Merge pull request #474 from mattermost/PL-4

Fixes PL-1 and PL-3 Restricting team creation
author: Christopher Speller <crspeller@gmail.com> 2015-08-27 12:09:35 -0400
committer: Christopher Speller <crspeller@gmail.com> 2015-08-27 12:09:35 -0400
commit: 305a74c78d25a9e8fd6a5d03a8431c160226e1f4 (patch)
tree: 4382c340d3e4b7c228400f01ad21fc6a76262fb2 /api/team.go
parent: d3093028cff337ede3747c6f0908eda432c3cb88 (diff)
parent: 9abf980b0eadc51025282464b19d179d845b6769 (diff)
download: chat-305a74c78d25a9e8fd6a5d03a8431c160226e1f4.tar.gz
chat-305a74c78d25a9e8fd6a5d03a8431c160226e1f4.tar.bz2
chat-305a74c78d25a9e8fd6a5d03a8431c160226e1f4.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/api/team.go b/api/team.go
index 8587a6de4..eaa0d2695 100644
--- a/api/team.go
+++ b/api/team.go
@@ -44,6 +44,10 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if !isTreamCreationAllowed(c, email) {
+		return
+	}
+
 	subjectPage := NewServerTemplatePage("signup_team_subject", c.GetSiteURL())
 	bodyPage := NewServerTemplatePage("signup_team_body", c.GetSiteURL())
 	bodyPage.Props["TourUrl"] = utils.Cfg.TeamSettings.TourLink
@@ -89,6 +93,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
 		c.Err = err
 		return
 	}
+
+	if !isTreamCreationAllowed(c, teamSignup.Team.Email) {
+		return
+	}
+
 	teamSignup.Team.Id = ""
 
 	password := teamSignup.User.Password
@@ -169,6 +178,10 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if !isTreamCreationAllowed(c, team.Email) {
+		return
+	}
+
 	if utils.Cfg.ServiceSettings.Mode != utils.MODE_DEV {
 		c.Err = model.NewAppError("createTeam", "The mode does not allow network creation without a valid invite", "")
 		return
@@ -196,6 +209,35 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func isTreamCreationAllowed(c *Context, email string) bool {
+
+	email = strings.ToLower(email)
+
+	if utils.Cfg.TeamSettings.DisableTeamCreation {
+		c.Err = model.NewAppError("isTreamCreationAllowed", "Team creation has been disabled. Please ask your systems administrator for details.", "")
+		return false
+	}
+
+	// commas and @ signs are optional
+	// can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org
+	domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1))))
+
+	matched := false
+	for _, d := range domains {
+		if strings.HasSuffix(email, "@"+d) {
+			matched = true
+			break
+		}
+	}
+
+	if len(utils.Cfg.TeamSettings.RestrictCreationToDomains) > 0 && !matched {
+		c.Err = model.NewAppError("isTreamCreationAllowed", "Email must be from a specific domain (e.g. @example.com). Please ask your systems administrator for details.", "")
+		return false
+	}
+
+	return true
+}
+
 func findTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	m := model.MapFromJson(r.Body)
author	Christopher Speller <crspeller@gmail.com>	2015-08-27 12:09:35 -0400
committer	Christopher Speller <crspeller@gmail.com>	2015-08-27 12:09:35 -0400
commit	305a74c78d25a9e8fd6a5d03a8431c160226e1f4 (patch)
tree	4382c340d3e4b7c228400f01ad21fc6a76262fb2 /api/team.go
parent	d3093028cff337ede3747c6f0908eda432c3cb88 (diff)
parent	9abf980b0eadc51025282464b19d179d845b6769 (diff)
download	chat-305a74c78d25a9e8fd6a5d03a8431c160226e1f4.tar.gz chat-305a74c78d25a9e8fd6a5d03a8431c160226e1f4.tar.bz2 chat-305a74c78d25a9e8fd6a5d03a8431c160226e1f4.zip