diff options
| author | =Corey Hulen <corey@hulen.com> | 2016-01-14 09:08:13 -0600 |
|---|---|---|
| committer | =Corey Hulen <corey@hulen.com> | 2016-01-14 09:08:13 -0600 |
| commit | 6d6cada0970a2b341f36dac9b0fed8262ada1865 (patch) | |
| tree | fc3728f15deaebd0c870838a63735659a33456e7 /api/user.go | |
| parent | 0b986ed3147c885af6b2f33e1ff3eb6754e8f274 (diff) | |
| parent | a341dbad2b8a4564b6f270c79f2f9932e499ac80 (diff) | |
| download | chat-6d6cada0970a2b341f36dac9b0fed8262ada1865.tar.gz chat-6d6cada0970a2b341f36dac9b0fed8262ada1865.tar.bz2 chat-6d6cada0970a2b341f36dac9b0fed8262ada1865.zip | |
Merge branch 'master' into PLT-1429
Diffstat (limited to 'api/user.go')
| -rw-r--r-- | api/user.go | 37 |
1 files changed, 26 insertions, 11 deletions
diff --git a/api/user.go b/api/user.go index 494296fb5..ab64759cf 100644 --- a/api/user.go +++ b/api/user.go @@ -5,9 +5,9 @@ package api import ( "bytes" - l4g "code.google.com/p/log4go" b64 "encoding/base64" "fmt" + l4g "github.com/alecthomas/log4go" "github.com/disintegration/imaging" "github.com/golang/freetype" "github.com/gorilla/mux" @@ -122,6 +122,11 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { user.EmailVerified = true } + if !CheckUserDomain(user, utils.Cfg.TeamSettings.RestrictCreationToDomains) { + c.Err = model.NewAppError("createUser", "The email you provided does not belong to an accepted domain. Please contact your administrator or sign up with a different email.", "") + return + } + ruser, err := CreateUser(team, user) if err != nil { c.Err = err @@ -136,19 +141,29 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) { } +func CheckUserDomain(user *model.User, domains string) bool { + if len(domains) == 0 { + return true + } + + domainArray := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(domains, "@", " ", -1), ",", " ", -1)))) + + matched := false + for _, d := range domainArray { + if strings.HasSuffix(user.Email, "@"+d) { + matched = true + break + } + } + + return matched +} + func IsVerifyHashRequired(user *model.User, team *model.Team, hash string) bool { shouldVerifyHash := true if team.Type == model.TEAM_INVITE && len(team.AllowedDomains) > 0 && len(hash) == 0 && user != nil { - domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(team.AllowedDomains, "@", " ", -1), ",", " ", -1)))) - - matched := false - for _, d := range domains { - if strings.HasSuffix(user.Email, "@"+d) { - matched = true - break - } - } + matched := CheckUserDomain(user, team.AllowedDomains) if matched { shouldVerifyHash = false @@ -1794,7 +1809,7 @@ func GetAuthorizationCode(c *Context, service, teamName string, props map[string props["team"] = teamName state := b64.StdEncoding.EncodeToString([]byte(model.MapToJson(props))) - redirectUri := c.GetSiteURL() + "/" + service + "/complete" + redirectUri := c.GetSiteURL() + "/signup/" + service + "/complete" // Remove /signup after a few releases (~1.8) authUrl := endpoint + "?response_type=code&client_id=" + clientId + "&redirect_uri=" + url.QueryEscape(redirectUri) + "&state=" + url.QueryEscape(state) |