diff options
Diffstat (limited to 'api/team.go')
-rw-r--r-- | api/team.go | 46 |
1 files changed, 44 insertions, 2 deletions
diff --git a/api/team.go b/api/team.go index a331e9e34..eaa0d2695 100644 --- a/api/team.go +++ b/api/team.go @@ -44,6 +44,10 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !isTreamCreationAllowed(c, email) { + return + } + subjectPage := NewServerTemplatePage("signup_team_subject", c.GetSiteURL()) bodyPage := NewServerTemplatePage("signup_team_body", c.GetSiteURL()) bodyPage.Props["TourUrl"] = utils.Cfg.TeamSettings.TourLink @@ -89,6 +93,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) { c.Err = err return } + + if !isTreamCreationAllowed(c, teamSignup.Team.Email) { + return + } + teamSignup.Team.Id = "" password := teamSignup.User.Password @@ -169,6 +178,10 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { return } + if !isTreamCreationAllowed(c, team.Email) { + return + } + if utils.Cfg.ServiceSettings.Mode != utils.MODE_DEV { c.Err = model.NewAppError("createTeam", "The mode does not allow network creation without a valid invite", "") return @@ -196,6 +209,35 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) { } } +func isTreamCreationAllowed(c *Context, email string) bool { + + email = strings.ToLower(email) + + if utils.Cfg.TeamSettings.DisableTeamCreation { + c.Err = model.NewAppError("isTreamCreationAllowed", "Team creation has been disabled. Please ask your systems administrator for details.", "") + return false + } + + // commas and @ signs are optional + // can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org + domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1)))) + + matched := false + for _, d := range domains { + if strings.HasSuffix(email, "@"+d) { + matched = true + break + } + } + + if len(utils.Cfg.TeamSettings.RestrictCreationToDomains) > 0 && !matched { + c.Err = model.NewAppError("isTreamCreationAllowed", "Email must be from a specific domain (e.g. @example.com). Please ask your systems administrator for details.", "") + return false + } + + return true +} + func findTeamByName(c *Context, w http.ResponseWriter, r *http.Request) { m := model.MapFromJson(r.Body) @@ -283,10 +325,10 @@ func emailTeams(c *Context, w http.ResponseWriter, r *http.Request) { } else { teams := result.Data.([]*model.Team) - // the template expects Props to be a map with team names as the keys + // the template expects Props to be a map with team names as the keys and the team url as the value props := make(map[string]string) for _, team := range teams { - props[team.Name] = team.Name + props[team.Name] = c.GetTeamURLFromTeam(team) } bodyPage.Props = props |