 import { Button } from '@/ui/primitives/button'
 import {
   Form,
@@ -84,6 +85,9 @@ export default function SignUp() {
     }
   }, [searchParams, form])
 
+  const emailValue = form.watch('email')
+  const isGoogleSignUp = emailValue ? isGoogleEmail(emailValue) : false
+
   useEffect(() => {
     if (message && 'success' in message && message.success) {
       const timer = setTimeout(
@@ -179,10 +183,22 @@ export default function SignUp() {
             className="my-1"
           />
 
+          {isGoogleSignUp && (
+            <AuthFormMessage
+              className="mt-2"
+              message={{
+                message: USER_MESSAGES.signUpGoogleEmail.message,
+              }}
+            />
+          )}
+
           <Button
             type="submit"
             loading={isExecuting ? 'Signing up...' : undefined}
-            disabled={CAPTCHA_REQUIRED_CLIENT && !turnstile.captchaToken}
+            disabled={
+              isGoogleSignUp ||
+              (CAPTCHA_REQUIRED_CLIENT && !turnstile.captchaToken)
+            }
           >
             Sign up
           </Button>

src/configs/user-messages.ts

@@ -84,6 +84,10 @@ export const USER_MESSAGES = {
   captchaFailed: {
     message: 'Captcha verification failed. Please try again.',
   },
+  signUpGoogleEmail: {
+    message:
+      'Please use "Continue with Google" above to sign up with your Google account.',
+  },
 }
 
 export const getTimeoutMsFromUserMessage = (

src/core/server/actions/auth-actions.ts

@@ -24,6 +24,7 @@ import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
 import { relativeUrlSchema } from '@/core/shared/schemas/url'
 import { verifyTurnstileToken } from '@/lib/captcha/turnstile'
 import { encodedRedirect } from '@/lib/utils/auth'
+import { isGoogleEmail } from '@/lib/utils/email'
 
 async function validateCaptcha(captchaToken: string | undefined) {
   if (!CAPTCHA_REQUIRED_SERVER) {
@@ -203,6 +204,10 @@ export const signUpAction = actionClient
       const ip =
         headerStore.get('x-forwarded-for')?.split(',')[0]?.trim() ?? undefined
 
+      if (isGoogleEmail(email)) {
+        return returnServerError(USER_MESSAGES.signUpGoogleEmail.message)
+      }
+
       // basic security check, that password does not equal e-mail
       if (password && email && password.toLowerCase() === email.toLowerCase()) {
         return returnValidationErrors(signUpSchema, {

src/lib/utils/email.ts

@@ -0,0 +1,6 @@
+const GOOGLE_EMAIL_DOMAINS = ['gmail.com', 'googlemail.com']
+
+export function isGoogleEmail(email: string): boolean {
+  const domain = email.split('@').pop()?.toLowerCase()
+  return domain !== undefined && GOOGLE_EMAIL_DOMAINS.includes(domain)
+}