prevent users from changing email addresses to restricted domains (#7765)

author: Chris <ccbrown112@gmail.com> 2017-11-03 10:47:32 -0500
committer: Christopher Speller <crspeller@gmail.com> 2017-11-03 08:47:32 -0700
commit: 71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0 (patch)
tree: 7dd66012d5483389f63eddf5e54d1846bbc9770f /app/user.go
parent: 59fe80990913d220926c847d234b7066ca0f6ada (diff)
download: chat-71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0.tar.gz
chat-71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0.tar.bz2
chat-71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/app/user.go b/app/user.go
index 999fabbf8..60a6c887b 100644
--- a/app/user.go
+++ b/app/user.go
@@ -984,6 +984,17 @@ func (a *App) sendUpdatedUserEvent(user model.User, asAdmin bool) {
 }
 
 func (a *App) UpdateUser(user *model.User, sendNotifications bool) (*model.User, *model.AppError) {
+	if !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) {
+		result := <-a.Srv.Store.User().Get(user.Id)
+		if result.Err != nil {
+			return nil, result.Err
+		}
+		prev := result.Data.(*model.User)
+		if !prev.IsLDAPUser() && !prev.IsSAMLUser() && user.Email != prev.Email {
+			return nil, model.NewAppError("UpdateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest)
+		}
+	}
+
 	if result := <-a.Srv.Store.User().Update(user, false); result.Err != nil {
 		return nil, result.Err
 	} else {
author	Chris <ccbrown112@gmail.com>	2017-11-03 10:47:32 -0500
committer	Christopher Speller <crspeller@gmail.com>	2017-11-03 08:47:32 -0700
commit	71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0 (patch)
tree	7dd66012d5483389f63eddf5e54d1846bbc9770f /app/user.go
parent	59fe80990913d220926c847d234b7066ca0f6ada (diff)
download	chat-71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0.tar.gz chat-71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0.tar.bz2 chat-71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0.zip