diff options
| author | =Corey Hulen <corey@hulen.com> | 2015-08-25 14:40:16 -0700 |
|---|---|---|
| committer | =Corey Hulen <corey@hulen.com> | 2015-08-25 14:40:16 -0700 |
| commit | 67bc12e4b72960ce5413a6267f11d505d581f1e7 (patch) | |
| tree | 6ce737cfdbf585a8a96370266dabe6178ac126b8 /api/team.go | |
| parent | d132de4400c181d69c8d560a5f1e33e95e6d8586 (diff) | |
| download | chat-67bc12e4b72960ce5413a6267f11d505d581f1e7.tar.gz chat-67bc12e4b72960ce5413a6267f11d505d581f1e7.tar.bz2 chat-67bc12e4b72960ce5413a6267f11d505d581f1e7.zip | |
Fixes PL-3 Restrict team creation to specific domains
Diffstat (limited to 'api/team.go')
| -rw-r--r-- | api/team.go | 45 |
1 files changed, 36 insertions, 9 deletions
diff --git a/api/team.go b/api/team.go index 2d60707bb..10bdafcf0 100644 --- a/api/team.go +++ b/api/team.go @@ -44,8 +44,7 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - if utils.Cfg.TeamSettings.DisableTeamCreation { - c.Err = model.NewAppError("createTeamFromSignup", "Team creation has been disabled. Please ask your systems administrator for details.", "") + if !isTreamCreationAllowed(c, email) { return } @@ -84,11 +83,6 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { return } - if utils.Cfg.TeamSettings.DisableTeamCreation { - c.Err = model.NewAppError("createTeamFromSignup", "Team creation has been disabled. Please ask your systems administrator for details.", "") - return - } - props := model.MapFromJson(strings.NewReader(teamSignup.Data)) teamSignup.Team.Email = props["email"] teamSignup.User.Email = props["email"] @@ -99,6 +93,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } + + if !isTreamCreationAllowed(c, teamSignup.Team.Email) { + return + } + teamSignup.Team.Id = "" password := teamSignup.User.Password @@ -179,8 +178,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } - if utils.Cfg.TeamSettings.DisableTeamCreation { - c.Err = model.NewAppError("createTeam", "Team creation has been disabled. Please ask your systems administrator for details.", "") + if !isTreamCreationAllowed(c, team.Email) { return } @@ -211,6 +209,35 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { } } +func isTreamCreationAllowed(c *Context, email string) bool { + + email = strings.ToLower(email) + + if utils.Cfg.TeamSettings.DisableTeamCreation { + c.Err = model.NewAppError("isTreamCreationAllowed", "Team creation has been disabled. Please ask your systems administrator for details.", "") + return false + } + + // commas and @ signs are optional + // can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org + domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1)))) + + matched := false + for _, d := range domains { + if strings.HasSuffix(email, "@"+d) { + matched = true + break + } + } + + if len(utils.Cfg.TeamSettings.RestrictCreationToDomains) > 0 && !matched { + c.Err = model.NewAppError("isTreamCreationAllowed", "Email must be from a specific domain (e.g. @example.com). Please ask your systems administrator for details.", "") + return false + } + + return true +} + func findTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { m := model.MapFromJson(r.Body) |