MokoConsulting/MokoJoomCommunity
1
0
Fork 0
Code Issues 75 Pull Requests Packages Projects Releases Wiki Activity

[MokoCBRegGuard] [FEATURE] Trusted IP and email domain whitelist bypass #19

New Issue
Open
opened 2026-06-02 19:31:34 +00:00 by jmiller · 0 comments
jmiller commented 2026-06-02 19:31:34 +00:00
Owner
Copy Link
Copy Source

Migrated from MokoCBRegGuard#21

Feature Description

Add a whitelist/trust system that allows known-good IPs and email domains to bypass all RegGuard checks.

Problem or Use Case

Legitimate bulk registrations — staff onboarding, event signups, partner accounts — trigger false positives. Office IPs registering multiple accounts hit the IP frequency check. Corporate email domains are unnecessarily scanned. There is currently no way to exempt known-good sources.

Proposed Solution

Add trust/whitelist parameters:

  • trusted_ips — comma-separated IPs or CIDR ranges that bypass all checks
  • trusted_email_domains — comma-separated domains that bypass all checks

When a registration matches a trusted entry:

  • Skip all check methods
  • Log with TRUSTED_BYPASS note (maintain audit trail)
  • Set risk level to LOW with score 0

Alternative Solutions

  • Temporarily disable the plugin during bulk signups (risky, leaves site unprotected)
  • Raise thresholds globally (weakens protection for all registrations)

Benefits

  • Who: Administrators managing legitimate bulk signups, organizations with known office IPs
  • Problem solved: Eliminates false positives for trusted sources without weakening overall protection
  • Value: Reduces moderator workload and prevents legitimate users from being flagged

Implementation Details (Optional)

  • New params in cbregguard.xml: trusted_ips, trusted_email_domains
  • Early-exit check in cbregguard.php before running any checks
  • CIDR matching support for IP ranges using inet_pton() and bitmask comparison
  • Still log the registration (with TRUSTED_BYPASS) to maintain complete audit trail

Relevant Standards

  • Security best practices
  • Code quality standards

Checklist

  • I have searched for similar feature requests before creating this one
  • I have clearly described the use case and benefits
  • I have considered alternative solutions
  • This feature aligns with the project's goals and scope
> Migrated from MokoCBRegGuard#21 ## Feature Description Add a whitelist/trust system that allows known-good IPs and email domains to bypass all RegGuard checks. ## Problem or Use Case Legitimate bulk registrations — staff onboarding, event signups, partner accounts — trigger false positives. Office IPs registering multiple accounts hit the IP frequency check. Corporate email domains are unnecessarily scanned. There is currently no way to exempt known-good sources. ## Proposed Solution Add trust/whitelist parameters: - `trusted_ips` — comma-separated IPs or CIDR ranges that bypass all checks - `trusted_email_domains` — comma-separated domains that bypass all checks When a registration matches a trusted entry: - Skip all check methods - Log with `TRUSTED_BYPASS` note (maintain audit trail) - Set risk level to LOW with score 0 ## Alternative Solutions - Temporarily disable the plugin during bulk signups (risky, leaves site unprotected) - Raise thresholds globally (weakens protection for all registrations) ## Benefits - **Who:** Administrators managing legitimate bulk signups, organizations with known office IPs - **Problem solved:** Eliminates false positives for trusted sources without weakening overall protection - **Value:** Reduces moderator workload and prevents legitimate users from being flagged ## Implementation Details (Optional) - New params in `cbregguard.xml`: `trusted_ips`, `trusted_email_domains` - Early-exit check in `cbregguard.php` before running any checks - CIDR matching support for IP ranges using `inet_pton()` and bitmask comparison - Still log the registration (with `TRUSTED_BYPASS`) to maintain complete audit trail ## Relevant Standards - [x] Security best practices - [x] Code quality standards ## Checklist - [x] I have searched for similar feature requests before creating this one - [x] I have clearly described the use case and benefits - [x] I have considered alternative solutions - [x] This feature aligns with the project's goals and scope
jmiller added the pending: testingregguard labels 2026-06-02 19:52:03 +00:00
Sign in to join this conversation.
Labels
Clear labels
admin-ui
Admin interface work
 bug: critical
Critical bug blocking functionality
 enhancement
Feature enhancement or improvement
 membership
Membership/subscription related
 obsolete
No longer applicable after repo consolidation
 payments
Payment system related
 pending: testing
Feature built, needs testing before close
 regguard
Registration guard related
 social-login
Social login related
bug
Something is not working
 chore
Maintenance and housekeeping
 documentation
Documentation improvements
 enhancement
Improvement to existing functionality
 feature
New feature or request
 pending: dependency
Blocked by another issue or external dependency
 pending: deployment
Tested and approved, awaiting deployment to production
 pending: design
Needs UI/UX or architecture design before implementation
 pending: documentation
Feature works, needs documentation/wiki update
 pending: feedback
Awaiting feedback or decision from stakeholder
 pending: review
Implementation complete, awaiting code review
 pending: testing
Feature implemented but not yet tested
 priority: critical
Must fix immediately
 priority: high
Should fix soon
 priority: low
Nice to have
 priority: medium
Fix when convenient
 refactor
Code restructuring without behavior change
 roadmap
Planned feature or enhancement tracked on the roadmap
 scope: client
Client-specific work
 scope: dolibarr
Dolibarr modules and customizations
 scope: infrastructure
Server, CI, backups, monitoring
 scope: joomla
Joomla templates and extensions
 scope: waas
MokoWaaS platform
 security
Security vulnerability or hardening
 status: blocked
Waiting on external dependency
 status: duplicate
Duplicate of another issue
 status: in-progress
Being worked on
 status: needs-review
Ready for review
 status: wontfix
Will not be addressed
No labels pending: testing regguard
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Assignees
Clear assignees
jmiller (Jonathan Miller)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoJoomCommunity#19
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?