diff options
Diffstat (limited to 'api/team.go')
-rw-r--r-- | api/team.go | 118 |
1 files changed, 117 insertions, 1 deletions
diff --git a/api/team.go b/api/team.go index 8587a6de4..e34b3a610 100644 --- a/api/team.go +++ b/api/team.go @@ -23,6 +23,7 @@ func InitTeam(r *mux.Router) { sr := r.PathPrefix("/teams").Subrouter() sr.Handle("/create", ApiAppHandler(createTeam)).Methods("POST") sr.Handle("/create_from_signup", ApiAppHandler(createTeamFromSignup)).Methods("POST") + sr.Handle("/create_with_sso/{service:[A-Za-z]+}", ApiAppHandler(createTeamFromSSO)).Methods("POST") sr.Handle("/signup", ApiAppHandler(signupTeam)).Methods("POST") sr.Handle("/find_team_by_name", ApiAppHandler(findTeamByName)).Methods("POST") sr.Handle("/find_teams", ApiAppHandler(findTeams)).Methods("POST") @@ -35,6 +36,11 @@ func InitTeam(r *mux.Router) { } func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowEmailSignUp { + c.Err = model.NewAppError("signupTeam", "Team sign-up with email is disabled.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } m := model.MapFromJson(r.Body) email := strings.ToLower(strings.TrimSpace(m["email"])) @@ -44,6 +50,10 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !isTreamCreationAllowed(c, email) { + return + } + subjectPage := NewServerTemplatePage("signup_team_subject", c.GetSiteURL()) bodyPage := NewServerTemplatePage("signup_team_body", c.GetSiteURL()) bodyPage.Props["TourUrl"] = utils.Cfg.TeamSettings.TourLink @@ -70,7 +80,70 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { w.Write([]byte(model.MapToJson(m))) } +func createTeamFromSSO(c *Context, w http.ResponseWriter, r *http.Request) { + params := mux.Vars(r) + service := params["service"] + + if !utils.IsServiceAllowed(service) { + c.SetInvalidParam("createTeamFromSSO", "service") + return + } + + team := model.TeamFromJson(r.Body) + + if team == nil { + c.SetInvalidParam("createTeamFromSSO", "team") + return + } + + team.PreSave() + + team.Name = model.CleanTeamName(team.Name) + + if err := team.IsValid(); err != nil { + c.Err = err + return + } + + team.Id = "" + + found := true + count := 0 + for found { + if found = FindTeamByName(c, team.Name, "true"); c.Err != nil { + return + } else if found { + team.Name = team.Name + strconv.Itoa(count) + count += 1 + } + } + + team.AllowValet = utils.Cfg.TeamSettings.AllowValetDefault + + if result := <-Srv.Store.Team().Save(team); result.Err != nil { + c.Err = result.Err + return + } else { + rteam := result.Data.(*model.Team) + + if _, err := CreateDefaultChannels(c, rteam.Id); err != nil { + c.Err = nil + return + } + + data := map[string]string{"follow_link": c.GetSiteURL() + "/" + rteam.Name + "/signup/" + service} + w.Write([]byte(model.MapToJson(data))) + + } + +} + func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowEmailSignUp { + c.Err = model.NewAppError("createTeamFromSignup", "Team sign-up with email is disabled.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } teamSignup := model.TeamSignupFromJson(r.Body) @@ -89,6 +162,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } + + if !isTreamCreationAllowed(c, teamSignup.Team.Email) { + return + } + teamSignup.Team.Id = "" password := teamSignup.User.Password @@ -161,6 +239,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { } func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { + if !utils.Cfg.ServiceSettings.AllowEmailSignUp { + c.Err = model.NewAppError("createTeam", "Team sign-up with email is disabled.", "") + c.Err.StatusCode = http.StatusNotImplemented + return + } team := model.TeamFromJson(r.Body) @@ -169,6 +252,10 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !isTreamCreationAllowed(c, team.Email) { + return + } + if utils.Cfg.ServiceSettings.Mode != utils.MODE_DEV { c.Err = model.NewAppError("createTeam", "The mode does not allow network creation without a valid invite", "") return @@ -181,7 +268,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { rteam := result.Data.(*model.Team) if _, err := CreateDefaultChannels(c, rteam.Id); err != nil { - c.Err = nil + c.Err = err return } @@ -196,6 +283,35 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { } } +func isTreamCreationAllowed(c *Context, email string) bool { + + email = strings.ToLower(email) + + if utils.Cfg.TeamSettings.DisableTeamCreation { + c.Err = model.NewAppError("isTreamCreationAllowed", "Team creation has been disabled. Please ask your systems administrator for details.", "") + return false + } + + // commas and @ signs are optional + // can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org + domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1)))) + + matched := false + for _, d := range domains { + if strings.HasSuffix(email, "@"+d) { + matched = true + break + } + } + + if len(utils.Cfg.TeamSettings.RestrictCreationToDomains) > 0 && !matched { + c.Err = model.NewAppError("isTreamCreationAllowed", "Email must be from a specific domain (e.g. @example.com). Please ask your systems administrator for details.", "") + return false + } + + return true +} + func findTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { m := model.MapFromJson(r.Body) |